The workflow test.yml is referencing action shogo82148/actions-goveralls using references v1.2.2. However this reference is missing the commit 93213fdb0bf003e512edcc55e1bdca000f7e4d65 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.
pires
commented
1 year ago
The workflow test.yml is referencing action shogo82148/actions-goveralls using references v1.2.2. However this reference is missing the commit 93213fdb0bf003e512edcc55e1bdca000f7e4d65 which may contain fix to the some vulnerability. The vulnerability fix that is missing by actions version could be related to: (1) CVE fix (2) upgrade of vulnerable dependency (3) fix to secret leak and others. Please consider to update the reference to the action.