From 15cf1a4f31afa27b9db01d417dbb50179e07a8d7 Mon Sep 17 00:00:00 2001 From: stack72 Date: Wed, 8 Apr 2026 16:52:30 +0100 Subject: [PATCH] fix: align deno.json audit task with CI invocation The audit task was missing --allow-env=GITHUB_STEP_SUMMARY and --allow-write, causing it to crash in writeGitHubSummary() with NotCapable since PR #484. CI worked around the broken task by invoking scripts/audit_deps.ts inline with the right flags, which hid the bug from anyone not running the task locally. Add the missing flags to match CI's flag set, drop `&& deno outdated` from the task (CI runs deno outdated as a separate failure-tolerant step at ci.yml:98-106 which is unchanged), and route CI's vuln-scan step through `deno task audit` so the deno.json task is the single source of truth and the silent drift can't recur. Resolves swamp-club lab issue #27. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/ci.yml | 2 +- deno.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 722f029a..b3139e7f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -93,7 +93,7 @@ jobs: deno-version: v2.x - name: Scan for known vulnerabilities - run: deno run --allow-read --allow-net=api.osv.dev --allow-env=GITHUB_STEP_SUMMARY --allow-write scripts/audit_deps.ts + run: deno task audit - name: Check for outdated dependencies run: | diff --git a/deno.json b/deno.json index c7fdde76..16a87475 100644 --- a/deno.json +++ b/deno.json @@ -12,7 +12,7 @@ "fmt": "deno fmt", "compile": "deno run -A scripts/compile.ts", "license-headers": "deno run --allow-read --allow-write scripts/add_license_headers.ts", - "audit": "deno run --allow-read --allow-net=api.osv.dev scripts/audit_deps.ts && deno outdated", + "audit": "deno run --allow-read --allow-net=api.osv.dev --allow-env=GITHUB_STEP_SUMMARY --allow-write scripts/audit_deps.ts", "audit-actions": "deno run --allow-read --allow-net=api.github.com --allow-env=GITHUB_STEP_SUMMARY,GITHUB_TOKEN --allow-write scripts/audit_actions.ts", "review-skills": "deno run --allow-read --allow-run --allow-env=GITHUB_STEP_SUMMARY --allow-write scripts/review_skills.ts", "eval-skill-triggers": "deno run --allow-read --allow-run --allow-env --allow-write scripts/eval_skill_triggers_promptfoo.ts"