summaryrefslogtreecommitdiff
path: root/.github
AgeCommit message (Collapse)Author
2025-10-26chore(gradle): update completion to 1525cf3f (#13393)ohmyzsh[bot]
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
2025-10-23feat(gradle): update to d51199b5 (#13390)ohmyzsh[bot]
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
2025-10-23ci(deps): ensure push permissions are available (#13389)Carlo Sala
2025-10-21chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#13378)dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-21chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 (#13376)dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-21chore(deps): bump idna in /.github/workflows/dependencies (#13377)dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-13chore(deps): bump github/codeql-action from 3.30.6 to 4.30.8 (#13364)dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-06chore(deps): bump github/codeql-action from 3.30.5 to 3.30.6 (#13351)dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-06chore(deps): bump certifi in /.github/workflows/dependencies (#13353)dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-06chore(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 (#13352)dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-29chore(deps): bump pyyaml in /.github/workflows/dependencies (#13337)dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-29chore(deps): bump github/codeql-action from 3.30.3 to 3.30.5 (#13336)dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-27ci: improve security in project.yml workflow (#13329)Marc Cornellà
There is no inherent security vulnerability in the workflow, but there were certain practices that increased latent risk. In this commit, we: - Explicitly bind app token for each step that needs it, instead of setting it for all steps after "Store app token" - Refactor "classify" step, to not rely on files passed around, and instead uses only awk script. - Remove all instances of template injection within `run` scripts. There was nothing dangerous, but the practice is unsafe. - Sanitize all unwanted characters from PR plugin and theme names. References: W2M1-06 W2M1-07
2025-09-22chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 (#13322)dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-22chore(deps): bump actions/checkout from 4.3.0 to 5.0.0 (#13323)dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-19ci: add scorecard automatic update (#13319)Carlo Sala
2025-09-19ci: Harden GitHub Actions [StepSecurity] (#13318)StepSecurity Bot
2025-09-08chore(deps): bump actions/setup-python from 5 to 6 (#13293)dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-25chore(deps): bump requests in /.github/workflows/dependencies (#13280)dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-18chore(deps): bump actions/checkout from 4 to 5 (#13271)dependabot[bot]
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-11chore(deps): bump certifi in /.github/workflows/dependencies (#13246)dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-11chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#13257)dependabot[bot]
Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.2 to 3.4.3. - [Release notes](https://github.com/jawah/charset_normalizer/releases) - [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md) - [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.2...3.4.3) --- updated-dependencies: - dependency-name: charset-normalizer dependency-version: 3.4.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-28ci: use `actions/create-github-app-token` (#13233)Carlo Sala
2025-07-28ci: add strict permissions to `dependencies.yml` workflow (#13232)Marc Cornellà
Just use `contents:read` initial permission. The other permissions needed are those attached to the @ohmyzsh GitHub App.
2025-07-28chore(deps): bump certifi in /.github/workflows/dependencies (#13218)dependabot[bot]
Bumps [certifi](https://github.com/certifi/python-certifi) from 2025.4.26 to 2025.7.14. - [Commits](https://github.com/certifi/python-certifi/compare/2025.04.26...2025.07.14) --- updated-dependencies: - dependency-name: certifi dependency-version: 2025.7.14 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-01chore: document Incident Response Plan (#13195)Marc Cornellà
2025-06-29feat(wd): update to v0.10.1 (#13192)ohmyzsh[bot]
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
2025-06-19chore(deps): bump urllib3 in /.github/workflows/dependencies (#13176)dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-10chore(deps): bump requests in /.github/workflows/dependencies (#13164)dependabot[bot]
Bumps [requests](https://github.com/psf/requests) from 2.32.3 to 2.32.4. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.32.3...v2.32.4) --- updated-dependencies: - dependency-name: requests dependency-version: 2.32.4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-11feat(z): update to cf9225fe (#13115)ohmyzsh[bot]
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
2025-05-04chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#13100)dependabot[bot]
Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.1 to 3.4.2. - [Release notes](https://github.com/jawah/charset_normalizer/releases) - [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md) - [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.1...3.4.2) --- updated-dependencies: - dependency-name: charset-normalizer dependency-version: 3.4.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-27chore(deps): bump certifi in /.github/workflows/dependencies (#13094)dependabot[bot]
Bumps [certifi](https://github.com/certifi/python-certifi) from 2025.1.31 to 2025.4.26. - [Commits](https://github.com/certifi/python-certifi/compare/2025.01.31...2025.04.26) --- updated-dependencies: - dependency-name: certifi dependency-version: 2025.4.26 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-27feat(wd): update to v0.10.0 (#13093)ohmyzsh[bot]
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
2025-04-13chore(deps): bump urllib3 in /.github/workflows/dependencies (#13065)dependabot[bot]
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.3.0 to 2.4.0. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.3.0...2.4.0) --- updated-dependencies: - dependency-name: urllib3 dependency-version: 2.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-02chore(deps): bump certifi in /.github/workflows/dependencies (#12955)dependabot[bot]
Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.12.14 to 2025.1.31. - [Commits](https://github.com/certifi/python-certifi/compare/2024.12.14...2025.01.31) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-02-02feat(wd): update to v0.9.3 (#12954)ohmyzsh[bot]
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
2025-01-26chore(deps): bump semver from 3.0.3 to 3.0.4 in ↵dependabot[bot]
/.github/workflows/dependencies (#12938) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-19chore(deps): bump semver in /.github/workflows/dependencies (#12924)dependabot[bot]
Bumps [semver](https://github.com/python-semver/python-semver) from 3.0.2 to 3.0.3. - [Release notes](https://github.com/python-semver/python-semver/releases) - [Changelog](https://github.com/python-semver/python-semver/blob/master/CHANGELOG.rst) - [Commits](https://github.com/python-semver/python-semver/compare/3.0.2...3.0.3) --- updated-dependencies: - dependency-name: semver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-19feat(gitfast): update to version v2.2 (#12923)ohmyzsh[bot]
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
2025-01-19ci(deps): update `gitfast` to its new structure (#12922)Felipe Contreras
Co-authored-by: Carlo Sala <carlosalag@protonmail.com>
2024-12-29chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#12874)dependabot[bot]
Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.0 to 3.4.1. - [Release notes](https://github.com/jawah/charset_normalizer/releases) - [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md) - [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.0...3.4.1) --- updated-dependencies: - dependency-name: charset-normalizer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-22chore(deps): bump urllib3 from 2.2.3 to 2.3.0 in ↵dependabot[bot]
/.github/workflows/dependencies (#12863) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-12-22feat(z): update to dd94ef04 (#12862)ohmyzsh[bot]
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
2024-12-15chore(deps): bump certifi from 2024.8.30 to 2024.12.14 in ↵dependabot[bot]
/.github/workflows/dependencies (#12848) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-24feat(wd): update to v0.9.2 (#12820)ohmyzsh[bot]
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
2024-10-18chore(installer): only serve installer in / and /install.shMarc Cornellà
This avoids false positive detections on other bruteforced paths, such as .zsh_history or others, which eventually result in automated false vulnerability submissions.
2024-10-14ci(dependencies): use tag version in git commit if available (#12756)Marc Cornellà
Related: https://github.com/ohmyzsh/ohmyzsh/pull/12747#issuecomment-2410440748
2024-10-13chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#12749)dependabot[bot]
Bumps [charset-normalizer](https://github.com/Ousret/charset_normalizer) from 3.3.2 to 3.4.0. - [Release notes](https://github.com/Ousret/charset_normalizer/releases) - [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md) - [Commits](https://github.com/Ousret/charset_normalizer/compare/3.3.2...3.4.0) --- updated-dependencies: - dependency-name: charset-normalizer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-13feat(wd): update to f0f47b71 (#12747)ohmyzsh[bot]
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
2024-10-08chore: assign owner for terraform and k8s-related pluginsMarc Cornellà
generated by cgit v1.2.3-70-g09d2 (git 2.52.0) at 2026-01-10 22:37:54 +0000