Skip to content

[Sync] Update project files from source repository (1f83ec3)#63

Merged
mrz1836 merged 1 commit into
masterfrom
chore/sync-files-bsv-blockchain-20251222-191619-1f83ec3
Dec 23, 2025
Merged

[Sync] Update project files from source repository (1f83ec3)#63
mrz1836 merged 1 commit into
masterfrom
chore/sync-files-bsv-blockchain-20251222-191619-1f83ec3

Conversation

@mrz1836
Copy link
Copy Markdown
Collaborator

@mrz1836 mrz1836 commented Dec 23, 2025

What Changed

  • Updated mage-x version from v1.11.0 to v1.12.2 in the base environment configuration
  • Added new MAGE_X_CVE_EXCLUDES environment variable for govulncheck/magex CVE exclusions
  • Synchronized 27 GitHub Actions workflow files with latest configurations
  • Enhanced CVE exclusion support to work with magex deps:audit command in addition to Nancy scanner

Why It Was Necessary

  • The mage-x v1.12.2 release includes important bug fixes and improvements to the build tooling
  • Adding MAGE_X_CVE_EXCLUDES provides a standardized way to exclude known acceptable vulnerabilities when running govulncheck through magex, improving consistency with existing Nancy exclusion patterns
  • Workflow synchronization ensures all CI/CD pipelines benefit from the latest mage-x features and security improvements
  • The new exclusion mechanism allows developers to pass CVE exclusions either through environment variables or command-line parameters for greater flexibility

Testing Performed

  • Validated YAML syntax of all 27 modified GitHub Actions workflow files
  • Verified environment variable format and documentation in .github/.env.base
  • Confirmed backward compatibility with existing NANCY_EXCLUDES configuration
  • Reviewed mage-x v1.12.2 release notes for breaking changes (none affecting current usage)
  • Validated that CVE exclusion format matches expected comma-separated CVE ID pattern

Impact / Risk

  • Low Risk: Standard dependency version update and configuration enhancement
  • No Breaking Changes: New MAGE_X_CVE_EXCLUDES variable is additive and doesn't modify existing behavior
  • CI/CD Impact: Workflows will use updated mage-x tooling with potential performance and reliability improvements
  • Migration: None required - existing configurations remain functional and new exclusion variable is optional

@mrz1836 mrz1836 self-assigned this Dec 23, 2025
@mrz1836 mrz1836 added automated-sync Automated sync PR, e.g. from a fork or external repo automerge Label to automatically merge pull requests that meet all required conditions chore Simple dependency updates or version bumps labels Dec 23, 2025
@github-actions github-actions Bot added update General updates size/L Large change (201–500 lines) labels Dec 23, 2025
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Dec 23, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@mrz1836 mrz1836 merged commit 5a3fa7c into master Dec 23, 2025
44 checks passed
@github-actions github-actions Bot deleted the chore/sync-files-bsv-blockchain-20251222-191619-1f83ec3 branch December 23, 2025 00:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@mrz1836 mrz1836

Labels

automated-sync Automated sync PR, e.g. from a fork or external repo automerge Label to automatically merge pull requests that meet all required conditions chore Simple dependency updates or version bumps size/L Large change (201–500 lines) update General updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mrz1836