Skip to content

xuy-UID2-6105-deployment-pipeline #214

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
clarkxuyang merged 8 commits into from
Oct 1, 2025

update

71119bd
Select commit
Loading
Failed to load commit list.
Merged

xuy-UID2-6105-deployment-pipeline #214

update
71119bd
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / Trivy completed Sep 30, 2025 in 2s

2 configurations not found

Warning: Code scanning may not have found all the alerts introduced by this pull request, because 2 configurations present on refs/heads/main were not found:

Actions workflow (release-secure-signal-examples-docker-image-server-only.yaml)

  • ❓  .github/workflows/release-secure-signal-examples-docker-image-server-only.yaml:buildImage

Actions workflow (release-secure-signal-examples-docker-image-standard.yaml)

  • ❓  .github/workflows/release-secure-signal-examples-docker-image-standard.yaml:buildImage

New alerts in code changed by this pull request

Security Alerts:

  • 3 medium
  • 1 low

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 13660 in examples/google-secure-signals-integration/react_client_side/package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

PostCSS: Improper input validation in PostCSS Medium

Package: postcss
Installed Version: 7.0.39
Vulnerability CVE-2023-44270
Severity: MEDIUM
Fixed Version: 8.4.31
Link: CVE-2023-44270

Check warning on line 15839 in examples/google-secure-signals-integration/react_client_side/package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

webpack-dev-server: webpack-dev-server information exposure Medium

Package: webpack-dev-server
Installed Version: 4.15.2
Vulnerability CVE-2025-30359
Severity: MEDIUM
Fixed Version: 5.2.1
Link: CVE-2025-30359

Check warning on line 15839 in examples/google-secure-signals-integration/react_client_side/package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

webpack-dev-server: webpack-dev-server information exposure Medium

Package: webpack-dev-server
Installed Version: 4.15.2
Vulnerability CVE-2025-30360
Severity: MEDIUM
Fixed Version: 5.2.1
Link: CVE-2025-30360

Check notice on line 3068 in examples/google-secure-signals-integration/server_side/package-lock.json

See this annotation in the file changed.

Code scanning / Trivy

on-headers: on-headers vulnerable to http response header manipulation Low

Package: on-headers
Installed Version: 1.0.2
Vulnerability CVE-2025-7339
Severity: LOW
Fixed Version: 1.1.0
Link: CVE-2025-7339