Skip to content

chore: auto-audit hygiene fixes#98

Merged
yesoreyeram merged 2 commits into
mainfrom
chore/auto-audit
May 29, 2026
Merged

chore: auto-audit hygiene fixes#98
yesoreyeram merged 2 commits into
mainfrom
chore/auto-audit

Conversation

@itsmylife

@itsmylife itsmylife commented May 28, 2026

Copy link
Copy Markdown
Contributor

Automated repo hygiene audit. This branch applies the following standard changes:

  • Set engines in package.json to node >=24 (and npm >=11.15.0 for npm-based repos), across every package.json outside node_modules.
  • Set packageManager to yarn@4.15.0.
  • Replace .yarnrc.yml with the standard template (enableScripts: false, npmMinimalAgeGate: 4320, etc.).

Notes

  • All commits are SSH-signed.
  • Audit was applied uniformly across ~70 Grafana data-source / library repos. See the audit driver (run locally) for the full ruleset.
  • Please skim the diff before merging.

@itsmylife
chore: auto-audit fixes
adb4a57 
Apply repo hygiene audit:
- ensure plugin-ci-workflows ci.yml/cd.yml pinned at @ci-cd-workflows/v8.0.1
- ensure .npmrc / .yarnrc.yml match standard template
- ensure package.json engines (node >=24, npm >=11.15.0 if npm)
- ensure go.mod go directive at >= 1.26.3 (plugins only)
@itsmylife itsmylife requested a review from a team as a code owner May 28, 2026 20:58
@github-actions

github-actions Bot commented May 28, 2026
edited
Loading

Copy link
Copy Markdown

TruffleHog Scan Results

Summary: Found 1 potential secrets (0 verified, 1 unverified)

  • Possible secret (Gitlab) at .yarn/releases/yarn-4.15.0.cjs:711npmP***ance

Review: Check if unverified secrets are false positives.

Ignoring False Positives:
To mark a false positive, add # trufflehog:ignore as an inline comment on the same line as the detected secret:

my_fake_secret = "AKIAIOSFODNN7EXAMPLE"  # trufflehog:ignore

This works for files that support line numbers (most source files). After adding the comment, push your changes and the scan will re-run.

@cla-assistant

cla-assistant Bot commented May 28, 2026
edited
Loading

Copy link
Copy Markdown

CLA assistant check
All committers have signed the CLA.

@itsmylife
chore: pin .nvmrc to 24.15.0 and regenerate yarn.lock for yarn 4.15.0
56b21d8 
yarn@4.15.0 uses lockfile format v10; regenerate so the immutable
install in CI no longer fails with YN0028. Pin node to 24.15.0.
yesoreyeram
yesoreyeram reviewed May 29, 2026
View reviewed changes
Comment thread lib/go/csvframer/package.json
"tidy": "go mod tidy",
"test:backend": "go test -v ./..."
},
"engines": {

@yesoreyeram yesoreyeram May 29, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we need changes here in every packaage in this monorepo. root level specification is fine.

@yesoreyeram yesoreyeram merged commit 8e56afb into main May 29, 2026
13 checks passed
@yesoreyeram yesoreyeram deleted the chore/auto-audit branch May 29, 2026 10:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yesoreyeram yesoreyeram yesoreyeram approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@itsmylife @yesoreyeram