This is an automated email from the ASF dual-hosted git repository. nfilotto pushed a commit to branch essobedo/fix-rce-in-comment-action-v2-4.0 in repository https://gitbox.apache.org/repos/asf/camel.git
commit 91166e9e70a330b55fcf2fe2d404f26370969dbc Author: Nicolas Filotto <[email protected]> AuthorDate: Thu Jul 4 17:32:31 2024 +0200 chore(ci): Fix vulnerability by using directly referenced action --- .github/actions/component-test/action.yaml | 4 ++-- .github/actions/create-or-update-comment | 1 - .github/workflows/pr-comment.yml | 2 +- .gitmodules | 3 --- 4 files changed, 3 insertions(+), 7 deletions(-) diff --git a/.github/actions/component-test/action.yaml b/.github/actions/component-test/action.yaml index 7257029e2cf..0e2f4f7b3ba 100644 --- a/.github/actions/component-test/action.yaml +++ b/.github/actions/component-test/action.yaml @@ -65,7 +65,7 @@ runs: path: tests.log - name: Success comment if: success() - uses: ./.github/actions/create-or-update-comment + uses: peter-evans/create-or-update-comment@c9fcb64660bc90ec1cc535646af190c992007c32 with: comment-id: ${{ inputs.comment-id }} edit-mode: replace @@ -75,7 +75,7 @@ runs: **Result** :white_check_mark: The tests passed successfully - name: Failure comment if: failure() - uses: ./.github/actions/create-or-update-comment + uses: peter-evans/create-or-update-comment@c9fcb64660bc90ec1cc535646af190c992007c32 with: comment-id: ${{ inputs.comment-id }} edit-mode: replace diff --git a/.github/actions/create-or-update-comment b/.github/actions/create-or-update-comment deleted file mode 160000 index cf8251698e3..00000000000 --- a/.github/actions/create-or-update-comment +++ /dev/null @@ -1 +0,0 @@ -Subproject commit cf8251698e3d53de4e69e4fd13cfd7abb2c230fd diff --git a/.github/workflows/pr-comment.yml b/.github/workflows/pr-comment.yml index 85310cca338..064f19c9f60 100644 --- a/.github/workflows/pr-comment.yml +++ b/.github/workflows/pr-comment.yml @@ -47,7 +47,7 @@ jobs: with: ref: ${{ env.pr_sha }} submodules: recursive - - uses: ./.github/actions/create-or-update-comment + - uses: peter-evans/create-or-update-comment@c9fcb64660bc90ec1cc535646af190c992007c32 with: issue-number: ${{ github.event.issue.number }} body: | diff --git a/.gitmodules b/.gitmodules index 6d6303adbe3..61cda74e73e 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,6 +1,3 @@ [submodule ".github/actions/backport"] path = .github/actions/backport url = https://github.com/tibdex/backport -[submodule ".github/actions/create-or-update-comment"] - path = .github/actions/create-or-update-comment - url = https://github.com/peter-evans/create-or-update-comment.git
