build(github): fix @actions/download-artifact CVE-2024-42471

GHSA-cxww-7g56-2vh6 Address the following problem by upgrading to the latest version: @actions/download-artifact has an Arbitrary File Write via artifact extraction Affected versions >= 4.0.0, < 4.1.7 Patched versions 4.1.7 Severity High 7.3 / 10 GHSA ID GHSA-cxww-7g56-2vh6 References - GHSA-cxww-7g56-2vh6 - https://github.com/actions/download-artifact/releases/tag/v4.1.7 - GHSA-6q32-hq47-5qq3 - https://snyk.io/research/zip-slip-vulnerability Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
hyperledger-cacti · Sep 4, 2024 · 904fa16 · 904fa16
1 parent 957da7c
commit 904fa16
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/.github/workflows/coverage_ts.yaml b/.github/workflows/coverage_ts.yaml
@@ -37,7 +37,7 @@
               yarn add istanbul-merge --dev
     
           - name: Download coverage reports
-            uses: actions/download-artifact@v4.1.1
+            uses: actions/download-artifact@v4.1.8
             with:
               run-id: ${{ github.event.workflow_run.id }}
               github-token: ${{ secrets.GITHUB_TOKEN }}