Skip to content

chore(deps): bump axios from 1.13.4 to 1.13.5 #42

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
EthanThePhoenix38 merged 3 commits into from
Feb 17, 2026
Merged

chore(deps): bump axios from 1.13.4 to 1.13.5 #42

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
fa8bd95
Initial plan
Copilot Feb 17, 2026
60a8315
Restore config files to main state while keeping axios update
Copilot Feb 17, 2026
0b19ea7
Merge branch 'main' into copilot/sub-pr-32
EthanThePhoenix38 Feb 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ updates:
# NPM dependencies (Node.js packages)
- package-ecosystem: "npm"
directory: "/"
target-branch: "dependencies"
schedule:
# Run twice daily at 06:00 and 18:00 UTC
interval: "daily"
Expand Down Expand Up @@ -35,6 +36,7 @@ updates:
# GitHub Actions workflows
- package-ecosystem: "github-actions"
directory: "/"
target-branch: "dependencies"
schedule:
interval: "daily"
time: "18:00"
Expand Down
129 changes: 104 additions & 25 deletions .github/workflows/dependabot-secure-flow.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,10 +25,11 @@ permissions:
issues: write

jobs:
auto-merge-to-securite:
auto-merge-to-dependencies:
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Force serial execution to prevent conflicts
concurrency:
group: secure-flow-merge
Expand All @@ -42,43 +43,57 @@ jobs:
with:
fetch-depth: 0

- name: Ensure securite branch exists
- name: Ensure dependencies branch exists
run: |
git fetch origin securite 2>/dev/null || git switch --create securite
git push origin securite || true
git fetch origin dependencies 2>/dev/null || git switch --create dependencies
git push origin dependencies || true
Copy link

Copilot AI Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Branch bootstrap is brittle: if dependencies doesn't exist remotely, git switch --create dependencies creates it from the currently checked-out ref (for pull_request events this is typically the PR merge ref), which can seed dependencies with unintended commits. Also, if the branch exists remotely, git fetch origin dependencies doesn't ensure a local tracking branch exists. Prefer an explicit flow: fetch origin/dependencies (or origin/main if creating), then git switch --track -c dependencies origin/dependencies (or git switch -c dependencies origin/main) before pushing.

Suggested change
git fetch origin dependencies 2>/dev/null || git switch --create dependencies
git push origin dependencies || true
# Check if the dependencies branch exists on origin
if git ls-remote --exit-code --heads origin dependencies >/dev/null 2>&1; then
# Remote dependencies branch exists: fetch and ensure a local tracking branch
git fetch origin dependencies
if git show-ref --verify --quiet refs/heads/dependencies; then
git switch dependencies
else
git switch --track -c dependencies origin/dependencies
fi
else
# Remote dependencies branch does not exist: create it from origin/main
git fetch origin main
git switch -c dependencies origin/main
git push origin dependencies
fi

Copilot uses AI. Check for mistakes.

- name: Merge dependabot changes to securite branch
- name: Merge dependabot changes to dependencies branch
run: |
git config --global user.name 'github-actions[bot]'
git config --global user.email 'github-actions[bot]@users.noreply.github.com'

# Fetch the PR branch
git fetch origin ${{ github.head_ref }}:${{ github.head_ref }} || true

# Switch to securite and merge
git switch securite
# Switch to dependencies and merge
git switch dependencies
git merge origin/${{ github.head_ref }} --no-edit || true
Copy link

Copilot AI Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the merge step, git merge ... || true will ignore merge failures (e.g., conflicts). If the merge fails, the subsequent git push origin dependencies can still succeed (pushing the unchanged branch), and the workflow may then close/delete the Dependabot branch even though nothing was merged. Treat merge failures as fatal and gate the PR-closing step on a successful merge (e.g., remove || true and/or explicitly check the merge exit code before proceeding).

Suggested change
git merge origin/${{ github.head_ref }} --no-edit || true
git merge origin/${{ github.head_ref }} --no-edit

Copilot uses AI. Check for mistakes.

# Push to securite
git push origin securite
# Push to dependencies
git push origin dependencies

- name: Close and Delete Dependabot Branch
if: ${{ github.actor == 'dependabot[bot]' || startsWith(github.head_ref, 'dependabot/') }}
run: |
gh_retry() {
local tries=0
local max=5
local delay=2
while ! "$@"; do
tries=$((tries + 1))
if [ "$tries" -ge "$max" ]; then
return 1
fi
sleep "$delay"
delay=$((delay * 2))
done
}
echo "Closing PR #${{ github.event.pull_request.number }} and deleting branch..."
gh pr close ${{ github.event.pull_request.number }} --delete-branch --comment "Merged into **securite** branch for batch processing."
gh_retry gh pr close ${{ github.event.pull_request.number }} --delete-branch --comment "Merged into **dependencies** branch for batch processing." || true

create-pr-to-main:
needs: auto-merge-to-securite
needs: auto-merge-to-dependencies
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: securite
ref: dependencies
fetch-depth: 0

- name: Update Documentation Timestamp
Expand All @@ -102,31 +117,81 @@ jobs:
echo "No documentation changes needed."
else
git commit -m "docs: update release timestamp and changelog"
git push origin securite
git push origin dependencies
fi

- name: Check if PR already exists
id: check-pr
run: |
gh_retry() {
local tries=0
local max=5
local delay=2
while ! "$@"; do
tries=$((tries + 1))
if [ "$tries" -ge "$max" ]; then
return 1
fi
sleep "$delay"
delay=$((delay * 2))
done
}
# Target MAIN instead of master
PR_COUNT=$(gh pr list --base main --head securite --state open --json number | jq 'length')
PR_COUNT=$(gh_retry gh pr list --base main --head dependencies --state open --json number | jq 'length')
echo "pr_count=$PR_COUNT" >> $GITHUB_OUTPUT

- name: Create PR from securite to main
- name: Create PR from dependencies to main
if: steps.check-pr.outputs.pr_count == '0'
run: |
gh_retry() {
local tries=0
local max=5
local delay=2
while ! "$@"; do
tries=$((tries + 1))
if [ "$tries" -ge "$max" ]; then
return 1
fi
sleep "$delay"
delay=$((delay * 2))
done
}
Comment on lines 146 to 158
Copy link

Copilot AI Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The gh_retry helper is duplicated in multiple steps. This increases maintenance cost and makes fixes easy to miss. Consider moving it into a small checked-in script (e.g., .github/scripts/gh_retry.sh) and source it from each step, or wrap the GH calls in a reusable composite action.

Copilot uses AI. Check for mistakes.
git config --global user.name 'github-actions[bot]'
# Check commits between main and securite
NEW_COMMITS=$(git log main..securite --oneline | wc -l)
# Check commits between main and dependencies
NEW_COMMITS=$(git log main..dependencies --oneline | wc -l)
Copy link

Copilot AI Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

git log main..dependencies is likely to fail in this job because actions/checkout (even with fetch-depth: 0) checks out dependencies but does not necessarily create a local main branch ref. With bash -e -o pipefail, this will fail the step. Use origin/main..dependencies (or fetch/create main explicitly) to make this robust.

Suggested change
NEW_COMMITS=$(git log main..dependencies --oneline | wc -l)
NEW_COMMITS=$(git log origin/main..dependencies --oneline | wc -l)

Copilot uses AI. Check for mistakes.

if [ "$NEW_COMMITS" -gt 0 ]; then
gh pr create \
gh_retry gh pr create \
--base main \
--head securite \
--head dependencies \
--title "chore: dependency updates batch" \
--body "Automated dependency updates validated in the securite branch." \
--label "dependencies" \
--label "automated" || echo "PR already exists"
--body "Automated dependency updates validated in the dependencies branch." \
--label "dependencies" || echo "PR already exists"
fi

- name: Enable auto-merge for dependencies PR
run: |
gh_retry() {
local tries=0
local max=5
local delay=2
while ! "$@"; do
tries=$((tries + 1))
if [ "$tries" -ge "$max" ]; then
return 1
fi
sleep "$delay"
delay=$((delay * 2))
done
}
PR_NUMBER=$(gh_retry gh pr list --base main --head dependencies --state open --json number --jq '.[0].number // empty')
if [ -n "$PR_NUMBER" ]; then
MERGEABLE=$(gh_retry gh pr view "$PR_NUMBER" --json mergeable --jq '.mergeable')
if [ "$MERGEABLE" = "MERGEABLE" ]; then
gh_retry gh pr merge "$PR_NUMBER" --auto --squash || true
else
echo "PR #$PR_NUMBER not mergeable yet ($MERGEABLE). Waiting for conflict resolution/checks."
fi
fi

check-interdependencies:
Expand Down Expand Up @@ -158,13 +223,27 @@ jobs:
if: always()
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh_retry() {
local tries=0
local max=5
local delay=2
while ! "$@"; do
tries=$((tries + 1))
if [ "$tries" -ge "$max" ]; then
return 1
fi
sleep "$delay"
delay=$((delay * 2))
done
}
if [ "${{ steps.validate.outcome }}" == "failure" ]; then
if [ "${{ github.event.pull_request.number }}" != "" ]; then
gh pr edit ${{ github.event.pull_request.number }} --add-label "skipped-vulnerability"
gh pr close ${{ github.event.pull_request.number }} --comment "🚫 **Auto-Correction**: Build validation failed. Closing PR." --delete-branch || true
gh_retry gh pr edit ${{ github.event.pull_request.number }} --add-label "skipped-vulnerability" || true
gh_retry gh pr close ${{ github.event.pull_request.number }} --comment "Auto-Correction: Build validation failed. Closing PR." --delete-branch || true
fi
echo "result=false" >> $GITHUB_OUTPUT
else
echo "result=true" >> $GITHUB_OUTPUT
fi
fi
2 changes: 1 addition & 1 deletion .github/workflows/release-notification.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ jobs:

\`\`\`yaml
jobs:
auto-merge-to-securite:
auto-merge-to-dependencies:
uses: EthanThePhoenix38/dependabot-secure-flow/.github/workflows/dependabot-secure-flow.yml@${release.tag_name}
secrets: inherit
\`\`\`
Expand Down
18 changes: 18 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,24 @@ All notable changes to this project will be documented in this file.

## [Unreleased]

## [v1.0.5] - 2026-02-16
### Changed
- Automated sync from AI-Pulse repository
- Updated workflow files and configurations


## [v1.0.4] - 2026-02-16
### Changed
- Automated sync from AI-Pulse repository
- Updated workflow files and configurations


## [v1.0.3] - 2026-02-16
### Changed
- Automated sync from AI-Pulse repository
- Updated workflow files and configurations


## [v1.0.2] - 2026-02-06
### Changed
- Automated sync from AI-Pulse repository
Expand Down