Merge develop into master for release
#3529
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 4.3.0 to 4.4.0. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@2dfa201...b36c23c) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
2 - After Github Action release: Merge master back into develop [auto-generated]
* add spring security with oauth to web ui * implement pull request workflow for gha action and gradle action #3357 * add mb sso to application.yml * implement oauth config for sechub webui #3406 * make web ui spring security oidc config configurable through env variables #3406 * change variable names in application-webui_oidc.yaml * remove webflux from web ui project * implement success handler for redirect after successful o auth workflow in web ui * add basic and form login to spring security in web ui * add under construction site to web ui * set default page to /home in webui * update README.md in web ui * clean up build.gradle of webui * fix formatting in MercedesBenzOAuth2AccessTokenClient * remove unnecessary pages and controller in webui * exclude OAuth2Properties with @Profile * exclude OAuth2Properties with @Profile * pr fixes * pr fixes * pr fixes
Bumps [actions/cache](https://github.com/actions/cache) from 4.0.2 to 4.1.1. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@0c45773...3624ceb) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…/actions/setup-java-4.4.0 Bump actions/setup-java from 4.3.0 to 4.4.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@692973e...eef6144) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…/actions/cache-4.1.1 Bump actions/cache from 4.0.2 to 4.1.1
…/actions/checkout-4.2.1 Bump actions/checkout from 4.1.7 to 4.2.1
* remove github action scan folder after index-js is built #3499 * save the github action index.js as sechub-scan.cjs * save the github action index.js as sechub-scan.cjs * prevent command injection in sechub-cli.ts * add doc to shell-cmd-sanitizer.ts * use whitelist in github action to prevent command injection * revert action.yml changes temporarily * pr clean up * pr clean up * use child_process execFileSync to pass commands to go client in array * pass process.env to execFileSync in GitHub Action * pass process.env to execFileSync in GitHub Action * update versions used in 01-start.sh github action * protect against shell arguments that are commands in github actions * replace potentially dangerous shell command injection code * use commandExists npm library to check if shell argument is a malicious command * use commandExists npm library to check if shell argument is a malicious command * use commandExists npm library to check if shell argument is a malicious command * fix integration tests * revert info logs to debug * revert info logs to debug
- also updated Alpine version - and fixed a typo
…tion-signals-to-server-process implemented signal handling for sechub server container #3470
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.