shannon

CalvinBackup/shannon

Fork 0

mirror of https://github.com/KeygraphHQ/shannon.git synced 2026-06-10 01:13:57 +02:00

Commit Graph

Author	SHA1	Message	Date
ezl-keygraph	147bc3f5f4	fix: harden supply chain security (#255 ) * fix: patch smol-toml and tsdown vulnerabilities Update smol-toml 1.6.0→1.6.1 (DoS via recursive comment parsing) and tsdown 0.21.2→0.21.5 (picomatch ReDoS + method injection). * fix: pin all unpinned dependency versions in Dockerfile Pins subfinder v2.13.0, WhatWeb v0.6.3 (switched from git clone to release tarball), schemathesis 4.13.0, addressable 2.8.9, claude-code 2.1.84, and playwright-cli 0.1.1 for reproducible builds. * fix: pin GitHub Actions to commit SHAs for supply chain security * fix: pin GitHub Actions to commit SHAs in beta and rollback workflows	2026-03-27 01:55:09 +05:30
ezl-keygraph	167f3c3ccd	feat: add beta release and rollback workflows with cosign signing	2026-03-18 22:07:58 +05:30

Author

SHA1

Message

Date

ezl-keygraph

147bc3f5f4

fix: harden supply chain security (#255 )

* fix: patch smol-toml and tsdown vulnerabilities

Update smol-toml 1.6.0→1.6.1 (DoS via recursive comment parsing) and
tsdown 0.21.2→0.21.5 (picomatch ReDoS + method injection).

* fix: pin all unpinned dependency versions in Dockerfile

Pins subfinder v2.13.0, WhatWeb v0.6.3 (switched from git clone to
release tarball), schemathesis 4.13.0, addressable 2.8.9,
claude-code 2.1.84, and playwright-cli 0.1.1 for reproducible builds.

* fix: pin GitHub Actions to commit SHAs for supply chain security

* fix: pin GitHub Actions to commit SHAs in beta and rollback workflows

2026-03-27 01:55:09 +05:30

ezl-keygraph

167f3c3ccd

feat: add beta release and rollback workflows with cosign signing

2026-03-18 22:07:58 +05:30

2 Commits