feat: triage workspace + PAT auth + upgrade infrastructure + seed dataset + OpenAPI hardening#731
feat: triage workspace + PAT auth + upgrade infrastructure + seed dataset + OpenAPI hardening#731aaronlippold wants to merge 633 commits into
21 new alerts including 1 high severity security vulnerability
New alerts in code changed by this pull request
Security Alerts:
- 1 high
- 9 medium
- 11 low
Alerts not introduced by this pull request might have been detected because the code changes were too large.
See annotations below for details.
Annotations
Check failure on line 42 in docker-compose.schemathesis.yml
Code scanning / SonarCloud
PostgreSQL database passwords should not be disclosed High
Check warning on line 44 in app/javascript/components/shared/FilterGroup.vue
Code scanning / SonarCloud
Pseudorandom number generators (PRNGs) should not be used in security contexts Medium
Check warning on line 36 in app/javascript/components/shared/UserBadge.vue
Code scanning / SonarCloud
Pseudorandom number generators (PRNGs) should not be used in security contexts Medium
Check warning on line 5291 in doc/openapi.yaml
Code scanning / SonarCloud
Credentials should not be hard-coded Medium documentation
Check warning on line 5456 in doc/openapi.yaml
Code scanning / SonarCloud
Credentials should not be hard-coded Medium documentation
Check warning on line 49 in doc/openapi/paths/users_admin_create.yaml
Code scanning / SonarCloud
Credentials should not be hard-coded Medium documentation
Check warning on line 34 in doc/openapi/paths/users_{userId}_set_password.yaml
Code scanning / SonarCloud
Credentials should not be hard-coded Medium documentation
Check warning on line 24 in docker-compose.schemathesis.yml
Code scanning / SonarCloud
Credentials should not be hard-coded Medium
Check warning on line 42 in docker-compose.schemathesis.yml
Code scanning / SonarCloud
Credentials should not be hard-coded Medium
Check warning on line 44 in docker-compose.schemathesis.yml
Code scanning / SonarCloud
Credentials should not be hard-coded Medium
Check notice on line 97 in spec/requests/personal_access_tokens_spec.rb
Code scanning / SonarCloud
IP addresses should not be hardcoded Low test
Check notice on line 89 in spec/requests/personal_access_tokens_spec.rb
Code scanning / SonarCloud
IP addresses should not be hardcoded Low test
Check notice on line 102 in spec/requests/api_token_auth_spec.rb
Code scanning / SonarCloud
IP addresses should not be hardcoded Low test
Check notice on line 185 in spec/models/personal_access_token_spec.rb
Code scanning / SonarCloud
IP addresses should not be hardcoded Low test
Check notice on line 184 in spec/models/personal_access_token_spec.rb
Code scanning / SonarCloud
IP addresses should not be hardcoded Low test
Check notice on line 179 in spec/models/personal_access_token_spec.rb
Code scanning / SonarCloud
IP addresses should not be hardcoded Low test
Check notice on line 178 in spec/models/personal_access_token_spec.rb
Code scanning / SonarCloud
IP addresses should not be hardcoded Low test
Check notice on line 173 in spec/models/personal_access_token_spec.rb
Code scanning / SonarCloud
IP addresses should not be hardcoded Low test
Check notice on line 168 in spec/models/personal_access_token_spec.rb
Code scanning / SonarCloud
IP addresses should not be hardcoded Low test
Check notice on line 112 in spec/models/personal_access_token_spec.rb
Code scanning / SonarCloud
IP addresses should not be hardcoded Low test
Check notice on line 112 in spec/models/personal_access_token_spec.rb
Code scanning / SonarCloud
IP addresses should not be hardcoded Low test