Conversation
Propagate changes from main into development
chore(deps): update github-actions-non-major
chore(deps): update go-non-major
…ntries Renovate's automated update regenerated package-lock.json incorrectly, omitting top-level node_modules entries for eslint and vite. This caused npm ci to fail in CI during dependency installation. Regenerating with Node v22.22.1 and npm v11.16.0 restores the correct entries.
The supply-chain Grype scan last ran on Feb 4, 2026 due to a cascade of compounding failures. This commit resolves all root causes: - Twelve .trivyignore CVE suppressions expired between Apr 30 and May 25, causing the Trivy PR gate to block all PR merges and starve the pipeline of push events. All entries extended 60–90 days with appropriate review comments; no entry exceeds Sep 1, 2026. - Ten .grype.yaml suppressions also expired in May, meaning Grype scans that did run would immediately fail on HIGH findings and produce no fresh SARIF. All entries extended with matching dates. - The supply-chain-pr.yml job condition had a dead workflow_run branch and was missing the push and schedule event names, silently skipping the verify-supply-chain job on every push to main. Added push and schedule to the condition. - Added a weekly schedule trigger (Mondays at 02:00 UTC) so scans run regardless of PR activity. Added development to push branches to match docker-build.yml scope. - Removed continue-on-error: true from the SARIF upload step so upload failures surface as visible workflow failures rather than silent no-ops. - Simplified concurrency.group to remove dead workflow_run expressions. Refs: GitHub Code Scanning "last scanned Feb 4, 2026" alert
chore(deps): update npm-non-major
Add anti-FOUC inline script to index.html that applies the stored theme class synchronously before React mounts. Switch ThemeContext to useLayoutEffect for synchronous class application, add explicit light-mode CSS overrides, update CSP to allowlist the inline script hash, and add a Playwright regression suite.
Update GO_VERSION from 1.26.3 to 1.26.4 in all 9 CI workflow files and fix go.goroot in .vscode/settings.json to point to /usr/local/go where 1.26.4 is installed, replacing the missing sdk/go1.26.4 path. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
chore(deps): update go-non-major
Switch setup-go from go-version env var to go-version-file: backend/go.mod so the action reads the required version directly from go.mod instead of relying on a cached toolchain version that may lag behind. Change GOTOOLCHAIN from auto to local across all workflows so Go uses exactly the version installed by setup-go without attempting auto-downloads that can silently fall back to an older release. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Upgrades github.com/buger/jsonparser to v1.1.2 in the CrowdSec dependency patch block to fix a panic in Delete() caused by a negative slice index on malformed JSON input. Affects both the crowdsec and cscli binaries. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
chore(deps): update go-non-major to v1.75.0
chore(deps): update go-non-major to v1.2.0
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Jeremy <jhatfield82@gmail.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Jeremy <jhatfield82@gmail.com>
The react-hook-form@7.80.0 tarball was republished on the npm registry after the package-lock.json was generated, producing a different SHA-512 digest. npm ci --ignore-scripts in the Docker Alpine build layer failed with EINTEGRITY because the stored hash no longer matched the served tarball. Updated the integrity field from the stale sha512-mhYp/... to the current sha512-4P+fk6... value, which resolves the Docker build failure.
* chore(deps): update dockerfile-non-major to v1.77.0 * fix: eliminate TempDir cleanup race in database tests runQuickCheck ran as an untracked goroutine, leaving WAL/SHM file handles open when t.TempDir() cleanup fired, causing intermittent "directory not empty" failures. Introduce launchQuickCheck (defaults to the goroutine) so tests can override it to run synchronously via TestMain, ensuring the integrity check connection is closed before temp dirs are removed. --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Jeremy <jhatfield82@gmail.com> Co-authored-by: GitHub Actions <actions@github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Jeremy <jhatfield82@gmail.com>
* chore(deps): update actions/checkout action to v7 * fix(auth): ensure server-side session is invalidated before local state clears on logout The logout() function in AuthContext was clearing React/localStorage state before the backend POST /auth/logout completed. Because the onClick handler never awaits the returned Promise, React redirected to /login (and Playwright's waitForURL resolved) while the session_version increment and cookie-clearing were still in-flight. Any immediate check against /api/v1/auth/me would receive 200 via the still-valid auth_token cookie (Firefox accepts Secure cookies on http://127.0.0.1), causing the E2E "Session isolation after logout and re-login" test to fail consistently. Fix: call the backend first (cookie still authenticates it), then clear local state in a finally block so local and server-side state are always consistent. Also fix a flaky Playwright test ("User cannot promote self to admin") where page.goto('/users') raced with Login.tsx's pending invalidateQueries→navigate('/') chain. Adding waitForURL+waitForLoadingComplete after loginWithCredentials ensures the app settles on the dashboard before navigating. --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Jeremy <jhatfield82@gmail.com> Co-authored-by: GitHub Actions <actions@github.com>
Automated checksum update for GeoLite2-Country.mmdb database. Old: 11b88595d026953920668d91f6d531057b397f05170237fc98a13a8b051ab861 New: 6e9212f23d3279a2454404d3b2a7ac30159fddbb9870ba33763014877296455c Auto-generated by: .github/workflows/update-geolite2.yml Co-authored-by: Wikid82 <176516789+Wikid82@users.noreply.github.com>
Contributor
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
Contributor
Author
✅ Supply Chain Verification Results✅ PASSED 📦 SBOM Summary
🔍 Vulnerability Scan
📎 Artifacts
Generated by Supply Chain Verification workflow • View Details |
Codecov Report❌ Patch coverage is 📢 Thoughts on this report? Let us know! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🚀 Weekly Nightly to Main Promotion
Date: 2026-06-22
Trigger: Scheduled weekly promotion
Commits: 153 commits to promote
Changes: 101 files changed, 7937 insertions(+), 979 deletions(-)
Commits Being Promoted
Showing first 50 of 153 commits:
...and 103 more commits
Pre-Merge Checklist
Merge Instructions
This PR promotes changes from
nightlytomain. Once all checks pass:This PR was automatically created by the Weekly Nightly Promotion workflow.