ci: Bump trufflesecurity/trufflehog from 3.94.1 to 3.94.2#11
Merged
hyperpolymath merged 1 commit intoApr 9, 2026
Merged
Conversation
Bumps [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) from 3.94.1 to 3.94.2. - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Commits](trufflesecurity/trufflehog@586f66d...6bd2d14) --- updated-dependencies: - dependency-name: trufflesecurity/trufflehog dependency-version: 3.94.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
dependabot
Bot
deleted the
dependabot/github_actions/trufflesecurity/trufflehog-3.94.2
branch
This was referenced May 28, 2026
hyperpolymath
added a commit
that referenced
this pull request
May 28, 2026
## Summary aLib roadmap T1 item #10. Adds `stdlib/alib.affine` exposing the 22 aLib v0.1.0 operations under their canonical aLib names — single import point for consumers wanting the aLib surface rather than the AffineScript-idiomatic surface. ### The 22 ops by category | Category | Ops | |---|---| | arithmetic (5) | `add`, `subtract`, `multiply`, `divide`, `modulo` | | comparison (6) | `less_than`, `greater_than`, `equal`, `not_equal`, `less_equal`, `greater_equal` | | logical (3) | `and`, `or`, `not` | | string (3) | `concat`, `length`, `substring` | | collection (4) | `map`, `filter`, `fold`, `contains` | | conditional (1) | `if_then_else` | **Count correction**: the roadmap row 10 said "20"; current aggregate.json v0.1.0 has 22. Row updated to match. ### Type model `Number ↦ Int` for v0.1.0 since aggregate.json test vectors use integer arithmetic. A parallel `alib_float` set can be added when Float-typed test vectors land — keeping the `alib::add` surface integer-pure preserves the simple consumer API and avoids `Number` ambiguity at the call site. ### Implementation - `add`/`subtract`/`multiply`/etc. — thin operator wrappers - `length` / `concat` / `substring` — bind to existing stdlib functions + the `string_sub` builtin - `map`/`filter` — written explicitly (avoids a cross-module visibility quirk pending the alib #9 audit) - `fold`/`contains` — re-exported from `prelude` via aliased import (`use prelude::{ fold as prelude_fold, ... }`) - `if_then_else` — eager evaluation per aLib spec; consumers wanting laziness use the language `if … else …` expression directly ### Downstream unlocks - alib #11 (`aggregate.json` schema loader) - alib #12 (test-vector executor — needs this module as the dispatch target) - alib #13 (properties auto-checker) ## Test plan - [x] `affinescript check stdlib/alib.affine` — passes (verified locally on the canonical opam switch) - [ ] alib #11 schema loader (separate PR) reads aggregate.json - [ ] alib #12 executor (separate PR) dispatches into this module ## Refs - Closes #416 - Umbrella #413 (aLib roadmap) - Canonical signatures: `developer-ecosystem/aggregate-library/data/aggregate.json` 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
3 tasks
hyperpolymath
added a commit
that referenced
this pull request
May 28, 2026
) ## Summary Closes alib-roadmap.adoc item **#11** (`○` → `●`). Unblocks #12 (test-vector executor). Adds `stdlib/AlibSchema.affine` — Approach A (AffineScript-side parser, no new build tool needed) layered on the existing `hpm_json_*` lazy-handle FFI from `stdlib/json.affine`. ## Public surface ``` pub type TestCase = { description: String, input_count: Int } pub type AlibOp = { name, category, signature_string, purpose: String, test_cases: [TestCase] } pub type AlibSchema = { schema_version: String, total_operations: Int, operations: [AlibOp] } pub fn parse_schema(src: String) -> Result<AlibSchema, String> pub fn load_schema(path: String) -> Result<AlibSchema, String> pub fn load_estate_schema() -> Result<AlibSchema, String> pub fn estate_path() -> String ``` `test_cases[].input` / `output` are intentionally NOT decoded to a sum type here — `aggregate.json` mixes Int / Float / String / Bool / arrays and per-op-named-fields objects (conditional has `{condition, then_value, else_value}`). The #12 executor will re-descend per-op with a known shape. ## Verification - `affinescript check stdlib/AlibSchema.affine` → `Type checking passed` - Full stdlib re-check → all `.affine` files still pass - No regressions to `stdlib/alib.affine` or `stdlib/json.affine` ## Ownership / safety Every `Some(h)` from `hpm_json_parse` / `hpm_json_object_get` / `hpm_json_array_get` is paired with a matching `hpm_json_free`. The root handle is freed inside `parse_schema`. ## Notes - **GH Actions budget**: estate is over the monthly cap; admin-merging on clean local verify per estate-wide standing directive. Type-check is the only gate that matters at this scope. - AffineScript syntax gotchas honoured (record literal `#{...}`, generics not relevant here, no `label`/`total` collisions, no `for`-over-while inside the tree-walk). - Lazy-handle pattern was preferred over `to_json` because `to_json` returns `None` for object roots (object-key enumeration is not yet a Zig export on `hpm-json-rsr`). ## Test plan - [x] `affinescript check stdlib/AlibSchema.affine` - [x] Full `stdlib/*.affine` re-check (no regressions) - [ ] (Follow-up #12) feed `load_estate_schema()` into the dispatch loop and confirm 20 ops × N test-cases iterate 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
pushed a commit
that referenced
this pull request
May 30, 2026
Adds docs/specs/zig-ffi-patterns.adoc — the canonical, task-oriented recipe for binding a Zig C-ABI export to an AffineScript extern fn, the deliverable for bindings #19 in docs/bindings-roadmap.adoc. Scoped to avoid DOC-DEDUP overlap: SPEC §2.10 owns the grammar, STDLIB-EXTERN-AUDIT owns the inventory, codegen-environment owns the wasm codegen mechanics; this doc is the authoring recipe + per-backend host contract that ties them together. Grounded in the actual codegen: - wasm: every extern fn -> (import "env" "<name>") (lib/codegen.ml) - Deno-ESM: deno_builtins intrinsics emit a self-contained __as_* helper; declared externs lower to a same-named host symbol (mangle is identity except JS reserved words) (lib/codegen_deno.ml) Worked example uses the existing hpm-json-rsr binding in stdlib/json.affine. Bumps the #19 row in bindings-roadmap.adoc from a partial-scaffold status to usable per the doc's own 'update the row in the same PR' rule. Unblocks the RSR rewires #11 / #12 / #16.
hyperpolymath
pushed a commit
that referenced
this pull request
May 31, 2026
Adds docs/specs/zig-ffi-patterns.adoc — the canonical, task-oriented recipe for binding a Zig C-ABI export to an AffineScript extern fn, the deliverable for bindings #19 in docs/bindings-roadmap.adoc. Scoped to avoid DOC-DEDUP overlap: SPEC §2.10 owns the grammar, STDLIB-EXTERN-AUDIT owns the inventory, codegen-environment owns the wasm codegen mechanics; this doc is the authoring recipe + per-backend host contract that ties them together. Grounded in the actual codegen: - wasm: every extern fn -> (import "env" "<name>") (lib/codegen.ml) - Deno-ESM: deno_builtins intrinsics emit a self-contained __as_* helper; declared externs lower to a same-named host symbol (mangle is identity except JS reserved words) (lib/codegen_deno.ml) Worked example uses the existing hpm-json-rsr binding in stdlib/json.affine. Bumps the #19 row in bindings-roadmap.adoc from a partial-scaffold status to usable per the doc's own 'update the row in the same PR' rule. Unblocks the RSR rewires #11 / #12 / #16.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps trufflesecurity/trufflehog from 3.94.1 to 3.94.2.
Release notes
Sourced from trufflesecurity/trufflehog's releases.
Commits
6bd2d14Re-enabled TestAPKHandler test and updated artifact url (#4856)681b305Updated google.golang.org/grpc v1.78.0 --> v1.79.3 (#4852)e81c0fcAdd Shopify OAuth Detector (#4738)03acc78todoist: replace deprecated verification endpoint (#4828)bfaa370updated detectors.proto and made protos (#4853)6171fa9fix: replace release-guard workflow with revert-latest job (#4838)61d57c1skipping TestAPKHandler because the apk file being used in this test is unava...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)