ci: add dependency audits and miri by dev-jodee · Pull Request #85 · solana-program/escrow

dev-jodee · 2026-05-21T13:14:52Z

Summary

add Security workflow with cargo audit, pnpm audit, and Miri checks using the shared setup action
move Dependabot package update cadence to weekly
update ws through pnpm overrides and baseline the current exact unpatched npm advisory

ruby -e "require "yaml"; ARGV.each { |f| YAML.load_file(f) }" .github/dependabot.yml .github/workflows/security.yml .github/actions/setup/action.yml
git diff --check
cargo audit --no-fetch
pnpm audit --ignore GHSA-848j-6mx2-7j84
cargo +nightly miri test -p escrow-program

vercel · 2026-05-21T13:14:57Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
solana-escrow-program	Ready	Preview, Comment	May 21, 2026 1:14pm

dev-jodee added 2 commits May 20, 2026 09:46

ci: ignore dependabot patch updates

a630fb4

ci: add dependency audits and miri

79a9f4c

dev-jodee merged commit c717437 into main May 21, 2026
10 checks passed

dev-jodee deleted the ci/ignore-dependabot-patch-updates branch May 21, 2026 13:22