search

ah-ha-admin / ah-ha-ah

MIT License
0 stars 0 forks source link

Update actions/checkout action to v4 #6

Closed renovate[bot] closed 7 months ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Type Update Change
actions/checkout action major v3 -> v4

Release Notes

actions/checkout (actions/checkout) ### [`v4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v400) [Compare Source](https://togithub.com/actions/checkout/compare/v3...v4) - [Support fetching without the --progress option](https://togithub.com/actions/checkout/pull/1067) - [Update to node20](https://togithub.com/actions/checkout/pull/1436)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

vercel[bot] commented 1 year ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
ah-ha-ah ❌ Failed (Inspect) Oct 19, 2023 10:02am
commit-lint[bot] commented 1 year ago

Contributors

renovate[bot]

Commit-Lint commands
You can trigger Commit-Lint actions by commenting on this PR: - `@Commit-Lint merge patch` will merge dependabot PR on "patch" versions (X.X.Y - Y change) - `@Commit-Lint merge minor` will merge dependabot PR on "minor" versions (X.Y.Y - Y change) - `@Commit-Lint merge major` will merge dependabot PR on "major" versions (Y.Y.Y - Y change) - `@Commit-Lint merge disable` will desactivate merge dependabot PR - `@Commit-Lint review` will approve dependabot PR - `@Commit-Lint stop review` will stop approve dependabot PR
guardrails[bot] commented 1 year ago

:warning: We detected 16 security issues in this pull request:

Hard-Coded Secrets (5)
Severity | Details | Docs :-: | :-- | :-: Medium | Title: **New GitHub Token Format**
https://github.com/ah-ha-admin/ah-ha-ah/blob/825eecaf977e953e093394e8dcdbac8d126601f6/.github/Sexflixxxvip00/nuget.config#L10 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#github-token-new) Medium | Title: **New GitHub Token Format**
https://github.com/ah-ha-admin/ah-ha-ah/blob/825eecaf977e953e093394e8dcdbac8d126601f6/.github/action.yml#L9 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#github-token-new) Medium | Title: **New GitHub Token Format**
https://github.com/ah-ha-admin/ah-ha-ah/blob/825eecaf977e953e093394e8dcdbac8d126601f6/.github/nuget.config#L10 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#github-token-new) Medium | Title: **New GitHub Token Format**
https://github.com/ah-ha-admin/ah-ha-ah/blob/825eecaf977e953e093394e8dcdbac8d126601f6/nuget.config#L10 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#github-token-new) Medium | Title: **Hex High Entropy String**
https://github.com/ah-ha-admin/ah-ha-ah/blob/825eecaf977e953e093394e8dcdbac8d126601f6/AndroidManifest.xml#L6 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#HexHighEntropyString) More info on how to fix Hard-Coded Secrets in [General](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr). ---
Insecure Network Communication (2)
Severity | Details | Docs :-: | :-- | :-: Medium | Title: **Web App Not Using TLS Last Version**
https://github.com/ah-ha-admin/ah-ha-ah/blob/825eecaf977e953e093394e8dcdbac8d126601f6/azuredeploy.json#L50 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/azureresourcemanager/insecure_network_communication.html?utm_source=ghpr#b5c851d5-00f1-43dc-a8de-3218fd6f71be) Critical | Title: **Website Not Forcing HTTPS**
https://github.com/ah-ha-admin/ah-ha-ah/blob/825eecaf977e953e093394e8dcdbac8d126601f6/azuredeploy.json#L60 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/azureresourcemanager/insecure_network_communication.html?utm_source=ghpr#488847ff-6031-487c-bf42-98fd6ac5c9a0) More info on how to fix Insecure Network Communication in [Azureresourcemanager](https://docs.guardrails.io/docs/en/vulnerabilities/azureresourcemanager/insecure_network_communication.html?utm_source=ghpr). ---
Insecure Use of Dangerous Function (5)
Severity | Details | Docs :-: | :-- | :-: High | Title: **Non-static OS command execution**
https://github.com/ah-ha-admin/ah-ha-ah/blob/825eecaf977e953e093394e8dcdbac8d126601f6/rubygems/ExtConfBuilder.rb#L57 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/ruby/insecure_use_of_dangerous_function.html?utm_source=ghpr#dangerous-exec) High | Title: **Non-static OS command execution**
https://github.com/ah-ha-admin/ah-ha-ah/blob/825eecaf977e953e093394e8dcdbac8d126601f6/rubygems/build_extensions.rb#L62 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/ruby/insecure_use_of_dangerous_function.html?utm_source=ghpr#dangerous-exec) High | Title: **Non-static OS command execution**
https://github.com/ah-ha-admin/ah-ha-ah/blob/825eecaf977e953e093394e8dcdbac8d126601f6/setup.rb#L16 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/ruby/insecure_use_of_dangerous_function.html?utm_source=ghpr#dangerous-exec) Critical | Title: **Non-static command inside backticks**
https://github.com/ah-ha-admin/ah-ha-ah/blob/825eecaf977e953e093394e8dcdbac8d126601f6/rubygems/ExtConfBuilder.rb#L61 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/ruby/insecure_use_of_dangerous_function.html?utm_source=ghpr#dangerous-subshell) Critical | Title: **Non-static command inside backticks**
https://github.com/ah-ha-admin/ah-ha-ah/blob/825eecaf977e953e093394e8dcdbac8d126601f6/rubygems/build_extensions.rb#L66 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/ruby/insecure_use_of_dangerous_function.html?utm_source=ghpr#dangerous-subshell) More info on how to fix Insecure Use of Dangerous Function in [Ruby](https://docs.guardrails.io/docs/en/vulnerabilities/ruby/insecure_use_of_dangerous_function.html?utm_source=ghpr). ---
Insecure Use of Language/Framework API (4)
Severity | Details | Docs :-: | :-- | :-: Medium | Title: **User Controlled Method Invocation**
https://github.com/ah-ha-admin/ah-ha-ah/blob/825eecaf977e953e093394e8dcdbac8d126601f6/rubygems/playable.rb#L46 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/ruby/insecure_use_of_language_framework_api.html?utm_source=ghpr#GitlabSecurity/PublicSend) Medium | Title: **User Controlled Method Invocation**
https://github.com/ah-ha-admin/ah-ha-ah/blob/825eecaf977e953e093394e8dcdbac8d126601f6/rubygems/playable.rb#L100 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/ruby/insecure_use_of_language_framework_api.html?utm_source=ghpr#GitlabSecurity/PublicSend) Medium | Title: **User Controlled Method Invocation**
https://github.com/ah-ha-admin/ah-ha-ah/blob/825eecaf977e953e093394e8dcdbac8d126601f6/rubygems/result.rb#L65 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/ruby/insecure_use_of_language_framework_api.html?utm_source=ghpr#GitlabSecurity/PublicSend) Medium | Title: **User Controlled Method Invocation**
https://github.com/ah-ha-admin/ah-ha-ah/blob/825eecaf977e953e093394e8dcdbac8d126601f6/rubygems/result.rb#L71 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/ruby/insecure_use_of_language_framework_api.html?utm_source=ghpr#GitlabSecurity/PublicSend) More info on how to fix Insecure Use of Language/Framework API in [Ruby](https://docs.guardrails.io/docs/en/vulnerabilities/ruby/insecure_use_of_language_framework_api.html?utm_source=ghpr).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

squash-labs[bot] commented 1 year ago

Manage this branch in Squash

Test this branch here: https://renovateactions-checkout-4x-rb7bk.squash.io
stale[bot] commented 7 months ago

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

repo-ranger[bot] commented 7 months ago

⚠️ This has been marked to be closed in 7 days.

renovate[bot] commented 7 months ago

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 4.x releases. But if you manually upgrade to 4.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.