[pull] master from jenkinsci:master

[pull]

See Commits and Changes for more details.

---

Created by pull[bot]

Can you help keep this open source service alive? 💖 Please sponsor : )

[similar-code-searcher]

Similar files are

• pom.xml:https://github.com/jenkinsci/configuration-as-code-plugin/blob/457032bf39a5645963b220d4dd7d230d9431effa/integrations/pom.xml,
• ConfigurationContext.java:https://github.com/jenkinsci/configuration-as-code-plugin/blob/9cc1a869b6a101c925d9b3a9d1cafa08ede9a600/plugin/src/main/java/io/jenkins/plugins/casc/ConfigurationContext.java,
• pom.xml:https://github.com/jenkinsci/configuration-as-code-plugin/blob/e8cfa3473c9435f19b08a63b4698f7e7b88003b7/test-harness/pom.xml,
• pom.xml:https://github.com/jenkinsci/configuration-as-code-plugin/blob/e8cfa3473c9435f19b08a63b4698f7e7b88003b7/plugin/pom.xml,
• PLUGINS.md:https://github.com/jenkinsci/configuration-as-code-plugin/blob/a6983ff60e0cf198ce02d7992bcba927197174db/docs/PLUGINS.md,
• ObsoleteConfigurationMonitor.java:https://github.com/jenkinsci/configuration-as-code-plugin/blob/a6983ff60e0cf198ce02d7992bcba927197174db/plugin/src/main/java/io/jenkins/plugins/casc/ObsoleteConfigurationMonitor.java,
• BackwardCompatibilityTest.java:https://github.com/jenkinsci/configuration-as-code-plugin/blob/302609121b14e859d853abb1c45b64367380cbd8/test-harness/src/test/java/io/jenkins/plugins/casc/BackwardCompatibilityTest.java,
• SonarQubeTest.java:https://github.com/jenkinsci/configuration-as-code-plugin/blob/b455cf1a5520171d17727698238ddc605b9fee93/integrations/src/test/java/io/jenkins/plugins/casc/SonarQubeTest.java,
• pom.xml:https://github.com/jenkinsci/configuration-as-code-plugin/blob/9323b37f0385f054039092fed6f5dd7e75ccd243/pom.xml,
• setup-vault-using-docker.md:https://github.com/jenkinsci/configuration-as-code-plugin/blob/a6983ff60e0cf198ce02d7992bcba927197174db/docs/vault/setup-vault-using-docker.md,
• extensions.xml:https://github.com/jenkinsci/configuration-as-code-plugin/blob/e8cfa3473c9435f19b08a63b4698f7e7b88003b7/.mvn/extensions.xml,
• ISSUE_TEMPLATE.md:https://github.com/jenkinsci/configuration-as-code-plugin/blob/a6983ff60e0cf198ce02d7992bcba927197174db/.github/ISSUE_TEMPLATE.md,
• 5-question.md:https://github.com/jenkinsci/configuration-as-code-plugin/blob/04df24f070b1c44a2238250d0e73e90d8cbf3466/.github/ISSUE_TEMPLATE/5-question.md,
• REQUIREMENTS.md:https://github.com/jenkinsci/configuration-as-code-plugin/blob/a6983ff60e0cf198ce02d7992bcba927197174db/docs/REQUIREMENTS.md

GitHub

configuration-as-code-plugin/pom.xml at 457032bf39a5645963b220d4dd7d230d9431effa · jenkinsci/configuration-as-code-plugin

Jenkins Configuration as Code Plugin. Contribute to jenkinsci/configuration-as-code-plugin development by creating an account on GitHub.

GitHub

configuration-as-code-plugin/ConfigurationContext.java at 9cc1a869b6a101c925d9b3a9d1cafa08ede9a600 · jenkinsci/configuration-as-code-plugin

Jenkins Configuration as Code Plugin. Contribute to jenkinsci/configuration-as-code-plugin development by creating an account on GitHub.

GitHub

configuration-as-code-plugin/pom.xml at e8cfa3473c9435f19b08a63b4698f7e7b88003b7 · jenkinsci/configuration-as-code-plugin

Jenkins Configuration as Code Plugin. Contribute to jenkinsci/configuration-as-code-plugin development by creating an account on GitHub.

GitHub

configuration-as-code-plugin/pom.xml at e8cfa3473c9435f19b08a63b4698f7e7b88003b7 · jenkinsci/configuration-as-code-plugin

Jenkins Configuration as Code Plugin. Contribute to jenkinsci/configuration-as-code-plugin development by creating an account on GitHub.

GitHub

configuration-as-code-plugin/PLUGINS.md at a6983ff60e0cf198ce02d7992bcba927197174db · jenkinsci/configuration-as-code-plugin

Jenkins Configuration as Code Plugin. Contribute to jenkinsci/configuration-as-code-plugin development by creating an account on GitHub.

GitHub

configuration-as-code-plugin/ObsoleteConfigurationMonitor.java at a6983ff60e0cf198ce02d7992bcba927197174db · jenkinsci/configuration-as-code-plugin

Jenkins Configuration as Code Plugin. Contribute to jenkinsci/configuration-as-code-plugin development by creating an account on GitHub.

GitHub

configuration-as-code-plugin/BackwardCompatibilityTest.java at 302609121b14e859d853abb1c45b64367380cbd8 · jenkinsci/configuration-as-code-plugin

Jenkins Configuration as Code Plugin. Contribute to jenkinsci/configuration-as-code-plugin development by creating an account on GitHub.

GitHub

configuration-as-code-plugin/SonarQubeTest.java at b455cf1a5520171d17727698238ddc605b9fee93 · jenkinsci/configuration-as-code-plugin

Jenkins Configuration as Code Plugin. Contribute to jenkinsci/configuration-as-code-plugin development by creating an account on GitHub.

GitHub

configuration-as-code-plugin/pom.xml at 9323b37f0385f054039092fed6f5dd7e75ccd243 · jenkinsci/configuration-as-code-plugin

Jenkins Configuration as Code Plugin. Contribute to jenkinsci/configuration-as-code-plugin development by creating an account on GitHub.

GitHub

configuration-as-code-plugin/setup-vault-using-docker.md at a6983ff60e0cf198ce02d7992bcba927197174db · jenkinsci/configuration-as-code-plugin

Jenkins Configuration as Code Plugin. Contribute to jenkinsci/configuration-as-code-plugin development by creating an account on GitHub.

GitHub

configuration-as-code-plugin/extensions.xml at e8cfa3473c9435f19b08a63b4698f7e7b88003b7 · jenkinsci/configuration-as-code-plugin

Jenkins Configuration as Code Plugin. Contribute to jenkinsci/configuration-as-code-plugin development by creating an account on GitHub.

GitHub

configuration-as-code-plugin/ISSUE_TEMPLATE.md at a6983ff60e0cf198ce02d7992bcba927197174db · jenkinsci/configuration-as-code-plugin

Jenkins Configuration as Code Plugin. Contribute to jenkinsci/configuration-as-code-plugin development by creating an account on GitHub.

GitHub

configuration-as-code-plugin/5-question.md at 04df24f070b1c44a2238250d0e73e90d8cbf3466 · jenkinsci/configuration-as-code-plugin

Jenkins Configuration as Code Plugin. Contribute to jenkinsci/configuration-as-code-plugin development by creating an account on GitHub.

GitHub

configuration-as-code-plugin/REQUIREMENTS.md at a6983ff60e0cf198ce02d7992bcba927197174db · jenkinsci/configuration-as-code-plugin

Jenkins Configuration as Code Plugin. Contribute to jenkinsci/configuration-as-code-plugin development by creating an account on GitHub.

[sonatype-lift]

Severe Vulnerability:

pkg:maven/org.jenkins-ci.plugins/[email protected]

0 Critical, 1 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies

Components

pkg:maven/org.jenkins-ci.plugins/[email protected]

SEVERE Vulnerabilities (1)




Creation of Temporary File in Directory with Insecure Permissions

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.

CVSS Score: 5.5

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-379

---

Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.

When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.

---

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

[sonatype-lift]

Severe Vulnerability:

pkg:maven/org.jenkins-ci.plugins/[email protected]

0 Critical, 1 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies

Components

pkg:maven/org.jenkins-ci.plugins/[email protected]

SEVERE Vulnerabilities (1)




Creation of Temporary File in Directory with Insecure Permissions

CVSS Score: 6.2

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-379

---

Reply with "@sonatype-lift help" for info about LiftBot commands.
Reply with "@sonatype-lift ignore" to tell LiftBot to leave out the above finding from this PR.
Reply with "@sonatype-lift ignoreall" to tell LiftBot to leave out all the findings from this PR and from the status bar in Github.

When talking to LiftBot, you need to refresh the page to see its response. Click here to get to know more about LiftBot commands.

---

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information