Skip to content

chore(deps-dev): bump js-yaml from 4.1.1 to 4.3.0 in /ui #417

chore(deps-dev): bump js-yaml from 4.1.1 to 4.3.0 in /ui

chore(deps-dev): bump js-yaml from 4.1.1 to 4.3.0 in /ui #417

Triggered via pull request June 28, 2026 19:22
Status Failure
Total duration 4m 46s
Artifacts

security-scan.yml

on: pull_request
Matrix: CodeQL Analysis
Matrix: Dockerfile Linting
Matrix: Go Dependency Vulnerability Scan
Matrix: Trivy Container Image Scan
npm Dependency Vulnerability Scan
1m 2s
npm Dependency Vulnerability Scan
Secret Scanning with Gitleaks
7s
Secret Scanning with Gitleaks
SAST with Semgrep
49s
SAST with Semgrep
Kubernetes Manifest Security Scan
27s
Kubernetes Manifest Security Scan
Dependency Review
8s
Dependency Review
Security Scan Summary
4s
Security Scan Summary
Fit to window
Zoom out
Zoom in

Annotations

29 errors and 26 warnings
Go Dependency Vulnerability Scan (k8s-controller)
Process completed with exit code 1.
Go Dependency Vulnerability Scan (api)
The strategy configuration was canceled because "go-dependency-scan.k8s-controller" failed
Go Dependency Vulnerability Scan (api)
The operation was canceled.
Dockerfile Linting (ui)
The strategy configuration was canceled because "docker-lint.k8s-controller" failed
Secret Scanning with Gitleaks
🛑 missing gitleaks license. Go grab one at gitleaks.io and store it as a GitHub Secret named GITLEAKS_LICENSE. For more info about the recent breaking update, see [here](https://github.com/gitleaks/gitleaks-action#-announcement).
Dockerfile Linting (api)
The strategy configuration was canceled because "docker-lint.k8s-controller" failed
Dockerfile Linting (api)
The operation was canceled.
Trivy Container Image Scan (kubernetes-controller)
Process completed with exit code 1.
Trivy Container Image Scan (kubernetes-controller)
Path does not exist: trivy-kubernetes-controller-results.sarif
Trivy Container Image Scan (kubernetes-controller)
Process completed with exit code 1.
Kubernetes Manifest Security Scan: manifests/redis-deployment.yaml#L6
CKV_K8S_40: "Containers should run as a high UID to avoid host conflict"
Kubernetes Manifest Security Scan: manifests/redis-deployment.yaml#L6
CKV_K8S_29: "Apply security context to your pods and containers"
Kubernetes Manifest Security Scan: manifests/redis-deployment.yaml#L6
CKV_K8S_37: "Minimize the admission of containers with capabilities assigned"
Kubernetes Manifest Security Scan: manifests/redis-deployment.yaml#L6
CKV_K8S_20: "Containers should not run with allowPrivilegeEscalation"
Kubernetes Manifest Security Scan: manifests/redis-deployment.yaml#L6
CKV_K8S_28: "Minimize the admission of containers with the NET_RAW capability"
Kubernetes Manifest Security Scan: manifests/redis-deployment.yaml#L6
CKV_K8S_31: "Ensure that the seccomp profile is set to docker/default or runtime/default"
Kubernetes Manifest Security Scan: manifests/redis-deployment.yaml#L6
CKV_K8S_15: "Image Pull Policy should be Always"
Kubernetes Manifest Security Scan: manifests/redis-deployment.yaml#L6
CKV_K8S_38: "Ensure that Service Account Tokens are only mounted where necessary"
Kubernetes Manifest Security Scan: manifests/redis-deployment.yaml#L6
CKV_K8S_22: "Use read-only filesystem for containers where possible"
Kubernetes Manifest Security Scan: manifests/redis-deployment.yaml#L6
CKV_K8S_43: "Image should use digest"
Trivy Container Image Scan (ui)
The strategy configuration was canceled because "trivy-container-scan.kubernetes-controller" failed
Trivy Container Image Scan (ui)
Process completed with exit code 1.
Trivy Container Image Scan (ui)
Path does not exist: trivy-ui-results.sarif
Trivy Container Image Scan (ui)
The operation was canceled.
Trivy Container Image Scan (api)
The strategy configuration was canceled because "trivy-container-scan.kubernetes-controller" failed
Trivy Container Image Scan (api)
Process completed with exit code 1.
Trivy Container Image Scan (api)
Path does not exist: trivy-api-results.sarif
Trivy Container Image Scan (api)
The operation was canceled.
npm Dependency Vulnerability Scan
Process completed with exit code 1.
Dependency Review
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, actions/dependency-review-action@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Go Dependency Vulnerability Scan (k8s-controller)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, actions/setup-go@v5. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Go Dependency Vulnerability Scan (k8s-controller)
Restore cache failed: Dependencies file is not found in /home/runner/work/streamspace/streamspace. Supported file pattern: go.sum
Go Dependency Vulnerability Scan (api)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, actions/setup-go@v5. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Go Dependency Vulnerability Scan (api)
Restore cache failed: Dependencies file is not found in /home/runner/work/streamspace/streamspace. Supported file pattern: go.sum
Dockerfile Linting (k8s-controller)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Dockerfile Linting (ui)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Secret Scanning with Gitleaks
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, gitleaks/gitleaks-action@v2. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Trivy Container Image Scan (kubernetes-controller)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, actions/upload-artifact@v4, docker/setup-buildx-action@v3, github/codeql-action/upload-sarif@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Trivy Container Image Scan (kubernetes-controller)
No files were found with the provided path: trivy-kubernetes-controller-report.html. No artifacts will be uploaded.
Trivy Container Image Scan (kubernetes-controller)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
Kubernetes Manifest Security Scan
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, github/codeql-action/upload-sarif@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Kubernetes Manifest Security Scan
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
Trivy Container Image Scan (ui)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, actions/upload-artifact@v4, docker/setup-buildx-action@v3, github/codeql-action/upload-sarif@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Trivy Container Image Scan (ui)
No files were found with the provided path: trivy-ui-report.html. No artifacts will be uploaded.
Trivy Container Image Scan (ui)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
Trivy Container Image Scan (api)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, actions/upload-artifact@v4, docker/setup-buildx-action@v3, github/codeql-action/upload-sarif@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Trivy Container Image Scan (api)
No files were found with the provided path: trivy-api-report.html. No artifacts will be uploaded.
Trivy Container Image Scan (api)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
SAST with Semgrep
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, github/codeql-action/upload-sarif@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
SAST with Semgrep
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
npm Dependency Vulnerability Scan
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, actions/setup-node@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
CodeQL Analysis (javascript)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, github/codeql-action/analyze@v3, github/codeql-action/autobuild@v3, github/codeql-action/init@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
CodeQL Analysis (javascript)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
CodeQL Analysis (go)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, github/codeql-action/analyze@v3, github/codeql-action/autobuild@v3, github/codeql-action/init@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
CodeQL Analysis (go)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/