vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 07:20:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
18,087 Commits 680 Branches 76 Tags
main
Commit Graph

4 Commits

Author SHA1 Message Date
Vincent Koc
62fa65ec85 Fix npm global install deprecation warnings (#28318) 
* Dependencies: make @discordjs/opus an optional peer

* Dependencies: bump node-llama-cpp peer to 3.16.2

* Dependencies: pin Google auth deps to warning-free versions

* CI: reduce Dependabot cooldown to 2 days

* CI: fix invalid Dependabot npm registry config

* CI: restore Dependabot npm registry with token auth

* Dependencies: remove global Google auth pnpm overrides

* CI: make Dependabot updates daily

* Dependencies: restore optional install semantics for @discordjs/opus

* CI: keep Docker Dependabot interval weekly
 2026-02-27 07:38:02 -08:00
Coy Geek
8ae2d5110f fix(docker): pin base images to SHA256 digests (#7734) 
* fix(docker): pin base images to SHA256 digests for supply chain security

Pin all 9 Dockerfiles to immutable SHA256 digests to prevent supply chain
attacks where a compromised upstream image could be silently pulled into
production builds.

Also add Docker ecosystem to Dependabot configuration for automated
digest updates.

Images pinned:
- node:22-bookworm@sha256:cd7bcd2e7a1e6f72052feb023c7f6b722205d3fcab7bbcbd2d1bfdab10b1e935
- node:22-bookworm-slim@sha256:3cfe526ec8dd62013b8843e8e5d4877e297b886e5aace4a59fec25dc20736e45
- debian:bookworm-slim@sha256:98f4b71de414932439ac6ac690d7060df1f27161073c5036a7553723881bffbe
- ubuntu:24.04@sha256:cd1dba651b3080c3686ecf4e3c4220f026b521fb76978881737d24f200828b2b

Fixes #7731

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* test(docker): add digest pinning regression coverage

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-19 12:42:07 -08:00
Alex Fallah
289440256b fix: update remaining ClawdbotKit path references to MoltbotKit 
- scripts/bundle-a2ui.sh: A2UI_APP_DIR path
- package.json: format:swift and protocol:check paths
- scripts/protocol-gen-swift.ts: output paths
- .github/dependabot.yml: directory path and comment
- .gitignore: build cache paths
- .swiftformat: exclusion paths
- .swiftlint.yml: exclusion path
- apps/android/app/build.gradle.kts: assets.srcDir path
- apps/ios/project.yml: package path
- apps/ios/README.md: documentation reference
- docs/concepts/typebox.md: documentation reference
- apps/shared/MoltbotKit/Package.swift: fix argument order
 2026-01-27 14:17:20 -06:00
Dan Guido
48aea87028 feat: add prek pre-commit hooks and dependabot (#1720) 
* feat: add prek pre-commit hooks and dependabot

Pre-commit hooks (via prek):
- Basic hygiene: trailing-whitespace, end-of-file-fixer, check-yaml, check-added-large-files, check-merge-conflict
- Security: detect-secrets, zizmor (GitHub Actions audit)
- Linting: shellcheck, actionlint, oxlint, swiftlint
- Formatting: oxfmt, swiftformat

Dependabot:
- npm and GitHub Actions ecosystems
- Grouped updates (production/development/actions)
- 7-day cooldown for supply chain protection

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* docs: add prek install instruction to AGENTS.md

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 10:53:23 +00:00