azaion/satellite-provider
1
0
Fork 0
mirror of https://github.com/azaion/satellite-provider.git synced 2026-06-27 11:01:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
fb9e3ee31a157559cdb6b758564f21c073bc9d99
satellite-provider/_docs/05_security/security_report_cycle15.md
T
Oleksandr Bezdieniezhnykh b3e5a66799
ci/woodpecker/push/02-build-push/2 Pipeline is pending
Details
ci/woodpecker/push/01-test Pipeline failed
Details
ci/woodpecker/push/02-build-push/1 unknown status
Details
[AZ-1132] Bump FluentValidation 12.0.0 to 12.1.1 
Closes D-AZ795-1 production dependency carry-over.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-26 16:35:47 +03:00

1.2 KiB
Raw Blame History

Security Audit Report (Cycle 15)

Date: 2026-06-26 Scope: Cycle-15 delta — AZ-1132 (FluentValidation bump / D-AZ795-1 closure). Trigger: Implement batch — dependency hardening (Step 14 audit pending). Verdict (cycle-15 delta): PASS — D-AZ795-1 resolved; 0 new Critical/High/Medium. Verdict (cumulative): PASS_WITH_WARNINGS — D2-cy4 remains open.

Summary

Severity Cycle 15 at audit Cumulative open
Critical 0 0
High 0 0
Medium 0 1 (D2-cy4 test-runtime)
Low 0 (D-AZ795-1 resolved) 0

Findings

# Severity Category Location Title Status
D-AZ795-1 Low Dependency SatelliteProvider.Api FluentValidation packages Pin at 12.0.0 RESOLVED (AZ-1132 → 12.1.1)

Carry-overs (still open)

  • D2-cy4 — test SDK transitive JWT advisory (Moderate, test-runtime only)

Recommendations

Immediate

  • None blocking cycle 15 ship.

Short-term

  • D2-cy4: pin JWT test packages when upstream resolves GHSA-59j7-ghrg-fj52 for 7.0.3 line.

Artifacts

  • dependency_scan_cycle15.md
Reference in New Issue View Git Blame Copy Permalink