github · pelikhan · May 6, 2026 · May 6, 2026 · May 6, 2026 · github-actions
diff --git a/pkg/cli/deps_report.go b/pkg/cli/deps_report.go
@@ -1,6 +1,7 @@
 package cli
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"os"
@@ -25,7 +26,7 @@ type DependencyReport struct {
 }
 
 // GenerateDependencyReport creates a comprehensive dependency health report
-func GenerateDependencyReport(verbose bool) (*DependencyReport, error) {
+func GenerateDependencyReport(ctx context.Context, verbose bool) (*DependencyReport, error) {
 	depsReportLog.Print("Generating dependency report")
 
 	// Find go.mod file
@@ -76,7 +77,7 @@ func GenerateDependencyReport(verbose bool) (*DependencyReport, error) {
 	}
 
 	// Check for security advisories
-	advisories, err := CheckSecurityAdvisories(verbose)
+	advisories, err := CheckSecurityAdvisories(ctx, verbose)
 	if err != nil {
 		if verbose {
 			fmt.Fprintln(os.Stderr, console.FormatWarningMessage(fmt.Sprintf("Warning: could not check security advisories: %v", err)))

diff --git a/pkg/cli/deps_security.go b/pkg/cli/deps_security.go
@@ -1,6 +1,7 @@
 package cli
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -47,7 +48,7 @@ type GitHubAdvisoryResponse struct {
 }
 
 // CheckSecurityAdvisories checks for security vulnerabilities in dependencies
-func CheckSecurityAdvisories(verbose bool) ([]SecurityAdvisory, error) {
+func CheckSecurityAdvisories(ctx context.Context, verbose bool) ([]SecurityAdvisory, error) {
 	depsSecurityLog.Print("Starting security advisory check")
 
 	// Find go.mod file
@@ -75,7 +76,7 @@ func CheckSecurityAdvisories(verbose bool) ([]SecurityAdvisory, error) {
 	}
 
 	// Query GitHub Security Advisory API
-	advisories, err := querySecurityAdvisories(depVersions, verbose)
+	advisories, err := querySecurityAdvisories(ctx, depVersions, verbose)
 	if err != nil {
 		return nil, fmt.Errorf("failed to query security advisories: %w", err)
 	}
@@ -130,13 +131,13 @@ func DisplaySecurityAdvisories(advisories []SecurityAdvisory) {
 }
 
 // querySecurityAdvisories queries the GitHub Security Advisory API
-func querySecurityAdvisories(depVersions map[string]string, verbose bool) ([]SecurityAdvisory, error) {
+func querySecurityAdvisories(ctx context.Context, depVersions map[string]string, verbose bool) ([]SecurityAdvisory, error) {
 	// GitHub Security Advisory API endpoint
 	url := "https://api.github.com/advisories?ecosystem=go&per_page=100"
 
 	depsSecurityLog.Printf("Querying GitHub Security Advisory API: url=%s, dep_count=%d", url, len(depVersions))
 	client := &http.Client{Timeout: 30 * time.Second}
-	req, err := http.NewRequest(http.MethodGet, url, nil)
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/cli/upgrade_command.go b/pkg/cli/upgrade_command.go
@@ -85,7 +85,7 @@ Examples:
 
 			// Handle audit mode
 			if auditFlag {
-				return runDependencyAudit(verbose, jsonOutput)
+				return runDependencyAudit(cmd.Context(), verbose, jsonOutput)
 			}
 
 			if createPR {
@@ -130,11 +130,11 @@ Examples:
 }
 
 // runDependencyAudit performs a dependency health audit
-func runDependencyAudit(verbose bool, jsonOutput bool) error {
+func runDependencyAudit(ctx context.Context, verbose bool, jsonOutput bool) error {
 	upgradeLog.Print("Running dependency health audit")
 
 	// Generate comprehensive report
-	report, err := GenerateDependencyReport(verbose)
+	report, err := GenerateDependencyReport(ctx, verbose)
 	if err != nil {
 		return fmt.Errorf("failed to generate dependency report: %w", err)
 	}