azaion/satellite-provider
1
0
Fork 0
mirror of https://github.com/azaion/satellite-provider.git synced 2026-06-27 09:51:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AZ-1132] Bump FluentValidation 12.0.0 to 12.1.1
ci/woodpecker/push/02-build-push/2 Pipeline is pending
Details
ci/woodpecker/push/01-test Pipeline failed
Details
ci/woodpecker/push/02-build-push/1 unknown status
Details

Browse Source 
Closes D-AZ795-1 production dependency carry-over.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-06-26 16:35:47 +03:00
parent 6a948321d3
commit b3e5a66799
11 changed files with 271 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
_docs/05_security/security_report_cycle15.md
+38
View File
@@ -0,0 +1,38 @@
# Security Audit Report (Cycle 15)
**Date**: 2026-06-26
**Scope**: Cycle-15 delta — AZ-1132 (FluentValidation bump / D-AZ795-1 closure).
**Trigger**: Implement batch — dependency hardening (Step 14 audit pending).
**Verdict (cycle-15 delta)**: **PASS** — D-AZ795-1 resolved; 0 new Critical/High/Medium.
**Verdict (cumulative)**: **PASS_WITH_WARNINGS** — D2-cy4 remains open.
## Summary
| Severity | Cycle 15 at audit | Cumulative open |
|----------|-------------------|-----------------|
| Critical | 0 | 0 |
| High | 0 | 0 |
| Medium | 0 | 1 (D2-cy4 test-runtime) |
| Low | 0 (D-AZ795-1 resolved) | 0 |
## Findings
| # | Severity | Category | Location | Title | Status |
|---|----------|----------|----------|-------|--------|
| D-AZ795-1 | Low | Dependency | `SatelliteProvider.Api` FluentValidation packages | Pin at 12.0.0 | **RESOLVED** (AZ-1132 → 12.1.1) |
## Carry-overs (still open)
- **D2-cy4** — test SDK transitive JWT advisory (Moderate, test-runtime only)
## Recommendations
### Immediate
- None blocking cycle 15 ship.
### Short-term
- D2-cy4: pin JWT test packages when upstream resolves GHSA-59j7-ghrg-fj52 for 7.0.3 line.
## Artifacts
- `dependency_scan_cycle15.md`