Bump actions/attest-build-provenance from 2.2.3 to 4.1.0 #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

dependabot wants to merge 1 commit into main from dependabot/github_actions/actions/attest-build-provenance-4.1.0

Open

Bump actions/attest-build-provenance from 2.2.3 to 4.1.0 #8

Bump actions/attest-build-provenance from 2.2.3 to 4.1.0

Annotations

4 warnings

Bandit security scan

services/quarantine/quarantine/watcher.py:178: [MEDIUM] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.

Bandit security scan

services/quarantine/quarantine/pipeline.py:1437: [MEDIUM] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.

Bandit security scan

services/agent/agent/sandbox.py:403: [MEDIUM] Probable insecure usage of temp file/directory.

Bandit security scan

services/agent/agent/app.py:555: [MEDIUM] Chmod setting a permissive mask 0o660 on file (sock_path).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump actions/attest-build-provenance from 2.2.3 to 4.1.0 #8

Uh oh!

Uh oh!

Bump actions/attest-build-provenance from 2.2.3 to 4.1.0 #8

Uh oh!

Annotations

Re-running jobs...

Bump actions/attest-build-provenance from 2.2.3 to 4.1.0 #8

Are you sure you want to change the base?

Uh oh!