Skip to content

Use double for all ok fields#52

Draft
AlekSi wants to merge 5 commits into
ferretdbfrom
double-ok
Draft

Use double for all ok fields#52
AlekSi wants to merge 5 commits into
ferretdbfrom
double-ok

Merge remote-tracking branch 'upstream/main' into double-ok

bcfdeb0
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL failed Jul 2, 2025 in 5s

12 new alerts including 10 critical severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 10 critical
  • 1 high
  • 1 medium

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 59 in .github/workflows/ferretdb_go_tests.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Check failure on line 124 in .github/workflows/ferretdb_packages.yml

See this annotation in the file changed.

Code scanning / CodeQL

Cache Poisoning via execution of untrusted code High

Potential cache poisoning in the context of the default branch due to privilege checkout of untrusted code. (
pull_request_target
Loading
).

Check failure on line 203 in .github/workflows/ferretdb_packages.yml

See this annotation in the file changed.

Code scanning / CodeQL

Checkout of untrusted code in a privileged context Critical

Potential execution of untrusted code on a privileged workflow (
pull_request_target
Loading
)

Check failure on line 201 in .github/workflows/ferretdb_packages.yml

See this annotation in the file changed.

Code scanning / CodeQL

Artifact poisoning Critical

Potential artifact poisoning in
make -C ferretdb_packaging docker-init
Loading
, which may be controlled by an external user (
pull_request_target
Loading
).

Check failure on line 211 in .github/workflows/ferretdb_packages.yml

See this annotation in the file changed.

Code scanning / CodeQL

Artifact poisoning Critical

Potential artifact poisoning in
make -C ferretdb_packaging docker-build POSTGRES_VERSION=${ matrix.pg } DOCUMENTDB_VERSION=${ steps.version.outputs.debian_version } FILE=development OUTPUT='type=docker' TAGS='${ steps.version.outputs.docker_development_tag_flags }'
Loading
, which may be controlled by an external user (
pull_request_target
Loading
).

Check failure on line 220 in .github/workflows/ferretdb_packages.yml

See this annotation in the file changed.

Code scanning / CodeQL

Checkout of untrusted code in a privileged context Critical

Potential execution of untrusted code on a privileged workflow (
pull_request_target
Loading
)

Check failure on line 221 in .github/workflows/ferretdb_packages.yml

See this annotation in the file changed.

Code scanning / CodeQL

Artifact poisoning Critical

Potential artifact poisoning in
make -C ferretdb_packaging docker-build POSTGRES_VERSION=${ matrix.pg } DOCUMENTDB_VERSION=${ steps.version.outputs.debian_version } FILE=production OUTPUT='type=docker' TAGS='${ steps.version.outputs.docker_production_tag_flags }'
Loading
, which may be controlled by an external user (
pull_request_target
Loading
).

Check failure on line 230 in .github/workflows/ferretdb_packages.yml

See this annotation in the file changed.

Code scanning / CodeQL

Checkout of untrusted code in a privileged context Critical

Potential execution of untrusted code on a privileged workflow (
pull_request_target
Loading
)

Check failure on line 251 in .github/workflows/ferretdb_packages.yml

See this annotation in the file changed.

Code scanning / CodeQL

Artifact poisoning Critical

Potential artifact poisoning in
make -C ferretdb_packaging docker-build POSTGRES_VERSION=${ matrix.pg } DOCUMENTDB_VERSION=${ steps.version.outputs.debian_version } FILE=development OUTPUT='type=image,push=true' TAGS='${ steps.version.outputs.docker_development_tag_flags }'
Loading
, which may be controlled by an external user (
pull_request_target
Loading
).

Check failure on line 261 in .github/workflows/ferretdb_packages.yml

See this annotation in the file changed.

Code scanning / CodeQL

Artifact poisoning Critical

Potential artifact poisoning in
make -C ferretdb_packaging docker-build POSTGRES_VERSION=${ matrix.pg } DOCUMENTDB_VERSION=${ steps.version.outputs.debian_version } FILE=production OUTPUT='type=image,push=true' TAGS='${ steps.version.outputs.docker_production_tag_flags }'
Loading
, which may be controlled by an external user (
pull_request_target
Loading
).

Check failure on line 266 in .github/workflows/ferretdb_packages.yml

See this annotation in the file changed.

Code scanning / CodeQL

Checkout of untrusted code in a privileged context Critical

Potential execution of untrusted code on a privileged workflow (
pull_request_target
Loading
)

Check failure on line 276 in .github/workflows/ferretdb_packages.yml

See this annotation in the file changed.

Code scanning / CodeQL

Checkout of untrusted code in a privileged context Critical

Potential execution of untrusted code on a privileged workflow (
pull_request_target
Loading
)