Cyanty commented on PR #3302: URL: https://github.com/apache/hertzbeat/pull/3302#issuecomment-2832921788
> 👍 hi, Tom. After I reviewing the information, `tj-actions/changed-files` has been found to have security issues. Although the latest hash-pinned version is used. ( *As of March 15, 2025, all versions of `tj-actions/changed-files` were found to be affected, as the attacker managed to modify existing version tags to make them all point to their malicious code. Customers who were using a hash-pinned version of `tj-actions/changed-files` would not be impacted, unless they had updated to an impacted hash during the exploitation timeframe.* ), At present, it may still not permitted for use in GitHub Actions. I should revoke the use of `tj-actions/changed-files`, Or add .md file name in `exclude_files.txt`, Or ignore the link checks for https://github.com/apache/hertzbeat/pull/xxx in `link_check. json`. To override the configurations added in this pull request. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
