github-actions[bot]
commented
6 months ago 
Checkmarx One – Scan Summary & Details – f645218b-4a95-41eb-a89e-8c9589a1c24e
Policy Management Violations
| Policy Name | Rule(s) | Break Build |
|---|---|---|
| [SAST-ML0] Not allowed NEW Sast vulnerabilities | true |
New Issues
| Severity | Issue | Source File / Package | Checkmarx Insight |
|---|---|---|---|
 |
Unpinned Actions Full Length Commit SHA | /ast-scan.yml: 12 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
|
Unpinned Actions Full Length Commit SHA | /pr-label.yml: 10 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
|
Unpinned Actions Full Length Commit SHA | /dependabot-auto-merge.yml: 23 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
|
Unpinned Actions Full Length Commit SHA | /dependabot-auto-merge.yml: 14 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
|
Unpinned Actions Full Length Commit SHA | /release.yml: 101 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
|
Unpinned Actions Full Length Commit SHA | /release.yml: 68 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
|
Unpinned Actions Full Length Commit SHA | /release.yml: 88 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
Fixed Issues
| Severity | Issue | Source File / Package |
|---|---|---|
 |
CVE-2022-37614 | Npm-mockery-2.1.0 |
Bumps dependabot/fetch-metadata from 1.6.0 to 2.0.0.
Release notes
Sourced from dependabot/fetch-metadata's releases.
... (truncated)
Commits
0fb2170v2.0.0 (#508)dc2c459v2is the new tracking tag (#506)f2f0ad1Upgrade from node16 to node20 (#443)8348ea7v1.7.0 (#505)e21c9fbSwitch to the official action for managing app tokens (#504)3e1bcb9Scope app token to only this repo for security (#501)7187f39Merge pull request #442 from dependabot/dependabot/github_actions/tibdex/gith...f9af96fBump tibdex/github-app-token from 1.8.2 to 2.1.09977d7bMerge pull request #497 from dependabot/dependabot/npm_and_yarn/dev-dependenc...4e1067brun npm buildDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show