From d2ca6044fa8f96c178ec587c1502ebdc9ef6ea64 Mon Sep 17 00:00:00 2001
From: Dylan Bargatze <dbargatz@users.noreply.github.com>
Date: Mon, 14 Oct 2024 20:40:47 -0400
Subject: [PATCH 1/4] Update dependabot-alerts.yml

Update version of action-cve.
---
 .github/workflows/dependabot-alerts.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dependabot-alerts.yml b/.github/workflows/dependabot-alerts.yml
index bf301e79..c7633c45 100644
--- a/.github/workflows/dependabot-alerts.yml
+++ b/.github/workflows/dependabot-alerts.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # X.X.X - Latest version available at: https://github.com/kunalnagarco/action-cve/releases
-      - uses: kunalnagarco/action-cve@v1.12.36
+      - uses: kunalnagarco/action-cve@v1.14.1
         with:
           token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
           slack_webhook: ${{ secrets.SLACK_WEBHOOK }}

From 8a49e77df03f5de77e148246cb745bcdd4c5c2ca Mon Sep 17 00:00:00 2001
From: Dylan Bargatze <dbargatz@users.noreply.github.com>
Date: Mon, 14 Oct 2024 20:44:48 -0400
Subject: [PATCH 2/4] Update dependabot-alerts.yml

Temporarily disable `slack_webhook` to see if it's the source of the bad creds.
---
 .github/workflows/dependabot-alerts.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dependabot-alerts.yml b/.github/workflows/dependabot-alerts.yml
index c7633c45..1fafbf99 100644
--- a/.github/workflows/dependabot-alerts.yml
+++ b/.github/workflows/dependabot-alerts.yml
@@ -16,5 +16,5 @@ jobs:
       - uses: kunalnagarco/action-cve@v1.14.1
         with:
           token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-          slack_webhook: ${{ secrets.SLACK_WEBHOOK }}
+          # slack_webhook: ${{ secrets.SLACK_WEBHOOK }}
           count: 10

From 28b5e970960ed1ca13cf7f4e2194de6011c51ba0 Mon Sep 17 00:00:00 2001
From: Dylan Bargatze <dbargatz@users.noreply.github.com>
Date: Mon, 14 Oct 2024 20:47:18 -0400
Subject: [PATCH 3/4] Update dependabot-alerts.yml

It's definitely the PERSONAL_ACCESS_TOKEN, although unsure why?
---
 .github/workflows/dependabot-alerts.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dependabot-alerts.yml b/.github/workflows/dependabot-alerts.yml
index 1fafbf99..c7633c45 100644
--- a/.github/workflows/dependabot-alerts.yml
+++ b/.github/workflows/dependabot-alerts.yml
@@ -16,5 +16,5 @@ jobs:
       - uses: kunalnagarco/action-cve@v1.14.1
         with:
           token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-          # slack_webhook: ${{ secrets.SLACK_WEBHOOK }}
+          slack_webhook: ${{ secrets.SLACK_WEBHOOK }}
           count: 10

From 2e2b222ab9e47145215571353ac48fccec35cd4b Mon Sep 17 00:00:00 2001
From: Dylan Bargatze <dbargatz@users.noreply.github.com>
Date: Mon, 14 Oct 2024 20:49:41 -0400
Subject: [PATCH 4/4] Update dependabot-alerts.yml

Use GITHUB_TOKEN instead of PERSONAL_ACCESS_TOKEN.
---
 .github/workflows/dependabot-alerts.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dependabot-alerts.yml b/.github/workflows/dependabot-alerts.yml
index c7633c45..67840b89 100644
--- a/.github/workflows/dependabot-alerts.yml
+++ b/.github/workflows/dependabot-alerts.yml
@@ -15,6 +15,6 @@ jobs:
       # X.X.X - Latest version available at: https://github.com/kunalnagarco/action-cve/releases
       - uses: kunalnagarco/action-cve@v1.14.1
         with:
-          token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}
           slack_webhook: ${{ secrets.SLACK_WEBHOOK }}
           count: 10