Skip to content

fix the sca vulnerability for Junit#488

Merged
cx-luis-ventuzelos merged 1 commit into
mainfrom
other/vulnerability-fix
Jun 23, 2026
Merged

fix the sca vulnerability for Junit#488
cx-luis-ventuzelos merged 1 commit into
mainfrom
other/vulnerability-fix

Conversation

@cx-atish-jadhav

Copy link
Copy Markdown
Collaborator

No description provided.

@cx-luis-ventuzelos cx-luis-ventuzelos force-pushed the other/vulnerability-fix branch from b78807e to 26109b9 Compare June 23, 2026 11:57
@cx-luis-ventuzelos cx-luis-ventuzelos merged commit 8e107dc into main Jun 23, 2026
2 of 4 checks passed
@cx-atish-jadhav cx-atish-jadhav deleted the other/vulnerability-fix branch June 23, 2026 14:39
cx-atish-jadhav added a commit that referenced this pull request Jul 13, 2026
commit 8e107dc
Author: Atish Jadhav <atish.jadhav@checkmarx.com>
Date:   Tue Jun 23 19:34:27 2026 +0530

    security: fix SCA vulnerability for JUnit (#488)

    Co-authored-by: Luís Ventuzelos <207163323+cx-luis-ventuzelos@users.noreply.github.com>

commit 06dafaa
Author: Luís Ventuzelos <207163323+cx-luis-ventuzelos@users.noreply.github.com>
Date:   Mon Jun 22 12:37:18 2026 +0100

    security: harden release workflow and declare workflow_call secrets (#487)

    * security: harden release workflow and declare workflow_call secrets

    - Replace actions/checkout v4.3.1 with v6.0.3 and switch from PERSONAL_ACCESS_TOKEN to GITHUB_TOKEN
    - Fix script injection in Download CLI, Tag, Update POM, Build artifactId, and Publish steps by moving inputs to env vars
    - Replace deprecated ::set-output with $GITHUB_OUTPUT in Tag step
    - Update actions/setup-java v4.3.0 to v5.2.0
    - Add explicit secrets declaration for workflow_call (MAVEN_GPG_PASSPHRASE, MAVEN_GPG_PRIVATE_KEY, OSSRH_TOKEN, OSSRH_USERNAME)
    - Fix broken shell conditional in Build artifactId property step

    * chore(gha): harden GitHub Actions workflows security

    * chore(gha): disable nightly trigger and remove pr-labeler workflow

    * chore(gha): configure echo mirror for Maven dependency resolution

commit 6661e60
Author: Atish Jadhav <141334503+cx-atish-jadhav@users.noreply.github.com>
Date:   Thu Jun 18 22:49:44 2026 +0530

    Updating ast-cli version and binaries 2.3.54 (#485)

    * Updating ast-cli version and binaries

    * Harden workflows: scope permissions, fix set-output, replace dev-drprasad, remove repository_dispatch, comment notify and spotbugs

    * Remove Maven cache from release and CI workflows

    * Add publish input to gate Maven Central deploy

    ---------

    Co-authored-by: Luís Ventuzelos <207163323+cx-luis-ventuzelos@users.noreply.github.com>

commit 06b449c
Author: Alon Rosenhek <80337069+cx-alon-rosenhek@users.noreply.github.com>
Date:   Thu Jun 18 16:57:16 2026 +0300

    chore: remove .github/workflows/dependabot-auto-merge.yml

commit 6fb3166
Author: Ohad Israeli <243351248+cx-ohad-israeli@users.noreply.github.com>
Date:   Wed Jun 10 17:39:51 2026 +0300

    chore: remove Dependabot configuration

commit 814a504
Author: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com>
Date:   Fri May 29 21:25:57 2026 -0400

    [StepSecurity] Apply security best practices (#481)

    Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
    Co-authored-by: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants