chore: update @actions/artifact to version 2.2.1 #219

jeremydubreil · 2025-02-03T15:08:08Z

No description provided.

lacework-code-security · 2025-02-03T15:17:27Z

(Audit Mode) sca found potential 1 new issues

CVE-2024-21538 (package-lock.json: cross-spawn@7.0.3) 🛑(high)

More details

Package: cross-spawn@7.0.3
Vulnerability CVE-2024-21538 (severity: high, fixed in 7.0.5)
SmartFix: 7.0.5 (Minimal version with no known vulnerabilities)
Link: CVE-2024-21538
Sample path: code-security-action@1.0.0 -> @actions/artifact@2.2.1 -> archiver@7.0.1 -> archiver-utils@5.0.2 -> glob@10.4.5 -> foreground-child@3.3.0 -> cross-spawn@7.0.3

Explanation: Why is this SmartFix recommended?

    Sorted Version Graph for package pkg:npm/cross-spawn@7.0.3
      7.0.3 is vulnerable:
        high       CVE-2024-21538       FixVersion= 7.0.5
      7.0.5 is not vulnerable
    
    Fix recommendations for package pkg:npm/cross-spawn@7.0.3
      7.0.5 is the minimal version with no known vulnerabilities
      7.0.5 is the maximum version and it has no known vulnerabilities
    
    Stats: the Version Graph has 2 versions (nodes) and 1 CVEs (edges) (diameter=1)

chore: update @actions/artifact to version 2.2.1

f003357

jeremydubreil force-pushed the update-artifact-library branch from 3a7aff1 to f003357 Compare February 3, 2025 15:09

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: update @actions/artifact to version 2.2.1 #219

chore: update @actions/artifact to version 2.2.1 #219

jeremydubreil commented Feb 3, 2025

lacework-code-security bot commented Feb 3, 2025

chore: update @actions/artifact to version 2.2.1 #219

Are you sure you want to change the base?

chore: update @actions/artifact to version 2.2.1 #219

Conversation

jeremydubreil commented Feb 3, 2025

lacework-code-security bot commented Feb 3, 2025