Skip to content
This repository was archived by the owner on Mar 30, 2026. It is now read-only.

fix: fix multiple validation comment for each new commit on the branch#5

Merged
lhoupert merged 3 commits into
mainfrom
fix--fix-multiple-validation-comment-for-each-new-commit-on-the-branch
Mar 28, 2026
Merged

fix: fix multiple validation comment for each new commit on the branch#5
lhoupert merged 3 commits into
mainfrom
fix--fix-multiple-validation-comment-for-each-new-commit-on-the-branch

Conversation

@lhoupert
Copy link
Copy Markdown
Owner

@lhoupert lhoupert commented Mar 28, 2026

No description provided.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 28, 2026
edited
Loading

Security Audit Report

View workflow run

Bandit — Static Security Analysis (Security tab)

✅ No issues found.

pip-audit — Dependency Vulnerabilities (Security tab)

Package Version ID Fix Versions Description
pygments 2.19.2 CVE-2026-4539 none A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file

1 vulnerability/vulnerabilities found (0 fixable) across 1 package(s).

Result: ✅ No blocking issues found.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 28, 2026
edited
Loading

❌ Some test workflows did not match expectations

11 passed, 3 failed

Test Name Expected Actual Bandit pip-audit Result
01 requirements · flat · clean success success
02 requirements · src/ · bandit HIGH failure failure B105, B404, B602
03 requirements · src/+scripts/ · bandit HIGH + pip-audit failure failure B105, B404, B602
04 uv · flat · clean success success
05 uv · src/ · pip-audit vuln failure success
06 uv · src/+scripts/ · bandit MEDIUM failure failure B324, B506
07 poetry · flat · clean success success pygments
08 poetry · src/ · bandit MEDIUM + pip-audit failure failure B105, B324 cryptography, idna, requests, urllib3
09 pipenv · flat · clean success success
10 pipenv · src/+scripts/ · bandit HIGH failure failure B404, B602
11 requirements · flat · clean (root working dir) success success
12 uv · flat · bandit-only (no pip-audit) failure failure B404, B602 disabled
13 requirements · flat · unfixable vulns (should pass) success success pygments
14 uv · flat · low threshold (B101 assert) failure failure B101 disabled

Error details

Test 03 — requirements · src/+scripts/ · bandit HIGH + pip-audit

  • pip-audit: expected vuln for requests not found
  • pip-audit: expected vuln for Pillow not found

Test 05 — uv · src/ · pip-audit vuln

  • Conclusion: expected failure, got success
  • pip-audit: expected vuln for requests not found

Test 07 — poetry · flat · clean

  • pip-audit: expected no vulns, got 1 (pygments)

@lhoupert
fix: fix 6 of 7 failing integration test validations
80b28dc 
Phase 1 - tests repo only (no action release needed):
- validate_results.py: use rglob() to find pip-audit-report.json nested
  inside artifact subdirectory when working_directory != "." (LCA issue).
  Fixes artifact path nesting for tests 08, 13 and unblocks 05 once
  its pip-audit issue is resolved.
- expected_results.yml: update bandit rule B303 -> B324 for tests 06
  and 08. Bandit 1.8.6 reports hashlib.md5() as B324, not B303.
- 11-requirements-root/requirements.txt: bump flask 3.1.1 -> 3.1.3 to
  fix new CVE that caused test 11 to block on a fixable vulnerability.

Phase 2 - action release v0.4.3:
- Pin all 14 test workflows to action v0.4.3 (SHA
  6791db45b1aea51db705d38978ad62b855b34b32), which fixes the
  comma->space separator bug in resolve-targets and adds debug logging.
@lhoupert lhoupert merged commit 027be57 into main Mar 28, 2026
12 of 20 checks passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lhoupert