From 1748d9d244680a5adb7fe5da6c31752ddd2b2c5b Mon Sep 17 00:00:00 2001
From: Luke Tainton <luke@tainton.uk>
Date: Wed, 21 Jan 2026 20:51:42 +0000
Subject: [PATCH] chore(security): remove Snyk security workflow and update
 renovate configuration

---
 .../security.yml                              |  0
 .gitea/workflows/ci.yml                       | 34 +++++++++----------
 renovate.json                                 |  2 ++
 3 files changed, 19 insertions(+), 17 deletions(-)
 rename .gitea/{workflows => workflows-disabled}/security.yml (100%)

diff --git a/.gitea/workflows/security.yml b/.gitea/workflows-disabled/security.yml
similarity index 100%
rename from .gitea/workflows/security.yml
rename to .gitea/workflows-disabled/security.yml
diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 5c8f102..3bbc296 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -59,19 +59,19 @@ jobs:
       - name: Minimize uv cache
         run: uv cache prune --ci
       
-      - name: Set up environment for Snyk
-        run: |
-          uv pip freeze > requirements.txt
-          mv pyproject.toml pyproject.toml.bak
-          mv uv.lock uv.lock.bak
+      # - name: Set up environment for Snyk
+      #   run: |
+      #     uv pip freeze > requirements.txt
+      #     mv pyproject.toml pyproject.toml.bak
+      #     mv uv.lock uv.lock.bak
 
-      - name: Snyk SAST Scan
-        uses: snyk/actions/python@master
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        with:
-          # command: snyk
-          args: snyk code test #--all-projects --exclude=.archive
+      # - name: Snyk SAST Scan
+      #   uses: snyk/actions/python@master
+      #   env:
+      #     SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      #   with:
+      #     # command: snyk
+      #     args: snyk code test #--all-projects --exclude=.archive
 
       # - name: SonarQube Scan
       #   uses: SonarSource/sonarqube-scan-action@v5.2.0
@@ -88,8 +88,8 @@ jobs:
       #     command: snyk
       #     args: test --all-projects
 
-      - name: Reverse set up environment for Snyk
-        run: |
-          rm -f requirements.txt
-          mv pyproject.toml.bak pyproject.toml
-          mv uv.lock.bak uv.lock
+      # - name: Reverse set up environment for Snyk
+      #   run: |
+      #     rm -f requirements.txt
+      #     mv pyproject.toml.bak pyproject.toml
+      #     mv uv.lock.bak uv.lock
diff --git a/renovate.json b/renovate.json
index a37de40..ce7e6b9 100644
--- a/renovate.json
+++ b/renovate.json
@@ -11,6 +11,8 @@
   "semanticCommits": "enabled",
   "semanticCommitScope": "deps",
   "semanticCommitType": "feat",
+  "osvVulnerabilityAlerts": true,
+  "dependencyDashboardOSVVulnerabilitySummary": "all",
   "vulnerabilityAlerts": {
     "commitMessagePrefix": "[SECURITY] ",
     "enabled": true,
-- 
2.49.1