From 05885b08d53d59a9965cc2b1014933da9217acc7 Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 22 May 2026 17:01:24 +0000 Subject: [PATCH 1/2] =?UTF-8?q?ci:=20bump=20actions/checkout=20v4=E2=86=92?= =?UTF-8?q?v5=20for=20Node=2024=20compat?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Node 20 actions are deprecated on GitHub Actions runners; forced upgrade to Node 24 starts 2026-06-02. Bumps actions/checkout from @v4 (Node 20) to @v5 (Node 24 native) across all five workflow files (7 occurrences). --- .github/workflows/ci.yml | 6 +++--- .github/workflows/codeql.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/secret-scan.yml | 2 +- .github/workflows/security.yml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 73647a7..9757a75 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,7 +10,7 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: actions/setup-python@v6 with: python-version: "3.12" @@ -24,7 +24,7 @@ jobs: matrix: python-version: ["3.11", "3.12", "3.13"] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} @@ -34,7 +34,7 @@ jobs: gitleaks: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: fetch-depth: 0 - uses: gitleaks/gitleaks-action@v2 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 145a43d..6064db1 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Initialize CodeQL uses: github/codeql-action/init@v4 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4a4ef89..6268e14 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest environment: pypi steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Set up Python uses: actions/setup-python@v6 diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml index 0d58331..1d07e49 100644 --- a/.github/workflows/secret-scan.yml +++ b/.github/workflows/secret-scan.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 9448b5e..b58ee47 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -13,7 +13,7 @@ jobs: name: Dependency Audit runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - uses: actions/setup-python@v6 with: python-version: "3.12" From e47c3cb3dbee8d56c692ac335ed4b812730b1615 Mon Sep 17 00:00:00 2001 From: AreteDriver Date: Sat, 23 May 2026 19:33:15 -0700 Subject: [PATCH 2/2] ci(gitleaks): add GITHUB_TOKEN env so PR scans work MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit gitleaks-action@v2 made GITHUB_TOKEN required for pull_request scans. The job was failing with: "🛑 GITHUB_TOKEN is now required to scan pull requests." All other CI checks on PR #10 (lint, test 3.11/3.12/ 3.13, CodeQL, Secret Scan, Dependency Audit) were green. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9757a75..060b390 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,4 +39,5 @@ jobs: fetch-depth: 0 - uses: gitleaks/gitleaks-action@v2 env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}