Do not use deprecated add-path command #71

jonico · 2020-11-03T17:47:58Z

As indicated in https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/ - the set-env and add-path workflow commands will be removed very soon as they can be exploited as shown here.

It appears that scan-action is currently using the add-path command although it is not really clear which subsequent action steps would even use the updated path. If the path was actually needed in subsequent commands, there is a new, file system based way of passing info between steps as described here.

alfredodeza · 2020-11-04T12:52:40Z

Thanks for noting this one @jonico. Would love a way to detect these programmatically so that we can catch them as they are found :(

I'll investigate and fix accordingly

alfredodeza self-assigned this Nov 4, 2020

alfredodeza mentioned this issue Nov 5, 2020

remove usage of 'core.addPath' #72

Merged

alfredodeza closed this as completed in #72 Nov 10, 2020

dvalentiate mentioned this issue Nov 18, 2020

Requesting v1 Release Patching ::add-path Github Deprecation #73

Closed

alfredodeza added the bug Something isn't working label Dec 1, 2020

Harvester57 mentioned this issue Dec 23, 2021

Bump anchore/scan-action from b08527d5ae7f7dc76f9621edb6e49eaf47933ccd to 3.2.0 Harvester57/docker-guacamole#5

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Do not use deprecated add-path command #71

Do not use deprecated add-path command #71

jonico commented Nov 3, 2020

alfredodeza commented Nov 4, 2020

Do not use deprecated add-path command #71

Do not use deprecated add-path command #71

Comments

jonico commented Nov 3, 2020

alfredodeza commented Nov 4, 2020