search

githubtraining / continuous-delivery-azure

Course repository for the Learning Lab course GitHub Actions: Continuous Delivery with Azure
https://lab.github.com/githubtraining/github-actions:-continuous-delivery-with-azure/
Creative Commons Attribution 4.0 International
0 stars 2 forks source link

Dependabot throws a security vulnerability alert when the repo is created #22

Closed mickeygousset closed 4 years ago

mickeygousset commented 4 years ago

Describe the bug Once you queue up the lab, and it creates a repo, Dependabot throws an alert about a security vulnerability in elliptic. I think users may find this a little jarring.

To Reproduce Steps to reproduce the behavior:

  1. Start the course
  2. When you are navigated automatically to the first pull request, you will see a yellow box at the top of the page, indicating a security vulnerability discovered by Dependabot.

Expected behavior No security vulnerability errors should be thrown.

Screenshots image

image

Desktop (please complete the following information):

hectorsector commented 4 years ago

The template repo should be alerting us, but there's a known issue https://github.com/github/dsp-security-workflows/issues/810 that's causing that not to occur. In the meantime, I'll team up with @lmkeston on pushing up a fix but it'll need a little testing before we can close this out since it'll update more than just the one dependency.