Do not use deprecated add-path command #71
Assignees
Labels
bug
Something isn't working
Comments
|
Thanks for noting this one @jonico. Would love a way to detect these programmatically so that we can catch them as they are found :( I'll investigate and fix accordingly |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As indicated in https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/ - the set-env and add-path workflow commands will be removed very soon as they can be exploited as shown here.
It appears that scan-action is currently using the add-path command although it is not really clear which subsequent action steps would even use the updated path. If the path was actually needed in subsequent commands, there is a new, file system based way of passing info between steps as described here.
The text was updated successfully, but these errors were encountered: