Skip to content

added custom runner #924

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

added custom runner #924

wants to merge 1 commit into from

Conversation

@eyalk007
Copy link
Contributor

@eyalk007 eyalk007 commented Sep 9, 2025

  • All tests passed. If this feature is not already covered by the tests, I added new tests.
  • This pull request is on the dev branch.
  • I used gofmt for formatting the code before submitting the pull request.
  • Update documentation about new features / new supported technologies

@eyalk007 eyalk007 added the safe to test Approve running integration tests on a pull request label Sep 9, 2025
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Sep 9, 2025
@eyalk007 eyalk007 added the safe to test Approve running integration tests on a pull request label Sep 9, 2025
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Sep 9, 2025
@eyalk007 eyalk007 added safe to test Approve running integration tests on a pull request and removed safe to test Approve running integration tests on a pull request labels Sep 9, 2025
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Sep 9, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Sep 9, 2025

🚨 Frogbot scanned this pull request and found the below:

📗 Scan Summary

  • Frogbot scanned for vulnerabilities and found 1 issues
Scan Category Status Security Issues
Software Composition Analysis ✅ Done
1 Issues Found 1 Medium
Contextual Analysis ✅ Done -
Static Application Security Testing (SAST) ✅ Done Not Found
Secrets ✅ Done -
Infrastructure as Code (IaC) ✅ Done Not Found

📦 Vulnerable Dependencies

Severity ID Contextual Analysis Direct Dependencies Impacted Dependency Fixed Versions
medium
Medium		 CVE-2025-58058 Not Covered github.com/jfrog/jfrog-cli-core/v2:v2.59.5
github.com/jfrog/jfrog-cli-security:v1.21.2
github.com/jfrog/jfrog-client-go:v1.54.5
github.com/ulikunitz/xz:v0.5.12
github.com/jfrog/jfrog-cli-artifactory:v0.6.2		 github.com/ulikunitz/xz v0.5.12 [0.5.15]

🔖 Details

Vulnerability Details
Contextual Analysis: Not Covered
Direct Dependencies: github.com/jfrog/jfrog-cli-core/v2:v2.59.5, github.com/jfrog/jfrog-cli-security:v1.21.2, github.com/jfrog/jfrog-client-go:v1.54.5, github.com/ulikunitz/xz:v0.5.12, github.com/jfrog/jfrog-cli-artifactory:v0.6.2
Impacted Dependency: github.com/ulikunitz/xz:v0.5.12
Fixed Versions: [0.5.15]
CVSS V3: 5.3

xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn't include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@eyalk007