feat: open source take 2

[gilescope]

Open sourcing of node

#3

[github-actions]

Checkmarx One – Scan Summary & Details – f7caa843-1105-45ac-91c8-7739ed86c798

New Issues (69)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2021-3803	Npm-nth-check-1.0.2	details Recommended version: 2.0.1 Description: nth-check prior to 2.0.1 is vulnerable to Inefficient Regular Expression Complexity Attack Vector: NETWORK Attack Complexity: LOW ID: kSOZHiCOsc%2Fy54ubO8TdSRcLdMKT2kl7E8GMw39ShQc%3D Vulnerable Package
	Cxdca8e59f-8bfe	Npm-inflight-1.0.6	details Description: In NPM `inflight` there is a Memory Leak because some resources are not freed correctly after being used. It appears to affect all versions, as the... Attack Vector: NETWORK Attack Complexity: LOW ID: 7MjuL1KzmMG%2Fhqng4h5aj6CRRg%2FGAQsUf5sKRc2EKjs%3D Vulnerable Package
	CVE-2023-44270	Npm-postcss-7.0.39	details Recommended version: 8.4.31 Description: An issue was discovered in postcss versions prior to 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An at... Attack Vector: NETWORK Attack Complexity: LOW ID: n%2FpmVk560ZEe8v7GtDaUTXKKidhH9lWs%2BSR5%2B3HKwD4%3D Vulnerable Package
	CVE-2024-11831	Npm-serialize-javascript-4.0.0	details Recommended version: 6.0.2 Description: A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain i... Attack Vector: NETWORK Attack Complexity: LOW ID: JVSbWLSrIulpxCgWBgfxGKWgoqP2UnPJc29bsTgy8cg%3D Vulnerable Package
	Container Capabilities Unrestricted	/fork-test-compose.yml: 118	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... ID: q1SQP%2Bw5FKruNDwGikShvIAld%2BE%3D
	Container Capabilities Unrestricted	/fork-test-compose.yml: 70	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... ID: vWy9BXGm2h11pzL0yk7%2FIG%2Flemw%3D
	Container Capabilities Unrestricted	/fork-test-compose.yml: 54	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... ID: EDMGpoe9HyhoSJ9IAopUXlTRnWw%3D
	Container Capabilities Unrestricted	/test-compose-latest.yml: 2	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... ID: ChmchZrUAWATKVq%2FD3ILNqgci7k%3D
	Container Capabilities Unrestricted	/fork-test-compose.yml: 86	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... ID: tDg9MdRBoNyyxDfiUgAXJ4CbfoM%3D
	Container Capabilities Unrestricted	/fork-test-compose.yml: 168	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... ID: qbBKj8KzNDhNn2coPr8liZsunZ4%3D
	Container Capabilities Unrestricted	/fork-test-compose.yml: 134	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... ID: OFO9I4m5Ixkp7gjVJ2LpM49%2B5NU%3D
	Container Capabilities Unrestricted	/fork-test-compose.yml: 102	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... ID: VAkJSLR5VFPNnPQx%2Bh5z4BixzzY%3D
	Container Capabilities Unrestricted	/fork-test-compose.yml: 150	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... ID: 7qgfWZLjEq9LoTcWQp7uip5JP24%3D
	Container Capabilities Unrestricted	/test-compose.yml: 2	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... ID: FBUCZiSa02Uzqnb8qsiMsBCAJ6Q%3D
	Container Capabilities Unrestricted	/fork-test-compose.yml: 35	details Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec... ID: Q3HA07oRqNqOiD4Fc%2FLYGvxUoZU%3D
	Container Traffic Not Bound To Host Interface	/fork-test-compose.yml: 141	details Incoming container traffic should be bound to a specific host interface ID: 35hrkRKm%2F%2FHyhAcR%2BM0rosIXbXQ%3D
	Container Traffic Not Bound To Host Interface	/fork-test-compose.yml: 77	details Incoming container traffic should be bound to a specific host interface ID: rijY4GbNkm2p8MLO10z5%2BCu1e1g%3D
	Container Traffic Not Bound To Host Interface	/test-compose-latest.yml: 4	details Incoming container traffic should be bound to a specific host interface ID: zYxSJHbPoO4pYi%2FD3BIZ3tmrmQ4%3D
	Container Traffic Not Bound To Host Interface	/test-compose.yml: 4	details Incoming container traffic should be bound to a specific host interface ID: 75PCcqN7tdB38Fbqilp4z3frvBg%3D
	Container Traffic Not Bound To Host Interface	/fork-test-compose.yml: 157	details Incoming container traffic should be bound to a specific host interface ID: HOG%2B3p0VxXSf9NqbBJLJ0LbxSMo%3D
	Container Traffic Not Bound To Host Interface	/fork-test-compose.yml: 109	details Incoming container traffic should be bound to a specific host interface ID: AWPCswZ8oeJi0NqMN1PcqRFvnp8%3D
	Container Traffic Not Bound To Host Interface	/fork-test-compose.yml: 56	details Incoming container traffic should be bound to a specific host interface ID: BcpXnOQz9Fnb5Ffx9tpgIQrg35M%3D
	Container Traffic Not Bound To Host Interface	/fork-test-compose.yml: 125	details Incoming container traffic should be bound to a specific host interface ID: 3%2FO0%2B0W6OMBgzQmgEgWFOi5vCpo%3D
	Container Traffic Not Bound To Host Interface	/fork-test-compose.yml: 93	details Incoming container traffic should be bound to a specific host interface ID: 59iGAEnoXD2gxQDn%2BUmD%2BGwSNVU%3D
	Container Traffic Not Bound To Host Interface	/fork-test-compose.yml: 40	details Incoming container traffic should be bound to a specific host interface ID: nkbOzb1ToZTTDiYMOsFHpkwkgpo%3D
	Healthcheck Not Set	/fork-test-compose.yml: 70	details Check containers periodically to see if they are running properly. ID: f3nKgedKNLICkMtp3gqtcjl0MG0%3D
	Healthcheck Not Set	/fork-test-compose.yml: 54	details Check containers periodically to see if they are running properly. ID: II2H5%2Fjif4jLMBQWFO9YU9wyUDM%3D
	Healthcheck Not Set	/fork-test-compose.yml: 118	details Check containers periodically to see if they are running properly. ID: pDUpW7iW9Vymf4fKnSDuB545twI%3D
	Healthcheck Not Set	/fork-test-compose.yml: 102	details Check containers periodically to see if they are running properly. ID: g7NQ2yapI9Vdn7tVWNmIn7GB2yE%3D
	Healthcheck Not Set	/fork-test-compose.yml: 150	details Check containers periodically to see if they are running properly. ID: OwxW2Mk0HzoD0218fBPeNrS6U6Q%3D
	Healthcheck Not Set	/fork-test-compose.yml: 86	details Check containers periodically to see if they are running properly. ID: Kr3BpyzZfVSqeFcPN%2FNp000Csb4%3D
	Healthcheck Not Set	/fork-test-compose.yml: 134	details Check containers periodically to see if they are running properly. ID: eEEkOL%2BNEDbIUpiyfrGw5I5%2BBBc%3D
	Healthcheck Not Set	/fork-test-compose.yml: 168	details Check containers periodically to see if they are running properly. ID: EVxAZFgQJgHvp8FkuDFLriyMKEg%3D
	Memory Not Limited	/fork-test-compose.yml: 35	details Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than ... ID: GQWxl7yL6Dt4Ngn3ZGWM8QYMSWE%3D
	Memory Not Limited	/fork-test-compose.yml: 150	details Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than ... ID: 1N9B5OsWgvveN2GuyL5O848d1N0%3D
	Memory Not Limited	/fork-test-compose.yml: 134	details Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than ... ID: pjXXo7Yp2cE5Wtky%2BXzF%2Bi3B77o%3D
	Memory Not Limited	/fork-test-compose.yml: 86	details Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than ... ID: 53%2B9lOwAlbCtTqxasUY3LZnncEI%3D
	Memory Not Limited	/fork-test-compose.yml: 70	details Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than ... ID: 7v65i7ts4b6traMROeudtSOAXOU%3D
	Memory Not Limited	/fork-test-compose.yml: 168	details Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than ... ID: cejIOhoPMwZQK16%2FAayTsbtV7pw%3D
	Memory Not Limited	/fork-test-compose.yml: 102	details Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than ... ID: WiW9qfBrY6AhWwFZwjW6brJh3Ts%3D
	Memory Not Limited	/fork-test-compose.yml: 54	details Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than ... ID: HU8tz5pJ%2Fx2xwOJVNN%2BqJ8Sdy68%3D
	Memory Not Limited	/fork-test-compose.yml: 118	details Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than ... ID: %2B16OwHVNPe5w7lUqUJxy2y8RrIc%3D
	Security Opt Not Set	/fork-test-compose.yml: 118	details Attribute 'security_opt' should be defined. ID: 5jw1HMKDCpD7EMjIdEAIICslbfw%3D
	Security Opt Not Set	/test-compose-latest.yml: 2	details Attribute 'security_opt' should be defined. ID: NfhnF%2FsxIvLoJ4H0dWGus7aaeyg%3D
	Security Opt Not Set	/fork-test-compose.yml: 102	details Attribute 'security_opt' should be defined. ID: 939LnL5yK%2F3qfT34ZAeCrev0XFc%3D
	Security Opt Not Set	/test-compose.yml: 2	details Attribute 'security_opt' should be defined. ID: qyNeUebY0pe1%2BJfF%2FIrcYWe%2BaRM%3D
	Security Opt Not Set	/fork-test-compose.yml: 54	details Attribute 'security_opt' should be defined. ID: kAzDyEj9Jm9Cz%2BLPuu7O4qMK2kc%3D
	Security Opt Not Set	/fork-test-compose.yml: 168	details Attribute 'security_opt' should be defined. ID: RUreJwngXzxVW4ATKaEDNKcFxRs%3D
	Security Opt Not Set	/fork-test-compose.yml: 86	details Attribute 'security_opt' should be defined. ID: bdd8BnHIclk1w%2Be3DHZsi8rwaco%3D
	Security Opt Not Set	/fork-test-compose.yml: 134	details Attribute 'security_opt' should be defined. ID: 7lhmYmmX7dXEBGPGQjNp3XFIj3s%3D
	Security Opt Not Set	/fork-test-compose.yml: 150	details Attribute 'security_opt' should be defined. ID: O7DV3N6CcFtVYkp46BRnGVMX7xE%3D
	Security Opt Not Set	/fork-test-compose.yml: 70	details Attribute 'security_opt' should be defined. ID: hDRmSq0NDQzIUQLZd05PspbfejI%3D
	Security Opt Not Set	/fork-test-compose.yml: 35	details Attribute 'security_opt' should be defined. ID: fJ6vdVOtRsywG9XmUFoE7M7EjQA%3D
	Cpus Not Limited	/fork-test-compose.yml: 35	details CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests ID: %2BBFcVGxFnZr1YwkSHkIENPPoZ%2BE%3D
	Cpus Not Limited	/fork-test-compose.yml: 150	details CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests ID: uQh68aWtPElUmgBwJ8nmH15DpFg%3D
	Cpus Not Limited	/fork-test-compose.yml: 86	details CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests ID: awq%2F%2BNz8cP3Wa0VMQQIFUmjRVwU%3D
	Cpus Not Limited	/fork-test-compose.yml: 134	details CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests ID: 8koSpysPxhYQlfGYJQryeKJYJ1A%3D
	Cpus Not Limited	/fork-test-compose.yml: 70	details CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests ID: w6ToqSj4Hb5Ty%2FMxnkaU9IJBluw%3D
	Cpus Not Limited	/fork-test-compose.yml: 168	details CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests ID: JBK8KK%2B0FiYygYWWITnkBOFXBzU%3D
	Cpus Not Limited	/fork-test-compose.yml: 118	details CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests ID: t2XfjN%2B8Mwhv9M27lTqe1NVV9dA%3D
	Cpus Not Limited	/fork-test-compose.yml: 102	details CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests ID: %2B68V2HAdIKRKskaj57ncFVjGius%3D
	Cpus Not Limited	/fork-test-compose.yml: 54	details CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests ID: zsbIu8f%2BrWwNHTzHHTx%2F2cXwr1o%3D
	Cx8bc4df28-fcf5	Npm-debug-2.6.9	details Recommended version: 4.4.0 Description: In NPM "debug" versions prior to 4.4.0, the "enable" function accepts a regular expression from user input without escaping it. Arbitrary regular e... Attack Vector: NETWORK Attack Complexity: HIGH ID: 81IecNRDglonIPtnjgDTBhy9%2BlBX9lcd4C48QrDDoP4%3D Vulnerable Package
	Cx8bc4df28-fcf5	Npm-debug-3.2.7	details Recommended version: 4.4.0 Description: In NPM "debug" versions prior to 4.4.0, the "enable" function accepts a regular expression from user input without escaping it. Arbitrary regular e... Attack Vector: NETWORK Attack Complexity: HIGH ID: qQpf%2B0hhtC2bKtPHkmGbteg1Z8GbAr7xb%2F8lmRT3IKM%3D Vulnerable Package
	Cxda14f253-4e52	Npm-bluebird-3.7.2	details Description: The package `bluebird` is vulnerable to memory leak, when running the function longStackTraces() with the flag `--expose_gc`. This causes a signifi... Attack Vector: NETWORK Attack Complexity: HIGH ID: Up5Vg0dB%2BllgihKXwUtSHzfbYa7TyJ%2BadsZAIBNpD3U%3D Vulnerable Package
	Unpinned Actions Full Length Commit SHA	/changes_check.yml: 58	details Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help... ID: 5IBZs5Xe5nPKHH0OTU7T2qaIkAY%3D
	Unpinned Actions Full Length Commit SHA	/nightly-build-check.yml: 27	details Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help... ID: DmYQBjwBAgWFnVHKmB%2F80Hsyl%2FM%3D
	Unpinned Actions Full Length Commit SHA	/nightly-build-check.yml: 22	details Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help... ID: CMFrIj%2F4Zqd11Ce26noT2%2BTEEzg%3D
	Unpinned Actions Full Length Commit SHA	/local-environment-tests.yml: 41	details Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA help... ID: fijCa6j5C6V4%2BMmSz174rZyXnWw%3D