From 1393d4a7d32cfedc7e556671c6956b1e55f3bd5d Mon Sep 17 00:00:00 2001
From: Ulzii Otgonbaatar <ulzii@kernel.sh>
Date: Thu, 9 Apr 2026 09:32:43 -0600
Subject: [PATCH 1/3] ci: use centralized vuln remediation workflow from infra

Made-with: Cursor
---
 .github/vuln-remediation.json          |  5 +++++
 .github/workflows/vuln-remediation.yml | 17 +++++++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 .github/vuln-remediation.json
 create mode 100644 .github/workflows/vuln-remediation.yml

diff --git a/.github/vuln-remediation.json b/.github/vuln-remediation.json
new file mode 100644
index 0000000..42e9170
--- /dev/null
+++ b/.github/vuln-remediation.json
@@ -0,0 +1,5 @@
+{
+  "non_production_paths": [],
+  "skip_packages": [],
+  "ecosystems": ["npm"]
+}
diff --git a/.github/workflows/vuln-remediation.yml b/.github/workflows/vuln-remediation.yml
new file mode 100644
index 0000000..814e016
--- /dev/null
+++ b/.github/workflows/vuln-remediation.yml
@@ -0,0 +1,17 @@
+name: Vulnerability Remediation
+
+on:
+  schedule:
+    - cron: '0 3 * * 3'
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  remediate:
+    uses: kernel/infra/.github/workflows/vuln-remediation.yml@main
+    with:
+      setup-bun: true
+    secrets: inherit

From 3f22641b591df9afc38016d618b86b2fe3a2684e Mon Sep 17 00:00:00 2001
From: Ulzii Otgonbaatar <ulzii@kernel.sh>
Date: Thu, 9 Apr 2026 09:39:57 -0600
Subject: [PATCH 2/3] ci: replace custom config with socket.yml

Made-with: Cursor
---
 .github/vuln-remediation.json | 5 -----
 socket.yml                    | 1 +
 2 files changed, 1 insertion(+), 5 deletions(-)
 delete mode 100644 .github/vuln-remediation.json
 create mode 100644 socket.yml

diff --git a/.github/vuln-remediation.json b/.github/vuln-remediation.json
deleted file mode 100644
index 42e9170..0000000
--- a/.github/vuln-remediation.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "non_production_paths": [],
-  "skip_packages": [],
-  "ecosystems": ["npm"]
-}
diff --git a/socket.yml b/socket.yml
new file mode 100644
index 0000000..22817d2
--- /dev/null
+++ b/socket.yml
@@ -0,0 +1 @@
+version: 2

From 3d06ccc3ec4e6576747d9f6dcfe271512100431b Mon Sep 17 00:00:00 2001
From: Ulzii Otgonbaatar <ulzii@kernel.sh>
Date: Fri, 10 Apr 2026 11:24:18 -0600
Subject: [PATCH 3/3] ci: point vuln remediation at kernel/security-workflows

Made-with: Cursor
---
 .github/workflows/vuln-remediation.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/vuln-remediation.yml b/.github/workflows/vuln-remediation.yml
index 814e016..b2994ff 100644
--- a/.github/workflows/vuln-remediation.yml
+++ b/.github/workflows/vuln-remediation.yml
@@ -11,7 +11,7 @@ permissions:
 
 jobs:
   remediate:
-    uses: kernel/infra/.github/workflows/vuln-remediation.yml@main
+    uses: kernel/security-workflows/.github/workflows/vuln-remediation.yml@main
     with:
       setup-bun: true
     secrets: inherit