fix the sca vulnerability for Junit#488
Merged
Merged
Conversation
cx-luis-ventuzelos
previously approved these changes
Jun 23, 2026
b78807e to
26109b9
Compare
cx-atish-jadhav
added a commit
that referenced
this pull request
Jul 13, 2026
commit 8e107dc Author: Atish Jadhav <atish.jadhav@checkmarx.com> Date: Tue Jun 23 19:34:27 2026 +0530 security: fix SCA vulnerability for JUnit (#488) Co-authored-by: Luís Ventuzelos <207163323+cx-luis-ventuzelos@users.noreply.github.com> commit 06dafaa Author: Luís Ventuzelos <207163323+cx-luis-ventuzelos@users.noreply.github.com> Date: Mon Jun 22 12:37:18 2026 +0100 security: harden release workflow and declare workflow_call secrets (#487) * security: harden release workflow and declare workflow_call secrets - Replace actions/checkout v4.3.1 with v6.0.3 and switch from PERSONAL_ACCESS_TOKEN to GITHUB_TOKEN - Fix script injection in Download CLI, Tag, Update POM, Build artifactId, and Publish steps by moving inputs to env vars - Replace deprecated ::set-output with $GITHUB_OUTPUT in Tag step - Update actions/setup-java v4.3.0 to v5.2.0 - Add explicit secrets declaration for workflow_call (MAVEN_GPG_PASSPHRASE, MAVEN_GPG_PRIVATE_KEY, OSSRH_TOKEN, OSSRH_USERNAME) - Fix broken shell conditional in Build artifactId property step * chore(gha): harden GitHub Actions workflows security * chore(gha): disable nightly trigger and remove pr-labeler workflow * chore(gha): configure echo mirror for Maven dependency resolution commit 6661e60 Author: Atish Jadhav <141334503+cx-atish-jadhav@users.noreply.github.com> Date: Thu Jun 18 22:49:44 2026 +0530 Updating ast-cli version and binaries 2.3.54 (#485) * Updating ast-cli version and binaries * Harden workflows: scope permissions, fix set-output, replace dev-drprasad, remove repository_dispatch, comment notify and spotbugs * Remove Maven cache from release and CI workflows * Add publish input to gate Maven Central deploy --------- Co-authored-by: Luís Ventuzelos <207163323+cx-luis-ventuzelos@users.noreply.github.com> commit 06b449c Author: Alon Rosenhek <80337069+cx-alon-rosenhek@users.noreply.github.com> Date: Thu Jun 18 16:57:16 2026 +0300 chore: remove .github/workflows/dependabot-auto-merge.yml commit 6fb3166 Author: Ohad Israeli <243351248+cx-ohad-israeli@users.noreply.github.com> Date: Wed Jun 10 17:39:51 2026 +0300 chore: remove Dependabot configuration commit 814a504 Author: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com> Date: Fri May 29 21:25:57 2026 -0400 [StepSecurity] Apply security best practices (#481) Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.