Getting security alerts while using this action for enterprise project

[manoj27730]

Hi Team,

I need this actions to be used by my project and since it's not allowed by default our enterprise GitHub Team need to review and add it for our project. Our GitHub Team has found alert and mentioned below point.

"The actions requested are available on our github instance but we are seeing dependabot alerts. Since those repo have vulnerabilities, we won’t be able to make it public. Look like it’s patched on the master but they haven’t release it. Please file issue with the actions owner to release patched version. After that, we can make it available for your team to use."

Can you please look into it and help.

[manoj27730]

[davidbuzinski]

Hi @manoj27730 thanks for bringing this to our attention. We have bumped the mentioned dependencies in the new release v1.1.2.

Thanks,
David

[manoj27730]

Hi David,

I am using the latest version of this action in my code but still getting error. Can you please suggest what needs to be done?

[manoj27730]

The above issue is fixed. I changed the repository name "matlab-actions" with our private repository name and it worked.