Skip to content

[Sync] Update project files from source repository (b318071)#79

Merged
mrz1836 merged 1 commit into
masterfrom
chore/sync-files-bsv-blockchain-20251223-153121-b318071
Dec 23, 2025
Merged

[Sync] Update project files from source repository (b318071)#79
mrz1836 merged 1 commit into
masterfrom
chore/sync-files-bsv-blockchain-20251223-153121-b318071

Conversation

@mrz1836

@mrz1836 mrz1836 commented Dec 23, 2025

Copy link
Copy Markdown
Collaborator

What Changed

  • Updated MAGE_X_VERSION from v1.12.2 to v1.13.0 in .github/.env.base
  • Replaced real CVE identifiers with fake example CVEs in security scanning exclusion lists:
    • NANCY_EXCLUDES now uses CVE-9999-12345,CVE-9999-43210 (previously CVE-2024-38513,CVE-2023-45142)
    • MAGE_X_CVE_EXCLUDES now uses CVE-9999-12345,CVE-9999-43210 (previously CVE-2024-38513,CVE-2023-45142)
    • Updated associated comments to clarify these are fake examples
  • Increased GO_BROADCAST_AI_MAX_TOKENS from 2000 to 5000
  • Added commented debug configuration option GO_BROADCAST_DEBUG_DIFF_PATH with example path
  • Added explicit contents: read permissions to three workflow files (dependabot-auto-merge.yml, stale-check.yml, sync-labels.yml) in their load-env jobs with explanatory comments

Why It Was Necessary

  • Upgrading MAGE_X to v1.13.0 brings in latest tooling improvements and features
  • Using fake CVE examples in the base configuration prevents accidental masking of real vulnerabilities and serves as clearer template documentation
  • Increasing AI token limit allows for generation of more comprehensive content in broadcast operations
  • Explicit permissions declarations follow GitHub Actions security best practices and improve workflow clarity

Testing Performed

  • Verify MAGE_X v1.13.0 is available and compatible with existing workflows
  • Confirm workflow YAML syntax is valid with added permissions blocks
  • Test that environment variable loading still functions correctly in all three modified workflows
  • Validate that CVE exclusion variables accept the new example format

Impact / Risk

  • Low Risk: Version bump to MAGE_X v1.13.0 - tool updates typically maintain backward compatibility
  • Low Risk: Removing real CVE exclusions from base config is safer - actual exclusions should be set in environment-specific overrides
  • Low Risk: Permission additions are read-only and explicitly document existing requirements
  • Medium Impact: Increased token limit may result in longer AI processing times and higher API costs

@mrz1836 mrz1836 self-assigned this Dec 23, 2025
@mrz1836 mrz1836 added automated-sync Automated sync PR, e.g. from a fork or external repo automerge Label to automatically merge pull requests that meet all required conditions chore Simple dependency updates or version bumps labels Dec 23, 2025
@github-actions github-actions Bot added update General updates size/S Small change (11–50 lines) labels Dec 23, 2025
@sonarqubecloud

sonarqubecloud Bot commented Dec 23, 2025

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@mrz1836 mrz1836 merged commit 8c12184 into master Dec 23, 2025
44 checks passed
@github-actions github-actions Bot deleted the chore/sync-files-bsv-blockchain-20251223-153121-b318071 branch December 23, 2025 20:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@mrz1836 mrz1836

Labels

automated-sync Automated sync PR, e.g. from a fork or external repo automerge Label to automatically merge pull requests that meet all required conditions chore Simple dependency updates or version bumps size/S Small change (11–50 lines) update General updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mrz1836