Skip to content
Security Scan

chore(deps): bump activestorage from 7.2.2.2 to 7.2.3.1 #413

Sign in to view logs

chore(deps): bump activestorage from 7.2.2.2 to 7.2.3.1

chore(deps): bump activestorage from 7.2.2.2 to 7.2.3.1 #413

Triggered via pull request March 24, 2026 00:10
@dependabotdependabot[bot]
opened #24
dependabot/bundler/activestorage-7.2.3.1
Status Success
Total duration 1m 2s
Artifacts 3

security-scan.yml

on: pull_request
Brakeman Security Scan
27s
Brakeman Security Scan
Dependency Vulnerability Check
24s
Dependency Vulnerability Check
Semgrep Static Analysis
36s
Semgrep Static Analysis
SSRF Protection Test
50s
SSRF Protection Test
Authentication Security Test
47s
Authentication Security Test
SQL Injection Protection Test
51s
SQL Injection Protection Test
Secrets Scan (Enhanced)
3s
Secrets Scan (Enhanced)
Secret Detection
11s
Secret Detection
Security Summary
3s
Security Summary
Fit to window
Zoom out
Zoom in

Annotations

10 warnings and 5 notices
Secrets Scan (Enhanced)
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Secret Detection
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Dependency Vulnerability Check
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5, actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410, actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02, ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Semgrep Static Analysis
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5, actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410, actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Brakeman Security Scan
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5, actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410, actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02, ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Authentication Security Test
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5, ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
SSRF Protection Test
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5, actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02, ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
SSRF Protection Test
No files were found with the provided path: security_tests/reports/ssrf/. No artifacts will be uploaded.
SQL Injection Protection Test
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5, ruby/setup-ruby@09a7688d3b55cf0e976497ff046b70949eeaccfd. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Security Summary
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Semgrep Static Analysis
- HIGH confidence (non-audit): 0
Semgrep Static Analysis
- WARNING severity: 2
Semgrep Static Analysis
- ERROR severity: 0
Semgrep Static Analysis
- Total findings: 2
Semgrep Static Analysis
Semgrep Analysis Complete

Artifacts

Produced during runtime
Name Size Digest
brakeman-report
2.97 KB
sha256:997c249a5a9f05fe4f8bd9b61e2f6014914a61e8942fe8d277007307f586560f
bundle-audit-report
173 Bytes
sha256:3117069fd488aa79aef215834bd1bf6f961651f4047e48f37c8e3003872a033a
semgrep-report
9.33 KB
sha256:1a4e1e85a5599c80e708bc0093670143d4fb20f0bd0a42fc15d5b2e89ccc73a1