Josh Avant
|
bd4db5ee62
|
Add dependency release safety evidence and PR awareness (#81325)
* test: cover dependency pin guard
* build: add dependency vulnerability gate
* build: add dependency risk report
* build: add dependency drift reports
* build: include dependency ownership surface evidence
* build: rename dependency report commands
* build: respect release age exclusions in risk report
* build: clarify transitive risk accounting
* build: remove transitive risk exception registry
* build: clarify transitive risk signal wording
* ci: attach dependency evidence to release preflight
* ci: extract dependency release evidence generator
* build: rename ownership surface dependency report
* ci: clarify release evidence naming
* build: clarify recently published risk report
* build: reorder transitive risk report sections
* build: fix ownership surface pluralization
* ci: surface dependency changes on PRs
* ci: harden dependency change awareness
* ci: use dependency changed PR label
* build: fix dependency report lint
* docs: add dependency safety changelog
|
2026-05-13 03:05:09 -05:00 |
|
Vincent Koc
|
d115faa367
|
chore: update security codeowners team
|
2026-04-29 15:57:17 -07:00 |
|
Vincent Koc
|
b6a21cde34
|
ci: schedule android codeql shard (#73430)
|
2026-04-28 01:54:57 -07:00 |
|
Vincent Koc
|
dbab162abd
|
ci: split codeql quality workflow (#73404)
|
2026-04-28 01:04:59 -07:00 |
|
Vincent Koc
|
432ea11248
|
Security: add secops ownership for sensitive paths (#46440)
* Meta: add secops ownership for sensitive paths
* Docs: restrict Codeowners-managed security edits
* Meta: guide agents away from secops-owned paths
* Meta: broaden secops CODEOWNERS coverage
* Meta: narrow secops workflow ownership
|
2026-03-14 14:16:14 -07:00 |
|
Onur Solmaz
|
5c9fae5adc
|
chore: add code owners for npm release paths
|
2026-03-14 13:45:40 +01:00 |
|