Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix vulnerabilities in Azure Plugin (AST-35900) #482

Merged
merged 14 commits into from
Feb 21, 2024
Merged

Fix vulnerabilities in Azure Plugin (AST-35900) #482

merged 14 commits into from
Feb 21, 2024

Conversation

checkmarx-kobi-hagmi
Copy link
Contributor

@checkmarx-kobi-hagmi checkmarx-kobi-hagmi commented Feb 18, 2024
edited
Loading

By submitting a PR to this repository, you agree to the terms within the Checkmarx Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.

Description

Updated checkmarxdev/ast-cli-javascript-wrapper to version 0.0.85
Fixing vulnerabilities in Azure Plug-in

References

https://checkmarx.atlassian.net/browse/AST-35900

Testing

Checked that the plug-in works as expected after the version upgrades and vulnerability fixes.

Checklist

  • I have added documentation for new/changed functionality in this PR (if applicable).
  • I have updated the CLI help for new/changed functionality in this PR (if applicable).
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used

@pedrompflopes pedrompflopes requested review from a team, margaritalm and diogopcx and removed request for a team February 18, 2024 12:18
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 18, 2024
edited
Loading

Logo
Checkmarx One – Scan Summary & Details05941e5a-40b3-4153-80b4-056de4fd698c

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2022-37614 Npm-mockery-2.1.0 Vulnerable Package
HIGH Cxab55612e-3a56 Npm-braces-3.0.2 Vulnerable Package
HIGH Cxca84a1c2-1f12 Npm-micromatch-4.0.5 Vulnerable Package
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: 101 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: 68 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /release.yml: 88 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /ast-scan.yml: 12 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /pr-label.yml: 10 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /dependabot-auto-merge.yml: 23 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
MEDIUM Unpinned Actions Full Length Commit SHA /dependabot-auto-merge.yml: 14 Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...

Fixed Issues

Severity Issue Source File / Package
HIGH CVE-2021-35065 Npm-glob-parent-5.1.2
HIGH Cxb3ca64d2-9cd1 Npm-mocha-9.2.2
HIGH Cxc7705965-e0f0 Npm-@babel/core-7.18.2

@checkmarx-kobi-hagmi checkmarx-kobi-hagmi changed the title Feature/kobih/fix vulnerabilities Fix vulnerabilities in Azure Plugin (AST-35900) Feb 20, 2024
OrShamirCM
OrShamirCM approved these changes Feb 20, 2024
View reviewed changes
Copy link
Contributor

@OrShamirCM OrShamirCM left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please update all fields in the description.

@checkmarx-kobi-hagmi checkmarx-kobi-hagmi merged commit 181feef into main Feb 21, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@OrShamirCM OrShamirCM OrShamirCM approved these changes

@margaritalm margaritalm Awaiting requested review from margaritalm margaritalm was automatically assigned from Checkmarx/ast-galactica-team

@diogopcx diogopcx Awaiting requested review from diogopcx diogopcx was automatically assigned from Checkmarx/ast-galactica-team

Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@checkmarx-kobi-hagmi @OrShamirCM @pedrompflopes