You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
GitHub's automatic security and quality scanning has identified a few potential issues in our code. Although a few of these have been published a long time ago, we should still figure out whether they're relevant and fix them up - if anything to improve our code quality.
GitHub's automatic security and quality scanning has identified a few potential issues in our code. Although a few of these have been published a long time ago, we should still figure out whether they're relevant and fix them up - if anything to improve our code quality.
Many of these are related, and easy to fix:
Type confusion in
parsePush.ts:https://github.com/finos/git-proxy/security/code-scanning/141
https://github.com/finos/git-proxy/security/code-scanning/140
https://github.com/finos/git-proxy/security/code-scanning/139
https://github.com/finos/git-proxy/security/code-scanning/138
Excessive workflow permissions
https://github.com/finos/git-proxy/security/code-scanning/143
https://github.com/finos/git-proxy/security/code-scanning/133
https://github.com/finos/git-proxy/security/code-scanning/132
Unpinned dependencies
https://github.com/finos/git-proxy/security/code-scanning/120
https://github.com/finos/git-proxy/security/code-scanning/113
The only one that isn't eay to fix is this one:
https://github.com/finos/git-proxy/security/code-scanning/64
Most vulnerabilities come from specific packages that don't get updated, the biggest culprit being docusaurus.
Describe the solution you'd like
We should fix these to improve GitProxy's code quality and inspire trust in potential adopters.