Update checkout-pr-on-issue-comment.yaml

Author: NicholasEllul

packages/semgrep-action/rules/src/github-actions/checkout-pr-on-issue-comment.yaml

@@ -49,43 +49,3 @@ rules:
     likelihood: MEDIUM
     impact: HIGH
     confidence: MEDIUM
-
-- id: publish-actions-cache-used
-  languages:
-    - yaml
-  severity: WARNING
-  metadata:
-    category: security
-    cwe:
-      - "CWE-494: Download of Code Without Integrity Check"
-    owasp:
-      - A08:2021 - Software and Data Integrity Failures
-    references:
-      - https://github.com/MetaMask/MetaMask-planning/issues/3925
-    technology:
-      - github-actions
-      - actions/cache
-    cwe2022-top25: true
-    cwe2021-top25: true
-    subcategory:
-      - audit
-    likelihood: MEDIUM
-    impact: HIGH
-    confidence: MEDIUM
-    tags: [security]
-    shortDescription: Potential cache poisoning risk by using `actions/cache` in a publishing workflow.
-    help: |
-      ## Remediation
-      We recommend avoiding using `actions/cache` if this workflow publishes a release or has access to sensitive secrets. 
-      If caching is required, please see https://github.com/MetaMask/MetaMask-planning/issues/3925 for a workaround.
-  message: >-
-      Using GitHub's Action Cache in publishing workflows, especially in open source repositories, can be dangerous. See
-      https://github.com/MetaMask/MetaMask-planning/issues/3925 for more details and alternative recommendations.
-  patterns:
-      - pattern: "uses: $ACTION_NAME"
-      - metavariable-regex:
-          metavariable: $ACTION_NAME
-          regex: actions/cache@.+
-  paths:
-    include:
-      - ".github/**/*publish*.yml"