|
|
|
|
|
|
by benmmurphy
1743 days ago
|
|
|
If it’s pulling the actions from git using a fixed commit, then a workaround could be to break history from before the vuln was introduced then it wouldn’t be possible to pull the vulnerable actions. GitHub does GC the unreachable commits quite aggressively. |
|
|