Skip to content

Potential fix for code scanning alert no. 4: Use of a known vulnerable action.#6

Draft
simonthurman wants to merge 1 commit into
masterfrom
alert-autofix-4
Draft

Potential fix for code scanning alert no. 4: Use of a known vulnerable action.#6
simonthurman wants to merge 1 commit into
masterfrom
alert-autofix-4

Conversation

@simonthurman

Copy link
Copy Markdown
Owner

Potential fix for https://github.com/simonthurman/productsapi/security/code-scanning/4

To fix the problem, we need to update the actions/download-artifact action to a non-vulnerable version. The recommended version to update to is v4.1.7. This change will ensure that the workflow is not using a version of the action with known vulnerabilities, thereby improving the security of the workflow and the repository.

The specific change required is to update the version of the actions/download-artifact action in the .github/workflows/master_prod-api.yml file from v2 to v4.1.7.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…e action.

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant