BreizhHardware/express-prom-bundle
1
0
Fork 0
mirror of https://github.com/BreizhHardware/express-prom-bundle.git synced 2026-05-09 16:25:30 +02:00
Code Issues 7 Projects Packages Wiki Activity

[PR #23] [MERGED] Dev #60

New issue
Closed
opened 2026-05-06 16:07:22 +02:00 by BreizhHardware · 0 comments
BreizhHardware commented 2026-05-06 16:07:22 +02:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/BreizhHardware/express-prom-bundle/pull/23
Author: @BreizhHardware
Created: 12/17/2025
Status: Merged
Merged: 12/17/2025
Merged by: @BreizhHardware

Base: mainHead: dev

📝 Commits (9)

  • 6664341 chore(deps): bump express and @types/express
  • c148222 Merge pull request #20 from BreizhHardware/dependabot/npm_and_yarn/dev/multi-b251156d90
  • 475b7a8 chore(deps-dev): bump @eslint/js from 9.39.1 to 9.39.2
  • 9b4e0eb chore(deps-dev): bump eslint from 9.39.1 to 9.39.2
  • 10fe1ca Merge pull request #22 from BreizhHardware/dependabot/npm_and_yarn/dev/eslint-9.39.2
  • 30d9c3d Merge pull request #21 from BreizhHardware/dependabot/npm_and_yarn/dev/eslint/js-9.39.2
  • 4fd7a79 feat(action): Add regular github action for audit security vulnerability
  • 8fc61cd chore(version): bump version to 8.0.7
  • 36d1484 feat(security): Add security policy documentation

📊 Changes

5 files changed (+92 additions, -34 deletions)

View changed files

.devcontainer/devcontainer.json (+12 -0)
.github/workflows/audit.yml (+42 -0)
SECURITY.md (+12 -0)
📝 package-lock.json (+25 -33)
📝 package.json (+1 -1)

📄 Description

This pull request introduces a new development container configuration and adds an automated security audit workflow. These changes help standardize the development environment and improve project security by regularly checking for vulnerabilities.

Development environment setup:

  • Added a .devcontainer/devcontainer.json file to define a development container with Node.js LTS, Node-Gyp dependencies, and Git LFS support for a consistent local development environment.

Security and automation:

  • Introduced a .github/workflows/audit.yml GitHub Actions workflow to automatically run npm audit on pushes, pull requests, and a daily schedule, creating a GitHub issue if vulnerabilities are found.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/BreizhHardware/express-prom-bundle/pull/23 **Author:** [@BreizhHardware](https://github.com/BreizhHardware) **Created:** 12/17/2025 **Status:** ✅ Merged **Merged:** 12/17/2025 **Merged by:** [@BreizhHardware](https://github.com/BreizhHardware) **Base:** `main` ← **Head:** `dev` --- ### 📝 Commits (9) - [`6664341`](https://github.com/BreizhHardware/express-prom-bundle/commit/66643411b88fc529ab8311003b900e1de9713ac5) chore(deps): bump express and @types/express - [`c148222`](https://github.com/BreizhHardware/express-prom-bundle/commit/c1482220c27d8e963982a4ee2e8aa847e426f114) Merge pull request #20 from BreizhHardware/dependabot/npm_and_yarn/dev/multi-b251156d90 - [`475b7a8`](https://github.com/BreizhHardware/express-prom-bundle/commit/475b7a8f6d43807cfc3929770e2575728c986817) chore(deps-dev): bump @eslint/js from 9.39.1 to 9.39.2 - [`9b4e0eb`](https://github.com/BreizhHardware/express-prom-bundle/commit/9b4e0eb16316162339055a39083c6de4ffccbc7e) chore(deps-dev): bump eslint from 9.39.1 to 9.39.2 - [`10fe1ca`](https://github.com/BreizhHardware/express-prom-bundle/commit/10fe1cac8fb8947f098c87ca6784b45c4101f659) Merge pull request #22 from BreizhHardware/dependabot/npm_and_yarn/dev/eslint-9.39.2 - [`30d9c3d`](https://github.com/BreizhHardware/express-prom-bundle/commit/30d9c3d47311503ee9eac6814259bf418075b5b6) Merge pull request #21 from BreizhHardware/dependabot/npm_and_yarn/dev/eslint/js-9.39.2 - [`4fd7a79`](https://github.com/BreizhHardware/express-prom-bundle/commit/4fd7a797c5dc710bfc83469910a99a457fe863d5) feat(action): Add regular github action for audit security vulnerability - [`8fc61cd`](https://github.com/BreizhHardware/express-prom-bundle/commit/8fc61cd1d8cd1679c513c783ef6a4ef3b255a1b5) chore(version): bump version to 8.0.7 - [`36d1484`](https://github.com/BreizhHardware/express-prom-bundle/commit/36d1484d337c58e40c28138b88e5766aafdf7d2c) feat(security): Add security policy documentation ### 📊 Changes **5 files changed** (+92 additions, -34 deletions) <details> <summary>View changed files</summary> ➕ `.devcontainer/devcontainer.json` (+12 -0) ➕ `.github/workflows/audit.yml` (+42 -0) ➕ `SECURITY.md` (+12 -0) 📝 `package-lock.json` (+25 -33) 📝 `package.json` (+1 -1) </details> ### 📄 Description This pull request introduces a new development container configuration and adds an automated security audit workflow. These changes help standardize the development environment and improve project security by regularly checking for vulnerabilities. Development environment setup: * Added a `.devcontainer/devcontainer.json` file to define a development container with Node.js LTS, Node-Gyp dependencies, and Git LFS support for a consistent local development environment. Security and automation: * Introduced a `.github/workflows/audit.yml` GitHub Actions workflow to automatically run `npm audit` on pushes, pull requests, and a daily schedule, creating a GitHub issue if vulnerabilities are found. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
BreizhHardware 2026-05-06 16:07:22 +02:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dependabot/npm_and_yarn/dev/globals-17.6.0
dependabot/npm_and_yarn/dev/eslint-10.3.0
dependabot/npm_and_yarn/dev/typescript-6.0.3
dependabot/github_actions/dot-github/workflows/dev/actions/github-script-9
dependabot/npm_and_yarn/npm_and_yarn-282a1442c2
dependabot/npm_and_yarn/dev/koa-3.2.0
dev
copilot/sub-pr-9
master
v8.0.11
v8.0.10
v8.0.9
v8.0.7
v8.0.6
v8.0.5
v8.0.4
8.0.0
7.0.2
7.0.1
7.0.0
6.6.0
6.5.0
6.4.1
6.4.0
6.3.6
6.3.5
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
6.2.0
6.1.0
6.0.0
5.1.5
5.1.4
5.1.3
5.1.2
5.1.1
5.1.0
5.0.2
5.0.1
5.0.0
4.3.0
4.2.1
4.2.0
4.1.0
4.0.0
3.3.0
3.0.0
2.2.0
2.1.0
2.0.0
1.2.3
1.2.1
1.1.8
1.1.7
1.1.5
1.1.6
1.1.4
1.1.3
Labels
Clear labels   
audit

   
audit

   
audit

   
pull-request
Mirrored from GitHub Pull Request

  
security

   
security

   
security
No labels
audit
audit
audit
pull-request
security
security
security
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
BreizhHardware/express-prom-bundle#60
No description provided.