Skip to content

[FSSDK-12312] Fix Arnica security vulnerabilities#460

Merged
Mat001 merged 2 commits intomasterfrom
mpirnovar-arnica-fix-fssdk-12312
Feb 20, 2026
Merged

[FSSDK-12312] Fix Arnica security vulnerabilities#460
Mat001 merged 2 commits intomasterfrom
mpirnovar-arnica-fix-fssdk-12312

Conversation

@Mat001
Copy link
Contributor

@Mat001 Mat001 commented Feb 20, 2026

Summary

  • Remove sourceclear job from GitHub workflows (CWE-506 curl|bash)
  • Add persist-credentials: false to all checkout actions (CWE-256, CWE-522)
  • Add security documentation to OpenAPI specs (webhook.yaml, openapi.yaml)
  • Add maxItems: 1000000 to all OpenAPI arrays with explanatory comment
  • Remove chardet (LGPL-3.0) from examples/requirements.txt
  • Remove pytest-clarity (low reputation) from tests/acceptance/requirements.txt
  • Upgrade go-kit/kit to v0.13.0

Note: gohistogram dependency flagged by Arnica but accepted as it has no known CVEs and is feature-complete/stable (indirect dependency via go-kit).

Issues

https://optimizely-ext.atlassian.net/browse/FSSDK-12312

- Remove sourceclear job from GitHub workflows (CWE-506 curl|bash)
- Add persist-credentials: false to all checkout actions (CWE-256, CWE-522)
- Add security documentation to OpenAPI specs (webhook.yaml, openapi.yaml)
- Add maxItems: 1000000 to all OpenAPI arrays with explanatory comment
- Remove chardet (LGPL-3.0) from examples/requirements.txt
- Remove pytest-clarity (low reputation) from tests/acceptance/requirements.txt
- Upgrade go-kit/kit to v0.13.0

Note: gohistogram dependency flagged by Arnica but accepted as it has no
known CVEs and is feature-complete/stable (indirect dependency via go-kit).

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@Mat001 Mat001 self-assigned this Feb 20, 2026
The --diff-symbols flag was provided by pytest-clarity which was removed
in the previous commit due to low package reputation (Arnica security scan).

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Copy link
Contributor

@alexjoeyyong alexjoeyyong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does vast security updates for agent that arnica found. LGTM.

@Mat001 Mat001 merged commit bb0db92 into master Feb 20, 2026
12 checks passed
@Mat001 Mat001 deleted the mpirnovar-arnica-fix-fssdk-12312 branch February 20, 2026 22:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants