chore(deps): bump pip from 24.3.1 to 25.2 in /.github/pip (#27)

dependabot[bot] · mrz1836 · web-flow · commit b207bf27c8a2 · 2025-09-26T10:31:19.000-04:00
* chore(deps): bump pip from 24.3.1 to 25.2 in /.github/pip Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.2. - [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst) - [Commits](pypa/pip@24.3.1...25.2) --- updated-dependencies: - dependency-name: pip dependency-version: '25.2' dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * ci(workflows): add OSS Index auth to security scans Add OSSI_USERNAME and OSSI_TOKEN secrets to fortress workflows to enable authentication with OSS Index in the Nancy GitHub Action. This improves security scanning by allowing authenticated requests, reducing rate-limit issues and enhancing vulnerability data accuracy. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: mrz1836 <mrz1818@gmail.com>
diff --git a/.github/pip/pip-tools-requirements.in b/.github/pip/pip-tools-requirements.in
@@ -4,4 +4,4 @@
 
 pip-tools==7.4.1
 setuptools>=78.1.1
-pip<25  # pip 25.1 has compatibility issues with pip-tools on Python 3.13
+pip<26  # pip 25.1 has compatibility issues with pip-tools on Python 3.13
diff --git a/.github/pip/pip-tools-requirements.txt b/.github/pip/pip-tools-requirements.txt
@@ -32,9 +32,9 @@ wheel==0.45.1 \
     # via pip-tools
 
 # The following packages are considered to be unsafe in a requirements file:
-pip==24.3.1 \
-    --hash=sha256:3790624780082365f47549d032f3770eeb2b1e8bd1f7b2e02dace1afa361b4ed \
-    --hash=sha256:ebcb60557f2aefabc2e0f918751cd24ea0d56d8ec5445fe1807f1d2109660b99
+pip==25.2 \
+    --hash=sha256:578283f006390f85bb6282dffb876454593d637f5d1be494b5202ce4877e71f2 \
+    --hash=sha256:6d67a2b4e7f14d8b31b8b52648866fa717f45a1eb70e83002f4331d07e953717
     # via
     #   -r pip-tools-requirements.in
     #   pip-tools
diff --git a/.github/workflows/fortress-security-scans.yml b/.github/workflows/fortress-security-scans.yml
@@ -47,6 +47,12 @@ on:
       gitleaks-license:
         description: "Gitleaks license key"
         required: false
+      ossi-username:
+        description: "OSS Index username for Nancy authentication"
+        required: false
+      ossi-token:
+        description: "OSS Index token for Nancy authentication"
+        required: false
 
 permissions:
   contents: read
@@ -110,6 +116,9 @@ jobs:
       - name: 🔍 Ask Nancy
         uses: sonatype-nexus-community/nancy-github-action@726e338312e68ecdd4b4195765f174d3b3ce1533 # v1.0.3
         continue-on-error: false
+        env: # Authentication for OSS Index (recommended)
+          OSSI_USERNAME: ${{ secrets.ossi-username }}
+          OSSI_TOKEN: ${{ secrets.ossi-token }}
         with:
           githubToken: ${{ secrets.github-token }} # ← prevents rate-limit 403
           nancyVersion: ${{ env.NANCY_VERSION }}
diff --git a/.github/workflows/fortress.yml b/.github/workflows/fortress.yml
@@ -163,6 +163,8 @@ jobs:
     secrets:
       github-token: ${{ secrets.GH_PAT_TOKEN != '' && secrets.GH_PAT_TOKEN || secrets.GITHUB_TOKEN }}
       gitleaks-license: ${{ secrets.GITLEAKS_LICENSE }}
+      ossi-username: ${{ secrets.OSSI_USERNAME }}
+      ossi-token: ${{ secrets.OSSI_TOKEN }}
   # ----------------------------------------------------------------------------------
   # Code Quality Checks
   # ----------------------------------------------------------------------------------
