Consolidate 15 open PRs: dependency updates, GitHub Actions upgrades, Phase 4 documentation, and CI/CD fixes (#43)

* Initial plan

* Update all dependencies and GitHub Actions versions

Co-authored-by: doublegate <[email protected]>

* Add Phase 4 documentation and Lua scripting guide

Co-authored-by: doublegate <[email protected]>

* Fix: Correctly format script header comments

Co-authored-by: parobek <[email protected]>

* Address PR review comments: remove placeholders, update prototype dependencies

Co-authored-by: doublegate <[email protected]>

* Fix CI failures: dependency review config and security audit permissions

Co-authored-by: doublegate <[email protected]>

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: doublegate <[email protected]>
Co-authored-by: Cursor Agent <[email protected]>
Co-authored-by: parobek <[email protected]>

Author: 3 people

.github/dependency-review-config.yml

@@ -32,21 +32,18 @@ deny-licenses:
 # Allow specific packages even if they fail other checks
 allow-dependencies-licenses:
   # Core Rust ecosystem crates that are essential
-  - package-name: "serde"
-  - package-name: "serde_json"
-  - package-name: "tokio"
-  - package-name: "clap"
+  - serde
+  - serde_json
+  - tokio
+  - clap
 
 # Deny specific packages
 deny-packages:
   # Example of denying packages with known issues
-  - package-name: "openssl-sys"
-    reason: "Prefer rustls for pure Rust TLS implementation"
+  - openssl-sys
 
 # Allow vulnerabilities for specific advisories (temporary exceptions)
-allow-ghsas:
-  # Example: Allow specific GitHub Security Advisories temporarily
-  # - "GHSA-xxxx-xxxx-xxxx"
+allow-ghsas: []
 
 # Configuration for comment behavior
 comment-summary-in-pr: auto

.github/workflows/ci.yml

@@ -59,7 +59,7 @@ jobs:
     if: ${{ !inputs.cache_key }}
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
     - uses: dtolnay/rust-toolchain@stable
       with:
         components: rustfmt
@@ -76,7 +76,7 @@ jobs:
     if: ${{ !inputs.cache_key }}
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
     - uses: dtolnay/rust-toolchain@stable
       with:
         components: clippy
@@ -103,7 +103,7 @@ jobs:
             rust: beta
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
 
     # Setup cross-platform helper functions
     - name: Load helper functions
@@ -268,7 +268,7 @@ jobs:
 
     - name: Download build artifacts (if available)
       if: inputs.cache_key != ''
-      uses: actions/download-artifact@v5
+      uses: actions/download-artifact@v6
       with:
         name: build-artifacts-${{ matrix.os }}
         path: target/
@@ -526,7 +526,7 @@ jobs:
     name: Minimum Supported Rust Version
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
 
     # Setup cross-platform helper functions
     - name: Load helper functions

.github/workflows/master-pipeline.yml

@@ -56,7 +56,7 @@ jobs:
       should_run_release: ${{ steps.config.outputs.should_run_release }}
       release_tag: ${{ steps.config.outputs.release_tag }}
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       # Setup cross-platform helper functions
       - name: Load helper functions
@@ -217,7 +217,7 @@ jobs:
 
       # Upload build artifacts for other jobs to use
       - name: Upload build artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: build-artifacts-${{ runner.os }}
           path: |
@@ -317,7 +317,7 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       - uses: dtolnay/rust-toolchain@stable
         with:
@@ -393,7 +393,7 @@ jobs:
           EOF
 
       - name: Upload documentation artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: documentation
           path: target/doc/
@@ -428,7 +428,7 @@ jobs:
       contents: read
       id-token: write
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       - uses: dtolnay/rust-toolchain@stable
 
@@ -500,7 +500,7 @@ jobs:
             artifact_name: rustirc-macos-arm64.tar.gz
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
@@ -549,7 +549,7 @@ jobs:
           7z a ../../../${{ matrix.artifact_name }} rustirc.exe
         shell: pwsh
       - name: Upload build artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: ${{ matrix.artifact_name }}
           path: ${{ matrix.artifact_name }}
@@ -571,12 +571,12 @@ jobs:
       contents: write
       discussions: write
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
       - name: Download artifacts
-        uses: actions/download-artifact@v5
+        uses: actions/download-artifact@v6
         with:
           path: artifacts
 

.github/workflows/release.yml

@@ -71,7 +71,7 @@ jobs:
     permissions:
       contents: read
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
       with:
         fetch-depth: 0
 
@@ -120,7 +120,7 @@ jobs:
       shell: bash
 
     - name: Upload artifact
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v5
       with:
         name: ${{ matrix.asset_name }}
         path: |
@@ -138,12 +138,12 @@ jobs:
       contents: write
       discussions: write
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
       with:
         fetch-depth: 0
 
     - name: Download all artifacts
-      uses: actions/download-artifact@v5
+      uses: actions/download-artifact@v6
       with:
         path: artifacts
 

.github/workflows/security-audit.yml

@@ -52,7 +52,7 @@ jobs:
       actions: read
     steps:
     - name: Checkout code
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
       with:
         fetch-depth: 0
 
@@ -211,7 +211,7 @@ jobs:
         echo "count=$total" >> $GITHUB_OUTPUT
 
     - name: Upload audit results as artifact
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v5
       if: always()
       with:
         name: security-audit-results
@@ -221,19 +221,24 @@ jobs:
         retention-days: 30
 
     - name: Comment audit summary on PR
-      if: github.event_name == 'pull_request'
+      if: github.event_name == 'pull_request' && github.event.pull_request
+      continue-on-error: true
       uses: actions/github-script@v8
       with:
         script: |
           const fs = require('fs');
           if (fs.existsSync('audit_summary.md')) {
             const summary = fs.readFileSync('audit_summary.md', 'utf8');
-            github.rest.issues.createComment({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              body: `## 🛡️ Security Audit Results\n\n${summary}`
-            });
+            try {
+              await github.rest.issues.createComment({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                body: `## 🛡️ Security Audit Results\n\n${summary}`
+              });
+            } catch (error) {
+              console.log('Unable to post comment (may be called from workflow_call):', error.message);
+            }
           }
 
   dependency-review:
@@ -245,7 +250,7 @@ jobs:
       pull-requests: write
     steps:
     - name: Checkout code
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
 
     - name: Dependency Review
       uses: actions/dependency-review-action@v4