[
https://issues.apache.org/jira/browse/SOLR-18192?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18071977#comment-18071977
]
Isabelle Giguere commented on SOLR-18192:
-----------------------------------------
From: Arnout Engelen <[email protected]>
This is due to https://infra.apache.org/blog/trivy_security_incident.html -
the fix is to
refer to this action by its commit hash instead of '@v5' and propose this
version for
the allowlist at
https://github.com/apache/infrastructure-actions/blob/main/actions.yml#L394
> GitHub action dependency-submission fails
> -----------------------------------------
>
> Key: SOLR-18192
> URL: https://issues.apache.org/jira/browse/SOLR-18192
> Project: Solr
> Issue Type: Bug
> Reporter: Isabelle Giguere
> Priority: Major
>
> Github action "Dependency Submission" has been failing since March 20th, 2026.
> https://github.com/apache/solr/actions/workflows/dependency-graph-submission.yml
> Error message:
> "The action gradle/actions/dependency-submission@v5 is not allowed in
> apache/solr because all actions must be from a repository owned by your
> enterprise..."
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
