Skip to content

Commit c6b6b95

Browse files
GenerQAQGenerQAQ
committed
fix(ci): revert pnpm/action-setup to v4, switch JS audit to osv-scanner, bump cryptography
- Revert pnpm/action-setup from v6 (08c4be7e) back to v4 (fc06bc12) to fix pnpm 11 beta being installed despite version: 10, which caused ERR_PNPM_LOCKFILE_CONFIG_MISMATCH and ERR_PNPM_UNSUPPORTED_ENGINE - Replace pnpm audit with google/osv-scanner in JS/TS security audit workflow since the npm registry audit endpoint returned 410 Gone - Bump cryptography from >=46.0.6 to >=46.0.7 to fix CVE-2026-39892
1 parent caa359a commit c6b6b95

7 files changed

Lines changed: 68 additions & 71 deletions

File tree

.github/workflows/dashboard-test.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ jobs:
3131
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
3232

3333
- name: Setup pnpm
34-
uses: pnpm/action-setup@08c4be7e2e672a47d11bd04269e27e5f3e8529cb
34+
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320
3535
with:
3636
version: 10
3737

.github/workflows/docs-test.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ jobs:
3131
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
3232

3333
- name: Set up pnpm
34-
uses: pnpm/action-setup@08c4be7e2e672a47d11bd04269e27e5f3e8529cb
34+
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320
3535
with:
3636
version: 10
3737

.github/workflows/landingpage-test.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ jobs:
3131
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
3232

3333
- name: Setup pnpm
34-
uses: pnpm/action-setup@08c4be7e2e672a47d11bd04269e27e5f3e8529cb
34+
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320
3535
with:
3636
version: 10
3737

@@ -71,7 +71,7 @@ jobs:
7171
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
7272

7373
- name: Setup pnpm
74-
uses: pnpm/action-setup@08c4be7e2e672a47d11bd04269e27e5f3e8529cb
74+
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320
7575
with:
7676
version: 10
7777

@@ -106,7 +106,7 @@ jobs:
106106
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
107107

108108
- name: Setup pnpm
109-
uses: pnpm/action-setup@08c4be7e2e672a47d11bd04269e27e5f3e8529cb
109+
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320
110110
with:
111111
version: 10
112112

.github/workflows/security-reusable.yaml

Lines changed: 9 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -89,22 +89,19 @@ jobs:
8989
steps:
9090
- name: Checkout
9191
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
92-
- name: Setup Node
93-
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f
94-
with:
95-
node-version: '22'
96-
cache: 'npm'
97-
cache-dependency-path: src/client/acontext-ts/package-lock.json
98-
- name: Setup pnpm
99-
uses: pnpm/action-setup@08c4be7e2e672a47d11bd04269e27e5f3e8529cb
92+
- name: Setup Go
93+
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c
10094
with:
101-
version: 10
95+
go-version: '1.24'
96+
cache: false
97+
- name: Install osv-scanner
98+
run: go install github.com/google/osv-scanner/v2/cmd/osv-scanner@latest
10299
- name: Audit TS SDK
103100
working-directory: src/client/acontext-ts
104-
run: npm audit --audit-level=high --omit=dev
101+
run: osv-scanner --lockfile=package-lock.json
105102
- name: Audit UI
106103
working-directory: src/server/ui
107-
run: pnpm audit --audit-level=high --prod
104+
run: osv-scanner --lockfile=pnpm-lock.yaml
108105
- name: Audit Landing Page
109106
working-directory: landingpage
110-
run: pnpm audit --audit-level=high --prod
107+
run: osv-scanner --lockfile=pnpm-lock.yaml

.github/workflows/ui-test.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ jobs:
3131
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
3232

3333
- name: Setup pnpm
34-
uses: pnpm/action-setup@08c4be7e2e672a47d11bd04269e27e5f3e8529cb
34+
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320
3535
with:
3636
version: 10
3737

src/server/core/pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ dependencies = [
3737
"novita-sandbox>=1.0.4",
3838
"urllib3>=2.6.3",
3939
"boto3>=1.42.19",
40-
"cryptography>=46.0.6",
40+
"cryptography>=46.0.7",
4141
"pygments>=2.20.0",
4242
]
4343

src/server/core/uv.lock

Lines changed: 52 additions & 52 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)