Conversation
Propagate changes from main into development
chore(deps): update github-actions-non-major
chore(deps): update go-non-major
…ntries Renovate's automated update regenerated package-lock.json incorrectly, omitting top-level node_modules entries for eslint and vite. This caused npm ci to fail in CI during dependency installation. Regenerating with Node v22.22.1 and npm v11.16.0 restores the correct entries.
The supply-chain Grype scan last ran on Feb 4, 2026 due to a cascade of compounding failures. This commit resolves all root causes: - Twelve .trivyignore CVE suppressions expired between Apr 30 and May 25, causing the Trivy PR gate to block all PR merges and starve the pipeline of push events. All entries extended 60–90 days with appropriate review comments; no entry exceeds Sep 1, 2026. - Ten .grype.yaml suppressions also expired in May, meaning Grype scans that did run would immediately fail on HIGH findings and produce no fresh SARIF. All entries extended with matching dates. - The supply-chain-pr.yml job condition had a dead workflow_run branch and was missing the push and schedule event names, silently skipping the verify-supply-chain job on every push to main. Added push and schedule to the condition. - Added a weekly schedule trigger (Mondays at 02:00 UTC) so scans run regardless of PR activity. Added development to push branches to match docker-build.yml scope. - Removed continue-on-error: true from the SARIF upload step so upload failures surface as visible workflow failures rather than silent no-ops. - Simplified concurrency.group to remove dead workflow_run expressions. Refs: GitHub Code Scanning "last scanned Feb 4, 2026" alert
chore(deps): update npm-non-major
Add anti-FOUC inline script to index.html that applies the stored theme class synchronously before React mounts. Switch ThemeContext to useLayoutEffect for synchronous class application, add explicit light-mode CSS overrides, update CSP to allowlist the inline script hash, and add a Playwright regression suite.
Update GO_VERSION from 1.26.3 to 1.26.4 in all 9 CI workflow files and fix go.goroot in .vscode/settings.json to point to /usr/local/go where 1.26.4 is installed, replacing the missing sdk/go1.26.4 path. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
chore(deps): update go-non-major
Switch setup-go from go-version env var to go-version-file: backend/go.mod so the action reads the required version directly from go.mod instead of relying on a cached toolchain version that may lag behind. Change GOTOOLCHAIN from auto to local across all workflows so Go uses exactly the version installed by setup-go without attempting auto-downloads that can silently fall back to an older release. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Upgrades github.com/buger/jsonparser to v1.1.2 in the CrowdSec dependency patch block to fix a panic in Delete() caused by a negative slice index on malformed JSON input. Affects both the crowdsec and cscli binaries. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
chore(deps): update go-non-major to v1.75.0
chore(deps): update go-non-major to v1.2.0
…te.sh - Consolidate Go and npm update scripts into a single script - Use repo-relative paths instead of hardcoded /projects/Charon - Add type-check and test steps to npm update flow - Allow npm audit fix and outdated to fail without aborting
Document golang.org/x/sys vulnerability assessment confirming v0.46.0 already exceeds the v0.44.0 fix; Linux-only deployment excludes the vulnerable Windows code path entirely. Includes govulncheck clean-scan evidence and Trivy false-positive explanation.
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
…#1106) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Jeremy <jhatfield82@gmail.com>
Automated checksum update for GeoLite2-Country.mmdb database. Old: 6e9212f23d3279a2454404d3b2a7ac30159fddbb9870ba33763014877296455c New: 1522faf7b5f6a96c3a0128bca813bd4b0ae24dce38e9d37acdff0efaa75fcdd9 Auto-generated by: .github/workflows/update-geolite2.yml Co-authored-by: Wikid82 <176516789+Wikid82@users.noreply.github.com>
Resolve merge conflicts from diverged histories caused by prior weekly promotion PRs being merged into main with merge commits (cfb4a0f, 70d3b3b). All conflicts resolved in favor of nightly, which is the canonical source of truth for the nightly→main one-way flow. Root cause: merge commit strategy on main creates commits that are not present on nightly, causing git to treat the histories as diverged on subsequent weekly promotions. Future promotions should use squash or rebase merge strategy to keep main's history a strict subset of nightly.
Resolve remaining conflicts from diverged histories introduced by merge commit 3687b94 on main. All conflicts resolved in favor of nightly, which is the canonical source of truth for the nightly→main one-way flow.
Contributor
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
Contributor
Author
✅ Supply Chain Verification Results✅ PASSED 📦 SBOM Summary
🔍 Vulnerability Scan
📎 Artifacts
Generated by Supply Chain Verification workflow • View Details |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🚀 Weekly Nightly to Main Promotion
Date: 2026-06-29
Trigger: Scheduled weekly promotion
Commits: 210 commits to promote
Changes: 104 files changed, 10556 insertions(+), 1253 deletions(-)
Commits Being Promoted
Showing first 50 of 210 commits:
...and 160 more commits
Pre-Merge Checklist
Merge Instructions
This PR promotes changes from
nightlytomain. Once all checks pass:This PR was automatically created by the Weekly Nightly Promotion workflow.