-
Snyk depends on a secret named `SNYK_TOKEN`
https://github.com/GSA-TTS/tts.gsa.gov/blob/main/.github/workflows/snyk-security.yml#L52
![Screenshot_20240717_112656](https://github.com/user-attach…
-
Use as https://github.com/CDCgov/prime-simplereport/pull/7702 for how to complete PR
-
## Expected outcome
Evaluate SNYK vulnerabilities listed as PR's for this repository and implement the relevant updates.
## Business Value / Developer Experience
Keeping software up to da…
-
Snyk is reporting a vulnerability in the authlib package in the requirements-test.txt file. This package is being brought in as a dependency of another package. Specify a version for authlib of at lea…
-
Snyk is reporting a vulnerability with the setuptools package in the requirements-test.txt file. It’s being brought in as a dependency of other packages. Specify a version for the setuptools package o…
-
In my organization, we use Snyk as a security measure and Datadog for collecting events. We have encountered a Snyk issue due to the jnr-posix library used by the java-dogstatsd-client. The details of…
-
### Issue and Steps to Reproduce
Hello @guillaume-chervet and maintainers,
I am seeing below error of snyk in analysis:
> Avoid hardcoding values that are meant to be secret. Found a hardcoded str…
-
There are known vulnerabilities with the version of Drools used in the project (`6.5.0.Final`)
https://security.snyk.io/package/maven/org.drools:drools-compiler/6.5.0.Final
- https://security.snyk…
-
Everything works well in my local, but failing in the pipeline.
```
Issues with no direct upgrade or patch:
✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://secu…
-
## Affecting Packages/Plugins
* [root](package.json)
* [example-app](packages/app/package.json)
* [@backstage/app-defaults](packages/app-defaults/package.json)
* [example-app-next](packages/app-next…