[Security] Workflow remove-labels.yml is using vulnerable action mondeja/remove-labels-gh-action #587
Comments
|
Thanks so much for opening up your first issue here on the repository! 🎉 We would like to warmly welcome you to the community behind the app! EnhancementsAn enhancement takes a feature and improves or alters its behaviour. Please make sure to argue how your proposition will aid non-technical text workers, and why it can't be emulated easily with other features or apps! Feature requestsFeature requests introduce whole new features into the app. This requires a lot of work, so these might be turned down if the implementation costs supersede the benefits we expect to see from implementing it. Please do not be disappointed if that happens. It likely has nothing to do with your great request but simply with us and our missing resources! Bug reportsPlease note that one of the main reasons for why bug reports cannot be addressed is that there's not enough information for us to find and fix the bug you describe, so make sure you try to pinpoint the bug as close as possible.
Please note that if you encounter behaviour that does not align with your expectations of what would happen, this might as well be simply intended behaviour and we need to simply clarify why the behaviour is the way it is. This is not to be considered a bug and such issues may be closed! Suggest an enhancement instead! |
|
👋 Thanks for reporting! |
The workflow remove-labels.yml is referencing action mondeja/remove-labels-gh-action using references v1.0.0. However this reference is missing the commit 5abe631a9c2bef28782a90e9f44938a75ee9f1d1 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.
The text was updated successfully, but these errors were encountered: