Barcode Betty 9c15e29aa9 Merge pull request 'ci(auth): add Grype scan step; document provenance/sbom OCI limitation (CAR-1446)' (#53) from dev into uat ...

ci(auth): promote CAR-1446 Grype scan + dep fix to uat (PR #53)

Merges dev→uat: adds Grype supply-chain scan between Build and Push,
documents OCI referrers limitation with HTTP 404 proof, and patches
three HIGH transitive CVEs in better-auth deps (defu, kysely) via
npm overrides.

QA APPROVED (cs_charlie, review 4846). Security reviewed (Stockboy Steve).

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-06-23 03:55:28 +00:00

..

workflows

ci(auth): update CAR-1446 comment with empirical OCI referrers proof

2026-06-23 02:50:37 +00:00

CI_TRIGGER.md

test(ci): trigger CI after DinD fix (CAR-1042)

2026-05-25 23:15:07 +00:00