Security Polling
Inspired by PowerDNS's Security Polling, check-spelling will check to see if the current version has a reported security advisory.
If there's a reported security advisory, you should read it and take a recommended action.
States
-
If there is no reported security advisory and your workflow doesn't define
ignore_security_advisory
, the action will run (this is the default case). -
If there is a reported security advisory and your workflow doesn't acknowledge that advisory, the action will abort.
You should read the advisory, and preferably upgrade to a later version. The advisory should offer advice about what to do.
The advice might be "please disable this action for the time being", if that happens, I'm sorry, but, better safe than sorry.
-
If your workflow defines
ignore_security_advisory
and there is no reported security advisory, the action will abort.It is unsafe to pretend that a version might be ok just because you want to run it.
-
If your workflow defines
ignore_security_advisory
and the advisory doesn't match, the action will abort.It is unsafe to pretend that a version might be ok just because you want to run it.
-
If your workflow defines
ignore_security_advisory
and it matches the published advisory, the action will run (under protest).Do this at your own risk.
Ideally, you should upgrade to a fixed version.
FAQ | Showcase | Event descriptions | Configuration information | Known Issues | Possible features | Deprecations | Release notes | Helpful scripts