toolkit icon indicating copy to clipboard operation
toolkit copied to clipboard

Published 20 hours ago verified publisher icon actions

Update semver to mitigate CVE-2022-25883

Open frizzr opened this issue 1 year ago • 3 comments

We were seeing other Github Actions well downstream from here being reported by Dependabot with this vulnerability:

https://nvd.nist.gov/vuln/detail/CVE-2022-25883

frizzr avatar Sep 22 '23 15:09 frizzr

I did mention that this could possibly be included in https://github.com/actions/toolkit/pull/1526 instead of here.

frizzr avatar Sep 22 '23 16:09 frizzr

I did mention that this could possibly be included in #1526 instead of here.

I included your change in my PR

takost avatar Sep 26 '23 11:09 takost

كنا نرى إجراءات Github أخرى في اتجاه مجرى النهر يتم الإبلاغ عنها بواسطة Dependabot بهذه الثغرة الأمنية:

https://nvd.nist.gov/vuln/detail/CVE-2022-25883

لقد ذكرت أنه من الممكن إدراج هذا في رقم 1526 بدلاً من هنا.

sjvdehnv avatar Oct 08 '23 03:10 sjvdehnv