Security: Compromise of reviewdog actions

https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup

> However, this Action is then used as a component of numerous other actions from reviewdog, including: 
> - `reviewdog/action-shellcheck` 
> - `reviewdog/action-composite-template` 
> - `reviewdog/action-staticcheck` 
> - `reviewdog/action-ast-grep` 
> - `reviewdog/action-typos` 
> 
> Customers who were using other impacted `reviewdog/actions` could be impacted, regardless of the version of that action.  

This repository is using [reviewdog/action-shellcheck](https://github.com/reviewdog/action-shellcheck) which might have been compromised in the incident outlined in the aforementioned article.

Code search: https://github.com/search?q=repo%3AanothrNick%2Fgithub-tag-action%20reviewdog&type=code

Result:
<img width="414" alt="Image" src="https://github.com/user-attachments/assets/c1ce5a9b-dfc9-422c-bb5e-44b4a01af3f3" />

Since the [last commit in this repository](https://github.com/anothrNick/github-tag-action/commit/f278d49d30cdd8775cc3e7dd00b5ee11686ee297) was more than 6 months ago it _should_ be fine, but better safe than sorry. 😅 

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security: Compromise of reviewdog actions #336

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Security: Compromise of reviewdog actions #336

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions