Skip to content

Comments

chore: updated the RL wrapper installation path#746

Merged
sanchitmehtagit merged 1 commit intomainfrom
rl_scanner
Feb 19, 2026
Merged

chore: updated the RL wrapper installation path#746
sanchitmehtagit merged 1 commit intomainfrom
rl_scanner

Conversation

@pmathew92
Copy link
Contributor

📋 Changes

GH action pipeline change for RL scanner

Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the GitHub composite action used to run the ReversingLabs (RL) scanner by changing where the rl-wrapper Python package is installed from.

Changes:

  • Switches the pip --index-url path used to install rl-wrapper from the internal Artifactory PyPI endpoint.
  • Removes the rl-wrapper version constraint during installation.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

shell: bash
run: |
pip install rl-wrapper>=1.0.0 --index-url "https://${{ env.PRODSEC_TOOLS_USER }}:${{ env.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python-local/simple"
pip install rl-wrapper --index-url "https://${{ env.PRODSEC_TOOLS_USER }}:${{ env.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python/simple"
Copy link

Copilot AI Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The RL wrapper install command no longer specifies any version constraint. This makes the action non-reproducible and can introduce unexpected breakages if a new (or old) rl-wrapper release changes behavior. Consider restoring a lower bound (e.g., the previous ">=1.0.0") or pinning to a known-good version/range that matches the scanner expectations.

Suggested change
pip install rl-wrapper --index-url "https://${{ env.PRODSEC_TOOLS_USER }}:${{ env.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python/simple"
pip install "rl-wrapper>=1.0.0" --index-url "https://${{ env.PRODSEC_TOOLS_USER }}:${{ env.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python/simple"

Copilot uses AI. Check for mistakes.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is intentional

@sanchitmehtagit sanchitmehtagit merged commit 2502656 into main Feb 19, 2026
17 checks passed
@sanchitmehtagit sanchitmehtagit deleted the rl_scanner branch February 19, 2026 17:23
NandanPrabhu added a commit that referenced this pull request Feb 23, 2026
* main: (79 commits)
  build(deps): bump aws-actions/configure-aws-credentials from 5.1.1 to 6.0.0 in /.github/actions/rl-scanner (#744)
  chore:  updated the RL wrapper installation path (#746)
  Release af-v2.0.0-beta.3 (#743)
  Release afpi-v2.0.0-beta.3 (#742)
  Release afpi-v2.0.0-beta.3 (#741)
  build(deps): bump ruby/setup-ruby from 1.286.0 to 1.288.0 in /.github/actions/setup-darwin (#740)
  CredentialsManager user info/ID token contents accessible via flutter SDK (#607)
  CI cleanup
  Avoid running always failing smoke tests for iOS
  make PR runs  with release workflow that triggers flutter analyze
  udpate pubspec
  udpate podspecs
  Release af-v2.0.0-beta.2
  pubspec update for beta release
  Release afpi-v2.0.0-beta.2
  fix flutter analyse errors
  build(deps): bump ruby/setup-ruby from 1.285.0 to 1.286.0 in /.github/actions/setup-darwin (#728)
  build(deps-dev): bump lodash from 4.17.21 to 4.17.23 in /appium-test (#729)
  chore:Fixed errors from flutter analyze (#727)
  feat: Add allowedBrowsers parameter to logout API [SDK-724] (#726)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants