Skip to content

Update #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
lubitchv wants to merge 10,000 commits into
base: globus
Choose a base branch
from

Merge pull request #12238 from IQSS/11733-api-get-file-citation-format

7904e99
Select commit
Loading
Failed to load commit list.
Open

Update #39

Merge pull request #12238 from IQSS/11733-api-get-file-citation-format
7904e99
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL failed May 1, 2026 in 8s

153 new alerts including 3 critical severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 3 critical
  • 34 high
  • 116 medium

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 18 in .github/workflows/add_bugs_to_project.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Check warning on line 17 in .github/workflows/check_property_files.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Check warning on line 32 in .github/workflows/check_property_files.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Check warning on line 95 in .github/workflows/container_app_pr.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Check warning on line 81 in .github/workflows/container_app_push.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Check warning on line 158 in .github/workflows/container_app_push.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Check warning on line 44 in .github/workflows/deploy_beta_testing.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Check warning on line 90 in .github/workflows/deploy_beta_testing.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Check warning on line 37 in .github/workflows/generate_war_file.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Check warning on line 27 in .github/workflows/guides_build_sphinx.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Check warning on line 83 in .github/workflows/maven_unit_test.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Check warning on line 133 in .github/workflows/maven_unit_test.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Check warning on line 172 in .github/workflows/maven_unit_test.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Check warning on line 20 in .github/workflows/pr_comment_commands.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Check warning on line 20 in .github/workflows/reviewdog_checkstyle.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Check warning on line 27 in .github/workflows/shellspec.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Check warning on line 44 in .github/workflows/shellspec.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Check warning on line 54 in .github/workflows/shellspec.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Check warning on line 34 in .github/workflows/spi_release.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Check warning on line 60 in .github/workflows/spi_release.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Check warning on line 94 in .github/workflows/spi_release.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Check failure on line 63 in src/main/webapp/dataverse_header.xhtml

See this annotation in the file changed.

Code scanning / CodeQL

DOM text reinterpreted as HTML High

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Check failure on line 676 in src/main/java/edu/harvard/iq/dataverse/api/Datasets.java

See this annotation in the file changed.

Code scanning / CodeQL

Cross-site scripting High

Cross-site scripting vulnerability due to a
user-provided value
Loading
.

Check failure on line 244 in src/main/java/edu/harvard/iq/dataverse/api/DatasetFieldServiceApi.java

See this annotation in the file changed.

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.

Check failure on line 43 in src/main/java/edu/harvard/iq/dataverse/actionlogging/ActionLogServiceBean.java

See this annotation in the file changed.

Code scanning / CodeQL

Query built from user-controlled sources High

This query depends on a
user-provided value
Loading
.