Replies: 1 comment
-
|
This project sure looks unmaintained, Dependabot updates have not been merged for a long time. Interestingly enough there are new pull requests without a dependabot.yml though... never saw that before... |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
To make the project safer from Application Security perspective would be great to fix all the SCA findings. At the moment of writing this comment, 12 vulnerabilities are found in total (6 for Go, 6 for JavaScript). AFAIS, there are 5 pull requests opened that would fix some of those vulnerabilities. Is it possible to speed up the process of reviewing/merging them? This would unblock companies to use this GitHub Action as some companies have internal policies to not use vulnerable GitHub Actions.
I have attached Snyk SARIF report with the findings that Snyk found on
038aa49sha. You can view this report in https://microsoft.github.io/sarif-web-component/ for example.Thank you!
Beta Was this translation helpful? Give feedback.
All reactions