pezkuwichain/pwap
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pwap.git synced 2026-06-13 12:21:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2ee3caac0db81fca06ed1ff8d809aa237f30cac6
pwap/.github/workflows
T
History
pezkuwichain 2ee3caac0d fix(ci): audit only production deps in the deploy gate (--omit=dev) (#18) 
The security-audit gate ran 'npm audit --audit-level=high' over all deps,
so newly-published advisories on build-only tooling (esbuild, elliptic via
vite-plugin-node-polyfills, etc.) repeatedly blocked production deploys
even though that code ships to no user. Scope the gate to production
dependencies with --omit=dev. Verified: 'npm audit --audit-level=high
--omit=dev' → 0 vulnerabilities. TruffleHog secret scanning is unchanged.
2026-06-12 23:39:55 -07:00
..
codeql.yml
ci(security): Faz 3 + ekstra — runner consolidation, auto-rollback, cosign, SRI, dep cleanup
2026-05-09 12:08:49 +03:00
quality-gate.yml
fix(ci): audit only production deps in the deploy gate (--omit=dev) (#18)
2026-06-12 23:39:55 -07:00