Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump peter-evans/create-pull-request from 6 to 7 #77

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ jobs:
name: dist
path: dist
- name: Create Pull Request
uses: peter-evans/create-pull-request@v6
uses: peter-evans/create-pull-request@v7

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cycode: Insecure CI/CD pipeline configuration issue: 'GitHub workflows use uncertified CI/CD modules'.
Severity: Medium

Description

Enable this policy to be notified if your CI/CD workflows use reusable modules that are not certified by the service provider or created by a verified partner.

Company Remediation Guideline

The detected GitHub Action is using modules/components not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, licensing, and or support.

Please use a certified GitHub Action, or consider writing your own to achieve the desired workflow.

For more information about writing your own GitHub Action(s), please see https://docs.github.com/en/actions/creating-actions

Please see the company guidelines here: https://thescore.atlassian.net/wiki/x/hwAPCQE

Would you like to exclude this insecured CI/CD violation from your status checks?
Tell us what to do with one of the following hashtags:

Tag Short Description
#cycode_ignore_insecure_pipeline_violation_here Applies to this resource for this violation in this request only

with:
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
commit-message: 'build: update distribution'
Expand Down
Loading