Enable Dependabot and fix the security issues.

kentaro-m / auto-assign-action

An action which adds reviewers to the pull request when the pull request is opened.

MIT License

291 stars 87 forks source link

Enable Dependabot and fix the security issues. #164

Closed hbsan closed 7 months ago

hbsan commented 7 months ago

Hi Could you please enable dependabot on this repository? We would like to use this action but we cannot use it since we see a critical issue when we do a scan on the repository. Issue we see is the following;

Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code

kentaro-m commented 7 months ago

@hbsan Thank you for your report. I have promptly enabled Dependabot for this repository. Additionally, I have already resolved the security issue and released v1.2.6. When you have time, please kindly check it out.