Skip to content

build: adopt the Node.js 24 runtime (v0.3.1)#5

Merged
jhumel-code merged 2 commits into
mainfrom
build/node24-runtime
Jun 8, 2026
Merged

build: adopt the Node.js 24 runtime (v0.3.1)#5
jhumel-code merged 2 commits into
mainfrom
build/node24-runtime

Conversation

@jhumel-code

@jhumel-code jhumel-code commented Jun 8, 2026

Copy link
Copy Markdown
Collaborator

@jhumel-code
build(action): adopt the Node.js 24 runtime ahead of Node 20 deprecation
685730b 
GitHub deprecates the Node 20 Actions runtime — runners default to Node 24 on
2026-06-16 and Node 20 is removed on 2026-09-16. Move `runs.using` to node24
now. No behavior change: the bundled `dist/` is byte-identical. Build CI and the
`engines` field bump to Node 24 to match the runtime.

Release v0.3.1.
@github-actions

github-actions Bot commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown

Trustabl scan

trustabl/trustabl-action · build/node24-runtime · 0 findings

Readiness goes from 100100 (+0)

Readiness now   🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩   100 / 100

Projected if all findings resolved   🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩   100 / 100   +0

Findings by severity

Severity Count
critical 0 ▱▱▱▱▱▱▱▱
high 0 ▱▱▱▱▱▱▱▱
medium 0 ▱▱▱▱▱▱▱▱
low 0 ▱▱▱▱▱▱▱▱
info 0 ▱▱▱▱▱▱▱▱
Projected headroom — estimate, not a re-scan
Fix scope Readiness Δ
Fix critical 100 → 100 +0
+ high 100 → 100 +0
+ medium 100 → 100 +0
+ low 100 → 100 +0
+ info (all) 100 → 100 +0

Projected by re-applying trustabl's own scoring with the listed findings resolved (nothing new introduced). Treat as guidance, not a guarantee.

Metric Value
Repository trustabl/trustabl-action
Branch build/node24-runtime
Readiness score 100
Risk score 0
Findings 0
Max severity none
Native exit 0
Rules version d77749c5299d470297ee1040a6c8167a759f7004

✅ Passed scanning

@jhumel-code
docs: document full SDK coverage, vuln-scan, and detector tokens
fe74efa 
README + capabilities list the full analyzed surface (Claude/OpenAI/Google ADK/
LangChain/CrewAI/Pydantic AI/Vercel AI/AutoGen SDKs, MCP servers, and Claude
subagents & skills), add a how-it-works note for the opt-in --vuln-scan, expand
the detectors token list to the engine's full set, and bump install pins to
v0.3.1.
@jhumel-code jhumel-code merged commit 57d4363 into main Jun 8, 2026
5 checks passed
@jhumel-code jhumel-code deleted the build/node24-runtime branch June 8, 2026 17:11
jaysonsantos05 added a commit that referenced this pull request Jun 9, 2026
@jaysonsantos05
Squashed commit of the following:
ab4166b 
commit 57d4363
Merge: 43e2066 fe74efa
Author: Ian Jhumel Bautista <85332563+jhumel-code@users.noreply.github.com>
Date:   Tue Jun 9 01:11:35 2026 +0800

    Merge pull request #5 from trustabl/build/node24-runtime

    build: adopt the Node.js 24 runtime (v0.3.1)

commit fe74efa
Author: Ian Jhumel Bautista <ianjhumelbautista@gmail.com>
Date:   Tue Jun 9 01:10:04 2026 +0800

    docs: document full SDK coverage, vuln-scan, and detector tokens

    README + capabilities list the full analyzed surface (Claude/OpenAI/Google ADK/
    LangChain/CrewAI/Pydantic AI/Vercel AI/AutoGen SDKs, MCP servers, and Claude
    subagents & skills), add a how-it-works note for the opt-in --vuln-scan, expand
    the detectors token list to the engine's full set, and bump install pins to
    v0.3.1.

commit 685730b
Author: Ian Jhumel Bautista <ianjhumelbautista@gmail.com>
Date:   Tue Jun 9 01:03:53 2026 +0800

    build(action): adopt the Node.js 24 runtime ahead of Node 20 deprecation

    GitHub deprecates the Node 20 Actions runtime — runners default to Node 24 on
    2026-06-16 and Node 20 is removed on 2026-09-16. Move `runs.using` to node24
    now. No behavior change: the bundled `dist/` is byte-identical. Build CI and the
    `engines` field bump to Node 24 to match the runtime.

    Release v0.3.1.

commit 43e2066
Merge: ad69fa2 771683a
Author: Ian Jhumel Bautista <85332563+jhumel-code@users.noreply.github.com>
Date:   Tue Jun 9 00:30:02 2026 +0800

    Merge pull request #4 from trustabl/feat/engine-v0.1.4-support

    feat: engine v0.1.4 support (line ranges + vuln-scan) — release v0.3.0

commit 771683a
Author: Ian Jhumel Bautista <ianjhumelbautista@gmail.com>
Date:   Tue Jun 9 00:27:02 2026 +0800

    feat(action): consume engine v0.1.4 (line ranges, vuln-scan); release v0.3.0

    - Findings: read the engine's start_line/end_line range (v0.1.4 renamed the
      single `line` field) with a legacy `line` fallback, so inline annotations
      point at the right lines across engine versions and span multi-line ranges.
    - Add the `vuln-scan` input -> `--vuln-scan`: OSV CVE matches surface as
      findings (readiness/gate/annotations/SARIF) plus a dependency headline in
      every report (console panel, Step Summary, PR comment).
    - Add the `skill` scope to the typed Scope / surface-kind unions.
    - Set MIN_ENGINE_VERSION to v0.1.3 (first release with single-scan dual output,
      Code-Scanning-valid SARIF, and projected_scores).
    - Selftest: unpin from v0.1.2/pre-mcp to v0.1.4 + default rules (v0.1.4 supports
      the mcp category natively and loads newer rules leniently).
    - Branding: gray-dark marketplace badge; add the Trustabl banner to the README.
    - Release v0.3.0 (package.json, lockfile, CHANGELOG).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jhumel-code