-
Notifications
You must be signed in to change notification settings - Fork 3
chore(deps): bump actions/setup-node from 6 to 7 in the github-actions group #165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -19,7 +19,7 @@ jobs: | |
| uses: actions/checkout@v7 | ||
|
|
||
| - name: 🏗 Setup Node.js | ||
| uses: actions/setup-node@v6 | ||
| uses: actions/setup-node@v7 | ||
| with: | ||
| node-version-file: ".nvmrc" | ||
| cache: "yarn" | ||
|
|
@@ -56,7 +56,7 @@ jobs: | |
| uses: actions/checkout@v7 | ||
|
|
||
| - name: 🏗 Setup Node.js | ||
| uses: actions/setup-node@v6 | ||
| uses: actions/setup-node@v7 | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Semgrep identified an issue in your code: To resolve this comment: 🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods. 💬 Ignore this findingLeave a nosemgrep comment directly above or at the end of line 59 like so Take care to validate that this is not a true positive finding before ignoring it. You can view more details about this finding in the Semgrep AppSec Platform. |
||
| with: | ||
| node-version-file: ".nvmrc" | ||
| cache: "yarn" | ||
|
|
@@ -134,7 +134,7 @@ jobs: | |
| xcode-version: latest-stable | ||
|
|
||
| - name: 🏗 Setup Node.js | ||
| uses: actions/setup-node@v6 | ||
| uses: actions/setup-node@v7 | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Semgrep identified an issue in your code: To resolve this comment: 🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods. 💬 Ignore this findingLeave a nosemgrep comment directly above or at the end of line 137 like so Take care to validate that this is not a true positive finding before ignoring it. You can view more details about this finding in the Semgrep AppSec Platform. |
||
| with: | ||
| node-version-file: ".nvmrc" | ||
| cache: "yarn" | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -16,7 +16,7 @@ jobs: | |
| steps: | ||
| - uses: actions/checkout@v7 | ||
| - name: node | ||
| uses: actions/setup-node@v6 | ||
| uses: actions/setup-node@v7 | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Semgrep identified an issue in your code: To resolve this comment: 🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods. 💬 Ignore this findingLeave a nosemgrep comment directly above or at the end of line 19 like so Take care to validate that this is not a true positive finding before ignoring it. You can view more details about this finding in the Semgrep AppSec Platform. |
||
| with: | ||
| node-version-file: '.nvmrc' | ||
| registry-url: https://registry.npmjs.org | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -12,7 +12,7 @@ jobs: | |
| - name: Checkout code | ||
| uses: actions/checkout@v7 | ||
| - name: Install node | ||
| uses: actions/setup-node@v6 | ||
| uses: actions/setup-node@v7 | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Semgrep identified an issue in your code: To resolve this comment: 🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods. 💬 Ignore this findingLeave a nosemgrep comment directly above or at the end of line 15 like so Take care to validate that this is not a true positive finding before ignoring it. You can view more details about this finding in the Semgrep AppSec Platform. |
||
| with: | ||
| node-version-file: ".nvmrc" | ||
| cache: yarn | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Semgrep identified an issue in your code:
GitHub Actions step uses a mutable tag or branch reference. Tags and branch names can be silently repointed by the action owner, enabling supply-chain attacks — as seen in the trivy-action and kics-github-action compromises. Pin the reference to a full 40-character commit SHA instead, e.g.
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608.To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Leave a nosemgrep comment directly above or at the end of line 22 like so
// nosemgrep: yaml.github-actions.security.github-actions-mutable-action-tag.github-actions-mutable-action-tagTake care to validate that this is not a true positive finding before ignoring it.
Learn more about ignoring code, files and folders here.
You can view more details about this finding in the Semgrep AppSec Platform.