This repository was archived by the owner on Jun 20, 2024. It is now read-only.
This repository was archived by the owner on Jun 20, 2024. It is now read-only.
[Security] Workflow prepare_release.yaml is using vulnerable action getsentry/craft #96
Description
The workflow prepare_release.yaml is referencing action getsentry/craft using references 0.20.0. However this reference is missing the commit 175a1e2e51d61c222de55a0840ec7f486954cfb4 which may contain fix to the some vulnerability.
The vulnerability fix that is missing by actions version could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider to update the reference to the action.