Skip to content

Update vulnerabilities and codeql config#2748

Merged
jmthomas merged 3 commits intomainfrom
update_vuln
Jan 22, 2026
Merged

Update vulnerabilities and codeql config#2748
jmthomas merged 3 commits intomainfrom
update_vuln

Conversation

@jmthomas
Copy link
Copy Markdown
Member

@jmthomas jmthomas commented Jan 21, 2026

No description provided.

@github-advanced-security
Copy link
Copy Markdown
Contributor

github-advanced-security bot commented Jan 21, 2026

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@codecov
Copy link
Copy Markdown

codecov bot commented Jan 21, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 79.17%. Comparing base (54f02a2) to head (6341e55).
⚠️ Report is 15 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2748      +/-   ##
==========================================
+ Coverage   78.23%   79.17%   +0.93%     
==========================================
  Files         473      670     +197     
  Lines       34520    54275   +19755     
  Branches      734      734              
==========================================
+ Hits        27008    42972   +15964     
- Misses       7432    11223    +3791     
  Partials       80       80
Flag Coverage Δ
python 80.97% <ø> (-15.07%) ⬇️
ruby-api 83.65% <ø> (ø)
ruby-backend 82.19% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Jan 21, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@jmthomas
Copy link
Copy Markdown
Member Author

jmthomas commented Jan 21, 2026
edited
Loading

Trivy is reporting the following issue:

| tar (package.json) │ CVE-2026-23950 │ HIGH     │ fixed  │ 7.5.3             │ 7.5.4         │ node-tar: tar: node-tar: Arbitrary file overwrite via │

found in:

│ usr/local/lib/node_modules/pnpm/dist/node_modules/tar/package.json               │  node-pkg  │

I think this is bundled with pnpm so we can either try to update the bundled tar package or wait for pnpm to fix. At this point I'm going to wait and maybe pnpm will fix it before we hit a release.

@jmthomas jmthomas merged commit c4e18b5 into main Jan 22, 2026
29 of 30 checks passed
@jmthomas jmthomas deleted the update_vuln branch January 22, 2026 22:43
jmthomas added a commit that referenced this pull request Mar 21, 2026
@jmthomas
Merge pull request #2748 from OpenC3/update_vuln
e455149 
Update vulnerabilities and codeql config
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@clayandgen clayandgen clayandgen approved these changes

@ryan-pratt ryan-pratt Awaiting requested review from ryan-pratt

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jmthomas @github-advanced-security @clayandgen