Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / brave/security-action issues and pull requests

#394 - semgrep rules: october update

Pull Request - State: closed - Opened by thypon about 1 year ago - 3 comments
Labels: needs-security-review

#393 - No varialbe defined typo

Pull Request - State: closed - Opened by thypon about 1 year ago
Labels: needs-security-review

#392 - Exclude tests from "Artifactory token detected"

Issue - State: closed - Opened by fmarier about 1 year ago - 1 comment
Labels: bug

#391 - Exclude "auto foo = some_value" from the wrong operator warnings

Issue - State: closed - Opened by fmarier about 1 year ago - 2 comments
Labels: bug

#390 - chore(deps): update github/codeql-action action to v2.22.1

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#389 - chore(deps): update github/codeql-action action to v2.22.0

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#388 - False positives with assignment operator used in `if` statement.

Issue - State: closed - Opened by fmarier about 1 year ago - 3 comments
Labels: bug

#387 - Improve cast custom checker

Issue - State: open - Opened by thypon about 1 year ago - 1 comment
Labels: bug

#386 - New ruleset: torch load models with safetensor

Issue - State: open - Opened by thypon about 1 year ago - 1 comment
Labels: enhancement

#385 - Add a little more info to the url.parse warning

Pull Request - State: closed - Opened by bcaller about 1 year ago

#384 - Look only at main world usages

Issue - State: open - Opened by thypon about 1 year ago - 1 comment
Labels: bug

#383 - Integer trunk

Pull Request - State: open - Opened by bcaller about 1 year ago
Labels: needs-security-review

#382 - `char foo = 0;` is not a truncation

Issue - State: open - Opened by fmarier about 1 year ago - 3 comments
Labels: bug

#381 - chore(deps): update dependency semgrep to ~=1.43.0

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#380 - chore(deps): update tj-actions/changed-files action to v39.2.1

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#379 - check-new-repos.yml: pin deps

Pull Request - State: closed - Opened by thypon about 1 year ago

#378 - action.yml: alert on pin digest

Pull Request - State: closed - Opened by thypon about 1 year ago

#377 - chore(deps): update dependency semgrep to ~=1.42.0

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#376 - Update renovate.json

Pull Request - State: closed - Opened by mihaiplesa about 1 year ago

#375 - Delete assets/org.yml

Pull Request - State: closed - Opened by thypon about 1 year ago

#374 - chore(deps): pin actions/checkout action to 8ade135 - autoclosed

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#373 - Fixed the org.yml copy location

Pull Request - State: closed - Opened by wknapik about 1 year ago

#371 - action.yml: add url parser as hotword

Pull Request - State: closed - Opened by thypon about 1 year ago - 1 comment
Labels: needs-security-review

#370 - chore(deps): update github/codeql-action action to v2.21.9

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#369 - [[fallthrough]];

Pull Request - State: closed - Opened by bcaller about 1 year ago

#368 - Issue with ruleset `missing break`

Issue - State: closed - Opened by thypon about 1 year ago
Labels: bug

#366 - Implement cyclomatic complexity counter to trigger the label

Issue - State: open - Opened by thypon about 1 year ago
Labels: enhancement

#365 - action.yml: add hotwords message

Pull Request - State: closed - Opened by thypon about 1 year ago - 1 comment
Labels: needs-security-review

#364 - assets/org.yml: handle linearize history

Pull Request - State: closed - Opened by thypon about 1 year ago

#363 - version fix: actions/checkout

Pull Request - State: closed - Opened by thypon about 1 year ago

#362 - chore(deps): update tj-actions/changed-files action to v39.2.0

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#360 - check-new-repos.yml: remove PR trigger

Pull Request - State: closed - Opened by thypon about 1 year ago

#359 - test: security-action.yml from org.yml

Pull Request - State: closed - Opened by thypon about 1 year ago

#358 - test: security-action.yml from org.yml

Pull Request - State: closed - Opened by thypon about 1 year ago

#357 - chore(deps): update tj-actions/changed-files action to v39.1.2

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#356 - chore(deps): update tj-actions/changed-files action to v39.1.1

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#355 - chore(deps): update github/codeql-action action to v2.21.8

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#354 - chore(deps): update dependency semgrep to ~=1.41.0

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#352 - Bugfix/action add labels fix version

Pull Request - State: closed - Opened by thypon about 1 year ago

#351 - action.yml: fix action-slack-notifier

Pull Request - State: closed - Opened by thypon about 1 year ago

#350 - cast-signed-to-unsigned.yaml: better description and @bridiver assignee

Pull Request - State: closed - Opened by thypon about 1 year ago - 1 comment

#347 - Suggest base::checked_cast() and IsValueInRangeForNumericType()

Issue - State: closed - Opened by fmarier about 1 year ago - 1 comment
Labels: enhancement

#346 - action.yml: add specific versions

Pull Request - State: closed - Opened by thypon about 1 year ago

#345 - Some semgrep rules were missing metadata.source

Pull Request - State: closed - Opened by bcaller about 1 year ago

#344 - fix mismatched-memory-management-cpp

Pull Request - State: closed - Opened by bcaller about 1 year ago
Labels: needs-security-review

#343 - Rename c to client in source metadata also

Pull Request - State: closed - Opened by bcaller about 1 year ago

#342 - False positive

Issue - State: closed - Opened by fmarier about 1 year ago - 3 comments
Labels: bug

#341 - Broken source link

Issue - State: closed - Opened by fmarier about 1 year ago
Labels: bug

#340 - chore(deps): update tj-actions/changed-files action to v39.1.0

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#339 - chore(deps): update dependency semgrep to ~=1.40.0

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#338 - chore(deps): update github/codeql-action digest to 04daf01

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#337 - svelte-html-usages.yaml: add serializeJsonLD

Pull Request - State: closed - Opened by thypon about 1 year ago

#336 - chore(deps): pin dependencies

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago - 1 comment

#335 - renovate.json: pin github action

Pull Request - State: closed - Opened by thypon about 1 year ago

#334 - Contents:read is required to clone private repos

Pull Request - State: closed - Opened by bcaller about 1 year ago

#333 - Revert "Drop GITHUB_TOKEN permissions, least privileges"

Pull Request - State: closed - Opened by bcaller about 1 year ago

#331 - Drop custom security-action implementations

Issue - State: closed - Opened by bcaller about 1 year ago - 1 comment
Labels: enhancement

#330 - Drop GITHUB_TOKEN permissions, least privileges

Pull Request - State: closed - Opened by bcaller about 1 year ago

#329 - GitHub token permissions

Pull Request - State: closed - Opened by bcaller about 1 year ago
Labels: needs-security-review

#328 - The needs-sec-review label should block merges

Issue - State: open - Opened by fmarier about 1 year ago - 2 comments
Labels: enhancement

#327 - Add a comment to a PR when it hits a hotword

Issue - State: closed - Opened by fmarier about 1 year ago
Labels: enhancement

#326 - chore(deps): update dependency semgrep to ~=1.39.0

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#324 - action.yml: set setup-ruby to fixed major version

Pull Request - State: closed - Opened by thypon about 1 year ago
Labels: needs-security-review

#323 - [github workflow] check-new-repos.yml: hardening

Pull Request - State: closed - Opened by thypon about 1 year ago

#322 - build(deps): bump salt from 2016.3 to 3005.2 in /t3sts/pipaudit

Pull Request - State: closed - Opened by dependabot[bot] about 1 year ago - 2 comments
Labels: dependencies, python

#321 - chore(deps): update ruby/setup-ruby digest to 4f1c6a7 - autoclosed

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#320 - chore(deps): update tj-actions/changed-files digest to afbabc4

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#319 - Golang io.ReadAll(r.Body) DoS

Pull Request - State: closed - Opened by bcaller about 1 year ago
Labels: needs-security-review

#318 - chore(deps): update actions/checkout action to v4

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#317 - chore(deps): update dependency semgrep to ~=1.38.3

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#316 - chore(deps): update tj-actions/changed-files digest to 5a5d398

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#315 - Disable rules for particular repos

Issue - State: open - Opened by bcaller about 1 year ago - 3 comments
Labels: enhancement

#314 - feature/allowlist-brave-aws-github: allowlist brave/aws/gihtub actions

Pull Request - State: closed - Opened by thypon about 1 year ago
Labels: needs-security-review

#313 - semgrep_rules: August Update

Pull Request - State: closed - Opened by thypon about 1 year ago

#312 - chore(deps): update tj-actions/changed-files digest to 4285197

Pull Request - State: closed - Opened by renovate[bot] about 1 year ago

#311 - Update dependency semgrep to ~=1.37.0

Pull Request - State: closed - Opened by renovate[bot] over 1 year ago

#310 - Update tj-actions/changed-files digest to 522df62

Pull Request - State: closed - Opened by renovate[bot] over 1 year ago

#309 - Github Actions not Pinned Rule

Issue - State: closed - Opened by bcaller over 1 year ago - 2 comments
Labels: bug, infrastructure, security

#308 - action.yml: use sha-version tj-action

Pull Request - State: closed - Opened by thypon over 1 year ago

#307 - Startswith partial host py

Pull Request - State: closed - Opened by bcaller over 1 year ago - 1 comment
Labels: needs-security-review

#306 - Update ruby/setup-ruby digest to b252db7

Pull Request - State: closed - Opened by renovate[bot] over 1 year ago

#305 - Update tj-actions/changed-files action to v38 - autoclosed

Pull Request - State: closed - Opened by renovate[bot] over 1 year ago
Labels: needs-security-review

#304 - Update dependency semgrep to ~=1.36.0

Pull Request - State: closed - Opened by renovate[bot] over 1 year ago

#303 - blocklist.txt: remove javascript.lang.security.audit.unsafe-formatstr…

Pull Request - State: closed - Opened by thypon over 1 year ago

#302 - Bugfix/self test

Pull Request - State: closed - Opened by thypon over 1 year ago
Labels: needs-security-review

#301 - *: new test file structure

Pull Request - State: closed - Opened by thypon over 1 year ago

#300 - nodejs-insecure-url-parse: add inline require('url')

Pull Request - State: closed - Opened by thypon over 1 year ago
Labels: needs-security-review

#299 - nodejs-insecure-url-parse: disallow url.parse

Pull Request - State: closed - Opened by thypon over 1 year ago

#298 - chromium-raw-ptr.yaml: don't include inner function body match

Pull Request - State: closed - Opened by thypon over 1 year ago

#297 - action.yml: JToken error again

Pull Request - State: closed - Opened by thypon over 1 year ago

#296 - Feature/next update ruleset

Pull Request - State: closed - Opened by thypon over 1 year ago

#295 - July Update

Pull Request - State: closed - Opened by thypon over 1 year ago