This changeset adds the same additional steps needed in our PR checks to make sure the daily checks work properly with the recent Poetry update. It also updates our PR checks to use the latest pip-audit GitHub action.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates the PYSEC notices to ignore to due versions that either cannot be fixed or are false positives. Specifically, this changeset removes previously ignored vulnerability reports and adds PYSEC-2023-312 to the list because it is a false positive and refers to Redis itself, not the Python Redis client (see https://github.com/pypa/advisory-database/issues/237 for details).
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates the Terraform user configuration in several environments to factor in team member changes, and reverts the previous change to the staging deploy to see if there was an issue with the last update which is preventing the workflow from running now.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates many of our GitHub Action references to point to the latest versions to ensure they are kept up-to-date. This helps address any improvements and security patches that have been made to them.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates our GitHub Action for dynamic scans to use the latest release of the zaproxy-api-scan.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates the reference of the upload_artifacts action from GitHub to be v4 instead of v3. v3 is being deprecated at the end of January 2025.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
This changeset updates our restage workflow and GitHub action to use the latest version of the cg-cli-tools to help prevent future issues with performing restage actions for our apps.
Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
