Skip to content

Gate PyPI publishes when upstream changes API URL routing.#2

Merged
elprans merged 1 commit into
mainfrom
elprans/require-approval-on-provider-url-changes
May 16, 2026
Merged

Gate PyPI publishes when upstream changes API URL routing.#2
elprans merged 1 commit into
mainfrom
elprans/require-approval-on-provider-url-changes

Conversation

@elprans
Copy link
Copy Markdown
Collaborator

@elprans elprans commented May 16, 2026

modelsdotdev publishes a bundled snapshot of models.dev data. If
upstream is compromised or is otherwise broken between releases, a
change could redirect a previously-known provider or model override to
an attacker-controlled API URL without changing this repository. This
script compares the fetched upstream JSON against the latest published
wheel and emits a GitHub Actions approval signal plus a
reviewer-friendly Markdown diff.

@elprans
Gate PyPI publishes when upstream changes API URL routing.
3d03cfc 
`modelsdotdev` publishes a bundled snapshot of models.dev data. If
upstream is compromised or is otherwise broken between releases, a
change could redirect a previously-known provider or model override to
an attacker-controlled API URL without changing this repository. This
script compares the fetched upstream JSON against the latest published
wheel and emits a GitHub Actions approval signal plus a
reviewer-friendly Markdown diff.
@elprans elprans merged commit 6abadc0 into main May 16, 2026
7 checks passed
@elprans elprans deleted the elprans/require-approval-on-provider-url-changes branch May 16, 2026 00:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@elprans