Build Component with a Known Vulnerability used

A CI component was found to be vulnerable to a publicly known security vulnerability from the Open Source Vulnerability Database (OSV)

GitHub Actions workflows using third-party GitHub Actions with known vulnerabilities could compromise the security of the workflow and the repository.

Upgrade the affected component to a non-vulnerable version or remove the component from the workflow.

• GitHub Docs: Keeping your actions up to date with Dependabot
• GitHub Docs: Exporting a software bill of materials for your repository