fix: disable ZAP issue creation (403 on GITHUB_TOKEN)#122
Merged
Conversation
The deploy workflow only has `contents: read` + `id-token: write` permissions. ZAP's default behaviour of creating GitHub issues on findings fails with 403. `allow_issue_writing: false` disables that; the HTML report is still uploaded as an artifact. https://claude.ai/code/session_01B8vFxRRcgDukfk2AQGbsgP
Dependabot PRs #101 (dotenv 16→17) and #102 (axios-cookiejar-support 5→7) updated yarn.lock but not package-lock.json. CI uses npm install, so every run had to ad-hoc resolve these mismatches, causing non-deterministic behaviour in the api job. Regenerated with npm install --package-lock-only. https://claude.ai/code/session_01B8vFxRRcgDukfk2AQGbsgP
Cosmetic only — no version changes. https://claude.ai/code/session_01B8vFxRRcgDukfk2AQGbsgP
Two bugs:
1. api.js health endpoint reported cardDatabase: true even when the DB was
empty — `sc("test",1).length >= 0` is always true. Fixed to
`getAllSets().length > 0`.
2. api-test.js had no guard for set-browser tests (collection tracking,
set detail) that require real set data. Added testCardDb() helper
mirroring testDb(), which skips these 4 tests when cardDatabase is false.
https://claude.ai/code/session_01B8vFxRRcgDukfk2AQGbsgP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The deploy workflow only has
contents: read+id-token: writepermissions.ZAP's default behaviour of creating GitHub issues on findings fails with 403.
allow_issue_writing: falsedisables that; the HTML report is still uploaded as an artifact.https://claude.ai/code/session_01B8vFxRRcgDukfk2AQGbsgP