Skip to content

Fix CVE 2024 8006 #33112

Fix CVE 2024 8006

Fix CVE 2024 8006 #33112

# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
# This action checks that certain groups of specs have matching tags.
# The main use case is to ensure that signed specs have the same Version and
# Release tags as their unsigned counterparts
name: Spec Entanglement Mismatch Check
on:
push:
branches: [main, dev, 1.0*, 2.0*, 3.0*, fasttrack/*]
pull_request:
branches: [main, dev, 1.0*, 2.0*, 3.0*, fasttrack/*]
jobs:
check:
name: Spec Entanglement Mismatch Check
runs-on: ubuntu-latest
steps:
# Checkout the branch of our repo that triggered this action
- name: Workflow trigger checkout
uses: actions/checkout@v4
# For consistency, we use the same major/minor version of Python that Azure Linux ships
- name: Setup Python 3.12
uses: actions/setup-python@v5
with:
python-version: 3.12
- name: Get Python dependencies
run: python3 -m pip install -r toolkit/scripts/requirements.txt
- name: Run entanglement checking script
run: python3 toolkit/scripts/check_entangled_specs.py .