Conversation
…er image tracking
…ekly-non-major-updates fix(deps): update weekly-non-major-updates (feature/beta-release)
…r-7.x chore(deps): update dependency @types/tar to v7 (feature/beta-release)
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
✅ Supply Chain Verification Results✅ PASSED 📦 SBOM Summary
🔍 Vulnerability Scan
📎 Artifacts
Generated by Supply Chain Verification workflow • View Details |
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
There was a problem hiding this comment.
Pull request overview
This PR updates several dependencies and modifies the Renovate automation configuration for the Charon project - a web-based reverse proxy management system with integrated security features. The changes include npm package updates, Renovate workflow modifications, gopls MCP server integration, and a GitHub Actions security workflow update.
Changes:
- Updated npm dependencies: @types/tar (6.1.13 → 7.0.87) and lucide-react (0.564.0 → 0.574.0)
- Modified Renovate configuration to require manual approval, removed scheduled execution window, and increased stability delay for development branch
- Added gopls MCP server tooling to all agent configuration files
- Updated codeql-action SHA in security workflow
Reviewed changes
Copilot reviewed 14 out of 16 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| package.json | Updated @types/tar to v7.0.87 (now deprecated) |
| package-lock.json | Lock file updates for @types/tar upgrade, consolidated minipass versions |
| frontend/package.json | Updated lucide-react to v0.574.0 |
| frontend/package-lock.json | Lock file update for lucide-react upgrade |
| .vscode/mcp.json | Added gopls MCP server configuration on localhost:8092 |
| .github/workflows/security-pr.yml | Updated codeql-action SHA to newer version |
| .github/renovate.json | Added dashboard approval requirement, removed weekly schedule, changed base image comment from Debian to Alpine, increased development branch stability window to 30 days |
| .github/agents/*.agent.md | Added 'gopls/*' to tools list for all 8 agent configuration files |
Files not reviewed (1)
- frontend/package-lock.json: Language not supported
…package-lock.json
…trategies and multi-PR protocols
…nd updating database migrations
No description provided.