1. CI - Pull Request

Fix poetry cryptography vulnerability #3039

Sign in to view logs

Triggered via push February 11, 2026 09:09

stevebux

feature/CCM-12845-Vulnerability-Fix

Status Success

Total duration 4m 23s

Artifacts 5

cicd-1-pull-request.yaml

on: push

Set CI/CD metadata

Commit stage / Scan secrets

Commit stage / Check file format

Commit stage / Check Markdown format

Commit stage / Check English usage

Commit stage / Check TODO usage

Commit stage / Trivy Package Scan

Commit stage / Count lines of code

Commit stage / Scan dependencies

Commit stage / Check for changes to event schema package compared to main branch

Commit stage / Detect Terraform Changes

Commit stage / Check event schema version has been updated

Commit stage / Check for event schemas package version change

Commit stage / Run terraform-docs

Commit stage / Lint Terraform

Commit stage / Trivy IaC Scan

Test stage / Check generated dependencies

Test stage / Pact tests

Test stage / Linting

Test stage / Typecheck

Test stage / Unit tests

Test stage / Test coverage

Test stage / Perform static analysis

Build stage / Build Docs

Build stage / Create Dynamic Environment

Matrix: Build stage / artefact-oas-spec

Waiting for pending jobs

Build stage / Build OAS spec for sandbox

Build stage / Build SDKs

Build stage / Build proxies

Acceptance stage / Run Acceptance Tests

Publish stage / Publish packages

Publish stage / Publish npm packages to npm.pkg.github.com

Publish stage / Publish nuget packages to nuget.pkg.github.com

Matrix: Publish stage / publish-oas-specs

Waiting for pending jobs

Publish stage / Success notification

Annotations

20 warnings

Test stage / Check generated dependencies

Unexpected input(s) 'node-version', valid inputs are ['GITHUB_TOKEN']

Test stage / Check generated dependencies

Unexpected input(s) 'node-version', valid inputs are ['GITHUB_TOKEN']

Test stage / Pact tests

Unexpected input(s) 'node-version', valid inputs are ['GITHUB_TOKEN']

Test stage / Pact tests

Unexpected input(s) 'node-version', valid inputs are ['GITHUB_TOKEN']

Test stage / Typecheck

Unexpected input(s) 'node-version', valid inputs are ['GITHUB_TOKEN']

Test stage / Typecheck

Unexpected input(s) 'node-version', valid inputs are ['GITHUB_TOKEN']

Test stage / Unit tests

Unexpected input(s) 'node-version', valid inputs are ['GITHUB_TOKEN']

Test stage / Unit tests

Unexpected input(s) 'node-version', valid inputs are ['GITHUB_TOKEN']

Test stage / Linting

Unexpected input(s) 'node-version', valid inputs are ['GITHUB_TOKEN']

Test stage / Linting: lambdas/api-handler/src/utils/validation.ts#L41

Unsafe Regular Expression

Test stage / Linting: lambdas/api-handler/src/utils/common-ids.ts#L5

Prefer default export on a file with single export

Test stage / Linting: lambdas/api-handler/src/utils/__tests__/validation.test.ts#L74

Test has no assertions

Test stage / Linting: lambdas/api-handler/src/handlers/post-mi.ts#L3

Caution: `mi-operations.ts` has a default export `postMI`. This imports `postMI` as `postMIOperation`. Check if you meant to write `import postMI from '../services/mi-operations'` instead

Test stage / Linting: lambdas/api-handler/src/handlers/__tests__/utils/test-utils.ts#L3

Prefer default export on a file with single export

Test stage / Linting: lambdas/api-handler/src/handlers/__tests__/post-mi.test.ts#L7

Caution: `mi-operations.ts` has a default export `postMI`. This imports `postMI` as `postMiOperation`. Check if you meant to write `import postMI from '../../services/mi-operations'` instead

Test stage / Linting: internal/helpers/src/id-ref.ts#L54

Variable Assigned to Object Injection Sink

Test stage / Linting: internal/events/src/events/event-envelope.ts#L94

Found non-literal argument to RegExp Constructor

Test stage / Linting: internal/events/src/events/event-envelope.ts#L84

Unsafe Regular Expression

Test stage / Linting: internal/datastore/src/letter-repository.ts#L76

Variable Assigned to Object Injection Sink

Test stage / Linting

Unexpected input(s) 'node-version', valid inputs are ['GITHUB_TOKEN']

Artifacts

Produced during runtime

Name	Size	Digest
code-coverage-report	3.51 KB	`sha256:1de1ee788a898007ff8b419de008ba0fd2593b3189ba22b1794a1df8cce2521d`
lines-of-code-report.json.zip Expired	984 Bytes	`sha256:4813e2646786c7f10be9f5c8d306b492ed40d56fdaf244358e47fb5bf3adab80`
sbom-repository-report.json.zip Expired	145 KB	`sha256:ac1023b7b66b76d35217ab5683b6d4bb22232c8708f88403331eece51ed8cc45`
unit-tests	673 KB	`sha256:3e6508860454ef65a34c01ad077fc047d667bce2f1acda4d4569b67b56c824b0`
vulnerabilities-repository-report.json.zip Expired	3.4 KB	`sha256:83fd369ef8c68eaf72f82b9190f153a4b5c0482067b8bdcc8a4761c2df5b0097`