Psalm Security Analysis

[stable22] fix(security): Update CA certificate bundle #31891

Sign in to view logs

Triggered via pull request March 20, 2026 03:07

nextcloud-command

opened #59101

automated/noid/stable22-update-ca-cert-bundle

Status Success

Total duration 4m 35s

Artifacts –

psalm-security.yml

on: pull_request

Annotations

11 errors and 1 warning

This version of the CodeQL Action was deprecated on January 18th, 2023, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/

Psalm: apps/theming/lib/IconBuilder.php#L138

Detected tainted file handling (see https://psalm.dev/255)

Psalm: apps/files_sharing/lib/Controller/ShareController.php#L665

Detected tainted cookie (see https://psalm.dev/257)

Psalm: apps/files_external/lib/MountConfig.php#L162

Detected tainted file handling (see https://psalm.dev/255)

Psalm: apps/files_external/lib/Lib/Storage/SFTP.php#L399

Detected tainted file handling (see https://psalm.dev/255)

Psalm: apps/files_external/lib/Lib/Storage/SFTP.php#L258

Detected tainted file handling (see https://psalm.dev/255)

Psalm: apps/files_external/lib/Lib/Storage/SFTP.php#L237

Detected tainted file handling (see https://psalm.dev/255)

Psalm: apps/files_external/lib/Lib/Storage/FTP.php#L110

Detected tainted file handling (see https://psalm.dev/255)

Psalm: apps/files_external/lib/Lib/Storage/FTP.php#L95

Detected tainted file handling (see https://psalm.dev/255)

Psalm: apps/admin_audit/lib/Actions/Action.php#L64

Detected tainted HTML (see https://psalm.dev/245)

Psalm: apps/admin_audit/lib/Actions/Action.php#L64

Detected tainted HTML (see https://psalm.dev/245)

Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5, github/codeql-action/upload-sarif@231aa2c8a89117b126725a0e11897209b7118144. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/