Skip to content

chore: enforce 3 day dependency maturity gate [WPB-22420]#20499

Merged
markbrockhoff merged 1 commit intodevfrom
mb/enforce-dependency-age-gate
Feb 24, 2026
Merged

chore: enforce 3 day dependency maturity gate [WPB-22420]#20499
markbrockhoff merged 1 commit intodevfrom
mb/enforce-dependency-age-gate

Conversation

@markbrockhoff
Copy link
Collaborator

@markbrockhoff markbrockhoff commented Feb 24, 2026
edited by github-actions bot
Loading

TaskWPB-22420 [Web] General maintenance ticket for PR merges

Pull Request

Summary

This enforces dependency versions to be at least 3 days old before they are installed into the project. This is an easy prevention for supply chain attacks, e.g. the recent shai-hulud ones in the npm ecosystem.
Dependencies of the @wireapp/* scope are excluded from this rule.

Security Checklist (required)

  • External inputs are validated & sanitized on client and/or server where applicable.
  • API responses are validated; unexpected shapes are handled safely (fallbacks or errors).
  • No unsafe HTML is rendered; if unavoidable, sanitization is applied and documented where it happens.
  • Injection risks (XSS/SQL/command) are prevented via safe APIs and/or escaping.

Accessibility (required)

Standards Acknowledgement (required)

Screenshots or demo (if the user interface changed)

Notes for reviewers

  • Trade-offs:
  • Follow-ups (linked issues):
  • Linked PRs (e.g. web-packages):

@codecov
Copy link

codecov bot commented Feb 24, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 45.39%. Comparing base (0f1c946) to head (eef1345).
⚠️ Report is 1 commits behind head on dev.

Additional details and impacted files 
@@            Coverage Diff             @@
##              dev   #20499      +/-   ##
==========================================
- Coverage   45.39%   45.39%   -0.01%     
==========================================
  Files        1638     1638              
  Lines       40374    40374              
  Branches     8337     8337              
==========================================
- Hits        18327    18326       -1     
  Misses      20112    20112              
- Partials     1935     1936       +1
Flag Coverage Δ
app_webapp 43.57% <ø> (-0.01%) ⬇️
lib_api_client 50.50% <ø> (ø)
lib_core 58.86% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.
see 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@screendriver screendriver changed the title chore: enforce 3 day dependency maturity gate chore: enforce 3 day dependency maturity gate [WPB-22420] Feb 24, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Feb 24, 2026
edited
Loading

🔗 Download Full Report Artifact

🧪 Playwright Test Summary

  • Passed: 10
  • Failed: 0
  • Skipped: 4
  • 🔁 Flaky: 0
  • 📊 Total: 14
  • Total Runtime: 470.0s (~ 7 min 50 sec)

@markbrockhoff markbrockhoff force-pushed the mb/enforce-dependency-age-gate branch from 907731b to eef1345 Compare February 24, 2026 10:37
@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 24, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@markbrockhoff markbrockhoff added this pull request to the merge queue Feb 24, 2026
Merged via the queue into dev with commit 028ffbf Feb 24, 2026
52 checks passed
@markbrockhoff markbrockhoff deleted the mb/enforce-dependency-age-gate branch February 24, 2026 10:47
screendriver pushed a commit that referenced this pull request Mar 4, 2026
@markbrockhoff @screendriver
chore: enforce dependencies to be 3 days old before installation (#20499
139827f 
)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@screendriver screendriver screendriver approved these changes

@arjita-mitra arjita-mitra Awaiting requested review from arjita-mitra arjita-mitra is a code owner

@e-maad e-maad Awaiting requested review from e-maad e-maad is a code owner

@mathias-niboulies mathias-niboulies Awaiting requested review from mathias-niboulies mathias-niboulies is a code owner

@nkaramarko nkaramarko Awaiting requested review from nkaramarko nkaramarko is a code owner

@otto-the-bot otto-the-bot Awaiting requested review from otto-the-bot otto-the-bot is a code owner

@thisisamir98 thisisamir98 Awaiting requested review from thisisamir98 thisisamir98 is a code owner

@V-Gira V-Gira Awaiting requested review from V-Gira V-Gira is a code owner

@zskhan zskhan Awaiting requested review from zskhan zskhan is a code owner

Assignees

No one assigned

Labels

👕 size: XS type: chore 🧹

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@markbrockhoff @screendriver @otto-the-bot