3a73094983
chore(deps): bump github/codeql-action from 4.31.8 to 4.31.9 ( #13486 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.8 to 4.31.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1b168cd394...5d4e8d1aca
3 months ago
7192af5239
chore(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 ( #13480 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 months ago
1fee750c3b
chore(deps): bump step-security/harden-runner from 2.13.3 to 2.14.0 ( #13483 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 months ago
57781231bb
chore(deps): bump urllib3 in /.github/workflows/dependencies ( #13482 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 months ago
a4e15fdb16
chore(deps): bump github/codeql-action from 4.31.7 to 4.31.8 ( #13481 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 months ago
ddec79ad43
chore(deps): bump actions/checkout from 6.0.0 to 6.0.1 ( #13468 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1af3b93b68...8e8c483db8
3 months ago
0ebeae78d0
chore(deps): bump actions/create-github-app-token from 2.2.0 to 2.2.1 ( #13470 )
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 2.2.0 to 2.2.1.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](7e473efe3c...29824e69f5
3 months ago
3b66f643e4
chore(deps): bump step-security/harden-runner from 2.13.2 to 2.13.3 ( #13471 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.13.2 to 2.13.3.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](95d9a5deda...df199fb7be
3 months ago
953f526dea
chore(deps): bump github/codeql-action from 4.31.5 to 4.31.7 ( #13469 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.5 to 4.31.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](fdbfb4d275...cf1bb45a27
3 months ago
1b4497fc8f
chore(deps): bump urllib3 in /.github/workflows/dependencies ( #13464 )
...
Bumps [urllib3](https://github.com/urllib3/urllib3 ) from 2.5.0 to 2.6.0.
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/2.5.0...2.6.0 )
---
updated-dependencies:
- dependency-name: urllib3
dependency-version: 2.6.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 months ago
e9fc134236
ci(dependencies): update job permissions, change commits to `chore` ( #13457 )
4 months ago
ca5c467db1
fix(dependencies): only open PR if there are relevant changes ( #13454 )
...
Fixes cases like #13453
4 months ago
a449c0247d
chore(deps): bump actions/setup-python from 6.0.0 to 6.1.0 ( #13455 )
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 6.0.0 to 6.1.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](e797f83bcb...83679a892e
4 months ago
343c5a83cb
chore(deps): bump github/codeql-action from 4.31.4 to 4.31.5 ( #13456 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.4 to 4.31.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e12f017898...fdbfb4d275
4 months ago
beadd56dd7
chore(deps): bump actions/create-github-app-token from 2.1.4 to 2.2.0 ( #13440 )
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 2.1.4 to 2.2.0.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](6701853927...7e473efe3c
4 months ago
0116e7a5af
chore(deps): bump github/codeql-action from 4.31.3 to 4.31.4 ( #13439 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.3 to 4.31.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](014f16e7ab...e12f017898
4 months ago
441299ca77
chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 ( #13438 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](08c6903cd8...1af3b93b68
4 months ago
8a4d6fc0a2
chore(deps): bump github/codeql-action from 4.31.2 to 4.31.3 ( #13430 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.2 to 4.31.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0499de31b9...014f16e7ab
4 months ago
73d79fe137
chore(deps): bump certifi in /.github/workflows/dependencies ( #13431 )
...
Bumps [certifi](https://github.com/certifi/python-certifi ) from 2025.10.5 to 2025.11.12.
- [Commits](https://github.com/certifi/python-certifi/compare/2025.10.05...2025.11.12 )
---
updated-dependencies:
- dependency-name: certifi
dependency-version: 2025.11.12
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
4 months ago
18d0a63df8
chore(deps): bump step-security/harden-runner from 2.13.1 to 2.13.2 ( #13414 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
4 months ago
e70086a76a
feat(gradle): update to a9d7c822 ( #13413 )
...
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
4 months ago
90a22b61e6
feat(gradle): update to 25c3d368 ( #13407 )
...
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
5 months ago
423e9aef52
chore(deps): bump github/codeql-action from 4.31.0 to 4.31.2 ( #13408 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.0 to 4.31.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4e94bd11f7...0499de31b9
5 months ago
1dc87da9e6
chore: tidy funding ( #13401 )
5 months ago
829b8fdea4
chore(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 ( #13395 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5 months ago
279e91e132
chore(deps): bump github/codeql-action from 4.30.9 to 4.31.0 ( #13394 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5 months ago
969cd28e0d
chore(gradle): update completion to 1525cf3f ( #13393 )
...
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
5 months ago
55aa4c40e2
feat(gradle): update to d51199b5 ( #13390 )
...
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
5 months ago
38423b4b5c
ci(deps): ensure push permissions are available ( #13389 )
5 months ago
ac92582961
chore(deps): bump charset-normalizer in /.github/workflows/dependencies ( #13378 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5 months ago
1672a12704
chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 ( #13376 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5 months ago
064f0c1d0a
chore(deps): bump idna in /.github/workflows/dependencies ( #13377 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5 months ago
c5f64018ff
chore(deps): bump github/codeql-action from 3.30.6 to 4.30.8 ( #13364 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5 months ago
c6482fa5be
chore(deps): bump github/codeql-action from 3.30.5 to 3.30.6 ( #13351 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5 months ago
d4cb4f249c
chore(deps): bump certifi in /.github/workflows/dependencies ( #13353 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5 months ago
182dfdf210
chore(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 ( #13352 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
5 months ago
9ac3b895d4
chore(deps): bump pyyaml in /.github/workflows/dependencies ( #13337 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
6 months ago
e7528a5b37
chore(deps): bump github/codeql-action from 3.30.3 to 3.30.5 ( #13336 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
6 months ago
242e2faa51
ci: improve security in project.yml workflow ( #13329 )
...
There is no inherent security vulnerability in the workflow, but there were
certain practices that increased latent risk. In this commit, we:
- Explicitly bind app token for each step that needs it, instead of setting it for
all steps after "Store app token"
- Refactor "classify" step, to not rely on files passed around, and instead uses
only awk script.
- Remove all instances of template injection within `run` scripts. There was nothing
dangerous, but the practice is unsafe.
- Sanitize all unwanted characters from PR plugin and theme names.
References: W2M1-06 W2M1-07
6 months ago
58cba61465
chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 ( #13322 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
6 months ago
b428e31770
chore(deps): bump actions/checkout from 4.3.0 to 5.0.0 ( #13323 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
6 months ago
ddd77516ef
ci: add scorecard automatic update ( #13319 )
6 months ago
7f3d8a34e2
ci: Harden GitHub Actions [StepSecurity] ( #13318 )
6 months ago
8c168e2662
chore(deps): bump actions/setup-python from 5 to 6 ( #13293 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
6 months ago
b95022dde6
chore(deps): bump requests in /.github/workflows/dependencies ( #13280 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
7 months ago
c2a69fe590
chore(deps): bump actions/checkout from 4 to 5 ( #13271 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
7 months ago
9fe2c26abd
chore(deps): bump certifi in /.github/workflows/dependencies ( #13246 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
7 months ago
73024e8f08
chore(deps): bump charset-normalizer in /.github/workflows/dependencies ( #13257 )
...
Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer ) from 3.4.2 to 3.4.3.
- [Release notes](https://github.com/jawah/charset_normalizer/releases )
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.2...3.4.3 )
---
updated-dependencies:
- dependency-name: charset-normalizer
dependency-version: 3.4.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
7 months ago
5c804257ce
ci: use `actions/create-github-app-token` ( #13233 )
8 months ago
98a182d71b
ci: add strict permissions to `dependencies.yml` workflow ( #13232 )
...
Just use `contents:read` initial permission. The other permissions needed are
those attached to the @ohmyzsh GitHub App.
8 months ago
dependabot[bot]
Marc Cornellà
Carlo Sala
ohmyzsh[bot]
StepSecurity Bot