[Security] Workflow commitlint.yml is using vulnerable action wagoid/commitlint-github-action #586
Comments
|
👋 Thanks for reporting! |
|
Thanks so much for opening up your first issue here on the repository! 🎉 We would like to warmly welcome you to the community behind the app! EnhancementsAn enhancement takes a feature and improves or alters its behaviour. Please make sure to argue how your proposition will aid non-technical text workers, and why it can't be emulated easily with other features or apps! Feature requestsFeature requests introduce whole new features into the app. This requires a lot of work, so these might be turned down if the implementation costs supersede the benefits we expect to see from implementing it. Please do not be disappointed if that happens. It likely has nothing to do with your great request but simply with us and our missing resources! Bug reportsPlease note that one of the main reasons for why bug reports cannot be addressed is that there's not enough information for us to find and fix the bug you describe, so make sure you try to pinpoint the bug as close as possible.
Please note that if you encounter behaviour that does not align with your expectations of what would happen, this might as well be simply intended behaviour and we need to simply clarify why the behaviour is the way it is. This is not to be considered a bug and such issues may be closed! Suggest an enhancement instead! |
The workflow commitlint.yml is referencing action wagoid/commitlint-github-action using references v2.2.5. However this reference is missing the commit bf83d2b35c4177779d047f464b48d9907f2c5201 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.
The text was updated successfully, but these errors were encountered: