From c73c34cb3b009a6b359f7255b23cde3a3d4600e3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 24 Sep 2025 22:48:44 +0000 Subject: [PATCH 1/2] chore(deps): bump pip from 24.3.1 to 25.2 in /.github/pip Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.2. - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](https://github.com/pypa/pip/compare/24.3.1...25.2) --- updated-dependencies: - dependency-name: pip dependency-version: '25.2' dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- .github/pip/pip-tools-requirements.in | 2 +- .github/pip/pip-tools-requirements.txt | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/pip/pip-tools-requirements.in b/.github/pip/pip-tools-requirements.in index 56ee916..bd090cc 100644 --- a/.github/pip/pip-tools-requirements.in +++ b/.github/pip/pip-tools-requirements.in @@ -4,4 +4,4 @@ pip-tools==7.4.1 setuptools>=78.1.1 -pip<25 # pip 25.1 has compatibility issues with pip-tools on Python 3.13 +pip<26 # pip 25.1 has compatibility issues with pip-tools on Python 3.13 diff --git a/.github/pip/pip-tools-requirements.txt b/.github/pip/pip-tools-requirements.txt index a4c2d21..2295eaa 100644 --- a/.github/pip/pip-tools-requirements.txt +++ b/.github/pip/pip-tools-requirements.txt @@ -32,9 +32,9 @@ wheel==0.45.1 \ # via pip-tools # The following packages are considered to be unsafe in a requirements file: -pip==24.3.1 \ - --hash=sha256:3790624780082365f47549d032f3770eeb2b1e8bd1f7b2e02dace1afa361b4ed \ - --hash=sha256:ebcb60557f2aefabc2e0f918751cd24ea0d56d8ec5445fe1807f1d2109660b99 +pip==25.2 \ + --hash=sha256:578283f006390f85bb6282dffb876454593d637f5d1be494b5202ce4877e71f2 \ + --hash=sha256:6d67a2b4e7f14d8b31b8b52648866fa717f45a1eb70e83002f4331d07e953717 # via # -r pip-tools-requirements.in # pip-tools From 80803333996548a9cc11e3fd83ba7037c831e23a Mon Sep 17 00:00:00 2001 From: mrz1836 Date: Fri, 26 Sep 2025 10:30:56 -0400 Subject: [PATCH 2/2] ci(workflows): add OSS Index auth to security scans Add OSSI_USERNAME and OSSI_TOKEN secrets to fortress workflows to enable authentication with OSS Index in the Nancy GitHub Action. This improves security scanning by allowing authenticated requests, reducing rate-limit issues and enhancing vulnerability data accuracy. --- .github/workflows/fortress-security-scans.yml | 9 +++++++++ .github/workflows/fortress.yml | 2 ++ 2 files changed, 11 insertions(+) diff --git a/.github/workflows/fortress-security-scans.yml b/.github/workflows/fortress-security-scans.yml index 040bb10..053ff19 100644 --- a/.github/workflows/fortress-security-scans.yml +++ b/.github/workflows/fortress-security-scans.yml @@ -47,6 +47,12 @@ on: gitleaks-license: description: "Gitleaks license key" required: false + ossi-username: + description: "OSS Index username for Nancy authentication" + required: false + ossi-token: + description: "OSS Index token for Nancy authentication" + required: false permissions: contents: read @@ -110,6 +116,9 @@ jobs: - name: 🔍 Ask Nancy uses: sonatype-nexus-community/nancy-github-action@726e338312e68ecdd4b4195765f174d3b3ce1533 # v1.0.3 continue-on-error: false + env: # Authentication for OSS Index (recommended) + OSSI_USERNAME: ${{ secrets.ossi-username }} + OSSI_TOKEN: ${{ secrets.ossi-token }} with: githubToken: ${{ secrets.github-token }} # ← prevents rate-limit 403 nancyVersion: ${{ env.NANCY_VERSION }} diff --git a/.github/workflows/fortress.yml b/.github/workflows/fortress.yml index 912bd80..69ab1ec 100644 --- a/.github/workflows/fortress.yml +++ b/.github/workflows/fortress.yml @@ -163,6 +163,8 @@ jobs: secrets: github-token: ${{ secrets.GH_PAT_TOKEN != '' && secrets.GH_PAT_TOKEN || secrets.GITHUB_TOKEN }} gitleaks-license: ${{ secrets.GITLEAKS_LICENSE }} + ossi-username: ${{ secrets.OSSI_USERNAME }} + ossi-token: ${{ secrets.OSSI_TOKEN }} # ---------------------------------------------------------------------------------- # Code Quality Checks # ----------------------------------------------------------------------------------