chore(deps): bump jfrog/setup-jfrog-cli from 4.2.0 to 4.4.3 #122

dependabot · 2024-12-01T21:03:22Z

Bumps jfrog/setup-jfrog-cli from 4.2.0 to 4.4.3.

Release notes

Sourced from jfrog/setup-jfrog-cli's releases.

v4.4.3

What's Changed

Other Changes 📚

New OIDC fields added, including the GitHub job name and run ID by @eyalbe4 in jfrog/setup-jfrog-cli#231

Full Changelog: jfrog/setup-jfrog-cli@v4...v4.4.3

v4.4.2

What's Changed

Improvements 🌱

Avoid throwing JFrog CLI execution failures by @RobiNino in jfrog/setup-jfrog-cli#210

Add Commands for Enhanced Usage Insights by @EyalDelarea in jfrog/setup-jfrog-cli#224

Set default JFrog CLI version to 2.71.4 by @EyalDelarea in jfrog/setup-jfrog-cli#224

Bug Fixes 🛠

Remove redundant chmod on cached executable by @sverdlov93 in jfrog/setup-jfrog-cli#212

Other Changes 📚

Add supported commands documentation by @RobiNino in jfrog/setup-jfrog-cli#216

Full Changelog: jfrog/setup-jfrog-cli@v4...v4.4.2

v4.4.1

What's Changed

Improvements 🌱

Upgrade Default CLI version by @EyalDelarea in jfrog/setup-jfrog-cli#208

Full Changelog: jfrog/setup-jfrog-cli@v4...v4.4.1

v4.4.0

What's Changed

Exciting New Features 🎉

Support uploading code scanning alerts by @RobiNino in jfrog/setup-jfrog-cli#203

Improvements 🌱

Command Summary - Separate Module Table View from Artifacts Tree by @EyalDelarea in jfrog/jfrog-cli-core#1257

Bug Fixes 🛠

Fix 'jf' path on cleanup and validate JobSummary supported CLI version by @sverdlov93 in jfrog/setup-jfrog-cli#201

Full Changelog: jfrog/setup-jfrog-cli@v4...v4.4.0

... (truncated)

Commits

e7cc33a New OIDC fields added, including the GitHub job name and run ID (#231)
d788a32 Revert - New OIDC fields added, including the GitHub job name and run ID (#229)
73cafc9 New OIDC fields added, including the GitHub job name and run ID (#225)
18e785f Add Commands for Enhanced Usage Insights (#224)
2b7ec79 Improve build info default behavior documentation (#218)
47b70f0 Add supported commands documentation (#216)
f93091f Set default JFrog CLI version to 2.68.0 (#215)
eefaace Remove redundant chmod on cached executable (#212)
b9a85a8 Avoid throwing on JFrog CLI failures (#210)
9fe0f98 Upgrade Default CLI version (#208)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [jfrog/setup-jfrog-cli](https://github.com/jfrog/setup-jfrog-cli) from 4.2.0 to 4.4.3. - [Release notes](https://github.com/jfrog/setup-jfrog-cli/releases) - [Commits](jfrog/setup-jfrog-cli@6265e82...e7cc33a) --- updated-dependencies: - dependency-name: jfrog/setup-jfrog-cli dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

service-security-account · 2024-12-01T22:12:27Z

Checkmarx One – Scan Summary & Details – ed3e35ea-c0ed-47e1-bfac-34c7eba21a62

New Issues

Issue	Source File / Package	Checkmarx Insight
CVE-2021-3807	Npm-ansi-regex-2.1.1	Vulnerable Package
CVE-2021-43138	Npm-async-1.5.2	Vulnerable Package
CVE-2024-0637	Php-centreon/centreon-22.10.2	Vulnerable Package
CVE-2024-21538	Npm-cross-spawn-5.1.0	Vulnerable Package
CVE-2024-21538	Npm-cross-spawn-7.0.3	Vulnerable Package
CVE-2024-23115	Php-centreon/centreon-22.10.2	Vulnerable Package
CVE-2024-23116	Php-centreon/centreon-22.10.2	Vulnerable Package
CVE-2024-23117	Php-centreon/centreon-22.10.2	Vulnerable Package
CVE-2024-23118	Php-centreon/centreon-22.10.2	Vulnerable Package
CVE-2024-23119	Php-centreon/centreon-22.10.2	Vulnerable Package
CVE-2024-32501	Php-centreon/centreon-22.10.2	Vulnerable Package
CVE-2024-33853	Php-centreon/centreon-22.10.2	Vulnerable Package
CVE-2024-33854	Php-centreon/centreon-22.10.2	Vulnerable Package
CVE-2024-39841	Php-centreon/centreon-22.10.2	Vulnerable Package
CVE-2024-39842	Php-centreon/centreon-22.10.2	Vulnerable Package
CVE-2024-40643	Npm-htmlparser2-3.10.1	Vulnerable Package
CVE-2024-45801	Npm-dompurify-2.4.0	Vulnerable Package
CVE-2024-47875	Npm-dompurify-2.4.0	Vulnerable Package
CVE-2024-48910	Npm-dompurify-2.4.0	Vulnerable Package
CVE-2024-51736	Php-symfony/process-v7.1.6	Vulnerable Package
CVE-2024-51736	Php-symfony/process-v7.1.5	Vulnerable Package
CVE-2024-5723	Php-centreon/centreon-22.10.2	Vulnerable Package
CVE-2024-5725	Php-centreon/centreon-22.10.2	Vulnerable Package
Cx89601373-08db	Npm-debug-3.2.7	Vulnerable Package
Cx89601373-08db	Npm-debug-2.6.9	Vulnerable Package
Cx8bc4df28-fcf5	Npm-debug-4.3.7	Vulnerable Package
Cx8bc4df28-fcf5	Npm-debug-2.6.9	Vulnerable Package
Cx8bc4df28-fcf5	Npm-debug-3.2.7	Vulnerable Package
Cx8bc4df28-fcf5	Npm-debug-4.3.4	Vulnerable Package
Cx8bc4df28-fcf5	Npm-debug-4.3.5	Vulnerable Package
Cxdca8e59f-8bfe	Npm-inflight-1.0.6	Vulnerable Package
CVE-2021-23327	Npm-apexcharts-3.6.12	Vulnerable Package
CVE-2022-36313	Npm-file-type-3.9.0	Vulnerable Package
CVE-2023-41661	Php-smarty/smarty-v4.5.4	Vulnerable Package
CVE-2024-28176	Npm-jose-4.14.4	Vulnerable Package
CVE-2024-39843	Php-centreon/centreon-22.10.2	Vulnerable Package
CVE-2024-4067	Npm-micromatch-4.0.7	Vulnerable Package
CVE-2024-47764	Npm-cookie-0.4.2	Vulnerable Package
Cx14b19a02-387a	Npm-body-parser-1.20.3	Vulnerable Package
CVE-2024-50342	Php-symfony/http-client-v6.4.12	Vulnerable Package
CVE-2024-50342	Php-symfony/http-client-v6.4.13	Vulnerable Package
CVE-2024-50345	Php-symfony/http-foundation-v6.4.12	Vulnerable Package
CVE-2024-50345	Php-symfony/http-foundation-v6.4.13	Vulnerable Package
CVE-2024-51754	Php-twig/twig-v3.14.0	Vulnerable Package
CVE-2024-51755	Php-twig/twig-v3.14.0	Vulnerable Package
Cxda14f253-4e52	Npm-bluebird-2.11.0	Vulnerable Package
Cxda14f253-4e52	Npm-bluebird-3.7.2	Vulnerable Package
Cxda14f253-4e52	Npm-bluebird-3.7.1	Vulnerable Package

Fixed Issues

Severity	Issue	Source File / Package
	Reflected_XSS	/centreon/www/include/monitoring/submitPassivResults/servicePassiveCheck.php: 47
	Missing_HSTS_Header	/centreon/www/include/configuration/configGenerate/xml/moveFiles.php: 88

dependabot · 2025-01-01T21:05:15Z

Superseded by #143.

dependabot bot added dependencies Pull requests that update a dependency file gha labels Dec 1, 2024

dependabot bot requested a review from a team as a code owner December 1, 2024 21:03

dependabot bot requested review from kduret and mushroomempires December 1, 2024 21:03

dependabot bot mentioned this pull request Dec 1, 2024

chore(deps): bump jfrog/setup-jfrog-cli from 4.2.0 to 4.4.1 #108

Closed

dependabot bot requested a review from tuntoja December 1, 2024 21:03

dependabot bot closed this Jan 1, 2025

dependabot bot deleted the dependabot/github_actions/jfrog/setup-jfrog-cli-4.4.3 branch January 1, 2025 21:05

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump jfrog/setup-jfrog-cli from 4.2.0 to 4.4.3 #122

chore(deps): bump jfrog/setup-jfrog-cli from 4.2.0 to 4.4.3 #122

dependabot bot commented on behalf of github Dec 1, 2024

service-security-account commented Dec 1, 2024

dependabot bot commented on behalf of github Jan 1, 2025

chore(deps): bump jfrog/setup-jfrog-cli from 4.2.0 to 4.4.3 #122

chore(deps): bump jfrog/setup-jfrog-cli from 4.2.0 to 4.4.3 #122

Conversation

dependabot bot commented on behalf of github Dec 1, 2024

v4.4.3

What's Changed

Other Changes 📚

v4.4.2

What's Changed

Improvements 🌱

Bug Fixes 🛠

Other Changes 📚

v4.4.1

What's Changed

Improvements 🌱

v4.4.0

What's Changed

Exciting New Features 🎉

Improvements 🌱

Bug Fixes 🛠

service-security-account commented Dec 1, 2024

New Issues

Fixed Issues

dependabot bot commented on behalf of github Jan 1, 2025