Bump zizmorcore/zizmor-action from 0.5.6 to 0.5.7 (#14)
Bump zizmorcore/zizmor-action from 0.5.6 to 0.5.7
From dependabot
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index f3a41a5..1559b89 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -53,11 +53,11 @@
contents: read
steps:
- - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Set up JDK
- uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0
+ uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0
with:
java-version: '17'
distribution: 'temurin'
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index e0c1d44..f664d6b 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -49,7 +49,7 @@
timeout-minutes: 10
steps:
- name: Checkout
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Dependency review
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 9393ea0..d7d6c6b 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -34,6 +34,7 @@
on:
push:
+ branches: [ main, master, trunk ]
pull_request:
branches: [ main, master, trunk ]
@@ -54,11 +55,11 @@
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Set up JDK
- uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0
+ uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0
with:
java-version: '17'
distribution: 'temurin'
@@ -79,11 +80,11 @@
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+ - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Set up JDK
- uses: actions/setup-java@ad2b38190b15e4d6bdf0c97fb4fca8412226d287 # v5.3.0
+ uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0
with:
# apache-rat-plugin 0.18 (wired into verify) requires JDK 17.
# Bytecode target remains 1.8 via the compiler plugin.
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 56138ba..a253fe5 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -58,7 +58,7 @@
steps:
- name: Checkout code
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
index 97ab992..09a27a6 100644
--- a/.github/workflows/zizmor.yml
+++ b/.github/workflows/zizmor.yml
@@ -57,7 +57,7 @@
steps:
- name: Checkout
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+ uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
diff --git a/SECURITY.md b/SECURITY.md
index 87386c2..a0cf054 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -189,3 +189,5 @@
- A malicious catalog, metastore, or external service.
- A principal that already has equivalent power through legitimate write or maintenance capabilities.
- A vulnerability that only exists in previous releases.
+
+Any deserialization vulnerability in TokenIdentifier.readFields would be considered critical
\ No newline at end of file