Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI: Fix CVE-2020-15228 in GitHub Actions #6004

Merged
merged 3 commits into from
Nov 22, 2020
Merged

CI: Fix CVE-2020-15228 in GitHub Actions #6004

merged 3 commits into from
Nov 22, 2020

Conversation

EwoutH
Copy link
Contributor

@EwoutH EwoutH commented Nov 21, 2020
edited
Loading

Fixes the CVE-2020-15228 security issue in GitHub Actions:

add-path and set-env Runner commands are processed via stdout

set-env was used twice, which is now replaced by >> $GITHUB_ENV

Edit: Also closes #6002.

@EwoutH
CI: Fix CVE-2020-15228 in GitHub Actions
34e3696 
Fixes the CVE-2020-15228 security issue in GitHub Actions:
> `add-path` and `set-env` Runner commands are processed via stdout
set-env was used twice, which is now replaced by  >> $GITHUB_ENV

 - Issue: GHSA-mfwh-5m23-j46w
 - Solution: https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable)
@EwoutH
CI: Specify installing libsigc++ v2.x in GitHub Actions
128fc0a 
Version 3 of libsigc++ was automatically installed. This commit fixates the version brew installs to 2.x.

Should fix Beep6581#6002
@EwoutH
Copy link
Contributor Author

EwoutH commented Nov 21, 2020

Now also fixes a bug where the wrong libsigc++ version was installed, cause by an automated update to the Brew library.

Closes #6002. Thanks @rom9 for reporting this issue, saved a lot of troubleshooting, especially because the CI was failing for two reasons simultaneously!

@EwoutH EwoutH marked this pull request as ready for review November 21, 2020 22:22
@EwoutH EwoutH mentioned this pull request Nov 21, 2020
Closed
@EwoutH
CI: Use v2 checkout and upload-artifact actions
cccc969 
Also replaces macos-10.15 with macos-latest as runner. Currently is references the same environment (macOS 10.15), but this way it will update to macOS 11.0 when it's ready and stable.
@heckflosse
Copy link
Collaborator

@EwoutH Thanks for this 👍
I would like to merge this pr. Any objections? @Thanatomanic @Floessie @Beep6581 ...

@rom9
Copy link
Collaborator

rom9 commented Nov 21, 2020

Great! Thank you @EwoutH ;-)

@Thanatomanic
Copy link
Contributor

@heckflosse I don't think there can be any objections here. Thank you @EwoutH !

@Thanatomanic Thanatomanic merged commit 0367d31 into Beep6581:dev Nov 22, 2020
@EwoutH
Copy link
Contributor Author

EwoutH commented Nov 22, 2020

Thanks for reviewing and merging so quickly!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Automated macOS build failure
4 participants
@EwoutH @heckflosse @rom9 @Thanatomanic