Skip to content

lighthouse-3.2.1.tgz: 15 vulnerabilities (highest severity is: 9.8) #31

Open
Open
lighthouse-3.2.1.tgz: 15 vulnerabilities (highest severity is: 9.8)#31
Labels
Mend: dependency security vulnerability
@mend-for-git.832008.xyz

Description

@mend-for-git.832008.xyz
mend-for-git.832008.xyz
bot
opened on Mar 7, 2024
Vulnerable Library - lighthouse-3.2.1.tgz

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (lighthouse version) Remediation Possible**
CVE-2021-44906 Critical 9.8 minimist-0.0.8.tgz Transitive 6.0.0
CVE-2020-7774 Critical 9.8 y18n-3.2.1.tgz Transitive 4.0.0
CVE-2019-10744 Critical 9.1 lodash-4.17.11.tgz Transitive 4.0.0
CVE-2022-25851 High 7.5 jpeg-js-0.1.2.tgz Transitive 6.2.0
CVE-2021-3807 High 7.5 ansi-regex-3.0.0.tgz Transitive 4.0.0
CVE-2020-8203 High 7.4 lodash-4.17.11.tgz Transitive 4.0.0
CVE-2020-8116 High 7.3 dot-prop-4.2.0.tgz Transitive 4.0.0
CVE-2021-23337 High 7.2 lodash-4.17.11.tgz Transitive 4.0.0
CVE-2022-4187 Medium 6.5 detected in multiple dependencies Transitive 4.0.0
CVE-2021-21137 Medium 6.5 detected in multiple dependencies Transitive 4.0.0
CVE-2020-7598 Medium 5.6 minimist-0.0.8.tgz Transitive 6.0.0
CVE-2020-8175 Medium 5.5 jpeg-js-0.1.2.tgz Transitive 6.2.0
CVE-2022-33987 Medium 5.3 got-6.7.1.tgz Transitive 9.3.0
CVE-2020-7608 Medium 5.3 yargs-parser-7.0.0.tgz Transitive 6.0.0
CVE-2020-28500 Medium 5.3 lodash-4.17.11.tgz Transitive 4.0.0

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2021-44906

Vulnerable Library - minimist-0.0.8.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • mkdirp-0.5.1.tgz
      • minimist-0.0.8.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

Publish Date: 2022-03-17

URL: CVE-2021-44906

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-xvch-5gv4-984h

Release Date: 2022-03-17

Fix Resolution (minimist): 0.2.4

Direct dependency fix Resolution (lighthouse): 6.0.0

CVE-2020-7774

Vulnerable Library - y18n-3.2.1.tgz

the bare-bones internationalization library used by yargs

Library home page: https://registry.npmjs.org/y18n/-/y18n-3.2.1.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • yargs-3.32.0.tgz
      • y18n-3.2.1.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.

Publish Date: 2020-11-17

URL: CVE-2020-7774

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/1654

Release Date: 2020-11-17

Fix Resolution (y18n): 3.2.2

Direct dependency fix Resolution (lighthouse): 4.0.0

CVE-2019-10744

Vulnerable Library - lodash-4.17.11.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • inquirer-3.3.0.tgz
      • lodash-4.17.11.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

Publish Date: 2019-07-26

URL: CVE-2019-10744

CVSS 3 Score Details (9.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-jf85-cpcp-j695

Release Date: 2019-07-26

Fix Resolution (lodash): 4.17.12

Direct dependency fix Resolution (lighthouse): 4.0.0

CVE-2022-25851

Vulnerable Library - jpeg-js-0.1.2.tgz

A pure javascript JPEG encoder and decoder

Library home page: https://registry.npmjs.org/jpeg-js/-/jpeg-js-0.1.2.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • jpeg-js-0.1.2.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return.

Publish Date: 2022-06-10

URL: CVE-2022-25851

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-06-10

Fix Resolution (jpeg-js): 0.4.4

Direct dependency fix Resolution (lighthouse): 6.2.0

CVE-2021-3807

Vulnerable Library - ansi-regex-3.0.0.tgz

Regular expression for matching ANSI escape codes

Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • inquirer-3.3.0.tgz
      • strip-ansi-4.0.0.tgz
        • ansi-regex-3.0.0.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

ansi-regex is vulnerable to Inefficient Regular Expression Complexity

Publish Date: 2021-09-17

URL: CVE-2021-3807

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994/

Release Date: 2021-09-17

Fix Resolution (ansi-regex): 3.0.1

Direct dependency fix Resolution (lighthouse): 4.0.0

CVE-2020-8203

Vulnerable Library - lodash-4.17.11.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • inquirer-3.3.0.tgz
      • lodash-4.17.11.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

Publish Date: 2020-07-15

URL: CVE-2020-8203

CVSS 3 Score Details (7.4)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/advisories/1523

Release Date: 2020-07-15

Fix Resolution (lodash): 4.17.19

Direct dependency fix Resolution (lighthouse): 4.0.0

CVE-2020-8116

Vulnerable Library - dot-prop-4.2.0.tgz

Get, set, or delete a property from a nested object using a dot path

Library home page: https://registry.npmjs.org/dot-prop/-/dot-prop-4.2.0.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • configstore-3.1.2.tgz
      • dot-prop-4.2.0.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

Publish Date: 2020-02-04

URL: CVE-2020-8116

CVSS 3 Score Details (7.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116

Release Date: 2020-02-04

Fix Resolution (dot-prop): 4.2.1

Direct dependency fix Resolution (lighthouse): 4.0.0

CVE-2021-23337

Vulnerable Library - lodash-4.17.11.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • inquirer-3.3.0.tgz
      • lodash-4.17.11.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

Publish Date: 2021-02-15

URL: CVE-2021-23337

CVSS 3 Score Details (7.2)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: High
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-35jh-r3h4-6jhm

Release Date: 2021-02-15

Fix Resolution (lodash): 4.17.21

Direct dependency fix Resolution (lighthouse): 4.0.0

CVE-2022-4187

Vulnerable Libraries - chrome-devtools-frontend-1.0.401423.tgz, chrome-devtools-frontend-1.0.593291.tgz

chrome-devtools-frontend-1.0.401423.tgz

Library home page: https://registry.npmjs.org/chrome-devtools-frontend/-/chrome-devtools-frontend-1.0.401423.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • devtools-timeline-model-1.1.6.tgz
      • chrome-devtools-frontend-1.0.401423.tgz (Vulnerable Library)

chrome-devtools-frontend-1.0.593291.tgz

Library home page: https://registry.npmjs.org/chrome-devtools-frontend/-/chrome-devtools-frontend-1.0.593291.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • chrome-devtools-frontend-1.0.593291.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)

Publish Date: 2022-11-30

URL: CVE-2022-4187

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.npmjs.com/package/chrome-devtools-frontend?activeTab=versions

Release Date: 2022-11-30

Fix Resolution (chrome-devtools-frontend): 1.0.1070764

Direct dependency fix Resolution (lighthouse): 4.0.0

Fix Resolution (chrome-devtools-frontend): 1.0.1070764

Direct dependency fix Resolution (lighthouse): 4.0.0

CVE-2021-21137

Vulnerable Libraries - chrome-devtools-frontend-1.0.401423.tgz, chrome-devtools-frontend-1.0.593291.tgz

chrome-devtools-frontend-1.0.401423.tgz

Library home page: https://registry.npmjs.org/chrome-devtools-frontend/-/chrome-devtools-frontend-1.0.401423.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • devtools-timeline-model-1.1.6.tgz
      • chrome-devtools-frontend-1.0.401423.tgz (Vulnerable Library)

chrome-devtools-frontend-1.0.593291.tgz

Library home page: https://registry.npmjs.org/chrome-devtools-frontend/-/chrome-devtools-frontend-1.0.593291.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • chrome-devtools-frontend-1.0.593291.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.

Publish Date: 2021-02-09

URL: CVE-2021-21137

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21137

Release Date: 2021-02-09

Fix Resolution (chrome-devtools-frontend): 1.0.820688

Direct dependency fix Resolution (lighthouse): 4.0.0

Fix Resolution (chrome-devtools-frontend): 1.0.820688

Direct dependency fix Resolution (lighthouse): 4.0.0

CVE-2020-7598

Vulnerable Library - minimist-0.0.8.tgz

parse argument options

Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • mkdirp-0.5.1.tgz
      • minimist-0.0.8.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.

Publish Date: 2020-03-11

URL: CVE-2020-7598

CVSS 3 Score Details (5.6)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2020-03-11

Fix Resolution (minimist): 0.2.1

Direct dependency fix Resolution (lighthouse): 6.0.0

CVE-2020-8175

Vulnerable Library - jpeg-js-0.1.2.tgz

A pure javascript JPEG encoder and decoder

Library home page: https://registry.npmjs.org/jpeg-js/-/jpeg-js-0.1.2.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • jpeg-js-0.1.2.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

Uncontrolled resource consumption in jpeg-js before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image.

Publish Date: 2020-07-24

URL: CVE-2020-8175

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8175

Release Date: 2020-07-27

Fix Resolution (jpeg-js): 0.4.0

Direct dependency fix Resolution (lighthouse): 6.2.0

CVE-2022-33987

Vulnerable Library - got-6.7.1.tgz

Simplified HTTP requests

Library home page: https://registry.npmjs.org/got/-/got-6.7.1.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • update-notifier-2.2.0.tgz
      • latest-version-3.1.0.tgz
        • package-json-4.0.1.tgz
          • got-6.7.1.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.

Publish Date: 2022-06-18

URL: CVE-2022-33987

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987

Release Date: 2022-06-18

Fix Resolution (got): 11.8.6

Direct dependency fix Resolution (lighthouse): 9.3.0

CVE-2020-7608

Vulnerable Library - yargs-parser-7.0.0.tgz

the mighty option parser used by yargs

Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-7.0.0.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • yargs-parser-7.0.0.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.

Publish Date: 2020-03-16

URL: CVE-2020-7608

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2020-03-16

Fix Resolution (yargs-parser): 13.1.2

Direct dependency fix Resolution (lighthouse): 6.0.0

CVE-2020-28500

Vulnerable Library - lodash-4.17.11.tgz

Lodash modular utilities.

Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz

Dependency Hierarchy:

  • lighthouse-3.2.1.tgz (Root Library)
    • inquirer-3.3.0.tgz
      • lodash-4.17.11.tgz (Vulnerable Library)

Found in HEAD commit: 3a02ac49d37e94b5747f69bc6d783357d23ba57f

Found in base branch: main

Vulnerability Details

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Mend Note: After conducting further research, Mend has determined that CVE-2020-28500 only affects environments with versions 4.0.0 to 4.17.20 of Lodash.

Publish Date: 2021-02-15

URL: CVE-2020-28500

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500

Release Date: 2021-02-15

Fix Resolution (lodash): 4.17.21

Direct dependency fix Resolution (lighthouse): 4.0.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    Mend: dependency security vulnerability

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions