Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
b350242
⬆ Bump actions/setup-python from 5 to 6 (#1)
dependabot[bot] Nov 16, 2025
16901a8
📝 Update release notes
invalid-email-address Nov 16, 2025
2e182a2
⬆ Bump actions/upload-artifact from 4 to 5 (#2)
dependabot[bot] Nov 16, 2025
06ca605
📝 Update release notes
invalid-email-address Nov 16, 2025
9dd9e89
⬆ Bump actions/checkout from 4 to 5 (#3)
dependabot[bot] Nov 16, 2025
efb3ed4
📝 Update release notes
invalid-email-address Nov 16, 2025
e71844a
📝 Tweak docs with new label infra (#4)
khulnasoft-bot Nov 16, 2025
0814a27
📝 Update release notes
invalid-email-address Nov 16, 2025
4835338
Merge branch 'main' into main
khulnasoft-bot Nov 16, 2025
dbde27c
Merge branch 'khulnasoft:main' into main
khulnasoft-bot Nov 16, 2025
40c7c44
🔧 Update GitHub Actions bot user configuration (#5)
khulnasoft-bot Nov 18, 2025
0d558bc
📝 Update release notes
github-actions[bot] Nov 18, 2025
73ea487
📝 Add permissions needed for private repos (#9)
khulnasoft-bot Mar 30, 2026
a503680
📝 Update release notes
github-actions[bot] Mar 30, 2026
2f63b8f
⬆ Bump actions/upload-artifact from 5 to 6 (#8)
dependabot[bot] Mar 30, 2026
edec00b
📝 Update release notes
github-actions[bot] Mar 30, 2026
358bb9f
⬆ Bump actions/cache from 4 to 5 (#7)
dependabot[bot] Mar 30, 2026
727abda
📝 Update release notes
github-actions[bot] Mar 30, 2026
dae3e6c
⬆ Bump actions/checkout from 5 to 6 (#6)
dependabot[bot] Mar 30, 2026
ec2822e
📝 Update release notes
github-actions[bot] Mar 30, 2026
3c3354f
🐛 Fix Harden all git subprocess calls by resolving the executable pat…
khulnasoft-bot Mar 30, 2026
82c5656
🔥 Remove unused `models.py` file (#10)
khulnasoft-bot Mar 30, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/latest-changes.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
latest-changes:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- uses: actions/checkout@v6

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

issue (bug_risk): The actions/checkout@v6 tag may not exist and could cause the workflow to fail.

actions/checkout is currently published up to v4 (with v4.x.x tags). Using @v6 will fail with Resource not found until that version exists. Please pin to the latest available major (e.g., @v4) or a specific v4.x.x tag instead.

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- uses: actions/checkout@v6
- uses: actions/checkout@v6

- name: Dump GitHub context
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
fail-fast: false

steps:
- uses: actions/checkout@v5
- uses: actions/checkout@v6
- name: Set up Python
uses: actions/setup-python@v6
with:
Expand All @@ -33,7 +33,7 @@ jobs:
if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled == 'true' }}
with:
limit-access-to-actor: true
- uses: actions/cache@v4
- uses: actions/cache@v5
id: cache
with:
path: ${{ env.pythonLocation }}
Expand All @@ -47,7 +47,7 @@ jobs:
- run: coverage html --show-contexts --title "Coverage for ${{ github.sha }}"

- name: Store coverage HTML
uses: actions/upload-artifact@v5
uses: actions/upload-artifact@v6
with:
name: coverage-html
path: htmlcov
Expand Down
17 changes: 17 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,9 @@ on:
jobs:
latest-changes:
runs-on: ubuntu-latest
# Needed for private repos
permissions:
pull-requests: read
steps:
- uses: actions/checkout@v4
- uses: khulnasoft/latest-changes@0.3.2
Expand Down Expand Up @@ -164,6 +167,9 @@ on:
jobs:
latest-changes:
runs-on: ubuntu-latest
# Needed for private repos
permissions:
pull-requests: read
steps:
- uses: actions/checkout@v2
- uses: khulnasoft/latest-changes@0.3.2
Expand Down Expand Up @@ -276,6 +282,9 @@ on:
jobs:
latest-changes:
runs-on: ubuntu-latest
# Needed for private repos
permissions:
pull-requests: read
steps:
- uses: actions/checkout@v4
with:
Expand Down Expand Up @@ -304,6 +313,10 @@ So, the commits will still be shown as made by `github-actions`.

### Latest Changes - Latest Changes 🤷

* ⬆ Bump actions/checkout from 5 to 6. PR [#6](https://github.com/khulnasoft-bot/latest-changes/pull/6) by [@dependabot[bot]](https://github.com/apps/dependabot).
* ⬆ Bump actions/cache from 4 to 5. PR [#7](https://github.com/khulnasoft-bot/latest-changes/pull/7) by [@dependabot[bot]](https://github.com/apps/dependabot).
* ⬆ Bump actions/upload-artifact from 5 to 6. PR [#8](https://github.com/khulnasoft-bot/latest-changes/pull/8) by [@dependabot[bot]](https://github.com/apps/dependabot).
* 📝 Add permissions needed for private repos. PR [#9](https://github.com/khulnasoft-bot/latest-changes/pull/9) by [@khulnasoft-bot](https://github.com/khulnasoft-bot).
* 📝 Tweak docs with new label infra. PR [#4](https://github.com/khulnasoft-bot/latest-changes/pull/4) by [@khulnasoft-bot](https://github.com/khulnasoft-bot).
* ⬆ Bump actions/checkout from 4 to 5. PR [#3](https://github.com/khulnasoft-bot/latest-changes/pull/3) by [@dependabot[bot]](https://github.com/apps/dependabot).
* ⬆ Bump actions/upload-artifact from 4 to 5. PR [#2](https://github.com/khulnasoft-bot/latest-changes/pull/2) by [@dependabot[bot]](https://github.com/apps/dependabot).
Expand All @@ -313,6 +326,10 @@ So, the commits will still be shown as made by `github-actions`.
* ✨ Prevent CI workflows from running on a latest changes commit, add […. PR [#15](https://github.com/khulnasoft/latest-changes/pull/15) by [@khulnasoft-bot](https://github.com/khulnasoft-bot).
* ⬆ Bump khulnasoft/issue-manager from 0.5.0 to 0.5.1. PR [#11](https://github.com/khulnasoft/latest-changes/pull/11) by [@dependabot[bot]](https://github.com/apps/dependabot).

#### Features

* 🔧 Update GitHub Actions bot user configuration. PR [#5](https://github.com/khulnasoft-bot/latest-changes/pull/5) by [@khulnasoft-bot](https://github.com/khulnasoft-bot).

Comment on lines +329 to +332

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Update README bot identity text to match this new release-note entry.

This section now documents the bot-user-config change, but the “How does it work?” section still says commits are authored as github-actions / github-actions@github.com. Please align that text with github-actions[bot] and github-actions[bot]@users.noreply.github.com.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@README.md` around lines 329 - 332, Update the "How does it work?" section
text to reflect the new bot identity by replacing occurrences of
"github-actions" and "github-actions@github.com" with "github-actions[bot]" and
"github-actions[bot]@users.noreply.github.com" respectively (search for the "How
does it work?" heading and the lines describing commit authorship to locate the
text to change).

#### Refactors

* Revert "♻️ Refector Update main.py". PR [#13](https://github.com/khulnasoft/latest-changes/pull/13) by [@NxPKG](https://github.com/NxPKG).
Expand Down
4 changes: 2 additions & 2 deletions latest_changes/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -233,9 +233,9 @@ def main() -> None:
sys.exit(1)

logging.info("Setting up GitHub Actions git user")
subprocess.run(["git", "config", "user.name", "github-actions"], check=True)
subprocess.run([git_bin, "config", "user.name", "github-actions[bot]"], check=True)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (python.lang.security.audit.dangerous-subprocess-use-audit): Detected subprocess function 'run' without a static string. If this data can be controlled by a malicious actor, it may be an instance of command injection. Audit the use of this call to ensure it is not controllable by an external resource. You may consider using 'shlex.escape()'.

Source: opengrep

subprocess.run(
["git", "config", "user.email", "github-actions@github.com"], check=True
[git_bin, "config", "user.email", "github-actions[bot]@users.noreply.github.com"], check=True
)
Comment on lines 237 to 239

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (python.lang.security.audit.dangerous-subprocess-use-audit): Detected subprocess function 'run' without a static string. If this data can be controlled by a malicious actor, it may be an instance of command injection. Audit the use of this call to ensure it is not controllable by an external resource. You may consider using 'shlex.escape()'.

Source: opengrep

number_of_trials = 10
logging.info(f"Number of trials (for race conditions): {number_of_trials}")
Expand Down
Loading
Loading