fix(ci): pin upload-artifact to valid SHA in hypatia-scan.yml (Refs standards#48)

[hyperpolymath]

Generator-materialized hypatia-scan.yml pinned actions/upload-artifact@v4 to nonexistent SHA 65c79d7f54e76e4e3c7a8f34db0f4ac8b515c478; corrected to ea165f8d65b6e75b540449e92b4886f43607fa02. Generator already fixed (gitbot-fleet#163). 12 file(s).

Refs standards#48

🤖 Generated with Claude Code

[github-actions]

🔍 Hypatia Security Scan

Findings: 65 issues detected

Severity	Count
🔴 Critical	20
🟠 High	31
🟡 Medium	14

⚠️ Action Required: Critical security issues found!

View findings

[
  {
    "reason": "Issue in quality.yml",
    "type": "missing_workflow",
    "file": "quality.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in security-policy.yml",
    "type": "missing_workflow",
    "file": "security-policy.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
    "type": "unpinned_action",
    "file": "governance.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
    "type": "believe_me",
    "file": "/home/runner/work/patallm-gallery/patallm-gallery/did-you-actually-do-that/src/abi/Attestation.idr",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "critical"
  },
  {
    "reason": "assert_total bypasses totality checker (1 occurrences, CWE-704)",
    "type": "assert_total",
    "file": "/home/runner/work/patallm-gallery/patallm-gallery/did-you-actually-do-that/src/abi/Attestation.idr",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "assert_smaller bypasses termination checker (1 occurrences, CWE-704)",
    "type": "assert_smaller",
    "file": "/home/runner/work/patallm-gallery/patallm-gallery/did-you-actually-do-that/src/abi/Attestation.idr",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "eval() -- arbitrary code execution (1 occurrences, CWE-94)",
    "type": "js_eval",
    "file": "/home/runner/work/patallm-gallery/patallm-gallery/claude-integrations/firefox-mcp/extension-mv3/background.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "critical"
  },
  {
    "reason": "eval() -- arbitrary code execution (1 occurrences, CWE-94)",
    "type": "js_eval",
    "file": "/home/runner/work/patallm-gallery/patallm-gallery/claude-integrations/firefox-mcp/extension/content/bridge.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "critical"
  },
  {
    "reason": "innerHTML assignment -- XSS risk, use textContent or SafeDOM (1 occurrences, CWE-79)",
    "type": "js_innerhtml",
    "file": "/home/runner/work/patallm-gallery/patallm-gallery/claude-integrations/gecko-browser-extension/src/content/content.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "innerHTML assignment -- XSS risk, use textContent or SafeDOM (2 occurrences, CWE-79)",
    "type": "js_innerhtml",
    "file": "/home/runner/work/patallm-gallery/patallm-gallery/claude-integrations/gecko-browser-extension/src/popup/popup.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence