CalvinBackup/shannon
1
0
Fork 0
mirror of https://github.com/KeygraphHQ/shannon.git synced 2026-06-10 01:13:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: harden supply chain security (#255)

Browse Source 
* fix: patch smol-toml and tsdown vulnerabilities

Update smol-toml 1.6.0→1.6.1 (DoS via recursive comment parsing) and
tsdown 0.21.2→0.21.5 (picomatch ReDoS + method injection).

* fix: pin all unpinned dependency versions in Dockerfile

Pins subfinder v2.13.0, WhatWeb v0.6.3 (switched from git clone to
release tarball), schemathesis 4.13.0, addressable 2.8.9,
claude-code 2.1.84, and playwright-cli 0.1.1 for reproducible builds.

* fix: pin GitHub Actions to commit SHAs for supply chain security

* fix: pin GitHub Actions to commit SHAs in beta and rollback workflows
This commit is contained in:
ezl-keygraph
2026-03-27 01:55:09 +05:30
committed by GitHub
parent e220f4862c
commit 147bc3f5f4
7 changed files with 160 additions and 159 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/rollback-beta.yml
+1 -1
View File
@@ -38,7 +38,7 @@ jobs:
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
- name: Setup Node.js
uses: actions/setup-node@v6
uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
with:
node-version: 24
registry-url: https://registry.npmjs.org