Merge 1.0.0-rc1 into master branch #24

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

PaperStrange merged 121 commits into master from release-1.0.0-RC1

May 19, 2025

Merged

Merge 1.0.0-rc1 into master branch #24

Fix: Potential fix for code scanning alert no. 34: Log injection

GitHub Advanced Security / CodeQL failed May 19, 2025 in 3s

27 new alerts including 7 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

7 high
20 medium

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 68 in .github/workflows/ci-cd.yml

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'TourGuideAI CI/CD Pipeline' step

uses 'bjompen/UpdatePWSHAction' with ref 'v1.0.1', not a pinned commit hash

Check warning on line 160 in .github/workflows/ci-cd.yml

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'TourGuideAI CI/CD Pipeline' step

uses 'aws-actions/configure-aws-credentials' with ref 'v4', not a pinned commit hash

Check warning on line 204 in .github/workflows/ci-cd.yml

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'TourGuideAI CI/CD Pipeline' step

uses 'aws-actions/configure-aws-credentials' with ref 'v4', not a pinned commit hash

Check warning on line 249 in .github/workflows/ci-cd.yml

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'TourGuideAI CI/CD Pipeline' step

uses 'bjompen/UpdatePWSHAction' with ref 'v1.0.1', not a pinned commit hash

Check warning on line 27 in .github/workflows/dependency-updates.yml

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Dependency Updates' step

uses 'dependabot/fetch-metadata' with ref 'v1.6.0', not a pinned commit hash

Check warning on line 33 in .github/workflows/dependency-updates.yml

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Dependency Updates' step

uses 'renovatebot/github-action' with ref 'v39.0.5', not a pinned commit hash

Check warning on line 44 in .github/workflows/e2e-tests.yml

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'End-to-End Tests' step

uses 'bjompen/UpdatePWSHAction' with ref 'v1.0.1', not a pinned commit hash

Check warning on line 74 in .github/workflows/e2e-tests.yml

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'End-to-End Tests' step

uses 'EnricoMi/publish-unit-test-result-action' with ref 'v2', not a pinned commit hash

Check warning on line 42 in .github/workflows/security-scan.yml

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Security Scan' step

uses 'CycloneDX/gh-node-module-generatebom' with ref 'v1', not a pinned commit hash

Check warning on line 48 in .github/workflows/security-scan.yml

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Security Scan' step

uses 'anchore/sbom-action' with ref 'v0', not a pinned commit hash

Check warning on line 70 in .github/workflows/security-scan.yml

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Security Scan' step

uses 'snyk/actions/node' with ref 'master', not a pinned commit hash

Check warning on line 79 in .github/workflows/security-scan.yml

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Security Scan' step

uses 'aquasecurity/trivy-action' with ref 'master', not a pinned commit hash

Check warning on line 104 in .github/workflows/security-scan.yml

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Security Scan' step

uses 'gitleaks/gitleaks-action' with ref 'v2', not a pinned commit hash

Check warning on line 119 in .github/workflows/security-scan.yml

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Security Scan' step

uses 'lirantal/lockfile-lint-action' with ref 'master', not a pinned commit hash

Check warning on line 137 in .github/workflows/security-scan.yml

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Security Scan' step

uses 'zaproxy/action-baseline' with ref 'v0.9.0', not a pinned commit hash

Check warning on line 160 in .github/workflows/security-scan.yml

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Security Scan' step

uses 'fossas/fossa-action' with ref 'main', not a pinned commit hash

Check warning on line 44 in .github/workflows/stability-tests.yml

Code scanning / CodeQL

Unpinned tag for a non-immutable Action in workflow Medium

Unpinned 3rd party Action 'Stability Tests' step

uses 'bjompen/UpdatePWSHAction' with ref 'v1.0.1', not a pinned commit hash

Check failure on line 92 in scripts/generate-keys.js

Code scanning / CodeQL

Potential file system race condition High

The file may have changed since it

.

Check warning on line 134 in scripts/run-security-audit.js

Code scanning / CodeQL

Indirect uncontrolled command line Medium

This command depends on an unsanitized

.
This command depends on an unsanitized

.

Check failure on line 127 in scripts/utils/test-script-template.js

Code scanning / CodeQL

Potential file system race condition High test

The file may have changed since it

.

Check warning on line 102 in server/coverage/lcov-report/sorter.js

Code scanning / CodeQL

DOM text reinterpreted as HTML High

is reinterpreted as HTML without escaping meta-characters.

Check failure on line 22 in server/middleware/authMiddleware.js

Code scanning / CodeQL

User-controlled bypass of security check High

This condition guards a sensitive

, but a

controls it.

Check failure on line 124 in server/middleware/authMiddleware.js

Code scanning / CodeQL

User-controlled bypass of security check High

This condition guards a sensitive

, but a

controls it.

Check failure on line 24 in server/routes/emails.js

Code scanning / CodeQL

User-controlled bypass of security check High

This condition guards a sensitive

, but a

controls it.

Check failure on line 166 in server/utils/tokenProvider.js

Code scanning / CodeQL

Remote property injection High

A property name to write to depends on a

.