luccasa / haproxy.agentcheck Goto Github PK

Hello, there!

As part of the university research we are currently doing regarding the security of Github Actions, we noticed that one or many of the workflows that are part of this repository are referencing vulnerable versions of the third-party actions. As part of a disclosure process, we decided to open issues to notify GitHub Community.

Please note that there are could be some false positives in our methodology, thus not all of the open issues could be valid. If that is the case, please let us know, so that we can improve on our approach. You can contact me directly using an email: ikoishy [at] ncsu.edu

Thanks in advance

1. The workflow dotnetcore.yml is referencing action gittools/actions/gitversion/setup using references v0.9.2. However this reference is missing the commit 90150b4 which may contain fix to the vulnerability.
2. The workflow dotnetcore.yml is referencing action gittools/actions/gitversion/execute using references v0.9.2. However this reference is missing the commit 90150b4 which may contain fix to the vulnerability.

The vulnerability fix that is missing by actions' versions could be related to:
(1) CVE fix
(2) upgrade of vulnerable dependency
(3) fix to secret leak and others.
Please consider updating the reference to the action.

If you end up updating the reference, please let us know. We need the stats for the paper :-)

If a IIS pool crash, we want to expose a 0% metric for a specific duration (the warmup time)

The implementation must be very protective (maximum number of events per hour, maximum window time)

Ex : Event ID: 5011 Source: WAS
Code sample : https://stackoverflow.com/a/33940854/533686

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Pending Approval

These branches will be created by Renovate only once you click their checkbox below.

• chore(deps): update dependency dotnet-sdk to v8.0.204

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

• chore(deps): update actions/checkout digest to 0ad4b8f
• chore(deps): update gittools/actions action to v1
• 🔐 Create all rate-limited PRs at once 🔐

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• chore(deps): update actions/upload-artifact digest to 6546280
• chore(deps): update dependency coverlet.msbuild to v6.0.2
• chore(deps): update dependency microsoft.diagnostics.netcore.client to v0.2.510501
• chore(deps): update dependency microsoft.diagnostics.tracing.traceevent to v3.1.10
• chore(deps): update dotnet monorepo (Microsoft.AspNetCore.Mvc.Testing, Microsoft.Extensions.Diagnostics.Testing)
• chore(deps): update dependency microsoft.net.test.sdk to v17.9.0
• chore(deps): update dependency sonaranalyzer.csharp to v9.24.0.89429
• chore(deps): update gittools/actions action to v0.13.6
• chore(deps): update xunit monorepo to v2.8.0 (xunit, xunit.runner.visualstudio)
• chore(deps): update dependency serilog.enrichers.assemblyname to v2
• Click on this checkbox to rebase all open PRs at once

Vulnerabilities

Renovate has not found any CVEs on osv.dev.

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

The "weight" parameter is used to adjust the server's weight relative to
other servers. All servers will receive a load proportional to their weight
relative to the sum of all weights, so the higher the weight, the higher the
load. The default weight is 1, and the maximal value is 256. A value of 0
means the server will not participate in load-balancing but will still accept
persistent connections. If this parameter is used to distribute the load
according to server's capacity, it is recommended to start with values which
can both grow and shrink, for instance between 10 and 100 to leave enough
room above and below for later adjustments.

Current implementation only go to 100