Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: Checkmarx/kics
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v2.1.4
Choose a base ref
...
head repository: Checkmarx/kics
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v2.1.5
Choose a head ref
  • 11 commits
  • 22 files changed
  • 8 contributors

Commits on Jan 31, 2025

  1. update(dockerfile): revert KICS user change from 65532 back to root (#… 

    …7322)

* update kics gh action

* change last user for root

* fix image vulnerabilities

* upgrade go mod
    @cx-rui-araujo
    cx-rui-araujo authored Jan 31, 2025
    Configuration menu
    Copy the full SHA
    7443b1e View commit details
    Browse the repository at this point in the history

  2. build(deps): bump path-to-regexp and express (#7324) 

    Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) to 0.1.12 and updates ancestor dependency [express](https://github.com/expressjs/express). These dependencies need to be updated together.


Updates `path-to-regexp` from 0.1.10 to 0.1.12
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v0.1.10...v0.1.12)

Updates `express` from 4.21.1 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](expressjs/express@4.21.1...4.21.2)

---
updated-dependencies:
- dependency-name: path-to-regexp
  dependency-type: indirect
- dependency-name: express
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jan 31, 2025
    Configuration menu
    Copy the full SHA
    3f5c065 View commit details
    Browse the repository at this point in the history

Commits on Feb 3, 2025

  1. OpenAPI maximum_length_undefined query updated with new sanitizers an… 

    …d corresponding negative UTs
    @cx-eduardo-semanas
    cx-eduardo-semanas committed Feb 3, 2025
    Configuration menu
    Copy the full SHA
    8eb189a View commit details
    Browse the repository at this point in the history

  2. Merge branch 'master' into eduardose/maximum_length_undefined

    @cx-artur-ribeiro
    cx-artur-ribeiro authored Feb 3, 2025
    Configuration menu
    Copy the full SHA
    d933065 View commit details
    Browse the repository at this point in the history

  3. Auxiliar function renamed to a more current language

    @cx-eduardo-semanas
    cx-eduardo-semanas committed Feb 3, 2025
    Configuration menu
    Copy the full SHA
    1417b07 View commit details
    Browse the repository at this point in the history

  4. fix(query): correct keyActualValue and keyExpectedValue for maxItems … 

    …validation (#7328)
    @cx-artur-ribeiro
    cx-artur-ribeiro authored Feb 3, 2025
    Configuration menu
    Copy the full SHA
    4297cc0 View commit details
    Browse the repository at this point in the history

  5. Merge branch 'master' into eduardose/maximum_length_undefined

    @cx-eduardo-semanas
    cx-eduardo-semanas authored Feb 3, 2025
    Configuration menu
    Copy the full SHA
    c6766a1 View commit details
    Browse the repository at this point in the history

  6. Merge pull request #7327 from Checkmarx/eduardose/maximum_length_unde… 

    …fined

fix(query): openapi maximum_length_undefined query enum and format sanitizers
    @cx-eduardo-semanas
    cx-eduardo-semanas authored Feb 3, 2025
    Configuration menu
    Copy the full SHA
    2e3a47b View commit details
    Browse the repository at this point in the history

Commits on Feb 4, 2025

  1. fix(query): openapi pattern undefined fp enum and format sanitizers (#… 

    …7323)

* OpenAPI general query pattern_undefined updated to also consider format and enum as sanitizers

* Update so that format is only considered a sanitizer when it's value is date or date-time

* Expected and acutal key values uneeded changes reverted

* Comments correction

* Auxiliar function renamed to a more current language

* Vulnerable github.com/moby/buildkit package updated

---------

Co-authored-by: Artur Ribeiro <153724638+ArturRibeiro-CX@users.noreply.github.com>
    @cx-eduardo-semanas @cx-artur-ribeiro
    cx-eduardo-semanas and cx-artur-ribeiro authored Feb 4, 2025
    Configuration menu
    Copy the full SHA
    4d0afd1 View commit details
    Browse the repository at this point in the history

  2. docs(queries): update queries catalog (#7329) 

    Co-authored-by: EduardoSemanas <107848101+EduardoSemanas@users.noreply.github.com>
    @kicsbot @cx-eduardo-semanas
    kicsbot and cx-eduardo-semanas authored Feb 4, 2025
    Configuration menu
    Copy the full SHA
    cbdd32f View commit details
    Browse the repository at this point in the history

Commits on Feb 5, 2025

  1. docs(kicsbot): preparing for release 2.1.5 (#7332) 

    * docs(kicsbot): preparing for release 2.1.5

* bumps kics version

---------

Co-authored-by: cx-monicac <109349080+cx-monicac@users.noreply.github.com>
Co-authored-by: cx-monicac <monica.casanova@checkmarx.com>
    @kicsbot @cx-monica-casanova
    3 people authored Feb 5, 2025
    Configuration menu
    Copy the full SHA
    07c43d0 View commit details
    Browse the repository at this point in the history
Loading