Skip to content

Fix 7 security alerts#233

Closed
austenstone wants to merge 70 commits into
mainfrom
autofixes
Closed

Fix 7 security alerts#233
austenstone wants to merge 70 commits into
mainfrom
autofixes

Conversation

@austenstone
Copy link
Copy Markdown
Owner

@austenstone austenstone commented Jul 4, 2025

This PR contains autofixes for 7 code scanning alerts from GitHub Advanced Security.

The following alerts were fixed:

Alert # Rule ID Description Severity Location
#1232 js/sql-injection Database query built from user-controlled sources high backend/src/services/survey.service.ts:36
#1446 actions/missing-workflow-permissions Workflow does not contain permissions medium .github/workflows/docker-publish.yml:25
#1445 actions/missing-workflow-permissions Workflow does not contain permissions medium .github/workflows/lint.yml:13
#1444 actions/missing-workflow-permissions Workflow does not contain permissions medium .github/workflows/frontend.yml:13
#1443 actions/missing-workflow-permissions Workflow does not contain permissions medium .github/workflows/docker-compose.yml:13
#1442 actions/missing-workflow-permissions Workflow does not contain permissions medium .github/workflows/backend.yml:29
#1441 actions/missing-workflow-permissions Workflow does not contain permissions medium .github/workflows/backend.yml:13

Please review the changes before merging.

austenstone and others added 30 commits July 3, 2025 19:56
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1232
e8e2a2e 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1232 into autofixes
ae95aa0
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1446
2683b89 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1446 into autofixes
201d94a
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1445
8cc41c4 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1445 into autofixes
2d2fefb
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1444
307cbbc 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1444 into autofixes
9ea71a9
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1443
ddbe5b9 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1443 into autofixes
99f311d
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1442
6705874 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1442 into autofixes
d3efbaa
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1441
495b07d 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1441 into autofixes
910de36
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1232
2b3ee62 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1232-f5253678 into autofixes
bd26e9d
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1446
4301e6a 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1446-7ad72fbf into autofixes
ffad543
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1445
581994b 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1445-4778e781 into autofixes
a28c938
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1444
bd63acc 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1444-45027d99 into autofixes
291d37c
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1443
545e0cb 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1443-1fccdfbe into autofixes
039ab8b
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1442
7be9d18 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1442-e845ff0d into autofixes
050f235
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1441
77acd71 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1441-a62f47d3 into autofixes
57ec90f
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1232
1403557 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1232-72648932 into autofixes
08b1d3a
austenstone and others added 28 commits July 3, 2025 20:04
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1232
8b4f360 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1232-03a14745 into autofixes
0c5ac8e
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1446
d0bd3f9 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1446-038ea934 into autofixes
bf38b1c
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1445
6d7dbcd 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1445-1d850d48 into autofixes
3e98a3b
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1444
0c02dca 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1444-b8b12b02 into autofixes
9612547
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1443
a2f2c98 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1443-6fde4a38 into autofixes
3f14185
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1442
9b55dd6 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1442-c4cf0f08 into autofixes
de61a74
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1441
6f97eb2 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1441-66735cfb into autofixes
24d4066
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1232
cf616e5 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1232-6127c91c into autofixes
1f835a7
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1446
a964383 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1446-c3dbdfde into autofixes
ab8f931
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1445
d2e5f1c 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1445-e13f86f3 into autofixes
0e058c4
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1444
22ae146 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1444-3c6ecdae into autofixes
3fc2994
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1443
9fe6a7e 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1443-05219382 into autofixes
16b547f
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1442
d645c49 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1442-fdc21a9b into autofixes
814e29e
@austenstone @github-advanced-security
Potential fix for code scanning alert no. 1441
152b33b 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@austenstone
Merge refs/heads/alert-autofix-1441-d087b57e into autofixes
ee1a671
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jul 4, 2025

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@austenstone austenstone closed this Jul 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@austenstone