fix(auth): use secure_compare for credential comparison when require_… #1627
security.yml
on: push
Fetch deps
29s
Check dependencies for vulnerabilities
1m 36s
Security check
1m 41s
Annotations
9 warnings
|
Fetch deps
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: erlef/setup-beam@ee09b1e59bb240681c382eb1f0abc6a04af72764. Actions will be forced to run with Node.js 24 by default starting June 16th, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Check dependencies for vulnerabilities
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: erlef/setup-beam@ee09b1e59bb240681c382eb1f0abc6a04af72764. Actions will be forced to run with Node.js 24 by default starting June 16th, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Check dependencies for vulnerabilities
first..last inside match is deprecated, you must always match on the step: first..last//var or first..last//_ if you want to ignore it
|
|
Security check
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: erlef/setup-beam@ee09b1e59bb240681c382eb1f0abc6a04af72764, github/codeql-action/upload-sarif@ebcb5b36ded6beda4ceefea6a8bc4cc885255bb3. Actions will be forced to run with Node.js 24 by default starting June 16th, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Security check
Calculated fingerprint of e2c14bb2fbf45c8f:1 for file lib/supavisor/hot_upgrade/db_connection_migration.ex line 32, but found existing inconsistent fingerprint value 4D3886DF34493071C7947B0F3409DC78
|
|
Security check
Calculated fingerprint of c38124da468bcb47:1 for file lib/supavisor/release.ex line 17, but found existing inconsistent fingerprint value BC0EECC27CD41A1D2545A7372D9E51AD
|
|
Security check
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Security check
using map.field notation (without parentheses) to invoke function Sobelow.RCE.CodeModule.id() is deprecated, you must add parentheses instead: remote.function()
|
|
Security check
first..last inside match is deprecated, you must always match on the step: first..last//var or first..last//_ if you want to ignore it
|