update: bump the gh-actions-packages group across 1 directory with 11 updates

[dependabot[bot]]

Bumps the gh-actions-packages group with 11 updates in the / directory:

Package	From	To
actions/checkout	4.1.6	4.1.7
snok/container-retention-policy	2.2.1	3.0.0
github/codeql-action	3.25.6	3.25.12
actions/dependency-review-action	4.3.2	4.3.4
actions/setup-python	5.1.0	5.1.1
bridgecrewio/checkov-action	12.2762.0	12.2825.0
anchore/sbom-action	0.16.0	0.17.0
docker/setup-buildx-action	3.3.0	3.4.0
docker/build-push-action	5.3.0	6.4.1
MishaKav/pytest-coverage-comment	1.1.51	1.1.52
mikepenz/action-junit-report	4.2.1	4.3.1

Updates actions/checkout from 4.1.6 to 4.1.7

Release notes

Sourced from actions/checkout's releases.

v4.1.7

What's Changed

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

New Contributors

• @​orhantoy made their first contribution in actions/checkout#1774

Full Changelog: https://github.com/actions/checkout/compare/v4.1.6...v4.1.7

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

v4.1.5

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695
• README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @​cory-miller in actions/checkout#1707

v4.1.4

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in actions/checkout#1692
• Add dependabot config by @​cory-miller in actions/checkout#1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in actions/checkout#1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in actions/checkout#1643

v4.1.3

• Check git version before attempting to disable sparse-checkout by @​jww3 in actions/checkout#1656
• Add SSH user parameter by @​cory-miller in actions/checkout#1685
• Update actions/checkout version in update-main-version.yml by @​jww3 in actions/checkout#1650

v4.1.2

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in actions/checkout#1598

v4.1.1

• Correct link to GitHub Docs by @​peterbe in actions/checkout#1511
• Link to release page from what's new section by @​cory-miller in actions/checkout#1514

v4.1.0

• Add support for partial checkout filters

v4.0.0

• Support fetching without the --progress option
• Update to node20

v3.6.0

• Fix: Mark test scripts with Bash'isms to be run via Bash
• Add option to fetch tags even if fetch-depth > 0

v3.5.3

• Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in
• Fix typos found by codespell

... (truncated)

Commits

• 692973e Prepare 4.1.7 release (#1775)
• 6ccd57f Pin actions/checkout's own workflows to a known, good, stable version. (#1776)
• b17fe1e Handle hidden refs (#1774)
• b80ff79 Bump actions/checkout from 3 to 4 (#1697)
• b1ec302 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1739)
• See full diff in compare view

Updates snok/container-retention-policy from 2.2.1 to 3.0.0

Release notes

Sourced from snok/container-retention-policy's releases.

v3.0.0

Disclaimer: This release breaks the API of the action to a large degree. It might be wise to run the action with dry-run: true after upgrading.

This release is a complete rewrite of the action, tackling most if not all open issues in the issue tracker. Some of the highlights include:

• Simplifying and consolidating the inputs of the action
• Improving the runtime performance, and the initialization time of the action in CI
• Support for multi-platform packages
• Support for new token types (secrets.GITHUB_TOKEN and Github app tokens)
• Much better handling of GitHub API rate limits

💥 There are a lot of breaking changes, so we've included a migration guide at the bottom of this post, to make things a bit simpler.

Since the release introduces a few thousand lines of code, we expect there may be a few things left to iron out. If you run into any problems, please share them in the v3 release issue.

---

In addition to what's mentioned above, other new features and changes include:

• Significant effort has been spent on improving the logging, to give better insights into what exactly is happening
• Updated license from BSD-3 to MIT.
• The available syntax for image-names and image-tags previously allowed wildcards (using the * character). We now also allow the ? character to express a single-character wildcard. For example, the pattern ca? will match car and cat. See the wildmatch docs for details.

In addition to changing the inputs of the action (more details below), there are a few other breaking changes:

• We'll no longer maintain mutable major and minor version tags for the action. There will be no v3 target for the action, just v3.0.0 and other exact versions. Mutable major version tags are generally hard to maintain and not much safer than tracking the main branch, so more precise tag tracking should reduce the likelihood of broken runs going forward. Paired with dependabot, upgrading should not be much harder than it has been.
• The needs-assistance output was deleted

And in terms of performance improvements:

• The action has been rewritten from a composite action to a container action, and the total size of the new image is < 10Mi.
• The action would previously take ~30 seconds to initialize and would require a Python runtime. The action now starts in less than a second, and runs as a standalone binary.
• The runtime of the action has been reduced, and assuming we need to delete less than 180 package versions, the action completes in, at most, a few seconds. See this example of a recent run. When we have to delete more than 180 package versions, there's a minute of waiting for every 180 new package versions, as a consequence of GitHub's secondary API rate limits. See the new README for details.

Migration guide

• The account-type and org-name inputs have been replaced with account, which should be set to the literal string "user" if you previously used account-type: personal and to the organization name otherwise:

  - account-type: personal
  + account: user
  

  or

  - account-type: organization
  - org-name: acme
  + account: acme
  

... (truncated)

Commits

• 4f22ef8 fix: Correct oauth scope check
• def81c2 fix(ci): Use input version tag when building image
• ab30663 chore: Update docs for release and update action image
• 7793513 chore(deps): bump docker/build-push-action from 5 to 6
• 79a0b31 Remove oauth token
• 851b141 Rewrite the action in Rust
• 178bc0b chore: Update test workflow to test v3-develop branch
• e6eea47 fix(workflows): Correct script and run every 3 hours
• 3bfc979 fix(ci): Revise test dockerfile
• e66905c refactor(ci): Add variables to reduce clutter
• Additional commits viewable in compare view

Updates github/codeql-action from 3.25.6 to 3.25.12

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

• Add codeql-version to outputs. #2368
• Add a deprecation warning for customers using CodeQL version 2.13.4 and earlier. These versions of CodeQL were discontinued on 9 July 2024 alongside GitHub Enterprise Server 3.9, and will be unsupported by CodeQL Action versions 3.26.0 and later and versions 2.26.0 and later. #2375
  • If you are using one of these versions, please update to CodeQL CLI version 2.13.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
  • Alternatively, if you want to continue using a version of the CodeQL CLI between 2.12.6 and 2.13.4, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.25.13 and github/codeql-action/*@v2 by github/codeql-action/*@v2.25.13 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

3.25.12 - 12 Jul 2024

• Improve the reliability and performance of analyzing code when analyzing a compiled language with the autobuild build mode on GitHub Enterprise Server. This feature is already available to GitHub.com users. #2353
• Update default CodeQL bundle version to 2.18.0. #2364

3.25.11 - 28 Jun 2024

• Avoid failing the workflow run if there is an error while uploading debug artifacts. #2349
• Update default CodeQL bundle version to 2.17.6. #2352

3.25.10 - 13 Jun 2024

• Update default CodeQL bundle version to 2.17.5. #2327

3.25.9 - 12 Jun 2024

• Avoid failing database creation if the database folder already exists and contains some unexpected files. Requires CodeQL 2.18.0 or higher. #2330
• The init Action will attempt to clean up the database cluster directory before creating a new database and at the end of the job. This will help to avoid issues where the database cluster directory is left in an inconsistent state. #2332

3.25.8 - 04 Jun 2024

• Update default CodeQL bundle version to 2.17.4. #2321

3.25.7 - 31 May 2024

• We are rolling out a feature in May/June 2024 that will reduce the Actions cache usage of the Action by keeping only the newest TRAP cache for each language. #2306

3.25.6 - 20 May 2024

• Update default CodeQL bundle version to 2.17.3. #2295

3.25.5 - 13 May 2024

• Add a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md. #2273
• Avoid printing out a warning for a missing on.push trigger when the CodeQL Action is triggered via a workflow_call event. #2274
• The tools: latest input to the init Action has been renamed to tools: linked. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. #2281

... (truncated)

Commits

• 4fa2a79 Merge pull request #2369 from github/update-v3.25.12-947b18fb7
• dec6fb7 Update changelog for v3.25.12
• 947b18f Merge pull request #2365 from github/dependabot/npm_and_yarn/npm-88aac57241
• 9ab7277 Merge pull request #2364 from github/update-bundle/codeql-bundle-v2.18.0
• 1c60bf1 Merge branch 'main' into update-bundle/codeql-bundle-v2.18.0
• be825d5 Merge pull request #2353 from github/henrymercer/enable-direct-tracing
• 243e392 Fix PR number in changelog
• 026682f Fix bad auto merge in changelog
• 264cbe2 Merge branch 'main' into henrymercer/enable-direct-tracing
• 0b65015 Update checked-in dependencies
• Additional commits viewable in compare view

Updates actions/dependency-review-action from 4.3.2 to 4.3.4

Release notes

Sourced from actions/dependency-review-action's releases.

v4.3.4

What's Changed

• Include all added dependencies in scorecard entries by @​elireisman in actions/dependency-review-action#783
• Update SPDX Expression Parsing by @​febuiles in actions/dependency-review-action#719
  • This PR is a significant refactor of SPDX expression parsing that may fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version.

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.3.3...v4.3.4

Notes for v4.3.3

What's Changed

• Allow slashes in purl package names by @​juxtin in actions/dependency-review-action#765
• use the v3 version of the deps.dev API by @​josieang in actions/dependency-review-action#741
• PR with suggestions - [Improvement]: Help streamline / simplify dependency review action README by @​am-stead in actions/dependency-review-action#773
• fix show-openssf-scorecard-levels input by @​ramann in actions/dependency-review-action#776
• Updates to the contribution guidelines by @​jonjanego in actions/dependency-review-action#778
• Create issue templates by @​jonjanego in actions/dependency-review-action#777
• Fix the max comment length issue by @​jhutchings1 and @​elireisman in actions/dependency-review-action#767
• Bump project version to 4.3.3 in prep for a release by @​elireisman in actions/dependency-review-action#781

New Contributors

• @​josieang made their first contribution in actions/dependency-review-action#741
• @​am-stead made their first contribution in actions/dependency-review-action#773
• @​ramann made their first contribution in actions/dependency-review-action#776

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.3.2...v4.3.3

Commits

• 5a2ce3f Merge pull request #791 from actions/juxtin/update-version
• ac6a6ad Prepare even more for v4.3.4
• 3e2b917 Merge pull request #790 from actions/juxtin/update-version
• d9ab9c8 Update version in package.json
• 8c152c7 Merge pull request #769 from actions/dependabot/npm_and_yarn/zod-3.23.8
• 0085d30 Update dist
• 08b5bf2 Bump zod from 3.22.4 to 3.23.8
• 986fce9 Merge pull request #784 from actions/dependabot/npm_and_yarn/got-14.4.1
• 28743f8 Merge pull request #719 from actions/change-spdx-parser
• d6f34c3 Merge pull request #789 from actions/dependabot/npm_and_yarn/braces-3.0.3
• Additional commits viewable in compare view

Updates actions/setup-python from 5.1.0 to 5.1.1

Release notes

Sourced from actions/setup-python's releases.

v5.1.1

What's Changed

Bug fixes:

• fix(ci): update all failing workflows by @​mayeut in actions/setup-python#863 This update ensures compatibility and optimal performance of workflows on the latest macOS version.

Documentation changes:

• Documentation update for cache by @​gowridurgad in actions/setup-python#873

Dependency updates:

• Bump braces from 3.0.2 to 3.0.3 and undici from 5.28.3 to 5.28.4 by @​dependabot in actions/setup-python#893

New Contributors

• @​gowridurgad made their first contribution in actions/setup-python#873

Full Changelog: https://github.com/actions/setup-python/compare/v5...v5.1.1

Commits

• 39cd149 Documentation update for cache (#873)
• a0d74c0 fix(ci): update all failing workflows (#863)
• 4eb7dbc Bump braces from 3.0.2 to 3.0.3 (#893)
• See full diff in compare view

Updates bridgecrewio/checkov-action from 12.2762.0 to 12.2825.0

Commits

• 706b7a7 Bump checkov container version to 3.2.193
• fa45bce Bump checkov container version to 3.2.190
• 4bb6746 Bump checkov container version to 3.2.189
• cddf908 Bump checkov container version to 3.2.187
• e28bcec Bump checkov container version to 3.2.186
• b1800dd Bump checkov container version to 3.2.185
• b112c6c Bump checkov container version to 3.2.184
• 879d12f Bump checkov container version to 3.2.183
• 4ad3dce Bump checkov container version to 3.2.182
• 3dbbf86 Bump checkov container version to 3.2.181
• Additional commits viewable in compare view

Updates anchore/sbom-action from 0.16.0 to 0.17.0

Release notes

Sourced from anchore/sbom-action's releases.

v0.17.0

Changes in v0.17.0

• chore(deps): update Syft to v1.9.0 (#479) [anchore-actions-token-generator]
• chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#474) [dependabot]
• chore(deps): bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#475) [dependabot]
• chore: serialize tests to prevent install race (#478) [willmurphyscode]

v0.16.1

Changes in v0.16.1

• fix: workaround windows install issue (#477) [willmurphyscode]
• fix: allow users to properly use the file input over the default path value (#471) [komish]
• chore(deps): update Syft to v1.5.0 (#470) [anchore-actions-token-generator]
• docs: notes for matrix and required permissions (#469) [kzantow]
• chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#466) [dependabot]

Commits

• d94f46e chore(deps): update Syft to v1.9.0 (#479)
• ee41e6a chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#474)
• 23e0b38 chore(deps): bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#475)
• f4035cd chore: serialize tests to prevent install race (#478)
• f3253ca chore(deps): update Syft to v1.8.0 (#473)
• 95b086a fix: workaround windows install script (#477)
• 72370e1 fix: allow users to properly use the file input over the default path value (...
• e28bab5 chore(deps): update Syft to v1.5.0 (#470)
• 2283abe docs: notes for matrix and required permissions (#469)
• 07e5b3a chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#466)
• See full diff in compare view

Updates docker/setup-buildx-action from 3.3.0 to 3.4.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.4.0

• Throw error message instead of exit code by @​crazy-max in docker/setup-buildx-action#315
• Bump @​docker/actions-toolkit from 0.20.0 to 0.31.0 in docker/setup-buildx-action#321 docker/setup-buildx-action#338
• Bump braces from 3.0.2 to 3.0.3 in docker/setup-buildx-action#329
• Bump undici from 5.28.3 to 5.28.4 in docker/setup-buildx-action#312
• Bump uuid from 9.0.1 to 10.0.0 in docker/setup-buildx-action#326

Full Changelog: https://github.com/docker/setup-buildx-action/compare/v3.3.0...v3.4.0

Commits

• 4fd8129 Merge pull request #312 from docker/dependabot/npm_and_yarn/undici-5.28.4
• 3386dc4 chore: update generated content
• d191aef build(deps): bump undici from 5.28.3 to 5.28.4
• f686054 Merge pull request #338 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 7854785 chore: update generated content
• 830928c fix builder type path
• 26d2aec build(deps): bump @​docker/actions-toolkit from 0.23.0 to 0.31.0
• ab17e3e Merge pull request #339 from crazy-max/missing-types-jsyaml
• d79cb80 missing types for js-yaml
• 13cf788 Merge pull request #326 from docker/dependabot/npm_and_yarn/uuid-10.0.0
• Additional commits viewable in compare view

Updates docker/build-push-action from 5.3.0 to 6.4.1

Release notes

Sourced from docker/build-push-action's releases.

v6.4.1

• revert "Set repository and ghtoken attributes for GitHub Actions cache backend" by @​crazy-max in docker/build-push-action#1183

Full Changelog: https://github.com/docker/build-push-action/compare/v6.4.0...v6.4.1

v6.4.0

• Set repository and ghtoken attributes for GitHub Actions cache backend by @​crazy-max in docker/build-push-action#1133
• Bump @​docker/actions-toolkit from 0.31.0 to 0.33.0 in docker/build-push-action#1179

Full Changelog: https://github.com/docker/build-push-action/compare/v6.3.0...v6.4.0

v6.3.0

• DOCKER_BUILD_RECORD_UPLOAD environment variable to enable/disable build record upload by @​crazy-max in docker/build-push-action#1172
• DOCKER_BUILD_NO_SUMMARY has been deprecated. Set DOCKER_BUILD_SUMMARY to false instead by @​crazy-max in docker/build-push-action#1170 docker/build-push-action#1173
• Bump @​docker/actions-toolkit from 0.28.0 to 0.31.0 in docker/build-push-action#1171 docker/build-push-action#1159 docker/build-push-action#1169

Full Changelog: https://github.com/docker/build-push-action/compare/v6.2.0...v6.3.0

v6.2.0

• Use default retention days for build export artifact by @​crazy-max in docker/build-push-action#1153
• Bump @​docker/actions-toolkit from 0.27.0 to 0.28.0 in docker/build-push-action#1158

Full Changelog: https://github.com/docker/build-push-action/compare/v6.1.0...v6.2.0

v6.1.0

• Bump @​docker/actions-toolkit from 0.26.2 to 0.27.0 in docker/build-push-action#1149

Full Changelog: https://github.com/docker/build-push-action/compare/v6.0.2...v6.1.0

v6.0.2

• Bump @​docker/actions-toolkit from 0.26.1 to 0.26.2 in docker/build-push-action#1147

Full Changelog: https://github.com/docker/build-push-action/compare/v6.0.1...v6.0.2

v6.0.1

• Bump @​docker/actions-toolkit from 0.26.0 to 0.26.1 in docker/build-push-action#1142

Full Changelog: https://github.com/docker/build-push-action/compare/v6.0.0...v6.0.1

v6.0.0

• Export build record and generate build summary by @​crazy-max in docker/build-push-action#1120
• Bump @​docker/actions-toolkit from 0.24.0 to 0.26.0 in docker/build-push-action#1132 docker/build-push-action#1136 docker/build-push-action#1138
• Bump braces from 3.0.2 to 3.0.3 in docker/build-push-action#1137

[!NOTE] This major release adds support for generating Build summary and exporting build record for your build. You can disable this feature by setting DOCKER_BUILD_NO_SUMMARY: true environment variable in your workflow.

Full Changelog: https://github.com/docker/build-push-action/compare/v5.4.0...v6.0.0

v5.4.0

... (truncated)

Commits

• 1ca370b Merge pull request #1183 from crazy-max/revert-gha-cache-to
• 2c95ebe chore: update generated content
• d189d0e Revert "set repository and ghtoken attributes for gha cache type"
• a254f8c Merge pull request #1179 from docker/dependabot/npm_and_yarn/docker/actions-t...
• 94dae62 chore: update generated content
• 267a69d chore(deps): Bump @​docker/actions-toolkit from 0.31.0 to 0.33.0
• f23fb2a Merge pull request #1133 from crazy-max/gha-cache-to
• ef76d10 chore: update generated content
• 522345f set repository and ghtoken attributes for gha cache type
• 1a16264 Merge pull request #1172 from crazy-max/build-export-disable
• Additional commits viewable in compare view

Updates MishaKav/pytest-coverage-comment from 1.1.51 to 1.1.52

Release notes

Sourced from MishaKav/pytest-coverage-comment's releases.

v1.1.52

What's Changed

• Add sample of permissions/Fix permissions of existing jobs by @​m-tmatma in MishaKav/pytest-coverage-comment#162
• Fix typo s/Percantage/Percentage/ by @​jalessio in MishaKav/pytest-coverage-comment#165
• junit: use data from all testsuites by @​eltoder in MishaKav/pytest-coverage-comment#168
• Use label instead of ref for workflow_run and workflow_dispatch by @​cecheta in MishaKav/pytest-coverage-comment#160
• Fix commit SHA for workflow_run by @​cecheta in MishaKav/pytest-coverage-comment#158

New Contributors

• @​m-tmatma made their first contribution in MishaKav/pytest-coverage-comment#162
• @​jalessio made their first contribution in MishaKav/pytest-coverage-comment#165
• @​eltoder made their first contribution in MishaKav/pytest-coverage-comment#168
• @​cecheta made their first contribution in MishaKav/pytest-coverage-comment#160

Full Changelog: https://github.com/MishaKav/pytest-coverage-comment/compare/v1.1.51...v1.1.52

Changelog

Sourced from MishaKav/pytest-coverage-comment's changelog.

Changelog of the Pytest Coverage Comment

Pytest Coverage Comment 1.1.52

Release Date: 2024-06-30

Changes

• fix commit sha and ref for workflow_run, instead of from the default branch, thanks to @​cecheta for contribution
• use label instead of ref for workflow_run and workflow_dispatch, thanks to @​cecheta for contribution
• use data from all testsuites instead the first one, thanks to @​eltoder for contribution

Pytest Coverage Comment 1.1.51

Release Date: 2024-01-13

Changes

• add workflow_run to the events that can trigger this action, big thanks to @​Bouni for contribution

Pytest Coverage Comment 1.1.50

Release Date: 2023-11-26

Changes

• add support for updateing the comment in PR through workflow_dispatch event by passing manually issue number, thanks to @​alexjyong for contribution

Pytest Coverage Comment 1.1.49

Release Date: 2023-11-15

Changes

• remove warning by run in node20 instead node16
• add support for workflow_dispatch event, thanks to @​f100024 for contribution

Pytest Coverage Comment 1.1.48

Release Date: 2023-08-02

Changes

• Fix wrong badge link when have an empty space in total coverage

Pytest Coverage Comment 1.1.47

Release Date: 2023-03-18

Changes

... (truncated)

Commits

• fa1c641 changelog for 1.1.52
• 7b6b113 Fix commit SHA for workflow_run (#158)
• c1c1738 Use label instead of ref (#160)
• 2e3c380 junit: use data from all testsuites (#168)
• ed05a2e fix typo in coverageComment
• 0e5d939 Fix typo s/Percantage/Percentage/ (#165)
• 0f5f92e Add sample of permissions/Fix permissions of existing jobs (#162)
• See full diff in compare view

Updates mikepenz/action-junit-report from 4.2.1 to 4.3.1

Release notes

Sourced from mikepenz/action-junit-report's releases.

v4.3.1

🐛 Fixes

• Revert optimisation to skip processing of scucessful tests
  • PR: #1122

v4.3.0

[!CAUTION] This version has a bug resulting in passed annotations not being created. Use v4.3.1 (or newer) instead See the report here: mikepenz/action-junit-report#1121

🚀 Features

• Improve performance of action's processing
  • PR: #1105
  • Thanks @​GUI

📦 Dependencies

• Dependency Upgrades
  • PR: #1111

v4.2.2

🚀 Features

• Add classname to check_title_template
  • PR: #1095
  • Thanks @​valentin-demange

📦 Dependencies

• Dependency upgrades
  • PR: #1101

Commits

• db71d41 Merge pull request #1122 from mikepenz/fix/1121
• 2d70fb2 - revert testcase
• c4cd1de - revert annotation optimisation (Skip processing of successful tests if `inc...
• eb1a2b2 Merge pull request #1111 from mikepenz/feature/dependency_updates_20240620
• 71ce529 ```

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA a676557dba3652ed31462373e659c8d397b5a446.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

.github/workflows/.reusable-sast.yml

Package	Version	License	Issue Type
bridgecrewio/checkov-action	706b7a7cca850bb4363ffa8d208bbd1573b2da2a	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
actions/actions/checkout	692973e3d937129bcbf40652eb9f2f61becf3332	:green_circle: 7.5	Details Check Score Reason Maintained :green_circle: 10 18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review :green_circle: 10 all changesets reviewed CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 Security-Policy :green_circle: 9 security policy file detected Packaging :green_circle: 10 packaging workflow detected SAST :green_circle: 10 SAST tool is run on all commits Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
actions/snok/container-retention-policy	4f22ef80902ad409ed55a99dc5133cc1250a0d03	:green_circle: 5.4	Details Check Score Reason Code-Review :warning: 2 Found 5/23 approved changesets -- score normalized to 2 Maintained :green_circle: 10 20 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Fuzzing :warning: 0 project is not fuzzed Packaging :green_circle: 10 packaging workflow detected Security-Policy :warning: 0 security policy file not detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected
actions/actions/checkout	692973e3d937129bcbf40652eb9f2f61becf3332	:green_circle: 7.5	Details Check Score Reason Maintained :green_circle: 10 18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review :green_circle: 10 all changesets reviewed CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 Security-Policy :green_circle: 9 security policy file detected Packaging :green_circle: 10 packaging workflow detected SAST :green_circle: 10 SAST tool is run on all commits Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
actions/actions/dependency-review-action	5a2ce3f5b92ee19cbb1541a4984c76d921601d7c	:green_circle: 7.2	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Security-Policy :green_circle: 9 security policy file detected Packaging :warning: -1 packaging workflow not detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies :warning: 1 dependency not pinned by hash detected -- score normalized to 1 Fuzzing :warning: 0 project is not fuzzed SAST :green_circle: 9 SAST tool detected but not run on all commits Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected
actions/github/codeql-action/upload-sarif	4fa2a7953630fd2f3fb380f21be14ede0169dd4f	Unknown	Unknown
actions/actions/checkout	692973e3d937129bcbf40652eb9f2f61becf3332	:green_circle: 7.5	Details Check Score Reason Maintained :green_circle: 10 18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review :green_circle: 10 all changesets reviewed CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 Security-Policy :green_circle: 9 security policy file detected Packaging :green_circle: 10 packaging workflow detected SAST :green_circle: 10 SAST tool is run on all commits Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
actions/actions/setup-python	39cd14951b08e74b54015e9e001cdefcf80e669f	:green_circle: 5.2	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :warning: 2 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Fuzzing :warning: 0 project is not fuzzed Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy :green_circle: 9 security policy file detected SAST :green_circle: 9 SAST tool is not run on all commits -- score normalized to 9 Vulnerabilities :warning: 0 46 existing vulnerabilities detected
actions/actions/checkout	692973e3d937129bcbf40652eb9f2f61becf3332	:green_circle: 7.5	Details Check Score Reason Maintained :green_circle: 10 18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review :green_circle: 10 all changesets reviewed CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 Security-Policy :green_circle: 9 security policy file detected Packaging :green_circle: 10 packaging workflow detected SAST :green_circle: 10 SAST tool is run on all commits Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
actions/actions/checkout	692973e3d937129bcbf40652eb9f2f61becf3332	:green_circle: 7.5	Details Check Score Reason Maintained :green_circle: 10 18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review :green_circle: 10 all changesets reviewed CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 Security-Policy :green_circle: 9 security policy file detected Packaging :green_circle: 10 packaging workflow detected SAST :green_circle: 10 SAST tool is run on all commits Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
actions/actions/setup-python	39cd14951b08e74b54015e9e001cdefcf80e669f	:green_circle: 5.2	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :warning: 2 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Fuzzing :warning: 0 project is not fuzzed Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy :green_circle: 9 security policy file detected SAST :green_circle: 9 SAST tool is not run on all commits -- score normalized to 9 Vulnerabilities :warning: 0 46 existing vulnerabilities detected
actions/bridgecrewio/checkov-action	706b7a7cca850bb4363ffa8d208bbd1573b2da2a	Unknown	Unknown
actions/github/codeql-action/analyze	4fa2a7953630fd2f3fb380f21be14ede0169dd4f	Unknown	Unknown
actions/github/codeql-action/init	4fa2a7953630fd2f3fb380f21be14ede0169dd4f	Unknown	Unknown
actions/github/codeql-action/upload-sarif	4fa2a7953630fd2f3fb380f21be14ede0169dd4f	Unknown	Unknown
actions/actions/checkout	692973e3d937129bcbf40652eb9f2f61becf3332	:green_circle: 7.5	Details Check Score Reason Maintained :green_circle: 10 18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review :green_circle: 10 all changesets reviewed CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 Security-Policy :green_circle: 9 security policy file detected Packaging :green_circle: 10 packaging workflow detected SAST :green_circle: 10 SAST tool is run on all commits Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
actions/anchore/sbom-action	d94f46e13c6c62f59525ac9a1e147a99dc0b9bf5	:green_circle: 5.1	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :green_circle: 10 16 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: 0 Project has not signed or included provenance with any releases. Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Binary-Artifacts :green_circle: 9 binaries present in source code Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed Security-Policy :warning: 0 security policy file not detected Pinned-Dependencies :green_circle: 7 dependency not pinned by hash detected -- score normalized to 7 SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Packaging :green_circle: 10 packaging workflow detected Vulnerabilities :warning: 1 9 existing vulnerabilities detected
actions/MishaKav/pytest-coverage-comment	fa1c641d7e3fa1d98ed95d5f658ccd638b774628	:green_circle: 4.8	Details Check Score Reason Code-Review :warning: 2 Found 8/27 approved changesets -- score normalized to 2 Maintained :green_circle: 8 8 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 8 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts :green_circle: 10 no binaries found in the repo Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy :warning: 0 security policy file not detected Fuzzing :warning: 0 project is not fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected
actions/actions/checkout	692973e3d937129bcbf40652eb9f2f61becf3332	:green_circle: 7.5	Details Check Score Reason Maintained :green_circle: 10 18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review :green_circle: 10 all changesets reviewed CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 Security-Policy :green_circle: 9 security policy file detected Packaging :green_circle: 10 packaging workflow detected SAST :green_circle: 10 SAST tool is run on all commits Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
actions/actions/setup-python	39cd14951b08e74b54015e9e001cdefcf80e669f	:green_circle: 5.2	Details Check Score Reason Code-Review :green_circle: 10 all changesets reviewed Maintained :warning: 2 3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Packaging :warning: -1 packaging workflow not detected Fuzzing :warning: 0 project is not fuzzed Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy :green_circle: 9 security policy file detected SAST :green_circle: 9 SAST tool is not run on all commits -- score normalized to 9 Vulnerabilities :warning: 0 46 existing vulnerabilities detected
actions/docker/build-push-action	1ca370b3a9802c92e886402e0dd88098a2533b12	:green_circle: 6.2	Details Check Score Reason Code-Review :green_circle: 5 Found 4/7 approved changesets -- score normalized to 5 Maintained :green_circle: 10 30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Security-Policy :green_circle: 9 security policy file detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed Packaging :green_circle: 10 packaging workflow detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected
actions/docker/setup-buildx-action	4fd812986e6c8c2a69e18311145f9371337f27d4	:green_circle: 5.6	Details Check Score Reason Maintained :green_circle: 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Code-Review :warning: 0 Found 0/3 approved changesets -- score normalized to 0 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Security-Policy :green_circle: 9 security policy file detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed Packaging :green_circle: 10 packaging workflow detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
actions/mikepenz/action-junit-report	db71d41eb79864e25ab0337e395c352e84523afe	:green_circle: 5.7	Details Check Score Reason Maintained :green_circle: 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Code-Review :warning: 1 Found 2/14 approved changesets -- score normalized to 1 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Security-Policy :green_circle: 10 security policy file detected Branch-Protection :warning: 0 branch protection not enabled on development/release branches Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts :green_circle: 10 no binaries found in the repo Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 SAST :green_circle: 9 SAST tool detected but not run on all commits Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected
actions/actions/checkout	692973e3d937129bcbf40652eb9f2f61becf3332	:green_circle: 7.5	Details Check Score Reason Maintained :green_circle: 10 18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review :green_circle: 10 all changesets reviewed CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Signed-Releases :warning: -1 no releases found Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 Security-Policy :green_circle: 9 security policy file detected Packaging :green_circle: 10 packaging workflow detected SAST :green_circle: 10 SAST tool is run on all commits Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/.reusable-build.yml

• actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29

.github/workflows/.reusable-cleanup-registry.yml

• snok/container-retention-policy@4f22ef80902ad409ed55a99dc5133cc1250a0d03
• snok/container-retention-policy@b56f4ff7539c1f94f01e5dc726671cd619aa8072

.github/workflows/.reusable-compliance.yml

• actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c
• github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f
• actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
• actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70
• github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276

.github/workflows/.reusable-docs.yml

• actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f
• actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
• actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d

.github/workflows/.reusable-integration-test.yml

• actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29

.github/workflows/.reusable-sast.yml

• actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f
• bridgecrewio/checkov-action@706b7a7cca850bb4363ffa8d208bbd1573b2da2a
• github/codeql-action/analyze@4fa2a7953630fd2f3fb380f21be14ede0169dd4f
• github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f
• github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f
• actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
• actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d
• bridgecrewio/checkov-action@cbef505ba3282486a24541d7c862e19266ad0d96
• github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276
• github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276
• github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276

.github/workflows/.reusable-sca.yml

• actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
• anchore/sbom-action@d94f46e13c6c62f59525ac9a1e147a99dc0b9bf5
• actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
• anchore/sbom-action@e8d2a6937ecead383dfe75190d104edd1f9c5751

.github/workflows/.reusable-unit-test.yml

• MishaKav/pytest-coverage-comment@fa1c641d7e3fa1d98ed95d5f658ccd638b774628
• actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f
• docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12
• docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4
• mikepenz/action-junit-report@db71d41eb79864e25ab0337e395c352e84523afe
• MishaKav/pytest-coverage-comment@a1fe18e2b00c64a765568e2edb9f1706eb8fc88b
• actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29
• actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d
• docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0
• docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb
• mikepenz/action-junit-report@9379f0ccddcab154835d4e2487555ee79614fe95

.github/workflows/semgrep.yml

• actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
• actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29

[github-actions[bot]]

Coverage Report

File	Stmts	Miss	Cover	Missing
semgr8s
__main__.py	18	18	0%	5–32
app.py	81	4	95%	117, 177–178, 209
k8s_api.py	22	2	91%	43–44
updater.py	29	2	93%	49–50
TOTAL	202	26	87%

Tests	Skipped	Failures	Errors	Time
18	0 :zzz:	0 :x:	0 :fire:	2.203s :stopwatch:

[dependabot[bot]]

Superseded by #314.