chore(deps): bump pip from 24.3.1 to 25.2 in /.github/pip (#30)

* chore(deps): bump pip from 24.3.1 to 25.2 in /.github/pip

Bumps [pip](https://github.com/pypa/pip) from 24.3.1 to 25.2.
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](pypa/pip@24.3.1...25.2)

---
updated-dependencies:
- dependency-name: pip
  dependency-version: '25.2'
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* ci: add OSS Index auth to Nancy scan and update nancy version

Add OSS Index username and token secrets to workflows and configure
Nancy GitHub Action to use these credentials for authenticated scans.
This improves vulnerability detection accuracy and avoids rate limits.

Also update Nancy version from v1.0.51 to v1.0.52 in shared environment
to ensure usage of latest features and fixes.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mrz1836 <mrz1818@gmail.com>

Author: dependabot[bot]

.github/.env.shared

@@ -59,7 +59,7 @@ GITLEAKS_VERSION=8.27.2                           # Version of gitleaks to insta
 GORELEASER_VERSION=v2.11.0                        # Version of goreleaser to install and use (vX.Y.Z) (https://github.com/goreleaser/goreleaser)
 GOVULNCHECK_VERSION=v1.1.4                        # Version of govulncheck to use for Go vuln scanning (vX.Y.Z) (https://pkg.go.dev/golang.org/x/vuln)
 NANCY_EXCLUDES=CVE-2024-38513,CVE-2022-21698,CVE-2023-45142  # Known acceptable CVEs (cve,cve2,...)
-NANCY_VERSION=v1.0.51                             # Version of nancy to install and use (vX.Y.Z) (https://github.com/sonatype-nexus-community/nancy)
+NANCY_VERSION=v1.0.52                             # Version of nancy to install and use (vX.Y.Z) (https://github.com/sonatype-nexus-community/nancy)
 NODE_VERSION=20                                   # Node.js version for prettier and other tools (major version)
 PRETTIER_VERSION=3.6.2                            # Version of prettier to use for YAML validation (X.Y.Z) (https://www.npmjs.com/package/prettier)
 

.github/pip/pip-tools-requirements.in

@@ -4,4 +4,4 @@
 
 pip-tools==7.4.1
 setuptools>=78.1.1
-pip<25  # pip 25.1 has compatibility issues with pip-tools on Python 3.13
+pip<26  # pip 25.1 has compatibility issues with pip-tools on Python 3.13

.github/pip/pip-tools-requirements.txt

@@ -32,9 +32,9 @@ wheel==0.45.1 \
     # via pip-tools
 
 # The following packages are considered to be unsafe in a requirements file:
-pip==24.3.1 \
-    --hash=sha256:3790624780082365f47549d032f3770eeb2b1e8bd1f7b2e02dace1afa361b4ed \
-    --hash=sha256:ebcb60557f2aefabc2e0f918751cd24ea0d56d8ec5445fe1807f1d2109660b99
+pip==25.2 \
+    --hash=sha256:578283f006390f85bb6282dffb876454593d637f5d1be494b5202ce4877e71f2 \
+    --hash=sha256:6d67a2b4e7f14d8b31b8b52648866fa717f45a1eb70e83002f4331d07e953717
     # via
     #   -r pip-tools-requirements.in
     #   pip-tools

.github/workflows/fortress-security-scans.yml

@@ -47,6 +47,12 @@ on:
       gitleaks-license:
         description: "Gitleaks license key"
         required: false
+      ossi-username:
+        description: "OSS Index username for Nancy authentication"
+        required: false
+      ossi-token:
+        description: "OSS Index token for Nancy authentication"
+        required: false
 
 permissions:
   contents: read
@@ -110,6 +116,9 @@ jobs:
       - name: 🔍 Ask Nancy
         uses: sonatype-nexus-community/nancy-github-action@726e338312e68ecdd4b4195765f174d3b3ce1533 # v1.0.3
         continue-on-error: false
+        env: # Authentication for OSS Index (recommended)
+          OSSI_USERNAME: ${{ secrets.ossi-username }}
+          OSSI_TOKEN: ${{ secrets.ossi-token }}
         with:
           githubToken: ${{ secrets.github-token }} # ← prevents rate-limit 403
           nancyVersion: ${{ env.NANCY_VERSION }}

.github/workflows/fortress.yml

@@ -163,6 +163,8 @@ jobs:
     secrets:
       github-token: ${{ secrets.GH_PAT_TOKEN != '' && secrets.GH_PAT_TOKEN || secrets.GITHUB_TOKEN }}
       gitleaks-license: ${{ secrets.GITLEAKS_LICENSE }}
+      ossi-username: ${{ secrets.OSSI_USERNAME }}
+      ossi-token: ${{ secrets.OSSI_TOKEN }}
   # ----------------------------------------------------------------------------------
   # Code Quality Checks
   # ----------------------------------------------------------------------------------