Skip to content

[Sync] Update project files from source repository (b318071)#62

Merged
mrz1836 merged 1 commit into
masterfrom
chore/sync-files-bsv-blockchain-20251223-153119-b318071
Dec 23, 2025
Merged

[Sync] Update project files from source repository (b318071)#62
mrz1836 merged 1 commit into
masterfrom
chore/sync-files-bsv-blockchain-20251223-153119-b318071

Conversation

@mrz1836
Copy link
Copy Markdown
Collaborator

@mrz1836 mrz1836 commented Dec 23, 2025

What Changed

  • Updated MAGE_X_VERSION from v1.12.2 to v1.13.0 in .github/.env.base
  • Replaced real CVE exclusion examples with fake/placeholder examples in NANCY_EXCLUDES and MAGE_X_CVE_EXCLUDES (changed from CVE-2024-38513,CVE-2023-45142 to CVE-9999-12345,CVE-9999-43210)
  • Updated comments for CVE exclusion variables to clarify they are "fake examples"
  • Increased GO_BROADCAST_AI_MAX_TOKENS from 2000 to 5000
  • Added new commented-out debug configuration option GO_BROADCAST_DEBUG_DIFF_PATH
  • Added permissions: contents: read with explanatory comment to three GitHub workflow files (dependabot-auto-merge.yml, stale-check.yml, sync-labels.yml)

Why It Was Necessary

  • Upgrade to latest mage-x version to incorporate new features and fixes
  • Replace real CVE exclusions with placeholder examples to avoid hardcoding specific vulnerabilities in base configuration
  • Increase AI token limit to support more comprehensive AI-generated content in broadcast operations
  • Add explicit permissions declarations to workflow jobs to follow GitHub Actions security best practices for sparse checkout operations

Testing Performed

  • Verify mage-x v1.13.0 compatibility with existing workflows and build processes
  • Validate that CVE exclusion format remains compatible with Nancy and govulncheck tooling
  • Test AI broadcast functionality with increased token limit to ensure proper operation
  • Confirm GitHub workflow permissions don't break existing sparse checkout and environment loading operations

Impact / Risk

  • Low risk: Version bump to mage-x follows semantic versioning (minor version update)
  • Configuration change: Teams using this base configuration will need to replace placeholder CVE exclusions with actual values if needed
  • Workflow behavior: Added permissions are explicitly scoped to read-only, maintaining security posture while meeting GitHub Actions requirements
  • AI generation: Increased token limit may result in slightly higher API costs but enables more comprehensive AI-generated content

@mrz1836 mrz1836 self-assigned this Dec 23, 2025
@mrz1836 mrz1836 added automated-sync Automated sync PR, e.g. from a fork or external repo automerge Label to automatically merge pull requests that meet all required conditions chore Simple dependency updates or version bumps labels Dec 23, 2025
@github-actions github-actions Bot added update General updates size/S Small change (11–50 lines) labels Dec 23, 2025
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Dec 23, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@mrz1836 mrz1836 merged commit 008f5ef into master Dec 23, 2025
44 checks passed
@github-actions github-actions Bot deleted the chore/sync-files-bsv-blockchain-20251223-153119-b318071 branch December 23, 2025 20:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@mrz1836 mrz1836

Labels

automated-sync Automated sync PR, e.g. from a fork or external repo automerge Label to automatically merge pull requests that meet all required conditions chore Simple dependency updates or version bumps size/S Small change (11–50 lines) update General updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mrz1836