CCM-14961: Fix trivy vulnerabilities #2169
simonlabarerecicd-1-pull-request.yaml
on: push
Set CI/CD metadata
6s
Commit stage
/
Scan secrets
12s
Commit stage
/
Check file format
5s
Commit stage
/
Check Markdown format
4s
Commit stage
/
Check English usage
8s
Commit stage
/
Check TODO usage
4s
Commit stage
/
Trivy Package Scan
14s
Commit stage
/
Count lines of code
9s
Commit stage
/
Scan dependencies
57s
Commit stage
/
Run terraform-docs
11s
Commit stage
/
Lint Terraform
28s
Commit stage
/
Trivy IaC Scan
14s
Test stage
/
Linting
3m 43s
Test stage
/
Typecheck
2m 27s
Publish stage
/
Publish packages
Acceptance stage
/
Contract test
5s
Acceptance stage
/
Security test
5s
Acceptance stage
/
UI test
3s
Acceptance stage
/
UI performance test
6s
Acceptance stage
/
Integration test
11m 46s
Acceptance stage
/
Accessibility test
4s
Acceptance stage
/
Load test
4s
Annotations
19 warnings
|
Commit stage / Count lines of code
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Commit stage / Trivy Package Scan
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, asdf-vm/actions/setup@1902764435ca0dd2f3388eea723a4f92a4eb8302. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Commit stage / Trivy IaC Scan
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Commit stage / Scan dependencies
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Test stage / Detect Schema Changes
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: dorny/paths-filter@v3. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Test stage / Linting:
utils/utils/src/event-publisher/event-publisher.ts#L101
Function Call Object Injection Sink
|
|
Test stage / Linting:
utils/utils/src/event-publisher/event-publisher.ts#L99
Generic Object Injection Sink
|
|
Test stage / Linting:
utils/utils/src/dynamodb/delete-dynamo-batch.ts#L47
Generic Object Injection Sink
|
|
Test stage / Linting:
utils/utils/src/dynamodb/delete-dynamo-batch.ts#L34
Generic Object Injection Sink
|
|
Test stage / Linting:
utils/utils/src/config-reader.ts#L69
Variable Assigned to Object Injection Sink
|
|
Test stage / Linting:
utils/utils/src/cache/cache.ts#L52
Generic Object Injection Sink
|
|
Test stage / Linting:
utils/utils/src/cache/cache.ts#L33
Variable Assigned to Object Injection Sink
|
|
Test stage / Linting:
lambdas/print-analyser/src/__tests__/test-data.ts#L60
Found readFileSync from package "node:fs" with non literal argument at index 0
|
|
Test stage / Linting:
lambdas/ttl-handle-expiry-lambda/src/__tests__/app/dlq.test.ts#L183
Variable Assigned to Object Injection Sink
|
|
Test stage / Linting:
lambdas/ttl-create-lambda/src/apis/sqs-trigger-lambda.ts#L87
Generic Object Injection Sink
|
|
Test stage / Unit tests
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Test stage / Perform static analysis
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/download-artifact@v5. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Build stage / Detect Documentation Changes
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: dorny/paths-filter@v3. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Build stage / Build Docs
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/configure-pages@v5, actions/upload-artifact@v4, ruby/setup-ruby@v1.267.0. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
code-coverage-report
|
16.8 KB |
sha256:1d29820fcc901327a0f5809468e136ad078e8b6fc547a7d668b939e953d3c83f
|
|
|
jekyll-docs-0.0.2-20260320.165331+e74eab3
Expired
|
21 MB |
sha256:23743c9a505a216e8c54eb2e0107d080bf408b8c4da20cf619e5f53eac06d0d4
|
|
|
lines-of-code-report.json.zip
Expired
|
1006 Bytes |
sha256:5f80ca37416cf332b39bde6f70c6848b0ebac55a8a0ad2f737f323787d8f95d2
|
|
|
python-coverage-reports
|
12.8 KB |
sha256:49fef513425e4286a5e09faaa05877503b7ea69e268cbc1c90a9da337e569481
|
|
|
sbom-repository-report.json.zip
Expired
|
393 KB |
sha256:2dc6c4b5bb2e4aa095dc5a6d44e4f67b76c45977cb4ac6cc053e8b8013632927
|
|
|
schemas-0.0.2-20260320.165331+e74eab3
|
43.9 KB |
sha256:dca9e080171efd4dbf21f36694fe70caba70ae3d165030b57eaec8d35b294c6e
|
|
|
unit-tests
|
1.87 MB |
sha256:83259767bdf1eef830fbc64186a9eb538d4ec9204e88890a6b9ce6d109958e4d
|
|
|
vulnerabilities-repository-report.json.zip
Expired
|
9.43 KB |
sha256:55c6a5fe8ddbfca3502c5fab42a54c4aef44196e0e63656167e8ea3ad466b475
|
|