You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The security audit suggests (as a part of LOW risk problem):
GitHub Actions sourced from third-party repositories are not pinned to specific commit hashes, increasing the risk of
threats in case a bad actor manages to add a backdoor to the action's repository.
At the same time the library uses many prod/dev dependencies with not-strictly pinned versions (as it's a library that needs to be flexible) that poses the same level of risk.
Generally speaking, the project in-general (other libraries) doesn't use pinned Github Actions so if decided it needs to be applied in complex
The text was updated successfully, but these errors were encountered:
Overview
The security audit suggests (as a part of LOW risk problem):
At the same time the library uses many prod/dev dependencies with not-strictly pinned versions (as it's a library that needs to be flexible) that poses the same level of risk.
Generally speaking, the project in-general (other libraries) doesn't use pinned Github Actions so if decided it needs to be applied in complex
The text was updated successfully, but these errors were encountered: