This changeset updates the PYSEC notices to ignore to due versions that either cannot be fixed or are false positives. Specifically, this changeset removes previously ignored vulnerability reports and adds PYSEC-2023-312 to the list because it is a false positive and refers to Redis itself, not the Python Redis client (see https://github.com/pypa/advisory-database/issues/237 for details).
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates many of our GitHub Action references to point to the latest versions to ensure they are kept up-to-date. This helps address any improvements and security patches that have been made to them.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates the reference of the upload_artifacts action from GitHub to be v4 instead of v3. v3 is being deprecated at the end of January 2025.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates all references to GitHub Actions to be version 4 due to a mandatory Node.js update.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
The OWASP ZAP scan GitHub Actions have been updated recently and we need to make sure our GitHub Actions account for the recent changes. This changeset makes sure we are using the latest version of the OWASP ZAP API scan, the correct Docker image, and adjusts the name of the step to accurately reflect what scan is being run.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
