workflow-application-token-action icon indicating copy to clipboard operation
workflow-application-token-action copied to clipboard

Published 20 hours ago verified publisher icon peter-murray

Security Vulnerabilities Detected

Open goffinfnbs opened this issue 1 year ago • 1 comments

Within the Enterprise that I work, we follow a process for approving marketplace GitHub actions.

The review process includes scanning the source code (using GitHub Advanced Security with the security-extended suite) for vulnerabilities and when we did so yesterday (05/02/2024) there were TWO (2) HIGH severity vulnerabilities reported. Our internal policy does not allow approval for actions where High (or higher) severity vulnerabilities are present.

image

Could you please resolve the the vulnerabilities and issue a new release ?

Version Reviewed: Latest source code (cloned repository)

Reproduce by: Executing a GitHub Advanced Security scan using the security-extended suite

goffinfnbs avatar Feb 06 '24 10:02 goffinfnbs

This is coming from a minified source map, this is not run, but used to determine errors from stack traces back to the legitimate source files in the source code or dependencies. @vercel/ncc is creating this file when producing the actual source code that is run in the post/index.js file.

peter-murray avatar May 30 '24 14:05 peter-murray