Add PHP dependencies security check workflow #2639
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
fballiano
approved these changes
Oct 2, 2022
sreichel
approved these changes
Oct 2, 2022
4 tasks
sreichel
added a commit
that referenced
this pull request
Oct 17, 2022
* Fixed "should return string but returns false" * Fixed "should return XYZ but returns false" * Fixed "should return array but returns null" * Fixed "should return string but returns null" * Fixed "should return int but returns null" * Fixed "should return bool but returns" * Fixed docs (see comments) * Fixed "should return array" * Update app/code/core/Mage/Adminhtml/Block/Widget/Grid/Massaction/Abstract.php Co-authored-by: Ng Kiat Siong <kiatsiong.ng@gmail.com> * Update app/code/core/Mage/Catalog/Model/Product/Attribute/Tierprice/Api.php Co-authored-by: Ng Kiat Siong <kiatsiong.ng@gmail.com> * Update app/code/core/Mage/Tag/Model/Resource/Tag.php Co-authored-by: Ng Kiat Siong <kiatsiong.ng@gmail.com> * Update app/code/core/Mage/Customer/Block/Form/Register.php Co-authored-by: Ng Kiat Siong <kiatsiong.ng@gmail.com> * Added module names to helper(#2617) * Get catalog search result collection from engine (#2634) * Add PHP dependencies security check workflow (#2639) * [security-workflow] Fixed cron syntax (#2640) * Added OpenMage Contributors Copyright (#2295) * Added ddev snippets to docs (#2575) * Improve dev/openmage/install.sh script for newer versions of Docker - no longer requires separate compose. * Only run workflows when relevant files change (#2641) * Add back notification popup severity icons URL (#2633) * Reduce reprocessed jpeg file size by defaulting quality to 85% (#2629) * Fixed issue #475. * Removed <frontend_type>text</frontend_type> as it is the default. * Fixed bug on users not able to modify image quality in backend if deprecated config exists. * Fixed bug on incorrect check if image quality was not set in backend. * Improved note in system.xml. * Prevented editing of a non-editable order (#2632) * Fix dev/openmage/install.sh script setting permissions on var directory. * Allowed automatic full invoice from API (#2393) * Add check if array key isset before using it (#2649) * Fixed phpstan-baseline.neon * Fixed phpstan-baseline.neon (updated dev tools) * Revert "Fixed phpstan-baseline.neon" This reverts commit 3c82e76. * Fixed getRegion() Co-authored-by: Ng Kiat Siong <kiatsiong.ng@gmail.com> Co-authored-by: Mohamed ELIDRISSI <67818913+elidrissidev@users.noreply.github.com> Co-authored-by: Justin Beaty <51970393+justinbeaty@users.noreply.github.com> Co-authored-by: Colin Mollenhour <colin@mollenhour.com> Co-authored-by: luigifab <31816829+luigifab@users.noreply.github.com> Co-authored-by: Przemysław Piotrowski <przemyslaw.p@deligo.pl>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description (*)
This PR will add a new workflow that checks
composer.jsonweekly (subject to change) for vulnerabilities using the FriendsOfPHP database. It can also be triggered manually when drafting a new release.Here's a test of how it will look if a vulnerable package is found:
Fixed Issues (if relevant)
Contribution checklist (*)