Actions: Fix version range for known vulnerable actions #18560

JarLob · 2025-01-22T13:56:25Z

A change note is added if necessary. See the documentation in this repository.
All new queries have appropriate .qhelp. See the documentation in this repository.
QL tests are added if necessary. See Testing custom queries in the GitHub documentation.
New and changed queries have correct query metadata. See the documentation in this repository.

Autofixes generated based on these changes are valid, only needed if this PR makes significant changes to .ql, .qll, or .qhelp files. See the documentation (internal access required).
Changes are validated at scale (internal access required).
Adding a new query? Consider also adding the query to autofix.

Copilot reviewed 4 out of 5 changed files in this pull request and generated no comments.

Files not reviewed (1)

actions/ql/test/query-tests/Security/CWE-1395/UseOfKnownVulnerableAction.expected: Language not supported

Tip: Copilot only keeps its highest confidence comments to reduce noise and keep you focused. Learn more

Copilot bot review requested due to automatic review settings January 22, 2025 13:56

JarLob requested a review from a team as a code owner January 22, 2025 13:56

github-actions bot added documentation Actions Analysis of GitHub Actions labels Jan 22, 2025

Copilot AI reviewed Jan 22, 2025

View reviewed changes

JarLob added 3 commits January 22, 2025 17:30

Fix lower range for known vulnerable actions

83d13c6

Change notes

55df2b4

Fix the upper bound of the range

ab20625

JarLob force-pushed the downloadartifact branch from 054e101 to ab20625 Compare January 22, 2025 16:30

JarLob changed the title ~~Fixed version range for known vulnerable actions~~ Actions: Fix version range for known vulnerable actions Jan 22, 2025

Fix rlespinasse/github-slug-action upper bound

e242190

Provide feedback