LotusGuild/matrix
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add guess to help, document 8ball --debug, fix pip-audit CVE false positive
Lint / Shell (shellcheck) (push) Successful in 8s
Details
Lint / JS (eslint) (push) Successful in 6s
Details
Lint / Python (ruff) (push) Successful in 5s
Details
Lint / Python deps (pip-audit) (push) Failing after 23s
Details
Lint / Secret scan (gitleaks) (push) Successful in 6s
Details

Browse Source 
- !help Games section now includes !guess
- !8ball description mentions --debug flag
- pip-audit now scans only requirements.txt instead of --local (which
  was flagging CVE-2026-3219 in pip itself, not our dependencies)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Jared Vititoe
2026-04-26 15:43:30 -04:00
parent 49cc0b3d75
commit 407e66e499
2 changed files with 5 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/lint.yml
+3 -6
View File
@@ -60,15 +60,12 @@ jobs:
# Debian Bullseye only ships Python 3.9; use a prebuilt standalone binary
curl -sSL "https://github.com/indygreg/python-build-standalone/releases/download/20241002/cpython-3.10.15+20241002-x86_64-unknown-linux-gnu-install_only.tar.gz" \
| tar -xz -C /opt
# Upgrade pip+setuptools first (standalone build ships old versions with CVEs),
# then install pip-audit + the bot's requirements into the same env.
# Using --local avoids pip-audit creating an internal venv (which fails
# with ensurepip exit 127 on this standalone build).
/opt/python/bin/pip install --upgrade pip setuptools
/opt/python/bin/pip install pip-audit -r matrixbot/requirements.txt
/opt/python/bin/pip install pip-audit
- name: Audit matrixbot dependencies
run: /opt/python/bin/pip-audit --local
# Audit only our declared dependencies, not pip-audit itself or pip
run: /opt/python/bin/pip-audit -r matrixbot/requirements.txt
secret-scan:
name: Secret scan (gitleaks)