akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity
1,671 Commits 11 Branches 107 Tags
f9e1a59640eabd25307e6de7e88c8ebb368c7d04
Commit Graph

1671 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeremy f9e1a59640 Merge branch 'feature/beta-release' into renovate/feature/beta-release-actions-checkout-6.x 2026-01-12 01:08:04 -05:00
renovate[bot] ee5a19810b chore(deps): update actions/checkout action to v6 2026-01-12 06:07:25 +00:00
Jeremy e25aa6270e Merge pull request #500 from Wikid82/renovate/feature/beta-release-actions-upload-artifact-4.x 
chore(deps): update actions/upload-artifact action to v4.6.2 (feature/beta-release)
 2026-01-12 01:06:38 -05:00
Jeremy 577a2cc556 Merge pull request #498 from Wikid82/renovate/feature/beta-release-pin-dependencies 
chore(deps): pin dependencies (feature/beta-release)
 2026-01-12 01:06:23 -05:00
Jeremy 25b010c241 Merge branch 'feature/beta-release' into renovate/feature/beta-release-pin-dependencies 2026-01-12 01:06:15 -05:00
Jeremy 0334c547f1 Merge pull request #499 from Wikid82/renovate/feature/beta-release-renovatebot-github-action-44.x 
chore(deps): update renovatebot/github-action action to v44.2.4 (feature/beta-release)
 2026-01-12 01:05:26 -05:00
Jeremy 55bb1353e5 Merge pull request #501 from Wikid82/renovate/feature/beta-release-actions-checkout-5.x 
chore(deps): update actions/checkout action to v5 (feature/beta-release)
 2026-01-12 01:05:03 -05:00
Jeremy a45cfe3d32 Merge branch 'main' into feature/beta-release 2026-01-12 01:01:46 -05:00
renovate[bot] 9d8730f41f chore(deps): update actions/checkout action to v5 2026-01-12 06:00:24 +00:00
renovate[bot] d9e5e8001e chore(deps): update actions/upload-artifact action to v4.6.2 2026-01-12 06:00:18 +00:00
renovate[bot] c40932c430 chore(deps): update renovatebot/github-action action to v44.2.4 2026-01-12 06:00:13 +00:00
renovate[bot] fb99022879 chore(deps): pin dependencies 2026-01-12 06:00:09 +00:00
Jeremy c7b8dca974 Merge branch 'development' into main 2026-01-12 00:59:35 -05:00
Jeremy 9302226777 Merge pull request #496 from Wikid82/renovate/feature/beta-release-anchore-sbom-action-0.x 
chore(deps): update anchore/sbom-action action to v0.21.1 (feature/beta-release)
 2026-01-12 00:56:03 -05:00
Jeremy 9c4db471a9 Merge pull request #493 from Wikid82/renovate/feature/beta-release-actions-setup-node-6.x 
chore(deps): update actions/setup-node action to v6 (feature/beta-release)
 2026-01-12 00:55:36 -05:00
Jeremy bef989537c Merge pull request #490 from Wikid82/renovate/feature/beta-release-golang.org-x-net-0.x 
fix(deps): update module golang.org/x/net to v0.48.0 (feature/beta-release)
 2026-01-12 00:54:45 -05:00
Jeremy 7f7e4c6ff7 Merge pull request #489 from Wikid82/renovate/feature/beta-release-actions-github-script-7.x 
chore(deps): update actions/github-script action to v7.1.0 (feature/beta-release)
 2026-01-12 00:54:27 -05:00
Jeremy 451055f02c Merge pull request #488 from Wikid82/renovate/feature/beta-release-actions-download-artifact-4.x 
chore(deps): update actions/download-artifact action to v4.3.0 (feature/beta-release)
 2026-01-12 00:54:11 -05:00
Jeremy b71082145b Merge pull request #487 from Wikid82/renovate/feature/beta-release-actions-checkout-4.x 
chore(deps): update actions/checkout action to v4.3.1 (feature/beta-release)
 2026-01-12 00:53:50 -05:00
Jeremy 4f57a3da6d Merge pull request #486 from Wikid82/renovate/feature/beta-release-npm-minorpatch 
fix(deps): update npm minor/patch (feature/beta-release)
 2026-01-12 00:53:27 -05:00
Jeremy 62027e46b3 Merge pull request #485 from Wikid82/renovate/feature/beta-release-peter-evans-create-or-update-comment-5.x 
chore(deps): update peter-evans/create-or-update-comment action to v5 (feature/beta-release)
 2026-01-12 00:52:54 -05:00
Jeremy 05904a14d9 Merge branch 'feature/beta-release' into renovate/feature/beta-release-actions-checkout-4.x 2026-01-12 00:52:05 -05:00
Jeremy 754417bb8f Merge branch 'feature/beta-release' into renovate/feature/beta-release-npm-minorpatch 2026-01-12 00:51:38 -05:00
Jeremy ae3417a986 Merge branch 'feature/beta-release' into renovate/feature/beta-release-peter-evans-create-or-update-comment-5.x 2026-01-12 00:51:02 -05:00
Jeremy 9836288e91 Merge branch 'main' into feature/beta-release 2026-01-12 00:34:06 -05:00
github-actions[bot] 21e15e9639 chore: move processed issue files to created/ 2026-01-12 05:33:49 +00:00
GitHub Actions 3fb870f109 fix: improve Docker image handling in CI workflow with exact tag extraction and validation 2026-01-12 05:33:29 +00:00
Jeremy 22a23da6e9 Add nightly branch to propagate changes workflow 2026-01-12 00:19:19 -05:00
renovate[bot] e86124f556 chore(deps): update anchore/sbom-action action to v0.21.1 2026-01-12 05:05:57 +00:00
renovate[bot] bcdc472b0a chore(deps): update actions/setup-node action to v6 2026-01-12 05:04:50 +00:00
renovate[bot] b0502e641e fix(deps): update module golang.org/x/net to v0.48.0 2026-01-12 05:04:34 +00:00
renovate[bot] 69d527682a chore(deps): update actions/github-script action to v7.1.0 2026-01-12 05:04:02 +00:00
renovate[bot] fcd40909e9 chore(deps): update actions/download-artifact action to v4.3.0 2026-01-12 05:03:57 +00:00
renovate[bot] b1fd466e20 chore(deps): update actions/checkout action to v4.3.1 2026-01-12 05:03:51 +00:00
renovate[bot] 6794935518 fix(deps): update npm minor/patch 2026-01-12 05:02:46 +00:00
renovate[bot] b44ff56283 chore(deps): update peter-evans/create-or-update-comment action to v5 2026-01-12 05:02:31 +00:00
Jeremy cb877af974 Fix base branch pattern for Renovate configuration 2026-01-11 23:59:45 -05:00
Jeremy 2b259ff4a6 Update base branch patterns in renovate.json 2026-01-11 23:55:47 -05:00
Jeremy 23e4d9f7eb Add base branch patterns for feature and nightly 2026-01-11 23:54:13 -05:00
GitHub Actions 480d97f058 fix: add performance_diagnostics.md to .gitignore to exclude performance reports from version control 2026-01-12 04:47:51 +00:00
GitHub Actions d7939bed70 feat: add ManualDNSChallenge component and related hooks for manual DNS challenge management 
- Implemented `useManualChallenge`, `useChallengePoll`, and `useManualChallengeMutations` hooks for managing manual DNS challenges.
- Created tests for the `useManualChallenge` hooks to ensure correct fetching and mutation behavior.
- Added `ManualDNSChallenge` component for displaying challenge details and actions.
- Developed end-to-end tests for the Manual DNS Provider feature, covering provider selection, challenge UI, and accessibility compliance.
- Included error handling tests for verification failures and network errors.
 2026-01-12 04:01:40 +00:00
GitHub Actions a199dfd079 fix: update golang.org/x/mod to v0.31.0 in go.work.sum 2026-01-11 22:08:25 +00:00
GitHub Actions 118e35f73e fix: patch golang.org/x/crypto in CrowdSec builder stage 
Add x/crypto v0.46.0 upgrade to CrowdSec builder stage to remediate:
- GHSA-j5w8-q4qc-rx2x (SSH public key parsing DoS)
- GHSA-f6x5-jh6r-wrfv (SSH certificate parsing DoS)

The CrowdSec builder was missing the x/crypto patch that exists in
our backend go.mod, causing scanners to detect v0.42.0 vulnerabilities
in the final image.
 2026-01-11 21:50:50 +00:00
GitHub Actions 74c6911200 fix: regenerate go.sum after dependency upgrade 
The validator v10.30.1 upgrade requires updated go.sum entries
for golang.org/x/net and related transitive dependencies.

Resolves Docker build failure: 'missing go.sum entry for module
providing package golang.org/x/net/idna'
 2026-01-11 21:34:23 +00:00
GitHub Actions 972f41af79 fix: upgrade go-playground/validator to v10.30.1 to remediate golang.org/x/crypto vulnerabilities 
Upgrades validator from v10.28.0 to v10.30.1, which transitively upgrades
golang.org/x/crypto from v0.42.0 (vulnerable) to v0.46.0 (patched).

Remediates:
- GHSA-j5w8-q4qc-rx2x (SSH connection handling vulnerability)
- GHSA-f6x5-jh6r-wrfv (SSH key parsing vulnerability)

Previously attempted replace directive approach did not work because Go
embeds original dependency versions in binary metadata, which scanners read.
Direct dependency upgrade is the correct solution.

Expected impact: Reduces Medium vulnerabilities from 8 to 4 (Alpine CVEs only)

Testing: All backend unit tests passing
 2026-01-11 21:27:18 +00:00
GitHub Actions e643a60c32 fix: remediate supply chain vulnerabilities and implement no-cache builds 
## Summary
Addresses 8 Medium severity vulnerabilities identified in supply chain scan
for PR #461. Implements no-cache Docker builds to prevent layer caching
issues and remediates golang.org/x/crypto vulnerabilities via replace
directive.

## Changes

### Security Fixes
- Add go.mod replace directive forcing golang.org/x/crypto v0.42.0 -> v0.45.0
  - Addresses GHSA-j5w8-q4qc-rx2x (SSH connection handling)
  - Addresses GHSA-f6x5-jh6r-wrfv (SSH key parsing)
  - Transitive dependency from go-playground/validator/v10@v10.28.0
  - Tested with backend unit tests - all passing

### Docker Build Improvements
- Add no-cache: true to docker-build.yml main build step
- Add --no-cache flag to PR-specific builds (trivy-pr-app-only)
- Add --no-cache flag to waf-integration.yml builds
- Remove GitHub Actions cache configuration (cache-from, cache-to)
- Ensures clean builds with accurate vulnerability
 2026-01-11 20:56:44 +00:00
GitHub Actions d8cc4da730 fix: Implement no-cache Docker builds to eliminate false positive vulnerabilities from cached layers 2026-01-11 20:39:57 +00:00
GitHub Actions 622f5a48e4 fix: Enhance supply chain security with updated PR comments, remediation plan, scan analysis, and detailed vulnerability reporting 
- Implemented a new workflow for supply chain security that updates PR comments with current scan results, replacing stale data.
- Created a remediation plan addressing high-severity vulnerabilities in CrowdSec binaries, including action items and timelines.
- Developed a discrepancy analysis document to investigate differences between local and CI vulnerability scans, identifying root causes and remediation steps.
- Enhanced vulnerability reporting in PR comments to include detailed findings, collapsible sections for readability, and artifact uploads for compliance tracking.
 2026-01-11 20:13:15 +00:00
GitHub Actions e06eb4177b fix; CVE-2025-68156 remediation 
- Changed report title to reflect security audit focus
- Updated date and status to indicate approval for commit
- Enhanced executive summary with detailed validation results
- Included comprehensive test coverage results for backend and frontend
- Documented pre-commit hooks validation and known issues
- Added detailed security scan results, confirming absence of CVE-2025-68156
- Verified binary inspection for expr-lang dependency
- Provided risk assessment and recommendations for post-merge actions
- Updated compliance matrix and final assessment sections
- Improved overall report structure and clarity
 2026-01-11 19:33:25 +00:00
GitHub Actions db7490d763 feat: Enhance supply chain verification by excluding PR builds and add Docker image artifact handling 2026-01-11 07:17:12 +00:00