VYPR

github-action-merge-dependabot

by Fastify

CVEs (1)

  • CVE-2022-29220May 31, 2022
    risk 0.00cvss epss 0.00

    github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs). Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit created by dependabot is verified with the proper GPG key. There is just a check…