Follow
GitHub will now send Dependabot alerts for vulnerable GitHub Actions, making it even easier to stay up to date and fix security vulnerabilities in your actions workflows. 🔒
https://github.blog/2022-08-09-dependabot-now-alerts-for-vulnerable-github-actions/
