IVYPORTAL-18029: Security findings- Client-side cross-site scripting #858
release-drafter.yml
on: pull_request
build
/
update_release_draft
4s
Annotations
2 errors and 1 warning
build / update_release_draft
Validation Failed: {"resource":"Release","code":"invalid","field":"target_commitish"}
{
name: 'HttpError',
id: '12347764484',
status: 422,
response: {
url: 'https://api.github.com/repos/axonivy-market/portal/releases/190336192',
status: 422,
headers: {
'access-control-allow-origin': '*',
'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
connection: 'close',
'content-length': '210',
'content-security-policy': "default-src 'none'",
'content-type': 'application/json; charset=utf-8',
date: 'Mon, 16 Dec 2024 07:18:05 GMT',
'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
server: 'github.com',
'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
vary: 'Accept-Encoding, Accept, X-Requested-With',
'x-accepted-github-permissions': 'contents=write',
'x-content-type-options': 'nosniff',
'x-frame-options': 'deny',
'x-github-api-version-selected': '2022-11-28',
'x-github-media-type': 'github.v3; format=json',
'x-github-request-id': 'A419:F993:F0B47C:1DB877F:675FD42C',
'x-ratelimit-limit': '5000',
'x-ratelimit-remaining': '4969',
'x-ratelimit-reset': '1734336146',
'x-ratelimit-resource': 'core',
'x-ratelimit-used': '31',
'x-xss-protection': '0'
},
data: {
message: 'Validation Failed',
errors: [
{
resource: 'Release',
code: 'invalid',
field: 'target_commitish'
}
],
documentation_url: 'https://docs.github.com/rest/releases/releases#update-a-release',
status: '422'
}
},
request: {
method: 'PATCH',
url: 'https://api.github.com/repos/axonivy-market/portal/releases/190336192',
headers: {
accept: 'application/vnd.github.v3+json',
'user-agent': 'probot/12.2.5 octokit-core.js/3.5.1 Node.js/20.18.0 (linux; x64)',
authorization: 'token [REDACTED]',
'content-type': 'application/json; charset=utf-8'
},
body: '{"body":"## Changes\\n\\n## 🚀 Features\\n\\n- IVYPORTAL-18029 High - Client-side cross-site scripting @mnhnam-axonivy (#1307)\\n- feature/IVYPORTAL-18028-High-Failure-to-use-HTTPS-or-SFTP-URL-in-Mave… @lmluat-axonivy (#1305)\\n","draft":true,"prerelease":false,"make_latest":"true","name":"Next Release 🛒","tag_name":"next","target_commitish":"refs/pull/1310/merge"}',
request: { retryCount: 1 }
},
event: {
id: '12347764484',
name: 'pull_request',
payload: {
action: 'opened',
number: 1310,
organization: {
avatar_url: 'https://avatars.githubusercontent.com/u/84844136?v=4',
description: 'Ecosystem for the Axon Ivy Platform',
events_url: 'https://api.github.com/orgs/axonivy-market/events',
hooks_url: 'https://api.github.com/orgs/axonivy-market/hooks',
id: 84844136,
issues_url: 'https://api.github.com/orgs/axonivy-market/issues',
login: 'axonivy-market',
members_url: 'https://api.github.com/orgs/axonivy-market/members{/member}',
node_id: 'MDEyOk9yZ2FuaXphdGlvbjg0ODQ0MTM2',
public_members_url: 'https://api.github.com/orgs/axonivy-market/public_members{/member}',
repos_url: 'https://api.github.com/orgs/axonivy-market/repos',
url: 'https://api.github.com/orgs/axonivy-market'
},
pull_request: {
_links: {
comments: {
href: 'https://api.github.com/repos/axonivy-market/portal/issues/1310/comments'
},
commits: {
href: 'https://api.github.com/repos/axonivy-market/portal/pulls/1310/commits'
},
html: {
href: 'https://github.com/axonivy-market/portal/pull/1310'
},
issue: {
href: 'https
|
build / update_release_draft
HttpError: Validation Failed: {"resource":"Release","code":"invalid","field":"target_commitish"}
at /home/runner/work/_actions/release-drafter/release-drafter/v6/dist/index.js:8462:21
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async Job.doExecute (/home/runner/work/_actions/release-drafter/release-drafter/v6/dist/index.js:30793:18)
{
name: 'AggregateError',
event: {
id: '12347764484',
name: 'pull_request',
payload: {
action: 'opened',
number: 1310,
organization: {
avatar_url: 'https://avatars.githubusercontent.com/u/84844136?v=4',
description: 'Ecosystem for the Axon Ivy Platform',
events_url: 'https://api.github.com/orgs/axonivy-market/events',
hooks_url: 'https://api.github.com/orgs/axonivy-market/hooks',
id: 84844136,
issues_url: 'https://api.github.com/orgs/axonivy-market/issues',
login: 'axonivy-market',
members_url: 'https://api.github.com/orgs/axonivy-market/members{/member}',
node_id: 'MDEyOk9yZ2FuaXphdGlvbjg0ODQ0MTM2',
public_members_url: 'https://api.github.com/orgs/axonivy-market/public_members{/member}',
repos_url: 'https://api.github.com/orgs/axonivy-market/repos',
url: 'https://api.github.com/orgs/axonivy-market'
},
pull_request: {
_links: {
comments: {
href: 'https://api.github.com/repos/axonivy-market/portal/issues/1310/comments'
},
commits: {
href: 'https://api.github.com/repos/axonivy-market/portal/pulls/1310/commits'
},
html: {
href: 'https://github.com/axonivy-market/portal/pull/1310'
},
issue: {
href: 'https://api.github.com/repos/axonivy-market/portal/issues/1310'
},
review_comment: {
href: 'https://api.github.com/repos/axonivy-market/portal/pulls/comments{/number}'
},
review_comments: {
href: 'https://api.github.com/repos/axonivy-market/portal/pulls/1310/comments'
},
self: {
href: 'https://api.github.com/repos/axonivy-market/portal/pulls/1310'
},
statuses: {
href: 'https://api.github.com/repos/axonivy-market/portal/statuses/95f02eb776e830a72827bf5446e8873df92a302e'
}
},
active_lock_reason: null,
additions: 38,
assignee: null,
assignees: [],
author_association: 'CONTRIBUTOR',
auto_merge: null,
base: {
label: 'axonivy-market:release/12.0',
ref: 'release/12.0',
repo: {
allow_auto_merge: false,
allow_forking: true,
allow_merge_commit: true,
allow_rebase_merge: true,
allow_squash_merge: true,
allow_update_branch: false,
archive_url: 'https://api.github.com/repos/axonivy-market/portal/{archive_format}{/ref}',
archived: false,
assignees_url: 'https://api.github.com/repos/axonivy-market/portal/assignees{/user}',
blobs_url: 'https://api.github.com/repos/axonivy-market/portal/git/blobs{/sha}',
branches_url: 'https://api.github.com/repos/axonivy-market/portal/branches{/branch}',
clone_url: 'https://github.com/axonivy-market/portal.git',
collaborators_url: 'https://api.github.com/repos/axonivy-market/portal/collaborators{/collaborator}',
comments_url: 'https://api.github.com/repos/axonivy-market/portal/comments{/number}',
commits_url: 'https://api.github.com/repos/axonivy-market/portal/commits{/sha}',
compare_url: 'https://api.github.com/repos/axonivy-market/portal/compare/{base}...{head}',
contents_url: 'https://api.github.com/repos/axonivy-market/portal/contents/{+path}',
contributors_url: 'https://api.github.com/repos/axonivy-market/portal/contributors',
created_at: '2022-11-03T13:36:42Z',
default_branch: 'master',
|
build / update_release_draft
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
|