'=?utf-8?q?=5BGitHub=5D_=5Bws-wss4j=5D_step-security-bot_opened_a_new_pull_re?= =?utf-8?q?quest=2C_=2'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xmlrpc-user
Subject:    =?utf-8?q?=5BGitHub=5D_=5Bws-wss4j=5D_step-security-bot_opened_a_new_pull_re?= =?utf-8?q?quest=2C_=2
From:       step-security-bot_(via_GitHub) <git () apache ! org>
Date:       2023-03-29 10:52:17
Message-ID: PR_kwDODQpips5NJxU3 () gitbox ! apache ! org
[Download RAW message or body]


step-security-bot opened a new pull request, #135:
URL: https://github.com/apache/ws-wss4j/pull/135

   ## Summary
   
   This pull request is created by [Secure \
Repo](https://app.stepsecurity.io/securerepo) at the request of @coheigea. Please \
merge the Pull Request to incorporate the requested changes. Please tag @coheigea on \
your message if you have any questions related to the PR. You can also engage with \
the [StepSecurity](https://github.com/step-security) team by tagging \
@step-security-bot.  
   
   ## Security Fixes
   
   ### Pinned Dependencies
   
   GitHub Action tags and Docker tags are mutatble. This poses a security risk. \
GitHub's Security Hardening guide recommends pinning actions to full length commit.  
   - [GitHub Security \
Guide](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions)
                
   - [The Open Source Security Foundation (OpenSSF) Security \
Guide](https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies)
  
   
   ## Feedback
   For bug reports, feature requests, and general feedback; please create an issue in \
[step-security/secure-repo](https://github.com/step-security/secure-repo). To create \
such PRs, please visit https://app.stepsecurity.io/securerepo.  
   
   Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic