⬆️ upgrade dependency tree to solve CVE-2023-42282 #3
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ########################################################################################## | |
| # WARNING! This workflow uses the 'pull_request_target' event. That mans that it will # | |
| # always run in the context of the main actualbudget/actual repo, even if the PR is from # | |
| # a fork. This is necessary to get access to a GitHub token that can modify the PR. # | |
| # Be VERY CAREFUL about adding things to this workflow, since forks can inject # | |
| # arbitrary code into their branch, and can pollute the artifacts we download. Arbitrary # | |
| # code execution in this workflow could lead to a compromise of the main repo. # | |
| ########################################################################################## | |
| # See: https://securitylab.github.com/research/github-actions-preventing-pwn-requests # | |
| ########################################################################################## | |
| name: Trafico Reviews | |
| on: | |
| pull_request_target: | |
| types: | |
| - opened | |
| - closed | |
| - reopened | |
| - synchronize | |
| - edited | |
| - review_requested | |
| - review_request_removed | |
| pull_request_review: | |
| types: [submitted, edited, dismissed] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| manage-review: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - uses: actualbudget/trafico@main | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} |