chore: bump crazy-max/ghaction-import-gpg from 6.3.0 to 7.0.0#648
chore: bump crazy-max/ghaction-import-gpg from 6.3.0 to 7.0.0#648dependabot[bot] wants to merge 1 commit into
Conversation
|
@dependabot rebase |
dependabot
Bot
force-pushed
the
dependabot/github_actions/crazy-max/ghaction-import-gpg-7.0.0
branch
from
c1f700d to
676b0f9
Compare
|
dependabot
Bot
force-pushed
the
dependabot/github_actions/crazy-max/ghaction-import-gpg-7.0.0
branch
from
676b0f9 to
3d771fa
Compare
PR SummaryMedium Risk Overview Reviewed by Cursor Bugbot for commit b0d2a80. Bugbot is set up for automated code reviews on this repo. Configure here. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 3d771fa. Configure here.
| - android_ssl_pinning | ||
| - accept_self_signed_certificate | ||
| - android_manifest_well_known_assetlinks # Sample apps use third-party domains (e.g. Branch mp-fortune.app.link) | ||
| - android_task_hijacking1 # Sample apps; targetSdk in build.gradle |
There was a problem hiding this comment.
Duplicate android_task_hijacking1 rule in ignore list
Low Severity
The android_task_hijacking1 rule appears twice in the ignore-rules list — once at line 18 with the comment "Sample apps; acceptable for demo" and again at line 34 with "Sample apps; targetSdk in build.gradle". This redundancy adds confusion about the canonical reason for the ignore and clutters the config file.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 3d771fa. Configure here.
| run: ./gradlew publishMavenPublicationToMavenCentralRepository -PVERSION=${{ needs.setup-and-version.outputs.final_version }} | ||
|
|
||
| - name: Publish kits to Maven Central | ||
| run: ./gradlew publishMavenPublicationToMavenCentralRepository -PVERSION=${{ needs.setup-and-version.outputs.final_version }} -c settings-kits.gradle |
There was a problem hiding this comment.
Missing mparticleFromMavenLocalOnly flag for kit publish step
Medium Severity
The "Publish kits to Maven Central" step does not include -Pmparticle.kit.mparticleFromMavenLocalOnly=true, unlike every other workflow that builds kits after publishing core to Maven local (daily.yml, pull-request.yml). If this Gradle property controls how kits resolve the core dependency, its absence could cause the kits publish to resolve core from a remote repository where the just-published version may not yet be available, leading to a failed release.
Reviewed by Cursor Bugbot for commit 3d771fa. Configure here.
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) from 6.3.0 to 7.0.0. - [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases) - [Commits](crazy-max/ghaction-import-gpg@e89d409...2dc316d) --- updated-dependencies: - dependency-name: crazy-max/ghaction-import-gpg dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/github_actions/crazy-max/ghaction-import-gpg-7.0.0
branch
from
3d771fa to
b0d2a80
Compare
|
1 participant
Bumps crazy-max/ghaction-import-gpg from 6.3.0 to 7.0.0.
Release notes
Sourced from crazy-max/ghaction-import-gpg's releases.
Commits
2dc316dMerge pull request #242 from crazy-max/dependabot/npm_and_yarn/actions/exec-3...5812792chore: update generated contentceb906ebuild(deps): bump@actions/execfrom 1.1.1 to 3.0.0a9dffd9Merge pull request #241 from crazy-max/node2436d49fcnode 24 as default runtime50c4e4fMerge pull request #233 from crazy-max/dependabot/npm_and_yarn/openpgp-6.3.0c78fe49chore: update generated content8dbbb1eMerge pull request #221 from crazy-max/dependabot/npm_and_yarn/brace-expansio...fc715b0build(deps): bump openpgp from 6.1.0 to 6.3.09946916build(deps): bump brace-expansion from 1.1.11 to 1.1.12