chore: sept 2024 omnibus #467

sgammon · 2024-09-19T07:37:00Z

Summary

Applies all (or most) pending dependency updates, fixes hashes for the 22.0.1 vs. 22.0.2 release of GVM, and preps for JVM 23 release updates.

JVM 23 will be added in a follow-up PR.

- fix: dependency hashes for GVM 22 on several platforms - chore: run ci on macos x86 and arm - chore: issue binary map entries for GVM `24.0.2` / JDK `22.0.2` Signed-off-by: Sam Gammon <[email protected]>

Bumps [husky](https://github.com/typicode/husky) from 9.1.4 to 9.1.6. - [Release notes](https://github.com/typicode/husky/releases) - [Commits](typicode/husky@v9.1.4...v9.1.6) --- updated-dependencies: - dependency-name: husky dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Sam Gammon <[email protected]>

Bumps [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli) from 19.3.0 to 19.5.0. - [Release notes](https://github.com/conventional-changelog/commitlint/releases) - [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md) - [Commits](https://github.com/conventional-changelog/commitlint/commits/v19.5.0/@commitlint/cli) --- updated-dependencies: - dependency-name: "@commitlint/cli" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Sam Gammon <[email protected]>

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.3 to 4.4.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@6546280...5076954) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Sam Gammon <[email protected]>

Bumps [advanced-security/maven-dependency-submission-action](https://github.com/advanced-security/maven-dependency-submission-action) from 4.0.3 to 4.1.1. - [Release notes](https://github.com/advanced-security/maven-dependency-submission-action/releases) - [Commits](advanced-security/maven-dependency-submission-action@5d0f901...4f64dda) --- updated-dependencies: - dependency-name: advanced-security/maven-dependency-submission-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Sam Gammon <[email protected]>

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.6 to 4.1.7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@a5ac7e5...692973e) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Sam Gammon <[email protected]>

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.3 to 2.4.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@dc50aa9...62b2cac) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Sam Gammon <[email protected]>

Bumps [actions/jekyll-build-pages](https://github.com/actions/jekyll-build-pages) from 1.0.12 to 1.0.13. - [Release notes](https://github.com/actions/jekyll-build-pages/releases) - [Commits](actions/jekyll-build-pages@b178f93...44a6e6b) --- updated-dependencies: - dependency-name: actions/jekyll-build-pages dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Sam Gammon <[email protected]>

Signed-off-by: Sam Gammon <[email protected]>

Bumps [prettier-plugin-java](https://github.com/jhipster/prettier-java) from 2.6.0 to 2.6.4. - [Release notes](https://github.com/jhipster/prettier-java/releases) - [Changelog](https://github.com/jhipster/prettier-java/blob/main/CHANGELOG.md) - [Commits](https://github.com/jhipster/prettier-java/compare/[email protected]@2.6.4) --- updated-dependencies: - dependency-name: prettier-plugin-java dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Sam Gammon <[email protected]>

Bumps the npm_and_yarn group with 1 update: [braces](https://github.com/micromatch/braces). Updates `braces` from 3.0.2 to 3.0.3 - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Sam Gammon <[email protected]>

Signed-off-by: Sam Gammon <[email protected]>

github-actions · 2024-09-19T07:43:25Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 11 package(s) with unknown licenses.

See the Details below.

Snapshot Warnings

⚠️: The number of snapshots compared for the base SHA (0) and the head SHA (1) do not match. You may see unexpected additions in the diff.

Re-running this action after a short time may resolve the issue. See the documentation for more information and troubleshooting advice.

License Issues

pom.xml

Package	Version	License	Issue Type
org.graalvm.compiler:compiler	24.0.1	Null	Unknown License
org.graalvm.nativeimage:native-image-base	24.0.1	Null	Unknown License
org.graalvm.nativeimage:objectfile	24.0.1	Null	Unknown License
org.graalvm.nativeimage:pointsto	24.0.1	Null	Unknown License
org.graalvm.nativeimage:svm	24.0.1	Null	Unknown License
org.graalvm.polyglot:polyglot	24.0.1	Null	Unknown License
org.graalvm.sdk:collections	24.0.1	Null	Unknown License
org.graalvm.sdk:graal-sdk	24.0.1	Null	Unknown License
org.graalvm.sdk:nativeimage	24.0.1	Null	Unknown License
org.graalvm.sdk:word	24.0.1	Null	Unknown License
org.graalvm.truffle:truffle-compiler	24.0.1	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

actions/actions/checkout

692973e3d937129bcbf40652eb9f2f61becf3332

🟢 6.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 5	6 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Security-Policy	🟢 9	security policy file detected
Packaging	🟢 10	packaging workflow detected
SAST	🟢 9	SAST tool detected but not run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/actions/checkout

692973e3d937129bcbf40652eb9f2f61becf3332

🟢 6.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 5	6 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Security-Policy	🟢 9	security policy file detected
Packaging	🟢 10	packaging workflow detected
SAST	🟢 9	SAST tool detected but not run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/actions/checkout

692973e3d937129bcbf40652eb9f2f61becf3332

🟢 6.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 5	6 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Security-Policy	🟢 9	security policy file detected
Packaging	🟢 10	packaging workflow detected
SAST	🟢 9	SAST tool detected but not run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/actions/checkout

692973e3d937129bcbf40652eb9f2f61becf3332

🟢 6.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 5	6 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Security-Policy	🟢 9	security policy file detected
Packaging	🟢 10	packaging workflow detected
SAST	🟢 9	SAST tool detected but not run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/actions/upload-artifact

50769540e7f4bd5e21e526ee35c689e35e0d6874

🟢 6.7

Details

Check	Score	Reason
Code-Review	🟢 8	Found 7/8 approved changesets -- score normalized to 8
Maintained	🟢 10	22 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Packaging	⚠️ -1	packaging workflow not detected
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 1	dependency not pinned by hash detected -- score normalized to 1
Security-Policy	🟢 9	security policy file detected
SAST	🟢 10	SAST tool is run on all commits
Vulnerabilities	🟢 7	3 existing vulnerabilities detected

actions/ossf/scorecard-action

62b2cac7ed8198b15735ed49ab1e5cf35480ba46

🟢 8.2

Details

Check	Score	Reason
Binary-Artifacts	🟢 10	no binaries found in the repo
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests	🟢 10	30 out of 30 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Code-Review	🟢 10	all changesets reviewed
Contributors	🟢 10	20 different organizations found -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Fuzzing	⚠️ 0	project is not fuzzed
License	🟢 10	license file detected
Maintained	🟢 10	27 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 10
Packaging	⚠️ -1	no published package detected
Pinned-Dependencies	🟢 9	dependency not pinned by hash detected -- score normalized to 9
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Signed-Releases	⚠️ -1	no releases found
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Vulnerabilities	🟢 10	no vulnerabilities detected

actions/actions/checkout

692973e3d937129bcbf40652eb9f2f61becf3332

🟢 6.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 5	6 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Security-Policy	🟢 9	security policy file detected
Packaging	🟢 10	packaging workflow detected
SAST	🟢 9	SAST tool detected but not run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/actions/jekyll-build-pages

44a6e6beabd48582f863aeeb6cb2151cc1716697

🟢 6.5

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	13 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 9	security policy file detected
Vulnerabilities	⚠️ 2	8 existing vulnerabilities detected
Packaging	🟢 10	packaging workflow detected
SAST	🟢 9	SAST tool is not run on all commits -- score normalized to 9

actions/actions/checkout

692973e3d937129bcbf40652eb9f2f61becf3332

🟢 6.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 5	6 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Security-Policy	🟢 9	security policy file detected
Packaging	🟢 10	packaging workflow detected
SAST	🟢 9	SAST tool detected but not run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/actions/checkout

692973e3d937129bcbf40652eb9f2f61becf3332

🟢 6.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 5	6 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Security-Policy	🟢 9	security policy file detected
Packaging	🟢 10	packaging workflow detected
SAST	🟢 9	SAST tool detected but not run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/advanced-security/maven-dependency-submission-action

4f64ddab9d742a4806eeb588d238e4c311a8397d

🟢 4.1

Details

Check	Score	Reason
Maintained	🟢 10	18 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 4/17 approved changesets -- score normalized to 2
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
License	🟢 10	license file detected
Security-Policy	🟢 10	security policy file detected
Binary-Artifacts	🟢 9	binaries present in source code
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 3	SAST tool is not run on all commits -- score normalized to 3
Vulnerabilities	⚠️ 0	17 existing vulnerabilities detected

actions/actions/checkout

692973e3d937129bcbf40652eb9f2f61becf3332

🟢 6.9

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 5	6 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Security-Policy	🟢 9	security policy file detected
Packaging	🟢 10	packaging workflow detected
SAST	🟢 9	SAST tool detected but not run on all commits
Vulnerabilities	🟢 9	1 existing vulnerabilities detected

actions/advanced-security/maven-dependency-submission-action

4f64ddab9d742a4806eeb588d238e4c311a8397d

🟢 4.1

Details

Check	Score	Reason
Maintained	🟢 10	18 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Code-Review	⚠️ 2	Found 4/17 approved changesets -- score normalized to 2
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
License	🟢 10	license file detected
Security-Policy	🟢 10	security policy file detected
Binary-Artifacts	🟢 9	binaries present in source code
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Branch-Protection	⚠️ 0	branch protection not enabled on development/release branches
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
Fuzzing	⚠️ 0	project is not fuzzed
SAST	🟢 3	SAST tool is not run on all commits -- score normalized to 3
Vulnerabilities	⚠️ 0	17 existing vulnerabilities detected

npm/@commitlint/cli

19.5.0

🟢 5.3

Details

Check	Score	Reason
Code-Review	🟢 3	Found 4/12 approved changesets -- score normalized to 3
Maintained	🟢 10	30 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/husky

9.1.6

🟢 6.4

Details

Check	Score	Reason
Code-Review	⚠️ 2	Found 8/29 approved changesets -- score normalized to 2
Maintained	🟢 10	28 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Binary-Artifacts	🟢 10	no binaries found in the repo
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Signed-Releases	⚠️ -1	no releases found
Pinned-Dependencies	⚠️ 1	dependency not pinned by hash detected -- score normalized to 1
Security-Policy	⚠️ 0	security policy file not detected
Fuzzing	⚠️ 0	project is not fuzzed
Packaging	🟢 10	packaging workflow detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

npm/prettier

3.3.3

🟢 6.9

Details

Check	Score	Reason
Code-Review	🟢 8	Found 8/9 approved changesets -- score normalized to 8
Maintained	🟢 10	30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	🟢 9	detected GitHub workflow tokens with excessive permissions
SAST	🟢 10	SAST tool is run on all commits
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	27 existing vulnerabilities detected

npm/prettier-plugin-java

2.6.4

🟢 4.4

Details

Check	Score	Reason
Code-Review	🟢 4	Found 5/12 approved changesets -- score normalized to 4
Maintained	🟢 10	15 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	⚠️ 0	10 existing vulnerabilities detected

maven/org.graalvm.compiler:compiler

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

maven/org.graalvm.nativeimage:native-image-base

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

maven/org.graalvm.nativeimage:objectfile

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

maven/org.graalvm.nativeimage:pointsto

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

maven/org.graalvm.nativeimage:svm

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

maven/org.graalvm.polyglot:polyglot

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

maven/org.graalvm.sdk:collections

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

maven/org.graalvm.sdk:graal-sdk

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

maven/org.graalvm.sdk:nativeimage

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

maven/org.graalvm.sdk:word

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

maven/org.graalvm.truffle:truffle-compiler

24.0.1

🟢 4

Details

Check	Score	Reason
Code-Review	⚠️ 0	Found 1/28 approved changesets -- score normalized to 0
Maintained	🟢 10	30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during GetBranch(release/graal-vm/19.1): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Security-Policy	🟢 10	security policy file detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts	⚠️ 0	binaries present in source code
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities	🟢 10	0 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/check.buildifier.yml

.github/workflows/check.codeql.yml

.github/workflows/check.lint-yaml.yml

.github/workflows/check.scorecards.yml

.github/workflows/deploy.docs.yml

.github/workflows/module.build.yml

.github/workflows/on.pr.yml

.github/workflows/on.push.yml

package.json

pom.xml

org.graalvm.compiler:[email protected]
org.graalvm.nativeimage:[email protected]
org.graalvm.nativeimage:[email protected]
org.graalvm.nativeimage:[email protected]
org.graalvm.nativeimage:[email protected]
org.graalvm.polyglot:[email protected]
org.graalvm.sdk:[email protected]
org.graalvm.sdk:[email protected]
org.graalvm.sdk:[email protected]
org.graalvm.sdk:[email protected]
org.graalvm.truffle:[email protected]

Signed-off-by: Sam Gammon <[email protected]>

sonarcloud · 2024-09-19T08:35:51Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

chore: omnibus updates for sept 2024

18bdcd6

- fix: dependency hashes for GVM 22 on several platforms - chore: run ci on macos x86 and arm - chore: issue binary map entries for GVM `24.0.2` / JDK `22.0.2` Signed-off-by: Sam Gammon <[email protected]>

sgammon added bug Something isn't working dependencies Dependency updates and other related issues dev Development improvements and issues labels Sep 19, 2024

sgammon added this to the 1.0.0 milestone Sep 19, 2024

sgammon self-assigned this Sep 19, 2024

dependabot bot and others added 12 commits September 19, 2024 00:38

chore: npm dep fixups

ec217c2

Signed-off-by: Sam Gammon <[email protected]>

fix: precommit update

17ec1f0

Signed-off-by: Sam Gammon <[email protected]>

chore: update bindist timestamp

ecc7069

Signed-off-by: Sam Gammon <[email protected]>

sgammon force-pushed the chore/sept-2024-omnibus branch from 5c7828b to ecc7069 Compare September 19, 2024 07:40

sgammon added 5 commits September 19, 2024 00:45

fix: uniform ci run labels

d9e6f25

Signed-off-by: Sam Gammon <[email protected]>

chore: bump versions in config.bzl, update locks

04fb74c

Signed-off-by: Sam Gammon <[email protected]>

chore: update local bazel → 7.3.1

b2c1484

Signed-off-by: Sam Gammon <[email protected]>

chore: broader bazelci testing

49eea47

Signed-off-by: Sam Gammon <[email protected]>

fix: missing macos x64 binding for oracle gvm 22

c7125fc

Signed-off-by: Sam Gammon <[email protected]>

sgammon force-pushed the chore/sept-2024-omnibus branch from d305f8c to c7125fc Compare September 19, 2024 08:14

fix: stable download urls

095345e

Signed-off-by: Sam Gammon <[email protected]>

sgammon merged commit 396fabb into main Sep 19, 2024
108 checks passed

sgammon mentioned this pull request Sep 19, 2024

Migrate for --incompatible_disallow_ctx_resolve_tools #458

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: sept 2024 omnibus #467

chore: sept 2024 omnibus #467

sgammon commented Sep 19, 2024

github-actions bot commented Sep 19, 2024 •

edited

Loading

sonarcloud bot commented Sep 19, 2024

chore: sept 2024 omnibus #467

chore: sept 2024 omnibus #467

Conversation

sgammon commented Sep 19, 2024

Summary

github-actions bot commented Sep 19, 2024 • edited Loading

Dependency Review

Snapshot Warnings

License Issues

pom.xml

OpenSSF Scorecard

Scanned Manifest Files

sonarcloud bot commented Sep 19, 2024

Quality Gate passed

github-actions bot commented Sep 19, 2024 •

edited

Loading