Skip to content

fix(orchestrator): Address CVE-2026-3118 (#2597) (#2727) #18801

fix(orchestrator): Address CVE-2026-3118 (#2597) (#2727)

fix(orchestrator): Address CVE-2026-3118 (#2597) (#2727) #18801

name: Automate Renovate changeset
on:
pull_request_target:
paths:
- '.github/workflows/automate_renovate_changesets.yml'
- '**/yarn.lock'
jobs:
generate-changeset:
runs-on: ubuntu-latest
if: github.actor == 'renovate[bot]' && github.repository == 'redhat-developer/rhdh-plugins'
steps:
- name: Harden Runner
uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
fetch-depth: 2
ref: ${{ github.head_ref }}
token: ${{ secrets.RHDH_BOT_TOKEN }}
- name: Set up Node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
with:
node-version: 22
registry-url: https://registry.npmjs.org/ # Needed for auth
- name: Configure Git
run: |
git config --global user.email 146280956+rhdh-bot@users.noreply.github.com
git config --global user.name 'Github changeset workflow'
- name: Generate changesets
run: node ./scripts/ci/generate-bump-changesets.js