Skip to content

chore: bump NiceGUI lower bound for CVEs #380

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
olivermeyer merged 1 commit into from
Jan 9, 2026
Merged

chore: bump NiceGUI lower bound for CVEs #380

olivermeyer merged 1 commit into from
Jan 9, 2026

Conversation

@olivermeyer
Copy link
Collaborator

@olivermeyer olivermeyer commented Jan 9, 2026

@codecov
Copy link

codecov bot commented Jan 9, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.
see 9 files with indirect coverage changes

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 9, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@olivermeyer olivermeyer merged commit 734f30b into main Jan 9, 2026
28 checks passed
olivermeyer added a commit that referenced this pull request Jan 9, 2026
@olivermeyer
fix(ci): skip Ketryx reporting for Dependabot PRs
4fe7331 
Dependabot PRs do not have access to regular repository secrets
(KETRYX_PROJECT, KETRYX_API_KEY) due to GitHub security restrictions.
This is by design to prevent malicious dependency updates from
accessing sensitive information.

This change skips the ketryx_report_and_check job when the PR
is opened by dependabot[bot]. All other CI checks (lint, audit,
test, codeql) still run normally for Dependabot PRs.

The Ketryx compliance report will still be generated when the PR
is merged to main, so no compliance tracking is lost.

Fixes issue where PR #379 (dependabot) fails with:
'Missing input project' error

Related to successful PR #380 (user-opened) which has access
to all secrets.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@helmut-hoffer-von-ankershoffen helmut-hoffer-von-ankershoffen Awaiting requested review from helmut-hoffer-von-ankershoffen helmut-hoffer-von-ankershoffen is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@olivermeyer