yusiboyz/platform
1
0
Fork 0
Code Issues 4 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Dependency Security and CI Enforcement #8

New Issue
Open
opened 2026-03-29 08:35:00 -05:00 by yusiboyz · 1 comment
yusiboyz commented 2026-03-29 08:35:00 -05:00
Owner
Copy Link

This issue covers dependency security and CI enforcement.

Problems:

  • Budget service still has the path-to-regexp ReDoS vulnerability via its lockfile/dependency tree
  • No visible CI enforcement for dependency auditing or secret scanning

Files:

  • services/budget/package-lock.json
  • service/package manifests as needed
  • CI workflow configuration

Acceptance criteria:

  • npm audit for Budget no longer reports path-to-regexp <0.1.13
  • Dependency audit checks run in CI for maintained Node projects
  • Secret scanning is added to CI
  • Failures block merges for high-severity security findings
This issue covers dependency security and CI enforcement. Problems: - Budget service still has the `path-to-regexp` ReDoS vulnerability via its lockfile/dependency tree - No visible CI enforcement for dependency auditing or secret scanning Files: - services/budget/package-lock.json - service/package manifests as needed - CI workflow configuration Acceptance criteria: - `npm audit` for Budget no longer reports `path-to-regexp <0.1.13` - Dependency audit checks run in CI for maintained Node projects - Secret scanning is added to CI - Failures block merges for high-severity security findings
yusiboyz added this to the Immediate milestone 2026-03-29 08:43:51 -05:00
yusiboyz commented 2026-03-29 10:13:12 -05:00
Author
Owner
Copy Link

Fixed in 4ecd233 — Added .gitea/workflows/security.yml: dependency audit, secret scanning, Dockerfile lint. Requires Gitea Actions runner to execute.

**Fixed in 4ecd233** — Added .gitea/workflows/security.yml: dependency audit, secret scanning, Dockerfile lint. Requires Gitea Actions runner to execute.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
auth
critical
dependencies
high
immediate
medium
next
ops
performance
security
No Label
Milestone
No items
No Milestone Immediate
Projects
Clear projects
No project
Assignees
Clear assignees
yusiboyz
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: yusiboyz/platform#8
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?