Skip to content

ci: update actions for Node 24#55

Merged
ramonlimaramos merged 1 commit into
mainfrom
codex/fix-actions-node24
Jun 14, 2026
Merged

ci: update actions for Node 24#55
ramonlimaramos merged 1 commit into
mainfrom
codex/fix-actions-node24

Conversation

@ramonlimaramos

@ramonlimaramos ramonlimaramos commented Jun 14, 2026

Copy link
Copy Markdown
Owner

Summary

  • update GitHub Actions dependencies that emitted Node.js 20 deprecation warnings: checkout v4 -> v6, setup-uv v6 -> v8.2.0, action-gh-release v2 -> v3
  • keep the release publishing path on pypa/gh-action-pypi-publish@release/v1
  • document and temporarily ignore torch CVE-2025-3000 in pip-audit because it is pulled transitively by sentence-transformers and pip-audit reports no fixed version

Context

  • v0.4.0 release succeeded but emitted Node.js 20 deprecation warnings for checkout/setup-uv/action-gh-release
  • current pip-audit now reports torch/CVE-2025-3000 with fix_versions=[]; without the explicit ignore, the security job fails before this workflow-only PR can validate

Validation

  • ruby -e 'require "yaml"; ARGV.each { |f| YAML.load_file(f); puts "ok #{f}" }' .github/workflows/ci.yml .github/workflows/release.yml
  • git diff --check
  • uv run ruff check src/ tests/
  • uv run bandit -r src/synapto/ -c pyproject.toml
  • uv run pip-audit --ignore-vuln CVE-2025-3000
  • uv run pytest tests/ -q

This was referenced Jun 14, 2026
Merged
Merged
Merged
@ramonlimaramos ramonlimaramos merged commit 24ea644 into main Jun 14, 2026
7 of 10 checks passed
@ramonlimaramos ramonlimaramos mentioned this pull request Jun 14, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ramonlimaramos