guardrails[bot]
commented
1 month ago :warning: We detected 12 security issues in this pull request:
Hard-Coded Secrets (1)
Severity | Details | Docs :-: | :-- | :-: Medium | Title: **Github Key**
https://github.com/xmidt-org/ancla/blob/78bfecf02b44c57d8b70ea94e73eab114497b139/.github/workflows/ci.yml#L24 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#github-key) More info on how to fix Hard-Coded Secrets in [General](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr). ---
Vulnerable Libraries (11)
Severity | Details :-: | :-- High | [pkg:golang/github.com/xmidt-org/webhook-schema@v0.1.1-0.20240711140319-0ee06ff248b5](https://github.com/xmidt-org/ancla/blob/78bfecf02b44c57d8b70ea94e73eab114497b139/go.mod#L20) upgrade to: *> v0.1.1-0.20240711140319-0ee06ff248b5* High | [pkg:golang/go.uber.org/fx@v1.22.0](https://github.com/xmidt-org/ancla/blob/78bfecf02b44c57d8b70ea94e73eab114497b139/go.mod#L21) upgrade to: *> v1.22.0* High | [pkg:golang/github.com/xmidt-org/touchstone@v0.1.5](https://github.com/xmidt-org/ancla/blob/78bfecf02b44c57d8b70ea94e73eab114497b139/go.mod#L18) upgrade to: *> v0.1.5* High | [pkg:golang/github.com/xmidt-org/urlegit@v0.1.12](https://github.com/xmidt-org/ancla/blob/78bfecf02b44c57d8b70ea94e73eab114497b139/go.mod#L19) upgrade to: *> v0.1.12* High | [pkg:golang/github.com/prometheus/client_golang@v1.19.1](https://github.com/xmidt-org/ancla/blob/78bfecf02b44c57d8b70ea94e73eab114497b139/go.mod#L10) upgrade to: *> v1.19.1* High | [pkg:golang/go.uber.org/multierr@v1.11.0](https://github.com/xmidt-org/ancla/blob/78bfecf02b44c57d8b70ea94e73eab114497b139/go.mod#L22) upgrade to: *> v1.11.0* High | [pkg:golang/github.com/go-kit/kit@v0.13.0](https://github.com/xmidt-org/ancla/blob/78bfecf02b44c57d8b70ea94e73eab114497b139/go.mod#L8) upgrade to: *> v0.13.0* High | [pkg:golang/github.com/xmidt-org/httpaux@v0.4.0](https://github.com/xmidt-org/ancla/blob/78bfecf02b44c57d8b70ea94e73eab114497b139/go.mod#L16) upgrade to: *> v0.4.0* High | [pkg:golang/github.com/xmidt-org/argus@v0.9.13-0.20240711141248-1f7e75700ffb](https://github.com/xmidt-org/ancla/blob/78bfecf02b44c57d8b70ea94e73eab114497b139/go.mod#L14) upgrade to: *> v0.9.13-0.20240711141248-1f7e75700ffb* High | [pkg:golang/github.com/xmidt-org/bascule@v0.11.6](https://github.com/xmidt-org/ancla/blob/78bfecf02b44c57d8b70ea94e73eab114497b139/go.mod#L15) upgrade to: *> v0.11.6* High | [pkg:golang/github.com/stretchr/testify@v1.9.0](https://github.com/xmidt-org/ancla/blob/78bfecf02b44c57d8b70ea94e73eab114497b139/go.mod#L13) upgrade to: *> v1.9.0* More info on how to fix Vulnerable Libraries in [Go](https://docs.guardrails.io/docs/en/vulnerabilities/go/using_vulnerable_libraries.html?utm_source=ghpr).
👉 Go to the dashboard for detailed results.
📥 Happy? Share your feedback with us.
Updated failing unit tests:
Merge after: https://github.com/xmidt-org/ancla/pull/222 Merge before: https://github.com/xmidt-org/ancla/pull/223