27461260131
95%
master: 95%

Ran 13 Jun 2026 08:13AM UTC

Jobs 1

Files 188

Run time 1min

Badge

Embed ▾

Committed 13 Jun 2026 08:09AM UTC coverage: 95.33%. Remained the same

Build # 27461260131

Build Type

Pull #2644

github

Committed by

mroderick

Commit Message

feat(ci): add supply chain security defences

Add three defensive layers against dependency supply chain attacks:

- Dependabot cooldowns: 7-day default for version update PRs, with
  per-semver granularity (major: 14d, minor: 7d, patch: 3d). Security
  updates bypass automatically.

- Bundler checksum verification: enable lockfile_checksums and add
  CHECKSUMS section to Gemfile.lock. Verifies downloaded gems match
  expected hashes on every install.

- bundler-audit: add to Gemfile and run in CI. Checks against the
  ruby-advisory-db for known vulnerable gem versions.

Also updates oauth2 (2.0.20 -> 2.0.22) to fix GHSA-pp92-crg2-gfv9,
a high-severity bearer token leakage vulnerability flagged by the new
bundler-audit check.

Refs NextLink Labs article on dependency cooldowns (Apr 2026).

Pull Request Pull Request #2644: feat(ci): add supply chain security defences

Coverage Stats

3552 of 3726 relevant lines covered (95.33%)

42.37 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	27461260131.1	13 Jun 2026 08:13AM UTC	1128	70.25	GitHub Action Run

codebar / planner / 27461260131
95%
master: 95%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 27461260131

codebar / planner / 27461260131 95% master: 95%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 27461260131

codebar / planner / 27461260131
95%
master: 95%

README BADGES
x