Development v0.2.0 #17
Conversation
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4 to 5. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@v4...v5) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [github.com/chromedp/chromedp](https://github.com/chromedp/chromedp) from 0.9.1 to 0.9.3. - [Release notes](https://github.com/chromedp/chromedp/releases) - [Commits](chromedp/chromedp@v0.9.1...v0.9.3) --- updated-dependencies: - dependency-name: github.com/chromedp/chromedp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
…tions/checkout-4 chore(deps): bump actions/checkout from 3 to 4
…releaser/goreleaser-action-5 chore(deps): bump goreleaser/goreleaser-action from 4 to 5
….com/chromedp/chromedp-0.9.3 chore(deps): bump github.com/chromedp/chromedp from 0.9.1 to 0.9.3
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v4...v5) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
…ctions/setup-go-5 chore(deps): bump actions/setup-go from 4 to 5
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| TLSClientConfig: &tls.Config{ | ||
| InsecureSkipVerify: true, //nolint:gosec // Intended | ||
| InsecureSkipVerify: true, |
Check failure
Code scanning / CodeQL
Disabled TLS certificate check High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 26 days ago
To fix the problem, we need to ensure that the TLS certificate verification is enabled. This involves setting InsecureSkipVerify to false or removing the InsecureSkipVerify field altogether, as the default value is false. Additionally, we should ensure that the application is configured with the correct certificates to allow for proper verification.
- General Fix: Ensure that the TLS configuration does not disable certificate verification.
- Detailed Fix: In the file
pkg/xcrawl3r/xcrawl3r.go, modify theTLSClientConfigto remove or setInsecureSkipVerifytofalse. - Specific Changes: Update lines 274-277 to remove the
InsecureSkipVerifyfield or set it tofalse.
| @@ -274,3 +274,2 @@ | ||
| TLSClientConfig: &tls.Config{ | ||
| InsecureSkipVerify: true, | ||
| Renegotiation: tls.RenegotiateOnceAsClient, |
No description provided.