Lists: Update TIPCommon dependency

[timere-nemo]

Title (Please follow the convention below)

[Buganizer ID: 502893537] Fix: Resolve Multi-Environment Search in Custom Lists

---

Description

Fixes a bug where searching for custom lists failed for items mapped to multiple environments or the wildcard "[\"*\"]" environment. The previous logic used a restrictive strict equality (eq) check on the environments field (stored as a JSON array string), which caused false negatives when searching for multi-environment items.

---

Checklist:

Please ensure you have completed the following items before submitting your PR.
This helps us review your contribution faster and more efficiently.

General Checks:

• I have read and followed the project's contributing.md guide.
• My code follows the project's coding style guidelines.
• I have performed a self-review of my own code.
• My changes do not introduce any new warnings.
• My changes pass all existing tests.
• I have added new tests where appropriate to cover my changes. (If applicable)
• I have updated the documentation where necessary (e.g., README, API docs). (If applicable)

Open-Source Specific Checks:

• My changes do not introduce any Personally Identifiable Information (PII) or sensitive customer data.
• My changes do not expose any internal-only code examples, configurations, or URLs.
• All code examples, comments, and messages are generic and suitable for a public repository.
• I understand that any internal context or sensitive details related to this work are handled separately in internal systems (Buganizer for Google team members).

For Google Team Members and Reviewers Only:

• I have included the Buganizer ID in the PR title or description (e.g., "Internal Buganizer ID: 123456789" or "Related Buganizer: go/buganizer/123456789").
• I have ensured that all internal discussions and PII related to this work remain in Buganizer.
• I have tagged the PR with one or more labels that reflect the pull request purpose.

[github-actions]

❌ Marketplace Validation Failed

Click to view the full report

---

Validation Report

🧩 Integrations

Pre-Build Stage

lists

Validation Name	Details
⚠️ Release Notes Date Validation	Release notes have invalid publish_time values (expected YYYY-MM-DD): v1.0: ''
⚠️ Test Config Validation	'lists' is missing tests/config.json

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical bug affecting custom list searches, particularly for items associated with multiple environments or wildcard environments. The fix is implemented by updating the TIPCommon dependency, which contained a restrictive equality check causing search failures. The update ensures that custom list searches now correctly identify multi-environment items, improving the reliability and accuracy of the system. This change also includes a version bump for the Lists integration and its associated testing dependencies to maintain consistency and compatibility.

Highlights

• Dependency Update: The TIPCommon dependency has been upgraded from version 2.3.0 to 2.3.7, which is crucial for resolving a bug in custom list searching.
• Integration Version Bump: The Lists integration version has been incremented from 13.0 to 14.0 to reflect the dependency updates and associated bug fixes.
• Testing Dependency Update: The integration-testing dependency has also been updated from version 2.3.0 to 2.3.7, ensuring compatibility with the latest changes.
• Release Notes: A new entry has been added to the release notes, documenting the TIPCommon dependency update and the new Lists integration version.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates the Lists integration to version 14.0, primarily by upgrading the integration-testing and TIPCommon dependencies to version 2.3.7. The review feedback suggests two improvements: the release note description should be updated to focus on the functional bug fix for a Security Analyst persona, and new unit tests should be added to verify the bug fix, adhering to the style guide's requirement for all bug fixes.

[github-actions]

❌ Marketplace Validation Failed

Click to view the full report

---

Validation Report

🧩 Integrations

Pre-Build Stage

lists

Validation Name	Details
⚠️ Release Notes Date Validation	Release notes have invalid publish_time values (expected YYYY-MM-DD): v1.0: ''

[github-actions]

❌ Marketplace Validation Failed

Click to view the full report

---

Validation Report

🧩 Integrations

Pre-Build Stage

lists

Validation Name	Details
⚠️ Release Notes Date Validation	Release notes have invalid publish_time values (expected YYYY-MM-DD): v1.0: ''

[github-actions]

❌ Marketplace Validation Failed

Click to view the full report

---

Validation Report

🧩 Integrations

Pre-Build Stage

mc_afee_active_response

Validation Name	Details
⚠️ SSL Integration Validation	McAfee Active Response is missing a 'Verify SSL' parameter

websense

Validation Name	Details
⚠️ SSL Integration Validation	The default value of the 'Verify SSL' param in Websense must be a boolean true

lastline

Validation Name

Details

⚠️ Fields Validation

Action Parameter name: Wait for the report? does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds) Action Parameter name: Create Insight? does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds) Action Parameter name: Wait for the report? does not match the regex: ^[a-zA-Z0-9-'\s]+$|Verify SSL Ceritifcate?|Git Password/Token/SSH Key|EML/MSG Base64 String|Country(For multiple countries, provide comma-separated values)|Entity Identifier(s)|logzio_security_token|logzio_region|minimum_score|api_token|eyeglass_ip|API_Key|Alert_ID|Queue_State|logzio_operations_token|logzio_custom_endpoint|api_key|fields_to_search|severity_threshold|Entity Identifier(s) Type|Target Entity Identifier(s)|IOC_Enrichment|SLA (in minutes)|raw_json|alert_event_id|Additional_Data|page_size|sort_by|Data_Range|Incident_Key|Team_IDS|User_IDS|Service_IDS|Entity_State|Incidents_Statuses|from_time|to_time|Incident_ID|from_date|logzio_token|search_term|Ingest\ only\ alerts\ that\ have\ “is_security”\ attribute\ set\ to\ True?|Ingest\ only\ alerts\ that\ have\ “is_incident”\ attribute\ set\ to\ True?|Fetch\ Backwards\ Time\ Interval\ (minutes)|Events\ Padding\ Period\ (hours)|Is\ Exchange\ On-Prem?|Is\ Office365\ (Exchange\ Online)?|Extract\ urls\ from\ HTML\ email\ part?|Create\ a\ Separate\ Siemplify\ Alert\ per\ Attached\ Mail\ File?|Email\ Padding\ Period\ (minutes)|Tenant\ (Directory)\ ID|Should\ ingest\ only\ starred\ threats?|Should\ ingest\ threats\ related\ to\ incidents?|Use\ the\ same\ approach\ with\ event\ creation\ for\ all\ alert\ types?|Enable\ Fallback\ Logic\ Debug?|Create\ Chronicle\ SOAR\ Alerts\ for\ Sentinel\ incidents\ that\ do\ not\ have\ entities?|Incidents\ Padding\ Period\ (minutes)|Wait\ For\ Scheduled/NRT\ Alert\ Object|Api_Key|Fetch\ Private\ Notes?|Offenses\ Creation\ Timer\ (minutes)|What\ Value\ to\ use\ for\ the\ Name\ Field\ of\ Siemplify\ Alert?|What\ Value\ to\ use\ for\ the\ Rule\ Generator\ Field\ of\ Siemplify\ Alert?|Mask\ findings?|Events\ Padding\ Period\ (minutes)|Track\ New\ Events\ Threshold\ (hours)|Token\ Timeout\ (in\ Seconds)|Script\ Timeout\ (Seconds)

site24x7

Validation Name	Details
⚠️ Mapping Rules Validation	'site24x7' has connectors but doesn't have default mapping rules

observe_it

Validation Name	Details
⚠️ Mapping Rules Validation	'observe_it' has connectors but doesn't have default mapping rules
⚠️ SSL Connectors Validation	- ObserveIT - Alerts Connector is missing a 'Verify SSL' parameter

fire_eye_ex

Validation Name	Details
⚠️ SSL Integration Validation	The default value of the 'Verify SSL' param in FireEye EX must be a boolean true
⚠️ Connectors Documentation Link Validation	Integration 'fire_eye_ex' contains connectors with missing documentation link: - FireEye EX - Alerts Connector

illusive_networks

Validation Name	Details
⚠️ Mapping Rules Validation	'illusive_networks' has connectors but doesn't have default mapping rules
⚠️ SSL Integration Validation	The default value of the 'Verify SSL' param in Illusive Networks must be a boolean true
⚠️ SSL Connectors Validation	- The default value of the 'Verify SSL' param in Illusive Networks - Incidents Connector must be a boolean true

outpost24

Validation Name	Details
⚠️ Mapping Rules Validation	'outpost24' has connectors but doesn't have default mapping rules

f5_big_iq

Validation Name	Details
⚠️ SSL Integration Validation	The default value of the 'Verify SSL' param in F5 Big IQ must be a boolean true

mc_afee_atd

Validation Name	Details
⚠️ SSL Integration Validation	The default value of the 'Verify SSL' param in McAfee ATD must be a boolean true