Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Vulnerabilities Detected #38

Open
goffinfnbs opened this issue Feb 6, 2024 · 1 comment
Open

Security Vulnerabilities Detected #38

goffinfnbs opened this issue Feb 6, 2024 · 1 comment

Comments

@goffinfnbs
Copy link

Within the Enterprise that I work, we follow a process for approving marketplace GitHub actions.

The review process includes scanning the source code (using GitHub Advanced Security with the security-extended suite) for vulnerabilities and when we did so yesterday (05/02/2024) there were TWO (2) HIGH severity vulnerabilities reported. Our internal policy does not allow approval for actions where High (or higher) severity vulnerabilities are present.

image

Could you please resolve the the vulnerabilities and issue a new release ?

Version Reviewed: Latest source code (cloned repository)

Reproduce by: Executing a GitHub Advanced Security scan using the security-extended suite
@peter-murray
Copy link
Owner

This is coming from a minified source map, this is not run, but used to determine errors from stack traces back to the legitimate source files in the source code or dependencies. @vercel/ncc is creating this file when producing the actual source code that is run in the post/index.js file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@peter-murray @goffinfnbs