chore: fix dependabot.yml posture issues#105
Merged
Jacob Lee (jacoblee93) merged 2 commits intonextfrom Mar 25, 2026
Merged
Conversation
- Change schedule from weekly to monthly for all ecosystems - Add update-types split (major vs minor-and-patch) for gradle and github-actions - Add docker ecosystem entry for .devcontainer/Dockerfile
…s posture compliance
Jacob Lee (jacoblee93)
approved these changes
Mar 25, 2026
Merged
Jacob Lee (jacoblee93)
added a commit
that referenced
this pull request
Mar 31, 2026
* Revert "main to next (#108)" (#110) This reverts commit 5a8988d. * Fix/lint and remove method count (#111) * release: 0.1.0-alpha.24 * fix: lint and remove outdated method count ci test Made-with: Cursor --------- Co-authored-by: stainless-app[bot] <142633134+stainless-app[bot]@users.noreply.github.com> * feat: Adds package version resource to build (#100) * codegen metadata * codegen metadata * chore: make `Properties` more resilient to `null` * chore: drop apache dependency * codegen metadata * codegen metadata * codegen metadata * chore(internal): expand imports * feat(api): manual updates * codegen metadata * feat(api): manual updates * codegen metadata * feat(api): manual updates * codegen metadata * codegen metadata * feat(api): api update * codegen metadata * codegen metadata * feat(api): api update * feat(api): api update * codegen metadata * codegen metadata * codegen metadata * codegen metadata * feat(api): api update * codegen metadata * codegen metadata * codegen metadata * codegen metadata * codegen metadata * codegen metadata * codegen metadata * codegen metadata * feat(api): api update * codegen metadata * feat(api): manual updates removed endpoints not in openAPI spec * codegen metadata * codegen metadata * codegen metadata * chore: align user agent format (#96) * feat(api): api update * codegen metadata * codegen metadata * feat(api): api update * chore(internal): codegen related update * chore(internal): bump palantir-java-format * chore(ci): skip uploading artifacts on stainless-internal branches * chore: update placeholder string * codegen metadata * codegen metadata * codegen metadata * codegen metadata * feat(api): api update * codegen metadata * codegen metadata * fix(client): incorrect `Retry-After` parsing * codegen metadata * codegen metadata * feat(api): api update * feat(api): api update * codegen metadata * codegen metadata * feat(api): api update * codegen metadata * chore(internal): tweak CI branches * codegen metadata * codegen metadata * codegen metadata * codegen metadata * codegen metadata * chore(internal): update retry delay tests * fix(client): allow updating header/query affecting fields in `toBuilder()` * codegen metadata * codegen metadata * feat(api): api update * feat(api): api update * codegen metadata * chore(internal): bump ktfmt * chore: remove old test (#97) * codegen metadata * feat(api): manual updates * codegen metadata * feat(api): api update * codegen metadata * codegen metadata * codegen metadata * chore(internal): update gitignore * codegen metadata * codegen metadata * codegen metadata * chore(ci): skip lint on metadata-only changes Note that we still want to run tests, as these depend on the metadata. * Fix error messages (#102) * codegen metadata * Merge * Merge * Lint * Add debug log * main to next (#108) * codegen metadata * codegen metadata * chore: make `Properties` more resilient to `null` * chore: drop apache dependency * codegen metadata * codegen metadata * codegen metadata * chore(internal): expand imports * feat(api): manual updates * codegen metadata * feat(api): manual updates * codegen metadata * feat(api): manual updates * codegen metadata * codegen metadata * feat(api): api update * codegen metadata * codegen metadata * feat(api): api update * feat(api): api update * codegen metadata * codegen metadata * codegen metadata * codegen metadata * feat(api): api update * codegen metadata * codegen metadata * codegen metadata * codegen metadata * codegen metadata * codegen metadata * codegen metadata * codegen metadata * feat(api): api update * codegen metadata * feat(api): manual updates removed endpoints not in openAPI spec * codegen metadata * codegen metadata * codegen metadata * chore: align user agent format (#96) * feat(api): api update * codegen metadata * codegen metadata * feat(api): api update * chore(internal): codegen related update * chore(internal): bump palantir-java-format * chore(ci): skip uploading artifacts on stainless-internal branches * chore: update placeholder string * codegen metadata * codegen metadata * codegen metadata * codegen metadata * feat(api): api update * codegen metadata * codegen metadata * fix(client): incorrect `Retry-After` parsing * codegen metadata * codegen metadata * feat(api): api update * feat(api): api update * codegen metadata * codegen metadata * feat(api): api update * codegen metadata * chore(internal): tweak CI branches * codegen metadata * codegen metadata * codegen metadata * codegen metadata * codegen metadata * chore(internal): update retry delay tests * fix(client): allow updating header/query affecting fields in `toBuilder()` * codegen metadata * codegen metadata * feat(api): api update * feat(api): api update * codegen metadata * chore(internal): bump ktfmt * chore: remove old test (#97) * codegen metadata * feat(api): manual updates * codegen metadata * feat(api): api update * codegen metadata * codegen metadata * codegen metadata * chore(internal): update gitignore * codegen metadata * codegen metadata * codegen metadata * chore(ci): skip lint on metadata-only changes Note that we still want to run tests, as these depend on the metadata. * Fix error messages (#102) * codegen metadata * release: 0.1.0-alpha.24 * fix: lint and remove outdated method count ci test (#103) Made-with: Cursor * chore(deps): bump gradle/actions from 5 to 6 in the all-actions group (#99) Bumps the all-actions group with 1 update: [gradle/actions](https://github.com/gradle/actions). Updates `gradle/actions` from 5 to 6 - [Release notes](https://github.com/gradle/actions/releases) - [Commits](gradle/actions@v5...v6) --- updated-dependencies: - dependency-name: gradle/actions dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: stainless-app[bot] <142633134+stainless-app[bot]@users.noreply.github.com> Co-authored-by: Jacob Lee <jacoblee93@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Change to warning and add a test --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: stainless-app[bot] <142633134+stainless-app[bot]@users.noreply.github.com> Co-authored-by: ericdong-langchain <ericdong@langchain.dev> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Adds contributing guide (#112) * ci: add minimum workflow permissions (#106) - Add top-level `permissions: contents: read` to all 4 workflow files - Change release-doctor.yml trigger from `pull_request` to `pull_request_target` to prevent secret exfiltration via PR-controlled workflow modifications Co-authored-by: Posture Fix <posture-fix@langchain.ai> * ci: SHA-pin third-party Gradle actions (#107) Pin gradle/actions/setup-gradle and gradle/gradle-build-action to full commit SHAs to prevent supply chain attacks via tag hijacking. - gradle/actions/setup-gradle@v6 → @205054a... (ci.yml ×2, codeql.yml) - gradle/gradle-build-action@v3 → @12318b0... (ci.yml, publish-sonatype.yml) Co-authored-by: Posture Fix <posture-fix@langchain.ai> * chore: fix dependabot.yml posture issues (#105) * chore: update dependabot.yml to comply with posture checks - Change schedule from weekly to monthly for all ecosystems - Add update-types split (major vs minor-and-patch) for gradle and github-actions - Add docker ecosystem entry for .devcontainer/Dockerfile * chore: add target-branch next and fix docker group split for Stainless posture compliance --------- Co-authored-by: Posture Fix <posture-fix@langchain.ai> * feat(api): api update * feat(api): api update * feat: Add `traceable` function wrapper for LangSmith tracing (#101) * Adds versioning resource to build * Adds initial version of traceable * Lint * Deflake * Progress * Progress * Fixes * Fixes * More refactor * Small bug * Refactor * Fix * Devin feedback * Tests and feedback * Remove redundant comment * Docstring * codegen metadata * codegen metadata * feat: Adds processInputs and processOutputs to traceable (#113) * Adds processInputs and processOutputs to traceable * Move generics into TraceProcessIO to avoid having them top level * Fix docstring, nit * codegen metadata * codegen metadata * feat(api): api update * codegen metadata * codegen metadata * codegen metadata * codegen metadata * feat(api): api update * codegen metadata * feat(api): manual updates * codegen metadata * fix: Fix format detection when pulling legacy prompts (#115) * Fix format detection when pulling legacy prompts * Feedback * Update AGENTS.md (#116) * feat: Rework wrapOpenAI (#114) * Update wrapOpenAI * Remove * Fixes * nits * Feedback * Cache * Remove comment * Fix * feat(api): api update * feat(api): api update * fix: patch security alerts — bump Jackson and constrain vulnerable transitive deps (#119) Bumps Jackson 2.18.2→2.18.6 in published api deps and adds version constraints for vulnerable transitive dependencies in test and example scopes (Tomcat 9.0.115, Jetty 9.4.57, logback 1.2.13, commons-fileupload 1.6.0, commons-io 2.14.0, json-smart 2.4.9, snakeyaml 1.31, spring-web 5.3.34). Addresses alerts: #75 (jackson-core), #82/#81/#80/#79/#78/#72/#70/#69 /#68/#66/#65/#60/#59/#54/#52/#51/#48/#46/#45/#44/#43/#35/#34/#29/#31 (tomcat/jetty/logback/commons). Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * codegen metadata * codegen metadata * feat: Adds support for tracing streams with traceable (#117) * Adds support for tracing streams with traceable * Polish * Make stream tracing opt-in * Rework to use a passthrough instead of a proxy * Record stream cancellations as errors * Feedback * Format and add to AGENTS.md * feat: Adds streaming support for wrapOpenAI (#118) * Adds support for tracing streams with traceable * Polish * Make stream tracing opt-in * Rework to use a passthrough instead of a proxy * Adds streaming support for wrapOpenAI * Record stream cancellations as errors * Adds streaming example * Allow empty config default, add example * Fix * release: 0.1.0-alpha.25 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: ericdong-langchain <ericdong@langchain.dev> Co-authored-by: stainless-app[bot] <142633134+stainless-app[bot]@users.noreply.github.com> Co-authored-by: Jacob Lee <jacoblee93@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: John Kennedy <65985482+jkennedyvz@users.noreply.github.com> Co-authored-by: Posture Fix <posture-fix@langchain.ai> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
intervalfromweeklytomonthlyfor both ecosystems (org standard)update-typessplit (separatemajorgroup fromminor-and-patch) forgradleandgithub-actionsentries — prevents breaking changes from being bundled with safe updatesdockerecosystem entry for.devcontainer/DockerfileTest plan