Merged
Conversation
- Fix pnpm/action-setup SHA to match v5 tag (58e6119 -> fc06bc1) across all 12 workflow files (ref-version-mismatch) - Add Dependabot cooldown configuration (7-day default) - Disable secrets-outside-env rule in .github/zizmor.yml - Update cache-poisoning ignore line numbers in .github/zizmor.yml Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
reberhardt7
changed the title
jdalton
approved these changes
Mar 25, 2026
jdalton
pushed a commit
that referenced
this pull request
Mar 25, 2026
- Fix pnpm/action-setup SHA to match v5 tag (58e6119 -> fc06bc1) across all 12 workflow files (ref-version-mismatch) - Add Dependabot cooldown configuration (7-day default) - Disable secrets-outside-env rule in .github/zizmor.yml - Update cache-poisoning ignore line numbers in .github/zizmor.yml
jdalton
pushed a commit
that referenced
this pull request
Mar 25, 2026
- Fix pnpm/action-setup SHA to match v5 tag (58e6119 -> fc06bc1) across all 12 workflow files (ref-version-mismatch) - Add Dependabot cooldown configuration (7-day default) - Disable secrets-outside-env rule in .github/zizmor.yml - Update cache-poisoning ignore line numbers in .github/zizmor.yml
jdalton
added a commit
that referenced
this pull request
Mar 25, 2026
… modules (#99) * fix: harden GitHub Actions workflows (zizmor) (#98) - Fix pnpm/action-setup SHA to match v5 tag (58e6119 -> fc06bc1) across all 12 workflow files (ref-version-mismatch) - Add Dependabot cooldown configuration (7-day default) - Disable secrets-outside-env rule in .github/zizmor.yml - Update cache-poisoning ignore line numbers in .github/zizmor.yml * perf(smol): comprehensive performance optimization and bug fixes across all node:smol-* modules Critical bug fixes: - smol-ilp: Fix createSender passing positional args instead of config object (all user config was silently ignored) - smol-sql: Fix prepared statement connection mismatch (statements prepared on conn A failed on conn B) - smol-manifest: Fix parseGitUrl operator precedence (git dependency detection was broken) - smol-manifest: Fix packageIndex overwriting multi-version entries Performance - smol-http/https (30-50% throughput improvement): - Single-buffer response assembly for responses <16KB (one write instead of 3-5) - Split handleRequest into sync/async paths (avoid microtask for sync handlers) - Eliminate Response.text() double allocation (use byteLength instead of BufferFrom) - Use COMMON_HEADER_NAMES lookup in parsing path before toLowerCase - Enable TCP_FASTOPEN, SO_REUSEPORT, TCP_DEFER_ACCEPT on listen socket - Inject optimized TLS defaults (AES-128-GCM, X25519, 24h session timeout) - Disable Nagle on pre-handshake TCP socket - Replace ostringstream with memcpy in ResponseTemplate::Fill - Remove pthread_mutex from single-threaded BufferPool - Module-level backtracking stack in router (avoid per-match allocation) Performance - smol-purl: - SafeMap LRU cache replacing O(n) array shift eviction - Single-pass delimiter scanning (replace 5 sequential indexOf scans) - Type string interning for common PURL types - Fast-path decodeURIComponent skip when no % present - Remove ObjectFreeze from hot path results - Single-pass collapseSlashes Performance - smol-versions: - SafeMap LRU cache with O(1) eviction - Pre-compile and cache semver ranges (satisfies re-parsed per call) - O(n) max/min replacing O(n log n) sort - Pre-parse versions before sort (avoid O(n log n) re-parsing) - Packed uint64 comparison for versions without prerelease - Hand-rolled digit parsing replacing NumberParseInt Performance - smol-manifest: - Eliminate split('\n') for yarn/pnpm (indexOf scanning instead) - ObjectKeys + indexed loops replacing ObjectEntries - Intern common strings (prod/dev/optional/peer/npm) - Hoist regex to module scope - Pre-size packages array for JSON lockfiles Performance - smol-ilp: - Single EnsureCapacity in escape paths instead of per-byte check - Pass bufferSize/maxBufferSize config to C++ encoder Performance - smol-sql: - SQLite WAL mode + performance pragmas (5-10x write throughput) - Connection timestamp tracking for idle/lifetime eviction - Pool-level SQL storage for cross-connection re-prepare Performance - smol-vfs: - Zero-copy file entries (store offset+length, materialize on demand) - Remove LRU write-on-read pattern (immutable VFS needs no eviction) - Fast-path first probe in findVFSKey (files match on first try) - Consolidate isSeaPath + isVFSPath into single check Code style: Replace null with undefined across all modules per project standards. --------- Co-authored-by: Ryan Eberhardt <reberhardt7@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
pnpm/action-setupSHA to matchv5tag across all 12 workflow files (resolves ref-version-mismatch findings)secrets-outside-envrule in.github/zizmor.ymlcache-poisoningignore line numbers in.github/zizmor.yml