Skip to content

Remove pnpm audit CI job in favor of Socket.dev#2385

Merged
lkostrowski merged 2 commits into
mainfrom
lkostrowski/remove-pnpm-audit-workflow
Jun 29, 2026
Merged

Remove pnpm audit CI job in favor of Socket.dev#2385
lkostrowski merged 2 commits into
mainfrom
lkostrowski/remove-pnpm-audit-workflow

Conversation

@lkostrowski

Copy link
Copy Markdown
Member

Drop the audit job from main.yml that ran pnpm audit on every PR, and add ADR 0003 documenting the decision to use Socket.dev for dependency security instead.

Scope of the PR

Related issues

Checklist

Drop the audit job from main.yml that ran pnpm audit on every PR, and
add ADR 0003 documenting the decision to use Socket.dev for dependency
security instead.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@lkostrowski lkostrowski requested a review from a team as a code owner June 29, 2026 06:36
@lkostrowski lkostrowski requested a review from stmpn June 29, 2026 06:36
@changeset-bot

changeset-bot Bot commented Jun 29, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: a816752

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@vercel

vercel Bot commented Jun 29, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
dummy-payment-app Ready Ready Preview, Comment Jun 29, 2026 8:07am
saleor-app-anonymizer Ready Ready Preview, Comment Jun 29, 2026 8:07am
saleor-app-onboarding Ready Ready Preview, Comment Jun 29, 2026 8:07am
9 Skipped Deployments
Project Deployment Actions Updated (UTC)
saleor-app-avatax Ignored Ignored Preview, Comment Jun 29, 2026 8:07am
saleor-app-cms Ignored Ignored Preview, Comment Jun 29, 2026 8:07am
saleor-app-klaviyo Ignored Ignored Preview Jun 29, 2026 8:07am
saleor-app-payment-np-atobarai Ignored Ignored Preview, Comment Jun 29, 2026 8:07am
saleor-app-payment-stripe Ignored Ignored Preview Jun 29, 2026 8:07am
saleor-app-products-feed Ignored Ignored Preview, Comment Jun 29, 2026 8:07am
saleor-app-search Ignored Ignored Preview, Comment Jun 29, 2026 8:07am
saleor-app-segment Ignored Ignored Preview, Comment Jun 29, 2026 8:07am
saleor-app-smtp Ignored Ignored Preview, Comment Jun 29, 2026 8:07am

Request Review

@codecov

codecov Bot commented Jun 29, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 38.15%. Comparing base (1baff6d) to head (a816752).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #2385   +/-   ##
=======================================
  Coverage   38.15%   38.15%           
=======================================
  Files        1048     1048           
  Lines       67116    67116           
  Branches     3598     3598           
=======================================
  Hits        25605    25605           
  Misses      41121    41121           
  Partials      390      390           
Flag Coverage Δ
avatax 57.58% <ø> (ø)
cms 21.85% <ø> (ø)
domain 100.00% <ø> (ø)
dynamo-config-repository 79.29% <ø> (ø)
errors 92.00% <ø> (ø)
logger 28.81% <ø> (ø)
np-atobarai 72.66% <ø> (ø)
products-feed 6.01% <ø> (ø)
search 32.31% <ø> (ø)
segment 33.65% <ø> (ø)
shared 56.07% <ø> (ø)
smtp 36.32% <ø> (ø)
stripe 70.89% <ø> (ø)
webhook-utils 21.35% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@stmpn stmpn left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am going to assume socket.dev workflow/pipeline will be added at later stage via separate PR

@lkostrowski lkostrowski added the skip changeset Attach this label to PRs which does not need changes description for the release notes. label Jun 29, 2026
@lkostrowski lkostrowski enabled auto-merge (squash) June 29, 2026 08:06
@lkostrowski

Copy link
Copy Markdown
Member Author

I am going to assume socket.dev workflow/pipeline will be added at later stage via separate PR

@stmpn it's already installed as App so no workflow needed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

skip changeset Attach this label to PRs which does not need changes description for the release notes.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants