Skip to content

[Sync] Update project files from source repository (c870de4)#26

Merged
mrz1836 merged 2 commits into
mainfrom
chore/sync-files-bsv-blockchain-services-20260228-214501-c870de4
Mar 1, 2026
Merged

[Sync] Update project files from source repository (c870de4)#26
mrz1836 merged 2 commits into
mainfrom
chore/sync-files-bsv-blockchain-services-20260228-214501-c870de4

Conversation

@mrz1836
Copy link
Copy Markdown
Collaborator

@mrz1836 mrz1836 commented Mar 1, 2026

What Changed

  • Updated MAGE_X_GORELEASER_VERSION from v2.13.3 to v2.14.1 in .github/env/10-mage-x.env
  • Updated github/codeql-action/init from 9e907b5e64f6b83e7804b09294d44122997950d6 (v4.32.3) to 89a39a4e59826350b863aa6b6252a07ad50cf83e (v4.32.4) in .github/workflows/codeql-analysis.yml
  • Updated github/codeql-action/autobuild from 9e907b5e64f6b83e7804b09294d44122997950d6 (v4.32.3) to 89a39a4e59826350b863aa6b6252a07ad50cf83e (v4.32.4) in .github/workflows/codeql-analysis.yml
  • Updated github/codeql-action/analyze from 9e907b5e64f6b83e7804b09294d44122997950d6 (v4.32.3) to 89a39a4e59826350b863aa6b6252a07ad50cf83e (v4.32.4) in .github/workflows/codeql-analysis.yml
  • Updated actions/upload-artifact from b7c566a772e6b6bfb58ed0dc250532a479d7789f (v6.0.0) to bbbca2ddaa5d8feaa63e36b76fdaad77386f024f (v7.0.0) in .github/workflows/scorecard.yml
  • Updated github/codeql-action/upload-sarif from 9e907b5e64f6b83e7804b09294d44122997950d6 (v4.32.3) to 89a39a4e59826350b863aa6b6252a07ad50cf83e (v4.32.4) in .github/workflows/scorecard.yml

Why It Was Necessary

  • Routine dependency updates to keep build tooling and security scanning actions current with latest patches and improvements
  • CodeQL action updates ensure the security analysis workflow uses the most recent scanning capabilities and bug fixes
  • GoReleaser version bump provides access to newer release automation features and fixes

Testing Performed

  • CI workflows will automatically validate the updated action versions on merge
  • CodeQL analysis workflow will run with the updated v4.32.4 actions to verify compatibility
  • Scorecard workflow will execute with the updated upload-artifact v7.0.0 and CodeQL upload-sarif v4.32.4 actions

Impact / Risk

  • Risk Level: Low - these are minor version updates to well-maintained GitHub Actions and build tooling
  • Breaking Changes: None expected - all updates are backwards compatible version bumps with pinned commit SHAs
  • CI Impact: No changes to workflow behavior expected, only internal improvements to the actions themselves

@mrz1836 mrz1836 self-assigned this Mar 1, 2026
@mrz1836 mrz1836 added automated-sync Automated sync PR, e.g. from a fork or external repo automerge Label to automatically merge pull requests that meet all required conditions chore Simple dependency updates or version bumps labels Mar 1, 2026
@github-actions github-actions Bot added update General updates size/S Small change (11–50 lines) labels Mar 1, 2026
@mrz1836
fix(deps): upgrade dependencies to resolve CVE-2026-25882 and CVE-202…
786a25b 
…6-27141

- github.com/gofiber/fiber/v2: v2.52.11 → v2.52.12 (fixes CVE-2026-25882 DoS via Route Parameter Overflow)
- golang.org/x/net: v0.50.0 → v0.51.0 (fixes CVE-2026-27141 HTTP/2 server panic)
- Additional indirect dependency upgrades via magex deps:update
@mrz1836 mrz1836 merged commit e0a70d5 into main Mar 1, 2026
45 checks passed
@github-actions github-actions Bot deleted the chore/sync-files-bsv-blockchain-services-20260228-214501-c870de4 branch March 1, 2026 03:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@mrz1836 mrz1836

Labels

automated-sync Automated sync PR, e.g. from a fork or external repo automerge Label to automatically merge pull requests that meet all required conditions chore Simple dependency updates or version bumps size/S Small change (11–50 lines) update General updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mrz1836