From 52ff5be490086570337e57a986e812e32e2df0d1 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Wed, 21 Jan 2026 20:38:31 +0000 Subject: [PATCH 1/3] chore(ci): remove Snyk build workflows --- .../build_docker.yml | 0 .../snyk.yml | 0 .gitea/workflows/ci.yml | 34 +++++++++---------- 3 files changed, 17 insertions(+), 17 deletions(-) rename .gitea/{workflows => workflows-disabled}/build_docker.yml (100%) rename .gitea/{workflows => workflows-disabled}/snyk.yml (100%) diff --git a/.gitea/workflows/build_docker.yml b/.gitea/workflows-disabled/build_docker.yml similarity index 100% rename from .gitea/workflows/build_docker.yml rename to .gitea/workflows-disabled/build_docker.yml diff --git a/.gitea/workflows/snyk.yml b/.gitea/workflows-disabled/snyk.yml similarity index 100% rename from .gitea/workflows/snyk.yml rename to .gitea/workflows-disabled/snyk.yml diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 5afd216..138740b 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -64,19 +64,19 @@ jobs: # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }} # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} - - name: Set up environment for Snyk - run: | - uv pip freeze > requirements.txt - mv pyproject.toml pyproject.toml.bak - mv uv.lock uv.lock.bak + # - name: Set up environment for Snyk + # run: | + # uv pip freeze > requirements.txt + # mv pyproject.toml pyproject.toml.bak + # mv uv.lock uv.lock.bak - - name: Snyk SAST Scan - uses: snyk/actions/python@master - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - with: - # command: snyk - args: snyk code test #--all-projects --exclude=.archive + # - name: Snyk SAST Scan + # uses: snyk/actions/python@master + # env: + # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + # with: + # # command: snyk + # args: snyk code test #--all-projects --exclude=.archive # - name: Snyk Vulnerability Scan # uses: snyk/actions/python@master @@ -88,8 +88,8 @@ jobs: # # command: snyk # args: snyk test #--all-projects --exclude=.archive - - name: Reverse set up environment for Snyk - run: | - rm -f requirements.txt - mv pyproject.toml.bak pyproject.toml - mv uv.lock.bak uv.lock + # - name: Reverse set up environment for Snyk + # run: | + # rm -f requirements.txt + # mv pyproject.toml.bak pyproject.toml + # mv uv.lock.bak uv.lock -- 2.49.1 From 46c9ae15846975276fb68ead5480c50c0ce57ea5 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Wed, 21 Jan 2026 20:39:13 +0000 Subject: [PATCH 2/3] refactor(deps): update dependency groups format in pyproject.toml --- pyproject.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index e6c939e..c6a1ea9 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -10,8 +10,8 @@ dependencies = [ "requests>=2.32.3", ] -[tool.uv] -dev-dependencies = [ +[dependency-groups] +dev = [ "black<26.1.1,>=26.1.0", "coverage<8.0.0,>=7.6.10", "isort<7.0.1,>=7.0.0", -- 2.49.1 From dfcc2de4921d5bc506b909ea84aff112a276b4b7 Mon Sep 17 00:00:00 2001 From: Luke Tainton Date: Wed, 21 Jan 2026 20:39:57 +0000 Subject: [PATCH 3/3] feat(deps): enable OSV vulnerability alerts and summary in renovate.json --- renovate.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/renovate.json b/renovate.json index e95e1f0..8bce63f 100644 --- a/renovate.json +++ b/renovate.json @@ -11,6 +11,8 @@ "semanticCommits": "enabled", "semanticCommitScope": "deps", "semanticCommitType": "feat", + "osvVulnerabilityAlerts": true, + "dependencyDashboardOSVVulnerabilitySummary": "all", "vulnerabilityAlerts": { "commitMessagePrefix": "[SECURITY] ", "enabled": true, -- 2.49.1