From 5d598c18d4dea7788f348fa2223e87ab87f449c1 Mon Sep 17 00:00:00 2001 From: Idan Adar Date: Sun, 15 Mar 2026 20:37:41 +0200 Subject: [PATCH 1/4] Add permissions to publish workflow Added permissions for GitHub Actions to read contents. --- .github/workflows/publish.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 296736f..daa16c2 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -7,8 +7,12 @@ on: jobs: publish: runs-on: ubuntu-latest + permissions: + contents: read steps: - uses: actions/checkout@v6 + with: + token: ${{ secrets.ADMIN_TOKEN }} - name: Set up Python 3.9 uses: actions/setup-python@v6 with: From 345dd71685667cb8627fc9e5b1e3389f4488f2ac Mon Sep 17 00:00:00 2001 From: Idan Adar Date: Sun, 15 Mar 2026 20:39:44 +0200 Subject: [PATCH 2/4] Add write permissions for contents in release job --- .github/workflows/create-release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 094f673..270d0b3 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -8,6 +8,8 @@ on: jobs: release: runs-on: ubuntu-latest + permissions: + contents: write steps: - name: Checkout code uses: actions/checkout@v6 From 7fb0ee85456d1f5f81978f0b2d3e8722b6bd4994 Mon Sep 17 00:00:00 2001 From: Idan Adar Date: Sun, 15 Mar 2026 20:41:56 +0200 Subject: [PATCH 3/4] patch: vulnerability fixes and other updates Removed an empty line in the prerequisites section. --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index d51ed96..744bba4 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,6 @@ The IBM Cloud Secrets Manager Python SDK allows developers to programmatically i | [Secrets Manager](https://cloud.ibm.com/apidocs/secrets-manager) | SecretsManagerV2 | ## Prerequisites - - An [IBM Cloud account](https://cloud.ibm.com/registration). - A [Secrets Manager service instance](https://cloud.ibm.com/catalog/services/secrets-manager). - An [IBM Cloud API key](https://cloud.ibm.com/iam/apikeys) that allows the SDK to access your account. From e0aa12939a0ec4a6738e3e95c84d99a864765682 Mon Sep 17 00:00:00 2001 From: IDAN ADAR Date: Sun, 15 Mar 2026 20:52:38 +0200 Subject: [PATCH 4/4] Package updates --- .gitignore | 4 +++- package-lock.json | 40 +++++++++++++++++++++------------------- package.json | 5 ++++- 3 files changed, 28 insertions(+), 21 deletions(-) diff --git a/.gitignore b/.gitignore index f57ba83..972aaba 100644 --- a/.gitignore +++ b/.gitignore @@ -129,4 +129,6 @@ dmypy.json .pyre/ *.idea .openapi-generator-ignore -.openapi-generator \ No newline at end of file +.openapi-generator + +node_modules \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index f41b35b..b77885a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -4,12 +4,14 @@ "requires": true, "packages": { "": { + "name": "secrets-manager-python-sdk", "devDependencies": { "@semantic-release/changelog": "^6.0.3", "@semantic-release/exec": "^7.1.0", "@semantic-release/git": "^10.0.1", "@semantic-release/github": "^12.0.0", - "@semantic-release/release-notes-generator": "^14.0.3" + "@semantic-release/release-notes-generator": "^14.1.0", + "undici": "^7.24.3" } }, "node_modules/@actions/core": { @@ -47,6 +49,20 @@ "undici": "^5.25.4" } }, + "node_modules/@actions/http-client/node_modules/undici": { + "version": "5.29.0", + "resolved": "https://registry.npmjs.org/undici/-/undici-5.29.0.tgz", + "integrity": "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==", + "dev": true, + "license": "MIT", + "peer": true, + "dependencies": { + "@fastify/busboy": "^2.0.0" + }, + "engines": { + "node": ">=14.0" + } + }, "node_modules/@actions/io": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz", @@ -650,16 +666,6 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/@semantic-release/github/node_modules/undici": { - "version": "7.24.3", - "resolved": "https://registry.npmjs.org/undici/-/undici-7.24.3.tgz", - "integrity": "sha512-eJdUmK/Wrx2d+mnWWmwwLRyA7OQCkLap60sk3dOK4ViZR7DKwwptwuIvFBg2HaiP9ESaEdhtpSymQPvytpmkCA==", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=20.18.1" - } - }, "node_modules/@semantic-release/npm": { "version": "13.1.2", "resolved": "https://registry.npmjs.org/@semantic-release/npm/-/npm-13.1.2.tgz", @@ -6392,17 +6398,13 @@ } }, "node_modules/undici": { - "version": "5.29.0", - "resolved": "https://registry.npmjs.org/undici/-/undici-5.29.0.tgz", - "integrity": "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==", + "version": "7.24.3", + "resolved": "https://registry.npmjs.org/undici/-/undici-7.24.3.tgz", + "integrity": "sha512-eJdUmK/Wrx2d+mnWWmwwLRyA7OQCkLap60sk3dOK4ViZR7DKwwptwuIvFBg2HaiP9ESaEdhtpSymQPvytpmkCA==", "dev": true, "license": "MIT", - "peer": true, - "dependencies": { - "@fastify/busboy": "^2.0.0" - }, "engines": { - "node": ">=14.0" + "node": ">=20.18.1" } }, "node_modules/unicode-emoji-modifier-base": { diff --git a/package.json b/package.json index d6bae9d..db740f2 100644 --- a/package.json +++ b/package.json @@ -4,6 +4,9 @@ "@semantic-release/exec": "^7.1.0", "@semantic-release/git": "^10.0.1", "@semantic-release/github": "^12.0.0", - "@semantic-release/release-notes-generator": "^14.0.3" + "@semantic-release/release-notes-generator": "^14.1.0", + "undici": "^7.24.3" } } + +