Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: upgrade github action dependencies #68

Merged
merged 1 commit into from
Sep 7, 2023
Merged

fix: upgrade github action dependencies #68

merged 1 commit into from
Sep 7, 2023

Conversation

bchelkowski
Copy link
Member

What did you implement:

Upgrade github action dependencies

Todos:

  • Write documentation (if required)
  • Fix linting errors
  • Enable "Allow edits from maintainers" for this PR
  • Update the messages below

Is this ready for review?: YES
Is it a breaking change?: NO

@bchelkowski bchelkowski requested a review from a team as a code owner September 7, 2023 13:47
@bchelkowski bchelkowski requested review from tbazelczuk and Borsuczio and removed request for a team September 7, 2023 13:47
@ce-bot-sane-ast
Copy link

Logo
Checkmarx One – Scan Summary & Detailsbee60fc6-5097-47a3-bbca-561a1891f600

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2021-3807 Npm-ansi-regex-5.0.0 Vulnerable Package
HIGH CVE-2021-3918 Npm-json-schema-0.2.3 Vulnerable Package
HIGH CVE-2021-4306 Npm-terminal-kit-2.1.6 Vulnerable Package
HIGH CVE-2021-44906 Npm-minimist-1.2.5 Vulnerable Package
HIGH CVE-2022-24999 Npm-qs-6.5.2 Vulnerable Package
HIGH CVE-2022-25883 Npm-semver-7.3.5 Vulnerable Package
HIGH CVE-2022-25883 Npm-semver-7.0.0 Vulnerable Package
HIGH CVE-2022-25883 Npm-semver-6.3.0 Vulnerable Package
HIGH CVE-2022-3517 Npm-minimatch-3.0.4 Vulnerable Package
HIGH CVE-2022-46175 Npm-json5-2.2.0 Vulnerable Package
HIGH CVE-2023-26115 Npm-word-wrap-1.2.3 Vulnerable Package
HIGH CVE-2023-26136 Npm-tough-cookie-2.5.0 Vulnerable Package
HIGH CVE-2023-38894 Npm-tree-kit-0.7.1 Vulnerable Package
HIGH Cx8bc4df28-fcf5 Npm-debug-4.3.2 Vulnerable Package
HIGH Cxc7705965-e0f0 Npm-@babel/core-7.15.5 Vulnerable Package
HIGH Cxdca8e59f-8bfe Npm-inflight-1.0.6 Vulnerable Package
MEDIUM CVE-2023-0842 Npm-xml2js-0.4.23 Vulnerable Package
MEDIUM CVE-2023-28155 Npm-request-2.88.2 Vulnerable Package
LOW Cxda14f253-4e52 Npm-bluebird-3.7.2 Vulnerable Package
LOW Use_Of_Hardcoded_Password /src/env/args.js: 61 Attack Vector
LOW Use_Of_Hardcoded_Password /src/env/args.js: 41 Attack Vector
LOW Use_Of_Hardcoded_Password /src/env/args.js: 61 Attack Vector
LOW Use_Of_Hardcoded_Password /src/env/args.js: 41 Attack Vector
LOW Use_Of_Hardcoded_Password /src/env/args.js: 61 Attack Vector
LOW Use_Of_Hardcoded_Password /src/env/args.js: 41 Attack Vector
LOW Use_Of_Hardcoded_Password /src/env/args.js: 61 Attack Vector
LOW Use_Of_Hardcoded_Password /src/env/args.js: 41 Attack Vector

@bchelkowski bchelkowski merged commit 9ae8da3 into master Sep 7, 2023
4 checks passed
@bchelkowski bchelkowski deleted the fix--upgrade-github-action-dependencies branch September 7, 2023 13:52
github-actions bot pushed a commit that referenced this pull request Sep 7, 2023
@semantic-release-bot
chore(release): 1.2.4 [skip ci]
fd742c2 
## [1.2.4](v1.2.3...v1.2.4) (2023-09-07)

### Bug Fixes

* rokuDevPassword being treated as number ([#67](#67)) ([b8f8ede](b8f8ede))
* upgrade github action dependencies ([#68](#68)) ([9ae8da3](9ae8da3))
@github-actions
Copy link

github-actions bot commented Sep 7, 2023

🎉 This PR is included in version 1.2.4 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tbazelczuk tbazelczuk Awaiting requested review from tbazelczuk tbazelczuk is a code owner automatically assigned from getndazn/kopytko-team

@Borsuczio Borsuczio Awaiting requested review from Borsuczio Borsuczio is a code owner automatically assigned from getndazn/kopytko-team

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bchelkowski @ce-bot-sane-ast