• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

supabase / cli / 29605930255
65%
develop: 65%

Build:
Build:
LAST BUILD BRANCH: gh-readonly-queue/develop/pr-5903-d90c85c95a0cb8c8b30b25f439d877c16db20904
DEFAULT BRANCH: develop
Ran 17 Jul 2026 07:02PM UTC
Jobs 1
Files 229
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

17 Jul 2026 07:00PM UTC coverage: 65.08%. Remained the same
29605930255

push

github

web-flow
chore(deps): bump github.com/oapi-codegen/oapi-codegen/v2 from 2.4.1 to 2.7.1 in /apps/cli-go (#5896)

Bumps
[github.com/oapi-codegen/oapi-codegen/v2](https://github.com/oapi-codegen/oapi-codegen)
from 2.4.1 to 2.7.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/oapi-codegen/oapi-codegen/releases">github.com/oapi-codegen/oapi-codegen/v2's
releases</a>.</em></p>
<blockquote>
<h2>Security fix for Go code injection</h2>
<p>This is a security fix for a code injection vulnerability in v2.7.0,
please see:</p>
<p><a
href="https://github.com/oapi-codegen/oapi-codegen/security/advisories/GHSA-rjwr-m7qx-3fjr">https://github.com/oapi-codegen/oapi-codegen/security/advisories/GHSA-rjwr-m7qx-3fjr</a></p>
<blockquote>
<p>[!NOTE]
A vulnerability like this requires that it is missed in code review
<strong>and</strong> that you then call the malicious method.</p>
<p>Using an <code>init()</code> function could be enough to not require
a direct call to the code, and instead rely on you importing the
package, but either way, code review should be performed before any
<code>oapi-codegen</code> generated code is executed.</p>
<p>We <strong>strongly recommend</strong> all users to be reviewing
changes to their generated code before they execute anything within it,
to protect against supply chain attacks or malicious injected code.</p>
<p>This is also why we recommend <code>oapi-codegen</code> generated
code is committed to source control.</p>
</blockquote>
<p>We're more strict about escaping strings passed into the OpenAPI
specification, so that people can't inject Go code into generated
code.</p>
<p>The problem was that it was possible to craft a description for
server URL's which would emit arbitrary Go code, so if an attacker
controlled your specification, they could inject Go code into your
generated code which could do something malicious.</p>
<h2>v2.7.0: Squashing bugs, many bugs (and adding some features)</h2>
<h1>Many imp... (continued)

11145 of 17125 relevant lines covered (65.08%)

10.49 hits per line

Jobs
ID Job ID Ran Files Coverage
1 29605930255.1 17 Jul 2026 07:02PM UTC 229
65.08
GitHub Action Run
Source Files on build 29605930255
  • Tree
  • List 229
  • Changed 0
  • Source Changed 0
  • Coverage Changed 0
Coverage ∆ File Lines Relevant Covered Missed Hits/Line
  • Back to Repo
  • Github Actions Build #29605930255
  • c6e1009a on github
  • Prev Build on gh-readonly-queue/develop/pr-5886-377d47576e5e018cf7378aae820a5179f577597b (#29583654228)
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc