mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-30 06:41:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
hermes-agent/.github
History
ethernet 2f320cb35a fix(ci): supply-chain-audit uses two-dot diff, causing false positives on stale-branch PRs 
The workflow diffs base.sha..head.sha (two-dot), which compares the
tip-of-main tree directly against the PR tip. When files land on main
after a PR branched off, they appear in the diff even though the PR
never touched them — triggering false-positive findings.

Example: PR #30609 was flagged for hermes_cli/setup.py, a file added
to main by an unrelated commit after the PR branched.

Switch to three-dot diff (base.sha...head.sha), which diffs from the
merge base to the PR tip — only changes introduced by this PR are
included. Applied to all four diff commands in both jobs (scan and
dep-bounds).
2026-05-22 15:15:53 -07:00
..
actions ci: run docker build on PRs + smoke test arm64 2026-05-08 18:47:07 -04:00
ISSUE_TEMPLATE feat: add openrouter/elephant-alpha to curated model lists (#9378) 2026-04-13 21:16:14 -07:00
workflows fix(ci): supply-chain-audit uses two-dot diff, causing false positives on stale-branch PRs 2026-05-22 15:15:53 -07:00
dependabot.yml chore(security): add OSV-Scanner CI + Dependabot for github-actions only (#20037) 2026-05-04 20:58:21 -07:00
PULL_REQUEST_TEMPLATE.md docs: add documentation & housekeeping checklist to PR template 2026-03-05 07:23:52 -08:00