Skip to content

[release-12.0.5] Auditing: Document new options for recording datasource query request/response body #109980

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 21, 2025
Merged

[release-12.0.5] Auditing: Document new options for recording datasource query request/response body #109980

merged 1 commit into from
Aug 21, 2025

Conversation

@macabu
Copy link
Contributor

@macabu macabu commented Aug 21, 2025

@github-actions github-actions bot added the type/docs Flags the technical writing team for documentation support; auto adds to org-wide docs project label Aug 21, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Aug 21, 2025

😢 zizmor failed with exit code 14.

Expand for full output 
error[cache-poisoning]: runtime artifacts potentially vulnerable to a cache poisoning attack
  --> ./.github/workflows/backend-code-checks.yml:3:1
   |
 3 | / on:
 4 | |   pull_request:
...  |
15 | |       - 'docs/**'
16 | |       - 'latest.json'
   | |_____________________^ generally used when publishing artifacts generated at runtime
17 |
...
31 |           uses: actions/setup-go@v5
32 | /         with:
33 | |           # Explicitly set Go version to 1.24.1 to ensure consistent OpenAPI spec generation
...  |
36 | |           go-version: 1.24.1
37 | |           cache: true
   | |_____________________^ opt-in for caching here
   |
   = note: audit confidence → Low

error[cache-poisoning]: runtime artifacts potentially vulnerable to a cache poisoning attack
  --> ./.github/workflows/go-lint.yml:2:1
   |
 2 | / on:
 3 | |   push:
...  |
10 | |       - release-*.*.*
11 | |   pull_request:
   | |_______________^ generally used when publishing artifacts generated at runtime
12 |
...
22 |             persist-credentials: false
23 |         - uses: actions/setup-go@v5
   |           ^^^^^^^^^^^^^^^^^^^^^^^^^ cache enabled by default here
   |
   = note: audit confidence → Low

error[bot-conditions]: spoofable bot actor check
  --> ./.github/workflows/pr-dependabot-update-go-workspace.yml:18:3
   |
18 | /   update:
19 | |     runs-on: "ubuntu-latest"
20 | |     if: ${{ github.actor == 'dependabot[bot]' && github.event.pull_request.head.repo.full_name == github.repository }}
   | |             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ actor context may be spoofable
21 | |     continue-on-error: true
...  |
68 | |           git push origin "$BRANCH_NAME"
69 | |         fi
   | |___________^ this job
   |
   = note: audit confidence → Medium
   = note: this finding has an auto-fix

error[cache-poisoning]: runtime artifacts potentially vulnerable to a cache poisoning attack
  --> ./.github/workflows/run-schema-v2-e2e.yml:3:1
   |
 3 | / on:
 4 | |   push:
...  |
 9 | |     branches:
10 | |       - '**'
   | |____________^ generally used when publishing artifacts generated at runtime
11 |
...
25 |         - name: Pin Go version to mod file
26 |           uses: actions/setup-go@v5
   |           ^^^^^^^^^^^^^^^^^^^^^^^^^ cache enabled by default here
   |
   = note: audit confidence → Low

error[cache-poisoning]: runtime artifacts potentially vulnerable to a cache poisoning attack
  --> ./.github/workflows/run-schema-v2-e2e.yml:3:1
   |
 3 | / on:
 4 | |   push:
...  |
 9 | |     branches:
10 | |       - '**'
   | |____________^ generally used when publishing artifacts generated at runtime
11 |
...
30 |         - uses: actions/setup-node@v4
31 | /         with:
32 | |           node-version-file: '.nvmrc'
33 | |           cache: 'yarn'
   | |_______________________^ opt-in for caching here
   |
   = note: audit confidence → Low

201 findings (64 ignored, 132 suppressed, 1 fixable): 0 unknown, 0 informational, 0 low, 0 medium, 5 high

@github-actions
Copy link
Contributor

github-actions bot commented Aug 21, 2025
edited
Loading

💻 Deploy preview deleted.

@macabu macabu marked this pull request as ready for review August 21, 2025 15:22
@macabu macabu requested a review from irenerl24 as a code owner August 21, 2025 15:22
@macabu macabu merged commit 5ac3d0c into release-12.0.5 Aug 21, 2025
84 of 87 checks passed
@macabu macabu deleted the backport-109951-to-release-12.0.5 branch August 21, 2025 15:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dana-axinte dana-axinte dana-axinte approved these changes

@irenerl24 irenerl24 Awaiting requested review from irenerl24 irenerl24 is a code owner

Assignees

No one assigned

Labels

add to changelog backport A backport PR type/docs Flags the technical writing team for documentation support; auto adds to org-wide docs project

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@macabu @dana-axinte