Conversation
…tants **Details**: - Introduced `ClusterOverviewConfig` for configurable parameters. - Added `ClusterCacheService` implementing in-memory caching for cluster data. - Enhanced insights with `InsightsService` and queries for pipeline usage. - Added new constants for cloud providers, autoscalers, and node statuses. - Published various supporting services, adapters, and utility functions for modular interactions.
**Details**: - Introduced `FindAllActiveInTimeRange` method in both `EnvironmentRepository` and `TeamRepository` for filtered querying based on time. - Added `FindNamesByIds` in `EnvironmentRepository` for fetching environment names by IDs. - Implemented environment trend aggregation with `GetAggregatedEnvironmentTrendWithParams`. - Updated comments and query logics in repositories for clarity.
…an module **Details**: - Introduced new APIs for fetching vulnerability summary and listing with advanced filtering. - Updated `ImageScanRestHandler` with handlers for the new endpoints. - Enhanced `ImageScanService` to support vulnerability data aggregation, filtering, and pagination. - Added `ScanStatus` filter for advanced scan state queries. - Updated repositories and models for new data structures and query support.
…and improved secret management **Details**: - Added SQL migrations for the cost module, Velero backup/restore, and supporting tables with indices. - Dropped old Velero-related tables and updated index handling for improved management. - Enhanced Kubernetes secret handling with support for binary and string data. - Updated deployment templates to use optional `containerName` values. - Fixed auto-scaling logic in the deployment manifest pipeline with additional checks and validations.
**Details**: - Updated `github.com/devtron-labs/devtron-services/authenticator` to version `v0.0.0-20251208115626-248c2710ef2f`. - Updated `github.com/devtron-labs/devtron-services/common-lib` to version `v0.0.0-20251208115626-248c2710ef2f`.
misc: Overview oss develop sync
…o user_deployment_request table (#6888) Co-authored-by: Ash-exp <asutosh2000ad@gmail.com>
…sion for externalSecrets (#6892) * Added new chart version 4-22-0 for deployment * added new chart version 5-2-0 for statefulset * Added sql for latest chart 4.22.0 * Added sql for latest statefulset chart 5.2.0 * Update 34704403_deployment-chart-ref_4-22-0.up.sql * Update 34704404_statefulset_5_2_0.up.sql * Update 34704404_statefulset_5_2_0.down.sql
…de tableName for PostgreSQL compatibility
* added rollout-chart-5-1-1 * added name = 'Rollout Deployment' * added reference-chart_5-1-1 * Update 34604602_reference-5-1-1.down.sql * switched the chart version from 5.1.1 to 5.2.0 * took changes of deployement-4-22 * added migration * Delete scripts/sql/34604602_reference-5-2-0.up.sql * Delete scripts/sql/34604602_reference-5-2-0.down.sql
chore: infra overview router missing in EA-OSS
misc: update UserDeploymentRequestWithAdditionalFields struct to include tableName for PostgreSQL compatibility
chore: Merge branch 'origin/main' into 'release-candidate-v0.44.0'
feat: Release candidate v0.44.0
fix: migrate proxy chart dependencies and refactor related functions
* Updated release-notes files * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated release notes * Updated git-sensor to 07252d4f-200-37900 tag in values file * Updated dashboard to 870f6567-690-37899 tag in values file * Updated kubelink to d6692a4f-564-37901 tag in values file * Updated devtron to 24adc89-434-37898 tag in values file * Updated lens to d6692a4f-333-37903 tag in values file * Updated kubewatch to 9255d19e-419-37902 tag in values file * Updated ci-runner to d6692a4f-138-37904 tag in values file * Updated notifier to 61d34685-372-37905 tag in values file * Updated image-scanner to d6692a4f-141-37906 tag in values file * Updated chart-sync to d6692a4f-836-37907 tag in values file * Updated release notes * Updated release notes * Updated hyperion to f733a1d-280-38015 tag in values file * Updated devtron to f733a1d-434-38017 tag in values file * Updated dashboard to 4901765c-690-38018 tag in values file * Updated kubelink to b7fe1710-564-38019 tag in values file * Updated release notes * Updated release notes * Updated devtron to 8bfeec8-434-38055 tag in values file * Updated release notes * Updated release notes * Updated release notes * Updated chart-sync to 6b408df4-836-38155 tag in values file * Updated notifier to 5c4b5b3a-372-38153 tag in values file * Updated devtron to f0c18f2-434-38146 tag in values file * Updated hyperion to f0c18f2-280-38148 tag in values file * Updated image-scanner to 6b408df4-141-38158 tag in values file * Updated dashboard to 62e65ef2-690-38157 tag in values file * Updated kubelink to 6b408df4-564-38159 tag in values file * feat: release devtron 2.0 chart changes (#6903) * Updated ci-runner to 6b408df4-138-38163 tag in values file * Updated lens to 6b408df4-333-38167 tag in values file * Updated kubewatch to 6b408df4-419-38172 tag in values file * Updated git-sensor to 6b408df4-200-38174 tag in values file * Update Chart.yaml * changes in condition * updated the condition of finops module * changes in cost-sync * added finops migration * added finops migration * changes in migration * migrator config changes * migrator config changes * cost sync job * migrator changes * config changes * config changes * configmap changes * configmap changes * Updated the version in scripts * removed cloud native crd * Revise release notes for Devtron 2.0.0 Updated release notes for version 2.0.0, detailing enhancements, bug fixes, and other changes. * removal of cloudnative crds * changes in service name * Uncomment nodeSelector, tolerations, and imagePullSecrets * changes in timescale secret * changes in yaml * changes in yaml * changes in yaml * changes in yaml * Updated dashboard to b48d0910-690-38228 tag in values file * Update volume size reference in timescale-db.yaml * Move serviceAccountName to jobTemplate spec * Move serviceAccountName to pod spec * Adjust indentation for schedulerConfig in cost-sync-job.yaml Increased indentation for schedulerConfig inclusion in cost-sync-job.yaml. * removal of \n * changes in timescale yaml * Reorder configMapRef entries in cost-sync-job.yaml --------- Co-authored-by: systemsdt <systems@devtron.ai> Co-authored-by: Bhushan Nemade <bhushan.nemade@devtron.ai> Co-authored-by: Pawan Mehta <117346502+pawan-mehta-dt@users.noreply.github.com> Co-authored-by: akshatsinha007 <156403098+akshatsinha007@users.noreply.github.com>
…revent duplicates.
…token misc: Use `Update` instead of `Save` for upserting `userAudit` entries to p…
**Details**: - Replaced `GetVulnerabilitiesWithFixedVersionByFilters` with `GetVulnerabilityRawData` for a more generic approach. - Removed unused `GetVulnerabilitiesWithFixedVersionByFilters` method and related SQL logic. - Simplified vulnerability processing by removing deduplication logic in `ImageScanService`.
…with a single query **Details**: - Added `FindScannedDeployInfoWithFilters` to `ImageScanDeployInfoRepository` for streamlined data retrieval. - Introduced `FetchScannedDeployInfoWithFilters` in `ImageScanService` for improved performance. - Replaced multi-step filtering logic in `ImageScanRestHandler` with optimized query implementation. - Enhanced RBAC handling and super-admin-specific optimizations.
misc: Refactor vulnerability query implementation and cleanup unused code
…erAudit` to log `ClientIP` and update audit records
misc: add clientIP in audit log
…ction failure status
fix: Handle cluster capacity fetch errors by returning detailed connection failure status
…ils and caching support
fix: enhance cluster overview response with raw cluster capacity details and caching support
fix: append filtered cluster details to the cluster detail list in capacity handler
fix: prevent exposure of internal-only attributes in API responses and requests
chore: Adds scarf pixel
* Update README with new platform description and links * fix: Added dashboard image
prkhrkat
requested review from
pawan-mehta-dt,
prakarsh-dt,
vikramdevtron and
vivek-devtron
as code owners
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| func (impl *GitOperationServiceImpl) shouldDeleteProxyChartRequirementsYaml(clonedDir string, pushChartToGitRequest *bean.PushChartToGitRequestDTO) (delete bool, requirementsYamlPath string, err error) { | ||
| requirementsYamlPath = filepath.Join(clonedDir, chartRefBean.REQUIREMENTS_YAML_FILE) | ||
| if _, err = os.Stat(requirementsYamlPath); os.IsNotExist(err) { |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 17 days ago
In general, to fix uncontrolled data in a path expression you either (1) restrict the input so it cannot contain path separators or .. components when used as a directory or filename, or (2) normalize the constructed path and verify that it resides inside an expected base directory before performing filesystem operations.
Here the path of concern is workingDir := filepath.Join(clonedDir, gitOpsChartLocation), where gitOpsChartLocation is built from AppName and EnvName (user-controlled via the request DTO). The simplest, low-impact mitigation is:
- Compute
workingDiras today withfilepath.Join. - Normalize it with
filepath.Abs. - Normalize the base directory (
clonedDir) withfilepath.Abs. - Check that the resolved
workingDiris still a child of the resolvedclonedDir(e.g., withstrings.HasPrefixon a path with a trailing separator). - If the check fails, log an error and return an error instead of proceeding to
shouldDeleteProxyChartRequirementsYaml/shouldMigrateProxyChartDependencies.
This ensures that even if AppName or EnvName contain path traversal sequences, they cannot cause workingDir (and thus requirementsYamlPath and chartYamlPath) to escape the cloned repo directory. This does not change existing business logic beyond rejecting malicious/badly-formed names.
Concretely, in pkg/deployment/gitOps/git/GitOperationService.go inside MigrateProxyChartDependenciesIfRequired:
- After
workingDir := filepath.Join(clonedDir, gitOpsChartLocation), add code to computeabsClonedDirandabsWorkingDirviafilepath.Abs, ensureabsWorkingDirstarts withabsClonedDirplus a path separator, and return an error if not. - We can reuse existing imports (
filepath,strings,fmtare already imported), so no new dependencies are needed. - No other files need modification; the taint flowing into
pushChartToGitRequestis now bounded by this validation.
| @@ -392,6 +392,23 @@ | ||
| defer impl.chartTemplateService.CleanDir(clonedDir) | ||
| gitOpsChartLocation := fmt.Sprintf("%s-%s", pushChartToGitRequest.AppName, pushChartToGitRequest.EnvName) | ||
| workingDir := filepath.Join(clonedDir, gitOpsChartLocation) | ||
| absClonedDir, err := filepath.Abs(clonedDir) | ||
| if err != nil { | ||
| impl.logger.Errorw("error resolving absolute path for clonedDir", "clonedDir", clonedDir, "err", err) | ||
| return err | ||
| } | ||
| absWorkingDir, err := filepath.Abs(workingDir) | ||
| if err != nil { | ||
| impl.logger.Errorw("error resolving absolute path for workingDir", "workingDir", workingDir, "err", err) | ||
| return err | ||
| } | ||
| // ensure workingDir remains within the clonedDir to avoid path traversal via app/environment names | ||
| if absWorkingDir != absClonedDir && !strings.HasPrefix(absWorkingDir, absClonedDir+string(os.PathSeparator)) { | ||
| impl.logger.Errorw("invalid working directory resolved outside cloned dir", | ||
| "appName", pushChartToGitRequest.AppName, "envName", pushChartToGitRequest.EnvName, | ||
| "clonedDir", absClonedDir, "workingDir", absWorkingDir) | ||
| return fmt.Errorf("invalid chart location resolved for app %s in env %s", pushChartToGitRequest.AppName, pushChartToGitRequest.EnvName) | ||
| } | ||
| deleteRequirementsYaml, requirementsYamlPath, err := impl.shouldDeleteProxyChartRequirementsYaml(workingDir, pushChartToGitRequest) | ||
| if err != nil { | ||
| impl.logger.Errorw("error in checking if requirements.yaml should be deleted", "appName", pushChartToGitRequest.AppName, "envName", pushChartToGitRequest.EnvName, "err", err) |
| return nil | ||
| } | ||
| impl.logger.Warnw("requirements.yaml found in cloned repo from git-ops, need to delete requirements.yaml", "requirementsYamlPath", requirementsYamlPath) | ||
| err := os.Remove(requirementsYamlPath) |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 17 days ago
General approach: ensure that any path derived from user-controllable values is validated or confined to a known safe directory before being used in file operations. For multi-component paths, the safest pattern is to resolve the path and verify that it is still within an expected root directory.
Best fix here: requirementsYamlPath is created by filepath.Join(clonedDir, chartRefBean.REQUIREMENTS_YAML_FILE), where clonedDir ultimately depends on user input via AppName/EnvName. We can make the deletion operation safe by:
- Resolving the absolute path of
requirementsYamlPath. - Resolving the absolute path of
clonedDir(the intended safe root). - Ensuring the file to be deleted is within that root by checking
HasPrefixon the cleaned absolute paths. - If the check fails, log and return an error instead of calling
os.Remove.
Because the repository uses filepath already in this file, we can re-use it. To implement this without changing behavior for valid inputs, we only add a guard around os.Remove in deleteProxyChartRequirementsYaml, and we pass the necessary clonedDir down so the function can perform the containment check.
Concretely:
- Change the signature of
deleteProxyChartRequirementsYamlinpkg/deployment/gitOps/git/GitOperationService.goto acceptclonedDir string(the root of the cloned repo). - Update its caller in
MigrateProxyChartDependenciesIfRequiredto passclonedDir. - Inside
deleteProxyChartRequirementsYaml, computeabsRoot := filepath.Clean(clonedDir)andabsTarget := filepath.Clean(requirementsYamlPath)(optionally withfilepath.Absif needed) and ensurestrings.HasPrefix(absTarget+string(os.PathSeparator), absRoot+string(os.PathSeparator)). If not, log an error and return. - Then call
os.Removeas before.
All required imports (filepath, strings, os) are already present in GitOperationService.go, so no new imports are needed.
Other files in the taint flow (AppStoreDeploymentRestHandler.go, AppStoreDeploymentService.go, InstalledAppGitOpsService.go, Adapter.go, CommonDeploymentRestHandler.go) do not need modifications for this specific path-usage issue; they simply propagate the tainted data.
| @@ -397,7 +397,7 @@ | ||
| impl.logger.Errorw("error in checking if requirements.yaml should be deleted", "appName", pushChartToGitRequest.AppName, "envName", pushChartToGitRequest.EnvName, "err", err) | ||
| return err | ||
| } | ||
| err = impl.deleteProxyChartRequirementsYaml(deleteRequirementsYaml, requirementsYamlPath) | ||
| err = impl.deleteProxyChartRequirementsYaml(deleteRequirementsYaml, requirementsYamlPath, clonedDir) | ||
| if err != nil { | ||
| impl.logger.Errorw("error in deleting requirements.yaml", "appName", pushChartToGitRequest.AppName, "envName", pushChartToGitRequest.EnvName, "err", err) | ||
| return err | ||
| @@ -460,10 +460,20 @@ | ||
| return delete, requirementsYamlPath, nil | ||
| } | ||
|
|
||
| func (impl *GitOperationServiceImpl) deleteProxyChartRequirementsYaml(deleteRequirementsYaml bool, requirementsYamlPath string) error { | ||
| func (impl *GitOperationServiceImpl) deleteProxyChartRequirementsYaml(deleteRequirementsYaml bool, requirementsYamlPath string, clonedDir string) error { | ||
| if !deleteRequirementsYaml { | ||
| return nil | ||
| } | ||
| // Ensure that the requirements.yaml path is within the cloned repository directory before deleting | ||
| cleanRoot := filepath.Clean(clonedDir) | ||
| cleanTarget := filepath.Clean(requirementsYamlPath) | ||
| // Add path separator to avoid partial prefix matches (e.g., /tmp/app-1 vs /tmp/app-10) | ||
| rootWithSep := cleanRoot + string(os.PathSeparator) | ||
| targetWithSep := cleanTarget + string(os.PathSeparator) | ||
| if !strings.HasPrefix(targetWithSep, rootWithSep) { | ||
| impl.logger.Errorw("attempt to delete file outside cloned directory blocked", "requirementsYamlPath", requirementsYamlPath, "clonedDir", clonedDir) | ||
| return fmt.Errorf("invalid requirements.yaml path") | ||
| } | ||
| impl.logger.Warnw("requirements.yaml found in cloned repo from git-ops, need to delete requirements.yaml", "requirementsYamlPath", requirementsYamlPath) | ||
| err := os.Remove(requirementsYamlPath) | ||
| if err != nil && !os.IsNotExist(err) { |
| // no need of migrating the dependencies | ||
| return shouldMigrate, chartYamlPath, err | ||
| } | ||
| if _, err = os.Stat(chartYamlPath); os.IsNotExist(err) { |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 17 days ago
In general, to fix uncontrolled data in path expressions you either (a) validate that user-controlled components contain only allowed characters and no path separators or .., or (b) normalize the resulting path and verify it remains within an expected base directory. Here, AppName and EnvName are being used as logical identifiers to construct a chart directory name under clonedDir; they should never contain path separators. The least-invasive and clearest fix is therefore to validate these two fields before using them to form gitOpsChartLocation and workingDir.
The single best fix with minimal behavior change is to add a small validation helper in GitOperationServiceImpl that checks pushChartToGitRequest.AppName and .EnvName for path separators (/, \) and parent directory segments (..). If any such patterns are found, we log an error and return a validation error instead of proceeding. We then call this helper at the start of MigrateProxyChartDependenciesIfRequired before calling CloneChartForHelmApp and before building gitOpsChartLocation. This keeps all path manipulation under clonedDir safe from traversal via these user-provided components, and it covers both CodeQL alert variants because both flows end up in this same method.
Concretely:
- In
pkg/deployment/gitOps/git/GitOperationService.go, define a new methodvalidatePushChartToGitRequestForPathSafety(or similar) onGitOperationServiceImplthat:- Takes
pushChartToGitRequest *bean.PushChartToGitRequestDTO. - Checks
AppNameandEnvNamestrings for"..","/", and"\\"(you can usestrings.Contains). - If invalid, logs an error/warn with app/env names and returns a
fmt.Errorfexplaining invalid application or environment name.
- Takes
- At the beginning of
MigrateProxyChartDependenciesIfRequired, beforeCloneChartForHelmApp, call this helper and, on error, log and return it. - This change is entirely contained within the shown
GitOperationService.gosnippet, requires no new external dependencies, and does not alter normal behavior for valid app/environment names; it only rejects clearly unsafe ones.
| @@ -383,7 +383,27 @@ | ||
| }, commit, err | ||
| } | ||
|
|
||
| // validatePushChartToGitRequestForPathSafety ensures that fields used in filesystem paths | ||
| // (such as AppName and EnvName) do not contain path traversal sequences or separators. | ||
| func (impl *GitOperationServiceImpl) validatePushChartToGitRequestForPathSafety(pushChartToGitRequest *bean.PushChartToGitRequestDTO) error { | ||
| appName := pushChartToGitRequest.AppName | ||
| envName := pushChartToGitRequest.EnvName | ||
| if strings.Contains(appName, "/") || strings.Contains(appName, "\\") || strings.Contains(appName, "..") { | ||
| impl.logger.Errorw("invalid app name for GitOps path usage", "appName", appName) | ||
| return fmt.Errorf("invalid application name") | ||
| } | ||
| if strings.Contains(envName, "/") || strings.Contains(envName, "\\") || strings.Contains(envName, "..") { | ||
| impl.logger.Errorw("invalid environment name for GitOps path usage", "envName", envName) | ||
| return fmt.Errorf("invalid environment name") | ||
| } | ||
| return nil | ||
| } | ||
|
|
||
| func (impl *GitOperationServiceImpl) MigrateProxyChartDependenciesIfRequired(ctx context.Context, isChartUpdated bool, pushChartToGitRequest *bean.PushChartToGitRequestDTO, expectedChartYamlContent string) error { | ||
| // validate that user-controlled fields used in path construction are safe | ||
| if err := impl.validatePushChartToGitRequestForPathSafety(pushChartToGitRequest); err != nil { | ||
| return err | ||
| } | ||
| clonedDir, err := impl.CloneChartForHelmApp(pushChartToGitRequest.AppName, pushChartToGitRequest.RepoURL, pushChartToGitRequest.TargetRevision) | ||
| if err != nil { | ||
| impl.logger.Errorw("error in cloning chart for helm app", "appName", pushChartToGitRequest.AppName, "repoUrl", pushChartToGitRequest.RepoURL, "err", err) |
| } | ||
| impl.logger.Debugw("dependencies found in requirements.yaml file", "appName", pushChartToGitRequest.AppName, "envName", pushChartToGitRequest.EnvName, "dependencies", expectedChartMetaData.Dependencies) | ||
| // check if chart.yaml file has dependencies | ||
| chartYamlContent, err := os.ReadFile(chartYamlPath) |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 17 days ago
General approach: when constructing filesystem paths from data that ultimately comes from the user, we should ensure that the final resolved path remains under a known “safe” base directory (here, the clonedDir returned by CloneChartForHelmApp). The concrete file name (chartRefBean.CHART_YAML_FILE) is already safe; the risk is from the intermediate directory (gitOpsChartLocation / workingDir). We can mitigate this by normalizing and checking the paths with filepath.Abs and strings.HasPrefix against the base directory.
Best concrete fix here:
- After cloning (
clonedDir), compute the intended chart directory (gitOpsChartLocation := fmt.Sprintf("%s-%s", pushChartToGitRequest.AppName, pushChartToGitRequest.EnvName)as before). - Build
workingDir := filepath.Join(clonedDir, gitOpsChartLocation), then:- Resolve both
clonedDirandworkingDirto absolute paths usingfilepath.Abs. - Verify that
workingDirAbsstarts withbaseAbs + string(os.PathSeparator)(or equalsbaseAbs) usingstrings.HasPrefix. If the check fails, log and return an error instead of proceeding.
- Resolve both
- In
shouldMigrateProxyChartDependencies, we constructchartYamlPath := filepath.Join(clonedDir, chartRefBean.CHART_YAML_FILE). To satisfy CodeQL and enforce safety consistently, we similarly:- Resolve
clonedDirandchartYamlPathto absolute paths. - Validate that
chartYamlPathAbsis underbaseAbs. If not, log and return an error.
- Resolve
These changes do not alter existing external behavior for valid inputs, but they prevent directory traversal via malicious AppName/EnvName (or other components that influence clonedDir) by rejecting any request that would cause access outside the cloned repo directory. All changes are local to pkg/deployment/gitOps/git/GitOperationService.go, using only standard-library functions already imported (filepath, os, strings, fmt).
|
Bito Automatic Review Skipped - Branch Excluded |
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 9257608 | Triggered | Base64 AWS keys | f733a1d | scripts/devtron-reference-helm-charts/deployment-chart_4-22-0/test-values.json | View secret |
| 2763127 | Triggered | Generic High Entropy Secret | 4b8eb26 | scripts/devtron-reference-helm-charts/reference-chart_5-2-0/secrets-test-values.yaml | View secret |
| 141558 | Triggered | Generic High Entropy Secret | f733a1d | scripts/devtron-reference-helm-charts/statefulset-chart_5-2-0/env-values.yaml | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
|
11 participants
Description
Fixes #
Checklist:
Does this PR introduce a user-facing change?