423e9aef52
chore(deps): bump github/codeql-action from 4.31.0 to 4.31.2 ( #13408 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.0 to 4.31.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4e94bd11f7...0499de31b9
5 months ago
1dc87da9e6
chore: tidy funding ( #13401 )
5 months ago
829b8fdea4
chore(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 ( #13395 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5 months ago
279e91e132
chore(deps): bump github/codeql-action from 4.30.9 to 4.31.0 ( #13394 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5 months ago
969cd28e0d
chore(gradle): update completion to 1525cf3f ( #13393 )
...
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
5 months ago
55aa4c40e2
feat(gradle): update to d51199b5 ( #13390 )
...
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
5 months ago
38423b4b5c
ci(deps): ensure push permissions are available ( #13389 )
5 months ago
ac92582961
chore(deps): bump charset-normalizer in /.github/workflows/dependencies ( #13378 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5 months ago
1672a12704
chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 ( #13376 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5 months ago
064f0c1d0a
chore(deps): bump idna in /.github/workflows/dependencies ( #13377 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5 months ago
c5f64018ff
chore(deps): bump github/codeql-action from 3.30.6 to 4.30.8 ( #13364 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5 months ago
c6482fa5be
chore(deps): bump github/codeql-action from 3.30.5 to 3.30.6 ( #13351 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5 months ago
d4cb4f249c
chore(deps): bump certifi in /.github/workflows/dependencies ( #13353 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5 months ago
182dfdf210
chore(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 ( #13352 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5 months ago
9ac3b895d4
chore(deps): bump pyyaml in /.github/workflows/dependencies ( #13337 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
6 months ago
e7528a5b37
chore(deps): bump github/codeql-action from 3.30.3 to 3.30.5 ( #13336 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
6 months ago
242e2faa51
ci: improve security in project.yml workflow ( #13329 )
...
There is no inherent security vulnerability in the workflow, but there were
certain practices that increased latent risk. In this commit, we:
- Explicitly bind app token for each step that needs it, instead of setting it for
all steps after "Store app token"
- Refactor "classify" step, to not rely on files passed around, and instead uses
only awk script.
- Remove all instances of template injection within `run` scripts. There was nothing
dangerous, but the practice is unsafe.
- Sanitize all unwanted characters from PR plugin and theme names.
References: W2M1-06 W2M1-07
6 months ago
58cba61465
chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 ( #13322 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
6 months ago
b428e31770
chore(deps): bump actions/checkout from 4.3.0 to 5.0.0 ( #13323 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
6 months ago
ddd77516ef
ci: add scorecard automatic update ( #13319 )
6 months ago
7f3d8a34e2
ci: Harden GitHub Actions [StepSecurity] ( #13318 )
6 months ago
8c168e2662
chore(deps): bump actions/setup-python from 5 to 6 ( #13293 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
6 months ago
b95022dde6
chore(deps): bump requests in /.github/workflows/dependencies ( #13280 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
7 months ago
c2a69fe590
chore(deps): bump actions/checkout from 4 to 5 ( #13271 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
7 months ago
9fe2c26abd
chore(deps): bump certifi in /.github/workflows/dependencies ( #13246 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
7 months ago
73024e8f08
chore(deps): bump charset-normalizer in /.github/workflows/dependencies ( #13257 )
...
Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer ) from 3.4.2 to 3.4.3.
- [Release notes](https://github.com/jawah/charset_normalizer/releases )
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.2...3.4.3 )
---
updated-dependencies:
- dependency-name: charset-normalizer
dependency-version: 3.4.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
7 months ago
5c804257ce
ci: use `actions/create-github-app-token` ( #13233 )
8 months ago
98a182d71b
ci: add strict permissions to `dependencies.yml` workflow ( #13232 )
...
Just use `contents:read` initial permission. The other permissions needed are
those attached to the @ohmyzsh GitHub App.
8 months ago
52f7ad6913
chore(deps): bump certifi in /.github/workflows/dependencies ( #13218 )
...
Bumps [certifi](https://github.com/certifi/python-certifi ) from 2025.4.26 to 2025.7.14.
- [Commits](https://github.com/certifi/python-certifi/compare/2025.04.26...2025.07.14 )
---
updated-dependencies:
- dependency-name: certifi
dependency-version: 2025.7.14
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
8 months ago
3e7ef0182f
chore: document Incident Response Plan ( #13195 )
9 months ago
f9d3e0ff56
feat(wd): update to v0.10.1 ( #13192 )
...
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
9 months ago
7ee92de190
chore(deps): bump urllib3 in /.github/workflows/dependencies ( #13176 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
9 months ago
042605ee6b
chore(deps): bump requests in /.github/workflows/dependencies ( #13164 )
...
Bumps [requests](https://github.com/psf/requests ) from 2.32.3 to 2.32.4.
- [Release notes](https://github.com/psf/requests/releases )
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md )
- [Commits](https://github.com/psf/requests/compare/v2.32.3...v2.32.4 )
---
updated-dependencies:
- dependency-name: requests
dependency-version: 2.32.4
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
9 months ago
3f8ea81b89
feat(z): update to cf9225fe ( #13115 )
...
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
10 months ago
8648cd640b
chore(deps): bump charset-normalizer in /.github/workflows/dependencies ( #13100 )
...
Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer ) from 3.4.1 to 3.4.2.
- [Release notes](https://github.com/jawah/charset_normalizer/releases )
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.1...3.4.2 )
---
updated-dependencies:
- dependency-name: charset-normalizer
dependency-version: 3.4.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
11 months ago
137bfbbfd1
chore(deps): bump certifi in /.github/workflows/dependencies ( #13094 )
...
Bumps [certifi](https://github.com/certifi/python-certifi ) from 2025.1.31 to 2025.4.26.
- [Commits](https://github.com/certifi/python-certifi/compare/2025.01.31...2025.04.26 )
---
updated-dependencies:
- dependency-name: certifi
dependency-version: 2025.4.26
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
11 months ago
44913a1f16
feat(wd): update to v0.10.0 ( #13093 )
...
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
11 months ago
a84a0332a8
chore(deps): bump urllib3 in /.github/workflows/dependencies ( #13065 )
...
Bumps [urllib3](https://github.com/urllib3/urllib3 ) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/2.3.0...2.4.0 )
---
updated-dependencies:
- dependency-name: urllib3
dependency-version: 2.4.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
11 months ago
2b547d113b
chore(deps): bump certifi in /.github/workflows/dependencies ( #12955 )
...
Bumps [certifi](https://github.com/certifi/python-certifi ) from 2024.12.14 to 2025.1.31.
- [Commits](https://github.com/certifi/python-certifi/compare/2024.12.14...2025.01.31 )
---
updated-dependencies:
- dependency-name: certifi
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 year ago
2343ad517d
feat(wd): update to v0.9.3 ( #12954 )
...
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
1 year ago
9ffc14c3e1
chore(deps): bump semver from 3.0.3 to 3.0.4 in /.github/workflows/dependencies ( #12938 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 year ago
6e9cda3d30
chore(deps): bump semver in /.github/workflows/dependencies ( #12924 )
...
Bumps [semver](https://github.com/python-semver/python-semver ) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/python-semver/python-semver/releases )
- [Changelog](https://github.com/python-semver/python-semver/blob/master/CHANGELOG.rst )
- [Commits](https://github.com/python-semver/python-semver/compare/3.0.2...3.0.3 )
---
updated-dependencies:
- dependency-name: semver
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 year ago
d689aa289e
feat(gitfast): update to version v2.2 ( #12923 )
...
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
1 year ago
8c5b71b2f4
ci(deps): update `gitfast` to its new structure ( #12922 )
...
Co-authored-by: Carlo Sala <carlosalag@protonmail.com>
1 year ago
9c8afcc3ee
chore(deps): bump charset-normalizer in /.github/workflows/dependencies ( #12874 )
...
Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer ) from 3.4.0 to 3.4.1.
- [Release notes](https://github.com/jawah/charset_normalizer/releases )
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.0...3.4.1 )
---
updated-dependencies:
- dependency-name: charset-normalizer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 year ago
f733dc340b
chore(deps): bump urllib3 from 2.2.3 to 2.3.0 in /.github/workflows/dependencies ( #12863 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 year ago
048e166c9e
feat(z): update to dd94ef04 ( #12862 )
...
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
1 year ago
62e3e0b2fd
chore(deps): bump certifi from 2024.8.30 to 2024.12.14 in /.github/workflows/dependencies ( #12848 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 year ago
366d254352
feat(wd): update to v0.9.2 ( #12820 )
...
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
1 year ago
4ada154190
chore(installer): only serve installer in / and /install.sh
...
This avoids false positive detections on other bruteforced paths,
such as .zsh_history or others, which eventually result in
automated false vulnerability submissions.
1 year ago
dependabot[bot]
Marc Cornellà
ohmyzsh[bot]
Carlo Sala
StepSecurity Bot
Felipe Contreras