Skip to content
This repository was archived by the owner on Oct 2, 2024. It is now read-only.
This repository was archived by the owner on Oct 2, 2024. It is now read-only.

[Security] Workflow create-release-zip.yml is using vulnerable action mindsers/changelog-reader-action #390

Open
Open
[Security] Workflow create-release-zip.yml is using vulnerable action mindsers/changelog-reader-action#390
@Ale0x78

Description

@Ale0x78
Ale0x78
opened on Dec 20, 2021

The workflow create-release-zip.yml is referencing action mindsers/changelog-reader-action using references v1.1.0. However this reference is missing the commit a5d0f1d4f77ba7a2f2dc539df311d137861fa8b8 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions