Skip to content

Update kics version from 2.1.5 to 2.1.7 (AST-93611)#1121

Merged
cx-ben-alvo merged 5 commits into
mainfrom
other/AST-93611
May 4, 2025
Merged

Update kics version from 2.1.5 to 2.1.7 (AST-93611)#1121
cx-ben-alvo merged 5 commits into
mainfrom
other/AST-93611

Conversation

@cx-rui-araujo
Copy link
Copy Markdown
Contributor

@cx-rui-araujo cx-rui-araujo commented Apr 22, 2025

By submitting this pull request, you agree to the terms within the Checkmarx Code of Conduct. Please review the contributing guidelines for guidance on creating high-quality pull requests.

Description

Update kics version for local scans

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update

Related Issues

None

Checklist

  • I have performed a self-review of my code
  • I have added tests that prove my fix is effective or that my feature works (we already have tests for this)
  • I have added necessary documentation (if appropriate)
  • Any dependent changes have been merged and published in downstream modules
  • I have updated the CLI help for new/changed functionality in this PR (if applicable)
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used

@cx-rui-araujo cx-rui-araujo self-assigned this Apr 22, 2025
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 22, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Details9744b1b6-706b-4760-a06b-40a6162732ad

New Issues (1)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2025-22868 Go-github.com/lestrrat-go/jwx-v1.2.29
detailsDescription: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. This issue affects golang.org/x/oaut...
Attack Vector: NETWORK
Attack Complexity: LOW

ID: bnMNu6LxR9pUAoII9F%2BKvTw6H9M78f7DAZ2OPMLUb1E%3D
Vulnerable Package

@cx-ben-alvo cx-ben-alvo merged commit 06641d9 into main May 4, 2025
8 of 9 checks passed
@cx-ben-alvo cx-ben-alvo deleted the other/AST-93611 branch May 4, 2025 06:54
cx-anjali-deore pushed a commit that referenced this pull request May 21, 2025
@cx-rui-araujo @cx-monica-casanova @cx-anjali-deore
Update kics version from 2.1.5 to 2.1.7 (AST-93611) (#1121)
8d0c665 
* update kics local version

* update go net to v0.38.0

* revert version

* update go net to v0.38.0

---------

Co-authored-by: Monica Casanova <109349080+cx-monica-casanova@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cx-ben-alvo cx-ben-alvo Awaiting requested review from cx-ben-alvo

@cx-miryam-foifer cx-miryam-foifer Awaiting requested review from cx-miryam-foifer

Assignees

@cx-rui-araujo cx-rui-araujo

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cx-rui-araujo @cx-ben-alvo @cx-monica-casanova