github-actions[bot]
commented
3 days ago 
Checkmarx One – Scan Summary & Details – e1ee58a5-e479-4774-b2c7-19d44ea5c7e9
New Issues
| Severity | Issue | Source File / Package | Checkmarx Insight |
|---|---|---|---|
 |
Unpinned Actions Full Length Commit SHA | /build-desktop.yml: 1265 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
|
Unpinned Actions Full Length Commit SHA | /build-desktop.yml: 1219 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
Fixed Issues
| Severity | Issue | Source File / Package |
|---|---|---|
|
Unpinned Actions Full Length Commit SHA | /build-desktop.yml: 1210 |
|
Unpinned Actions Full Length Commit SHA | /build-desktop.yml: 1256 |
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-9207
📔 Objective
The updates to the argon2 package seem to have broken the MacOS desktop builds, as they are missing the Python package
setuptools.To fix the builds, I've added the package to
build-desktop.yml, just like it already is inrelease-desktop-beta.yml⏰ Reminders before review
🦮 Reviewer guidelines
:+1:) or similar for great changes:memo:) or ℹ️ (:information_source:) for notes or general info:question:) for questions:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion:art:) for suggestions / improvements:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt:pick:) for minor or nitpick changes