omnivector-solutions / jobbergate-cli

Jobbergate CLI
MIT License
2 stars 0 forks source link

[Security] Workflow prepare_release.yaml is using vulnerable action getsentry/craft #96

Open Freakston opened 2 years ago

Freakston commented 2 years ago

The workflow prepare_release.yaml is referencing action getsentry/craft using references 0.20.0. However this reference is missing the commit 175a1e2e51d61c222de55a0840ec7f486954cfb4 which may contain fix to the some vulnerability. The vulnerability fix that is missing by actions version could be related to: (1) CVE fix (2) upgrade of vulnerable dependency (3) fix to secret leak and others. Please consider to update the reference to the action.