oh-my-zsh

Author	SHA1	Message	Date
dependabot[bot]	9ac3b895d4	chore(deps): bump pyyaml in /.github/workflows/dependencies (#13337 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	8 months ago
dependabot[bot]	e7528a5b37	chore(deps): bump github/codeql-action from 3.30.3 to 3.30.5 (#13336 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	8 months ago
Marc Cornellà	242e2faa51	ci: improve security in project.yml workflow (#13329 ) There is no inherent security vulnerability in the workflow, but there were certain practices that increased latent risk. In this commit, we: - Explicitly bind app token for each step that needs it, instead of setting it for all steps after "Store app token" - Refactor "classify" step, to not rely on files passed around, and instead uses only awk script. - Remove all instances of template injection within `run` scripts. There was nothing dangerous, but the practice is unsafe. - Sanitize all unwanted characters from PR plugin and theme names. References: W2M1-06 W2M1-07	8 months ago
dependabot[bot]	58cba61465	chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 (#13322 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	9 months ago
dependabot[bot]	b428e31770	chore(deps): bump actions/checkout from 4.3.0 to 5.0.0 (#13323 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	9 months ago
Carlo Sala	ddd77516ef	ci: add scorecard automatic update (#13319 )	9 months ago
StepSecurity Bot	7f3d8a34e2	ci: Harden GitHub Actions [StepSecurity] (#13318 )	9 months ago
dependabot[bot]	8c168e2662	chore(deps): bump actions/setup-python from 5 to 6 (#13293 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	9 months ago
dependabot[bot]	b95022dde6	chore(deps): bump requests in /.github/workflows/dependencies (#13280 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	10 months ago
dependabot[bot]	c2a69fe590	chore(deps): bump actions/checkout from 4 to 5 (#13271 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	10 months ago
dependabot[bot]	9fe2c26abd	chore(deps): bump certifi in /.github/workflows/dependencies (#13246 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	10 months ago
dependabot[bot]	73024e8f08	chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#13257 ) Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.2 to 3.4.3. - [Release notes](https://github.com/jawah/charset_normalizer/releases) - [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md) - [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.2...3.4.3) --- updated-dependencies: - dependency-name: charset-normalizer dependency-version: 3.4.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	10 months ago
Carlo Sala	5c804257ce	ci: use `actions/create-github-app-token` (#13233 )	10 months ago
Marc Cornellà	98a182d71b	ci: add strict permissions to `dependencies.yml` workflow (#13232 ) Just use `contents:read` initial permission. The other permissions needed are those attached to the @ohmyzsh GitHub App.	10 months ago
dependabot[bot]	52f7ad6913	chore(deps): bump certifi in /.github/workflows/dependencies (#13218 ) Bumps [certifi](https://github.com/certifi/python-certifi) from 2025.4.26 to 2025.7.14. - [Commits](https://github.com/certifi/python-certifi/compare/2025.04.26...2025.07.14) --- updated-dependencies: - dependency-name: certifi dependency-version: 2025.7.14 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	10 months ago
dependabot[bot]	7ee92de190	chore(deps): bump urllib3 in /.github/workflows/dependencies (#13176 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	12 months ago
dependabot[bot]	042605ee6b	chore(deps): bump requests in /.github/workflows/dependencies (#13164 ) Bumps [requests](https://github.com/psf/requests) from 2.32.3 to 2.32.4. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.32.3...v2.32.4) --- updated-dependencies: - dependency-name: requests dependency-version: 2.32.4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 year ago
dependabot[bot]	8648cd640b	chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#13100 ) Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.1 to 3.4.2. - [Release notes](https://github.com/jawah/charset_normalizer/releases) - [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md) - [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.1...3.4.2) --- updated-dependencies: - dependency-name: charset-normalizer dependency-version: 3.4.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 year ago
dependabot[bot]	137bfbbfd1	chore(deps): bump certifi in /.github/workflows/dependencies (#13094 ) Bumps [certifi](https://github.com/certifi/python-certifi) from 2025.1.31 to 2025.4.26. - [Commits](https://github.com/certifi/python-certifi/compare/2025.01.31...2025.04.26) --- updated-dependencies: - dependency-name: certifi dependency-version: 2025.4.26 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 year ago
dependabot[bot]	a84a0332a8	chore(deps): bump urllib3 in /.github/workflows/dependencies (#13065 ) Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.3.0 to 2.4.0. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.3.0...2.4.0) --- updated-dependencies: - dependency-name: urllib3 dependency-version: 2.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 year ago
dependabot[bot]	2b547d113b	chore(deps): bump certifi in /.github/workflows/dependencies (#12955 ) Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.12.14 to 2025.1.31. - [Commits](https://github.com/certifi/python-certifi/compare/2024.12.14...2025.01.31) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 year ago
dependabot[bot]	9ffc14c3e1	chore(deps): bump semver from 3.0.3 to 3.0.4 in /.github/workflows/dependencies (#12938 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 year ago
dependabot[bot]	6e9cda3d30	chore(deps): bump semver in /.github/workflows/dependencies (#12924 ) Bumps [semver](https://github.com/python-semver/python-semver) from 3.0.2 to 3.0.3. - [Release notes](https://github.com/python-semver/python-semver/releases) - [Changelog](https://github.com/python-semver/python-semver/blob/master/CHANGELOG.rst) - [Commits](https://github.com/python-semver/python-semver/compare/3.0.2...3.0.3) --- updated-dependencies: - dependency-name: semver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 year ago
dependabot[bot]	9c8afcc3ee	chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#12874 ) Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.0 to 3.4.1. - [Release notes](https://github.com/jawah/charset_normalizer/releases) - [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md) - [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.0...3.4.1) --- updated-dependencies: - dependency-name: charset-normalizer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 year ago
dependabot[bot]	f733dc340b	chore(deps): bump urllib3 from 2.2.3 to 2.3.0 in /.github/workflows/dependencies (#12863 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 year ago
dependabot[bot]	62e3e0b2fd	chore(deps): bump certifi from 2024.8.30 to 2024.12.14 in /.github/workflows/dependencies (#12848 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 year ago
Marc Cornellà	4ada154190	chore(installer): only serve installer in / and /install.sh This avoids false positive detections on other bruteforced paths, such as .zsh_history or others, which eventually result in automated false vulnerability submissions.	2 years ago
Marc Cornellà	b3ba8da421	ci(dependencies): use tag version in git commit if available (#12756 ) Related: https://github.com/ohmyzsh/ohmyzsh/pull/12747#issuecomment-2410440748	2 years ago
dependabot[bot]	9bfa3395f3	chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#12749 ) Bumps [charset-normalizer](https://github.com/Ousret/charset_normalizer) from 3.3.2 to 3.4.0. - [Release notes](https://github.com/Ousret/charset_normalizer/releases) - [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md) - [Commits](https://github.com/Ousret/charset_normalizer/compare/3.3.2...3.4.0) --- updated-dependencies: - dependency-name: charset-normalizer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 years ago
dependabot[bot]	f11cc8fea1	chore(deps): bump idna in /.github/workflows/dependencies (#12688 ) Bumps [idna](https://github.com/kjd/idna) from 3.9 to 3.10. - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](https://github.com/kjd/idna/compare/v3.9...v3.10) --- updated-dependencies: - dependency-name: idna dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 years ago
dependabot[bot]	ec7d01faf8	chore(deps): bump urllib3 in /.github/workflows/dependencies (#12677 ) Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.2.2 to 2.2.3. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.2.2...2.2.3) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 years ago
dependabot[bot]	8c13f021bf	chore(deps): bump idna in /.github/workflows/dependencies (#12678 ) Bumps [idna](https://github.com/kjd/idna) from 3.8 to 3.9. - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](https://github.com/kjd/idna/compare/v3.8...v3.9) --- updated-dependencies: - dependency-name: idna dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 years ago
dependabot[bot]	b8c69d2652	chore(deps): bump certifi in /.github/workflows/dependencies (#12646 ) Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.7.4 to 2024.8.30. - [Commits](https://github.com/certifi/python-certifi/compare/2024.07.04...2024.08.30) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 years ago
dependabot[bot]	f622e6a636	chore(deps): bump idna from 3.7 to 3.8 in /.github/workflows/dependencies (#12638 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 years ago
dependabot[bot]	f1764f8a56	chore(deps): bump pyyaml from 6.0.1 to 6.0.2 in /.github/workflows/dependencies (#12610 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 years ago
Marc Cornellà	3476148b19	chore(dependencies): sort dependencies.yml	2 years ago
dependabot[bot]	608d62b2a5	chore(deps): bump certifi in `dependencies` workflow (#12543 ) Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.6.2 to 2024.7.4. - [Commits](https://github.com/certifi/python-certifi/compare/2024.06.02...2024.07.04) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 years ago
dependabot[bot]	dd4be1b6fb	chore(deps): bump requests from 2.31.0 to 2.32.3 in /.github/workflows/dependencies (#12518 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 years ago
dependabot[bot]	a4313db16a	chore(deps): bump certifi from 2024.2.2 to 2024.6.2 in /.github/workflows/dependencies (#12519 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 years ago
dependabot[bot]	c432ca0993	chore(deps): bump `urllib3` to 2.2.2 in `dependencies` workflow (#12516 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2 years ago
Carlo Sala	203369b0f9	ci(dependencies): run on sunday CET morning	2 years ago
Carlo Sala	04b66b2308	chore(dependencies): PR wording	2 years ago
Carlo Sala	0621944db5	fix(dependencies): only open PR if there are changes	2 years ago
Carlo Sala	0493eab8ce	fix(dependencies): check if repo is clean before committing	2 years ago
Carlo Sala	1d31ff6037	ci(dependencies): fetch all branches	2 years ago
Carlo Sala	eff648aab0	ci(dependencies): use `setup-python` and enable cron-based jobs	2 years ago
Carlo Sala	eb2ff84a2c	fix(dependencies): avoid creating PR if it's already there	2 years ago
Carlo Sala	423b9a8ded	feat(dependencies): add support for semver tags	2 years ago
Carlo Sala	a258eb4547	fix(dependencies): improve typing	2 years ago
Carlo Sala	13c8a10e39	style(dependencies): run `ruff` formatter	2 years ago

1 2

91 Commits (1210973cbc978097adfa8f31becf5fe4e2acce99)