If you discover a security vulnerability in jest-coverage-comment, please report it privately to help keep the community safe.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please use one of these methods:
-
GitHub Security Advisories (preferred):
- Go to the Security tab
- Click "Report a vulnerability"
- Fill out the form with details
-
Email: Contact the maintainer directly through GitHub profile
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Fix and disclosure: Coordinated with reporter
We release security updates for the latest version. Please ensure you're using the most recent release.
| Version | Supported |
|---|---|
| Latest | ✅ |
| Older | ❌ |
When using this action in your workflows:
- Pin action versions to specific tags (e.g.,
@v1.2.3) rather than branches - Review action permissions in your workflow files
- Keep dependencies up to date
- Limit token permissions to the minimum required
Thank you for helping keep jest-coverage-comment secure!