Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit b7b3c5b. Configure here.
|
|
||
| jobs: | ||
| sdk-close-stale: | ||
| uses: launchdarkly/gh-actions/.github/workflows/sdk-stale.yml@main |
There was a problem hiding this comment.
Reusable workflow pinned to branch, not commit SHA
Medium Severity
The reusable workflow reference launchdarkly/gh-actions/.github/workflows/sdk-stale.yml@main is pinned to a mutable branch instead of a commit SHA. Every other reference to launchdarkly/gh-actions in this repository is pinned to a specific commit hash (e.g., @2715574e..., @f1760cc5...). Pinning to @main means any change to that branch — including a compromise — would automatically execute in this repo's workflow with write permissions on issues and pull requests.
Reviewed by Cursor Bugbot for commit b7b3c5b. Configure here.
## Summary Updates the OpenSSL version installed via Chocolatey on Windows CI runners from 3.6.1 to 3.6.2. OpenSSL 3.6.1 has been removed from Chocolatey's community repository, causing all 9 Windows CI jobs to fail with a 404 when attempting to download `Win64OpenSSL-3_6_1.exe`. The latest available version is 3.6.2. ## Review & Testing Checklist for Human - [x] Verify that all Windows CI jobs pass with the updated version - [x] Confirm 3.6.2 is the desired target version (vs pinning to a different release) ### Notes This unblocks PR #520 and any other PRs currently blocked by Windows CI failures. Link to Devin session: https://app.devin.ai/sessions/d009d787eaa84d67813ec46d4cd3c382 Requested by: @kinyoklion <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk: CI-only change that updates a pinned dependency version on Windows runners; potential impact is limited to Windows build/test behavior if 3.6.2 differs from 3.6.1. > > **Overview** > Updates the Windows CI OpenSSL install step in `.github/actions/install-openssl/action.yml` to pin Chocolatey OpenSSL from `3.6.1` to `3.6.2`, unblocking Windows jobs that fail due to the removed `3.6.1` package. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit ab815f5. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
2 participants
Note
Low Risk
Low risk GitHub Actions change; it only adds a scheduled workflow that can auto-close stale issues/PRs, with limited
issues/pull-requestswrite permissions.Overview
Adds a new GitHub Actions workflow,
stale.yml, that can be run manually or on a daily cron to close stale issues and pull requests.The job delegates to
launchdarkly/gh-actions/.github/workflows/sdk-stale.yml@mainand grantsissuesandpull-requestswrite permissions to perform the closures.Reviewed by Cursor Bugbot for commit c16d606. Bugbot is set up for automated code reviews on this repo. Configure here.