Skip to content
This repository has been archived by the owner on Dec 20, 2021. It is now read-only.

[Security] Workflow build.yml is using vulnerable action gradle/wrapper-validation-action #1

Open
fockboi-lgtm opened this issue Dec 20, 2021 · 1 comment
Open

[Security] Workflow build.yml is using vulnerable action gradle/wrapper-validation-action #1

fockboi-lgtm opened this issue Dec 20, 2021 · 1 comment

Comments

@fockboi-lgtm
Copy link

The workflow build.yml is referencing action gradle/wrapper-validation-action using references v1.0.4. However this reference is missing the commit 89eda1fdc0167f59521d2bb10767f7169fb4d018 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.
@FDelporte
Copy link
Member

As no work has been done on this project yet, I'm going to remove it and hope we can work on it soon...
We will first need to agree on functionalities, can be done in Pi4J/pi4j-v2#111

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@FDelporte @fockboi-lgtm