The workflow release.yml is referencing action satackey/push-prebuilt-action using references v0.2.0-beta3. However this reference is missing the commit 0c027b66503f3857cb4e5cfb71633cc54dbd1ec6 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.
Hades32
commented
2 years ago
The workflow release.yml is referencing action satackey/push-prebuilt-action using references v0.2.0-beta3. However this reference is missing the commit 0c027b66503f3857cb4e5cfb71633cc54dbd1ec6 which may contain fix to the some vulnerability. The vulnerability fix that is missing by actions version could be related to: (1) CVE fix (2) upgrade of vulnerable dependency (3) fix to secret leak and others. Please consider to update the reference to the action.