From c8db75fa3859dadf8aaffbd55abb84ebc7407911 Mon Sep 17 00:00:00 2001 From: Test User Date: Tue, 21 Apr 2026 19:44:30 +0000 Subject: [PATCH] fix: use gh repo clone instead of sshUrl git clone Agents authenticate via GitHub App HTTPS tokens, not SSH keys. gh repo clone uses the authenticated HTTPS credential helper. --- hugh-hackman/HEARTBEAT.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hugh-hackman/HEARTBEAT.md b/hugh-hackman/HEARTBEAT.md index a6c9441..e0d47a8 100644 --- a/hugh-hackman/HEARTBEAT.md +++ b/hugh-hackman/HEARTBEAT.md @@ -96,7 +96,7 @@ Check for known dependency vulnerabilities using local tools (GitHub vulnerabili gh repo list privilegedescalation --json name --jq '.[].name' | while read repo; do echo "--- $repo ---" - git clone --depth 1 "$(gh repo view privilegedescalation/$repo --json sshUrl --jq '.sshUrl')" /tmp/audit-$repo 2>/dev/null && (cd /tmp/audit-$repo && npm audit --audit-level=high 2>/dev/null || pnpm audit --audit-level=high 2>/dev/null || echo "no package.json") && rm -rf /tmp/audit-$repo + gh repo clone privilegedescalation/$repo /tmp/audit-$repo -- --depth 1 2>/dev/null && (cd /tmp/audit-$repo && npm audit --audit-level=high 2>/dev/null || pnpm audit --audit-level=high 2>/dev/null || echo "no package.json") && rm -rf /tmp/audit-$repo done **Never use Dependabot or the GitHub vulnerability alerts API** — we use Mend Renovate for dependency updates and local `npm audit`/`pnpm audit` for vulnerability scanning.