Skip to content

chore: create a new release#1345

Merged
behnazh-w merged 13 commits intoreleasefrom
main
Mar 31, 2026
Merged

chore: create a new release#1345
behnazh-w merged 13 commits intoreleasefrom
main

Conversation

@behnazh-w
Copy link
Copy Markdown
Member

@behnazh-w behnazh-w commented Mar 31, 2026

No description provided.

art1f1c3R and others added 13 commits March 9, 2026 14:11
@art1f1c3R
chore: update inline imports to just look for process spawning, file …
6d8116b 
…writes, and environment modification to reduce fps (#1322)

The builtins, sys, and os modules now are more fine-grained in their inline import obfuscation matching, looking only for file writes, process spawning, and environment modification.

Signed-off-by: Carl Flottmann <carl.flottmann@oracle.com>
@behnazh-w
chore: update dependencies to address CVEs (#1338)
8d0ccbb 
This PR updates the pre-commit hooks, adjusts the code to pass the updated hooks, and temporarily adds GHSA-5239-wwwm-4pmq to the ignore list since a patch is not available.

Signed-off-by: behnazh-w <behnaz.hassanshahi@oracle.com>
@AbhinavPradeep
feat: adjusted max_download_size to 30MB (#1337)
09cf40b 
Signed-off-by: Abhinav Pradeep <abhinav.pradeep@oracle.com>
@AbhinavPradeep
fix: improve has_binary flag condition for Python buildspec generation (
7db6d9b 
#1333)

Signed-off-by: Abhinav Pradeep <abhinav.pradeep@oracle.com>
@behnazh-w
ci: run Macaron as a GitHub Action to check workflows (#1327)
15bc2ab 
This PR adds a new GitHub Actions workflow that runs Oracle Macaron to scan and validate our GitHub Actions workflows for supply chain security issues whenever workflow files change. It also fixes a bug in sending the query to osv.dev and adds relevant tests.

Signed-off-by: behnazh-w <behnaz.hassanshahi@oracle.com>
@AbhinavPradeep
feat: change dockerfile generation for Python rebuild to always defau…
f7634e5 
…lt to standard build command (#1336)

Signed-off-by: Abhinav Pradeep <abhinav.pradeep@oracle.com>
@dependabot
chore(deps): bump actions/upload-artifact from 5.0.0 to 7.0.0 (#1318)
87bd0ff 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps): bump actions/download-artifact from 6.0.0 to 8.0.1 (#1330)
5f01e82 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps): bump actions/setup-python from 5.4.0 to 6.2.0 (#1284)
9247e6d 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps): bump actions/setup-java from 4.4.0 to 5.2.0 (#1286)
016ef83 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@nicallen
fix: allow parsing of github expressions containing non-breaking-spac…
011e21a 
…e characters, and allow dataflow analysis to fail (#1340)

Signed-off-by: Nicholas Allen <nicholas.allen@oracle.com>
@behnazh-w
feat!: add more inputs to Macaron Action and improve GitHub Action an…
d902a14 
…alysis (#1339)

This PR enhances the Macaron GitHub Action by updating its input/output interface and introducing new analysis to detect injection risks and other security issues in GitHub Actions workflows. It also improves result visibility by showing findings directly in the Action run summary.

Signed-off-by: behnazh-w <behnaz.hassanshahi@oracle.com>
@behnazh-w
fix: improve URL validation to avoid unexpected redirects (#1344)
d07edd4 
This PR improves URL validation to prevent unexpected redirects caused by ambiguous parsing behavior.
A new utility function has been introduced to ensure that username and password fields are not implicitly populated by urlparse, which could otherwise lead to incorrect hostname resolution and unintended redirects.

Signed-off-by: behnazh-w <behnaz.hassanshahi@oracle.com>
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security bot commented Mar 31, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Mar 31, 2026
@behnazh-w behnazh-w requested a review from nicallen March 31, 2026 05:09
@behnazh-w behnazh-w merged commit d07edd4 into release Mar 31, 2026
38 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nicallen nicallen nicallen approved these changes

Assignees

No one assigned

Labels

OCA Verified All contributors have signed the Oracle Contributor Agreement.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@behnazh-w @github-advanced-security @nicallen @art1f1c3R @AbhinavPradeep