tinkle-community 220cb7428b fix(deps): resolve 3 critical Dependabot advisories ...

- go: bump github.com/jackc/pgx/v5 v5.6.0 -> v5.9.0 (CVE-2026-33815 /
  CVE-2026-33816, memory-safety in the Postgres driver). govulncheck reports
  0 affecting vulnerabilities after the bump.
- ci: pin aquasecurity/trivy-action to commit SHA ed142fd (v0.36.0) instead of
  the mutable @0.28.0 tag (GHSA-69fq-xp46-6x23, brief upstream supply-chain
  compromise). Dependabot now updates the SHA.
- web: bump vitest ^4.0.16 -> ^4.1.0 (lockfile now 4.1.8) for
  GHSA-5xrq-8626-4rwp (Vitest UI server arbitrary file read/exec; dev-only).

2026-06-05 22:19:27 +08:00

..

ISSUE_TEMPLATE

feat: implement hybrid database architecture and frontend encryption

2025-11-06 01:50:06 +08:00

PULL_REQUEST_TEMPLATE

docs: convert PR templates to English-only (#1331)

2026-01-12 22:06:17 -06:00

workflows

fix(deps): resolve 3 critical Dependabot advisories

2026-06-05 22:19:27 +08:00

CLA.md

update docs

2025-12-21 01:17:34 +08:00

CODEOWNERS

update docs

2025-12-21 01:36:16 +08:00

labeler.yml

feat: pr validation

2025-11-01 18:25:44 -04:00

labels.yml

feat: pr validation

2025-11-01 18:25:44 -04:00

PR_TITLE_GUIDE.md

docs: update PR templates to English-only (#1332)

2026-01-12 22:50:03 -06:00

PULL_REQUEST_TEMPLATE.md

feat: Claw402 x402 payment provider + Telegram agent + x402 refactoring (#1409)

2026-03-11 16:01:42 +08:00

SECURITY.md

update docs

2025-12-21 01:36:16 +08:00