From dd3be612e3df1450de40a74fadc6df3c2885e9b1 Mon Sep 17 00:00:00 2001 From: Marc Cornellà Date: Wed, 20 Dec 2023 10:21:31 +0100 Subject: ci(dependencies): add automation for updating external dependencies (#12109) --- .github/workflows/dependencies.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .github/workflows/dependencies.yml (limited to '.github/workflows/dependencies.yml') diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml new file mode 100644 index 000000000..c27ad7998 --- /dev/null +++ b/.github/workflows/dependencies.yml @@ -0,0 +1,26 @@ +name: Update dependencies +on: + workflow_dispatch: {} + # schedule: + # - cron: '34 3 * * */8' + +jobs: + check: + name: Check for updates + runs-on: ubuntu-latest + steps: + - name: Checkout + if: github.repository == 'ohmyzsh/ohmyzsh' + uses: actions/checkout@v4 + - name: Authenticate as @ohmyzsh + uses: ohmyzsh/github-app-token@v2 + with: + app-id: ${{ secrets.OHMYZSH_APP_ID }} + private-key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }} + - name: Process dependencies + env: + GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} + TMP_DIR: ${{ env.RUNNER_TEMP }} + run: | + gh auth login --with-token <<< "${GITHUB_TOKEN}" + python3 .github/workflows/dependencies/updater.py -- cgit v1.2.3-70-g09d2 From 0bb00eddbbc25564b5329899fcdfcd28153da720 Mon Sep 17 00:00:00 2001 From: Carlo Sala Date: Wed, 20 Dec 2023 19:38:25 +0100 Subject: ci(dependencies): fix typo --- .github/workflows/dependencies.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to '.github/workflows/dependencies.yml') diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index c27ad7998..aab740126 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -15,8 +15,8 @@ jobs: - name: Authenticate as @ohmyzsh uses: ohmyzsh/github-app-token@v2 with: - app-id: ${{ secrets.OHMYZSH_APP_ID }} - private-key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }} + app_id: ${{ secrets.OHMYZSH_APP_ID }} + private_key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }} - name: Process dependencies env: GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} -- cgit v1.2.3-70-g09d2 From 46b24d409909cdc00ac441448c0aa31cc35d12c9 Mon Sep 17 00:00:00 2001 From: Carlo Sala Date: Thu, 28 Dec 2023 21:20:28 +0100 Subject: ci(dependencies): fix some envs and add requirements --- .github/workflows/dependencies.yml | 11 +++++++---- .github/workflows/dependencies/requirements.txt | 2 ++ .github/workflows/dependencies/updater.py | 4 ++-- 3 files changed, 11 insertions(+), 6 deletions(-) create mode 100644 .github/workflows/dependencies/requirements.txt (limited to '.github/workflows/dependencies.yml') diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index aab740126..2e2217e1c 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -8,19 +8,22 @@ jobs: check: name: Check for updates runs-on: ubuntu-latest + if: github.repository == 'ohmyzsh/ohmyzsh' steps: - name: Checkout - if: github.repository == 'ohmyzsh/ohmyzsh' uses: actions/checkout@v4 - name: Authenticate as @ohmyzsh + id: generate_token uses: ohmyzsh/github-app-token@v2 with: app_id: ${{ secrets.OHMYZSH_APP_ID }} private_key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }} - name: Process dependencies env: - GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} - TMP_DIR: ${{ env.RUNNER_TEMP }} + GH_TOKEN: ${{ steps.generate_token.outputs.token }} + GIT_APP_NAME: ohmyzsh[bot] + GIT_APP_EMAIL: 54982679+ohmyzsh[bot]@users.noreply.github.com + TMP_DIR: ${{ runner.temp }} run: | - gh auth login --with-token <<< "${GITHUB_TOKEN}" + pip install -r .github/workflows/dependencies/requirements.txt python3 .github/workflows/dependencies/updater.py diff --git a/.github/workflows/dependencies/requirements.txt b/.github/workflows/dependencies/requirements.txt new file mode 100644 index 000000000..3c4c149ea --- /dev/null +++ b/.github/workflows/dependencies/requirements.txt @@ -0,0 +1,2 @@ +PyYAML~=6.0.1 +requests~=2.31.0 diff --git a/.github/workflows/dependencies/updater.py b/.github/workflows/dependencies/updater.py index 5af19d14c..f54d316f9 100644 --- a/.github/workflows/dependencies/updater.py +++ b/.github/workflows/dependencies/updater.py @@ -302,8 +302,8 @@ class Git: @staticmethod def add_and_commit(scope: str, version: str): - user_name = "ohmyzsh" - user_email = "bot@ohmyz.sh" + user_name = os.environ.get("GIT_APP_NAME") + user_email = os.environ.get("GIT_APP_EMAIL") # Add all files to git staging CommandRunner.run_or_fail(["git", "add", "-A", "-v"], stage="AddFiles") -- cgit v1.2.3-70-g09d2 From eff648aab021df0407dcd86126d2ab9db950d0f2 Mon Sep 17 00:00:00 2001 From: Carlo Sala Date: Thu, 9 May 2024 17:41:59 +0200 Subject: ci(dependencies): use `setup-python` and enable cron-based jobs --- .github/workflows/dependencies.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to '.github/workflows/dependencies.yml') diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 2e2217e1c..fce666e4c 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -1,8 +1,8 @@ name: Update dependencies on: workflow_dispatch: {} - # schedule: - # - cron: '34 3 * * */8' + schedule: + - cron: '34 3 * * */8' jobs: check: @@ -18,6 +18,11 @@ jobs: with: app_id: ${{ secrets.OHMYZSH_APP_ID }} private_key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }} + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: "3.12" + cache: "pip" - name: Process dependencies env: GH_TOKEN: ${{ steps.generate_token.outputs.token }} -- cgit v1.2.3-70-g09d2 From 1d31ff603706007e69aefe2c9ca198658e35b5dc Mon Sep 17 00:00:00 2001 From: Carlo Sala Date: Sun, 12 May 2024 12:30:22 +0200 Subject: ci(dependencies): fetch all branches --- .github/workflows/dependencies.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to '.github/workflows/dependencies.yml') diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index fce666e4c..6bc8dc74d 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -2,7 +2,7 @@ name: Update dependencies on: workflow_dispatch: {} schedule: - - cron: '34 3 * * */8' + - cron: "34 3 * * */8" jobs: check: @@ -12,6 +12,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 + with: + fetch-depth: 0 - name: Authenticate as @ohmyzsh id: generate_token uses: ohmyzsh/github-app-token@v2 -- cgit v1.2.3-70-g09d2 From 203369b0f9ec284e06b73f555a14fa5f02be5a0a Mon Sep 17 00:00:00 2001 From: Carlo Sala Date: Wed, 22 May 2024 15:36:03 +0200 Subject: ci(dependencies): run on sunday CET morning --- .github/workflows/dependencies.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows/dependencies.yml') diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 6bc8dc74d..6c7387089 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -2,7 +2,7 @@ name: Update dependencies on: workflow_dispatch: {} schedule: - - cron: "34 3 * * */8" + - cron: "0 6 * * 0" jobs: check: -- cgit v1.2.3-70-g09d2 From 98a182d71b59a24d6b694d3e6b7a49212c06e04f Mon Sep 17 00:00:00 2001 From: Marc Cornellà Date: Mon, 28 Jul 2025 19:13:35 +0200 Subject: ci: add strict permissions to `dependencies.yml` workflow (#13232) Just use `contents:read` initial permission. The other permissions needed are those attached to the @ohmyzsh GitHub App. --- .github/workflows/dependencies.yml | 3 +++ 1 file changed, 3 insertions(+) (limited to '.github/workflows/dependencies.yml') diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 6c7387089..b4a17912b 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -4,6 +4,9 @@ on: schedule: - cron: "0 6 * * 0" +permissions: + contents: read + jobs: check: name: Check for updates -- cgit v1.2.3-70-g09d2 From 5c804257ceb5b3062b876afae290adf72c474aad Mon Sep 17 00:00:00 2001 From: Carlo Sala Date: Mon, 28 Jul 2025 19:20:50 +0200 Subject: ci: use `actions/create-github-app-token` (#13233) --- .github/workflows/dependencies.yml | 10 +++++----- .github/workflows/project.yml | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) (limited to '.github/workflows/dependencies.yml') diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index b4a17912b..0b8eeda93 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -18,11 +18,11 @@ jobs: with: fetch-depth: 0 - name: Authenticate as @ohmyzsh - id: generate_token - uses: ohmyzsh/github-app-token@v2 + id: generate-token + uses: actions/create-github-app-token@v2 with: - app_id: ${{ secrets.OHMYZSH_APP_ID }} - private_key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }} + app-id: ${{ secrets.OHMYZSH_APP_ID }} + private-key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }} - name: Setup Python uses: actions/setup-python@v5 with: @@ -30,7 +30,7 @@ jobs: cache: "pip" - name: Process dependencies env: - GH_TOKEN: ${{ steps.generate_token.outputs.token }} + GH_TOKEN: ${{ steps.generate-token.outputs.token }} GIT_APP_NAME: ohmyzsh[bot] GIT_APP_EMAIL: 54982679+ohmyzsh[bot]@users.noreply.github.com TMP_DIR: ${{ runner.temp }} diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml index 2c2a1cdaa..8fd4e15d4 100644 --- a/.github/workflows/project.yml +++ b/.github/workflows/project.yml @@ -17,13 +17,13 @@ jobs: if: github.repository == 'ohmyzsh/ohmyzsh' steps: - name: Authenticate as @ohmyzsh - id: generate_token - uses: ohmyzsh/github-app-token@v2 + id: generate-token + uses: actions/create-github-app-token@v2 with: - app_id: ${{ secrets.OHMYZSH_APP_ID }} - private_key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }} + app-id: ${{ secrets.OHMYZSH_APP_ID }} + private-key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }} - name: Store app token - run: echo "GH_TOKEN=${{ steps.generate_token.outputs.token }}" >> "$GITHUB_ENV" + run: echo "GH_TOKEN=${{ steps.generate-token.outputs.token }}" >> "$GITHUB_ENV" - name: Read project data env: ORGANIZATION: ohmyzsh -- cgit v1.2.3-70-g09d2 From c2a69fe5904e074f0049a941c09f039acdce40a3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Aug 2025 08:32:18 +0200 Subject: chore(deps): bump actions/checkout from 4 to 5 (#13271) Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependencies.yml | 2 +- .github/workflows/installer.yml | 4 ++-- .github/workflows/main.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) (limited to '.github/workflows/dependencies.yml') diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 0b8eeda93..7cc53371d 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -14,7 +14,7 @@ jobs: if: github.repository == 'ohmyzsh/ohmyzsh' steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 - name: Authenticate as @ohmyzsh diff --git a/.github/workflows/installer.yml b/.github/workflows/installer.yml index 5593c9175..9e933350f 100644 --- a/.github/workflows/installer.yml +++ b/.github/workflows/installer.yml @@ -26,7 +26,7 @@ jobs: - macos-latest steps: - name: Set up git repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Install zsh if: runner.os == 'Linux' run: sudo apt-get update; sudo apt-get install zsh @@ -42,7 +42,7 @@ jobs: - test steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Install Vercel CLI run: npm install -g vercel - name: Setup project and deploy diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 264ac31f3..c49324495 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -24,7 +24,7 @@ jobs: if: github.repository == 'ohmyzsh/ohmyzsh' steps: - name: Set up git repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Install zsh run: sudo apt-get update; sudo apt-get install zsh - name: Check syntax -- cgit v1.2.3-70-g09d2 From 8c168e26625ac8376d9156b1b189cd2ae8c16dc7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Sep 2025 12:06:41 +0800 Subject: chore(deps): bump actions/setup-python from 5 to 6 (#13293) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependencies.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows/dependencies.yml') diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 7cc53371d..11c0ad0ef 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -24,7 +24,7 @@ jobs: app-id: ${{ secrets.OHMYZSH_APP_ID }} private-key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }} - name: Setup Python - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: "3.12" cache: "pip" -- cgit v1.2.3-70-g09d2 From 7f3d8a34e2d850b51782f0900151413b435296d4 Mon Sep 17 00:00:00 2001 From: StepSecurity Bot Date: Fri, 19 Sep 2025 08:30:10 -0700 Subject: ci: Harden GitHub Actions [StepSecurity] (#13318) --- .github/workflows/dependencies.yml | 11 ++++++++--- .github/workflows/installer.yml | 14 ++++++++++++-- .github/workflows/main.yml | 7 ++++++- .github/workflows/project.yml | 7 ++++++- 4 files changed, 32 insertions(+), 7 deletions(-) (limited to '.github/workflows/dependencies.yml') diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 11c0ad0ef..3f448fe64 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -13,18 +13,23 @@ jobs: runs-on: ubuntu-latest if: github.repository == 'ohmyzsh/ohmyzsh' steps: + - name: Harden the runner (Audit all outbound calls) + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + with: + egress-policy: audit + - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 - name: Authenticate as @ohmyzsh id: generate-token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 with: app-id: ${{ secrets.OHMYZSH_APP_ID }} private-key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }} - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 with: python-version: "3.12" cache: "pip" diff --git a/.github/workflows/installer.yml b/.github/workflows/installer.yml index 9e933350f..2d1de706a 100644 --- a/.github/workflows/installer.yml +++ b/.github/workflows/installer.yml @@ -25,8 +25,13 @@ jobs: - ubuntu-latest - macos-latest steps: + - name: Harden the runner (Audit all outbound calls) + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + with: + egress-policy: audit + - name: Set up git repository - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Install zsh if: runner.os == 'Linux' run: sudo apt-get update; sudo apt-get install zsh @@ -41,8 +46,13 @@ jobs: needs: - test steps: + - name: Harden the runner (Audit all outbound calls) + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + with: + egress-policy: audit + - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Install Vercel CLI run: npm install -g vercel - name: Setup project and deploy diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c49324495..b48a3d32b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -23,8 +23,13 @@ jobs: runs-on: ubuntu-latest if: github.repository == 'ohmyzsh/ohmyzsh' steps: + - name: Harden the runner (Audit all outbound calls) + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + with: + egress-policy: audit + - name: Set up git repository - uses: actions/checkout@v5 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - name: Install zsh run: sudo apt-get update; sudo apt-get install zsh - name: Check syntax diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml index 8fd4e15d4..ba971db15 100644 --- a/.github/workflows/project.yml +++ b/.github/workflows/project.yml @@ -16,9 +16,14 @@ jobs: runs-on: ubuntu-latest if: github.repository == 'ohmyzsh/ohmyzsh' steps: + - name: Harden the runner (Audit all outbound calls) + uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + with: + egress-policy: audit + - name: Authenticate as @ohmyzsh id: generate-token - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 with: app-id: ${{ secrets.OHMYZSH_APP_ID }} private-key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }} -- cgit v1.2.3-70-g09d2 From 38423b4b5ce1ebbcded814642706a5fc300eadda Mon Sep 17 00:00:00 2001 From: Carlo Sala Date: Thu, 23 Oct 2025 05:16:17 -0700 Subject: ci(deps): ensure push permissions are available (#13389) --- .github/workflows/dependencies.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows/dependencies.yml') diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 3f448fe64..be54fdf41 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -5,7 +5,7 @@ on: - cron: "0 6 * * 0" permissions: - contents: read + contents: write jobs: check: -- cgit v1.2.3-70-g09d2 From 18d0a63df8ed61aad7b25dc9c6f61a7cb88760dc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 9 Nov 2025 20:03:00 +0100 Subject: chore(deps): bump step-security/harden-runner from 2.13.1 to 2.13.2 (#13414) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependencies.yml | 2 +- .github/workflows/installer.yml | 4 ++-- .github/workflows/main.yml | 2 +- .github/workflows/project.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) (limited to '.github/workflows/dependencies.yml') diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index be54fdf41..9ff5ae375 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -14,7 +14,7 @@ jobs: if: github.repository == 'ohmyzsh/ohmyzsh' steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit diff --git a/.github/workflows/installer.yml b/.github/workflows/installer.yml index 2d1de706a..829d3804f 100644 --- a/.github/workflows/installer.yml +++ b/.github/workflows/installer.yml @@ -26,7 +26,7 @@ jobs: - macos-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit @@ -47,7 +47,7 @@ jobs: - test steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b48a3d32b..5bd062e1b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -24,7 +24,7 @@ jobs: if: github.repository == 'ohmyzsh/ohmyzsh' steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml index e6da2cbe5..1d22ec3d1 100644 --- a/.github/workflows/project.yml +++ b/.github/workflows/project.yml @@ -17,7 +17,7 @@ jobs: if: github.repository == 'ohmyzsh/ohmyzsh' steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit - name: Authenticate as @ohmyzsh diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ca2655968..6bb853386 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 with: egress-policy: audit -- cgit v1.2.3-70-g09d2 From 441299ca775d0e718e72d8cf2490702ac98d3b08 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 23 Nov 2025 22:35:53 +0100 Subject: chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#13438) Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 6.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/08c6903cd8c0fde910a37f88322edcfb5dd907a8...1af3b93b6815bc44a9784bd300feb67ff0d1eeb3) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependencies.yml | 2 +- .github/workflows/installer.yml | 4 ++-- .github/workflows/main.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) (limited to '.github/workflows/dependencies.yml') diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 9ff5ae375..45dee6f5d 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -19,7 +19,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: fetch-depth: 0 - name: Authenticate as @ohmyzsh diff --git a/.github/workflows/installer.yml b/.github/workflows/installer.yml index 829d3804f..120381dd8 100644 --- a/.github/workflows/installer.yml +++ b/.github/workflows/installer.yml @@ -31,7 +31,7 @@ jobs: egress-policy: audit - name: Set up git repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Install zsh if: runner.os == 'Linux' run: sudo apt-get update; sudo apt-get install zsh @@ -52,7 +52,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Install Vercel CLI run: npm install -g vercel - name: Setup project and deploy diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5bd062e1b..8200f50a6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -29,7 +29,7 @@ jobs: egress-policy: audit - name: Set up git repository - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - name: Install zsh run: sudo apt-get update; sudo apt-get install zsh - name: Check syntax diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index eec4b453d..5078aecc6 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -41,7 +41,7 @@ jobs: egress-policy: audit - name: "Checkout code" - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false -- cgit v1.2.3-70-g09d2 From beadd56dd75e8a40fe0a7d4a5d63ed5bf9efcd48 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 23 Nov 2025 22:37:35 +0100 Subject: chore(deps): bump actions/create-github-app-token from 2.1.4 to 2.2.0 (#13440) Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2.1.4 to 2.2.0. - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](https://github.com/actions/create-github-app-token/compare/67018539274d69449ef7c02e8e71183d1719ab42...7e473efe3cb98aa54f8d4bac15400b15fad77d94) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 2.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependencies.yml | 2 +- .github/workflows/project.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to '.github/workflows/dependencies.yml') diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 45dee6f5d..1c4ae131a 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -24,7 +24,7 @@ jobs: fetch-depth: 0 - name: Authenticate as @ohmyzsh id: generate-token - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 + uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 with: app-id: ${{ secrets.OHMYZSH_APP_ID }} private-key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }} diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml index 1d22ec3d1..6a236e691 100644 --- a/.github/workflows/project.yml +++ b/.github/workflows/project.yml @@ -22,7 +22,7 @@ jobs: egress-policy: audit - name: Authenticate as @ohmyzsh id: generate-token - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4 + uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 with: app-id: ${{ secrets.OHMYZSH_APP_ID }} private-key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }} -- cgit v1.2.3-70-g09d2 From a449c0247d69726fe4f3ca4fe88182bdb215a5d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 30 Nov 2025 16:29:07 +0100 Subject: chore(deps): bump actions/setup-python from 6.0.0 to 6.1.0 (#13455) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 6.0.0 to 6.1.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/e797f83bcb11b83ae66e0230d6156d7c80228e7c...83679a892e2d95755f2dac6acb0bfd1e9ac5d548) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependencies.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows/dependencies.yml') diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 1c4ae131a..000589087 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -29,7 +29,7 @@ jobs: app-id: ${{ secrets.OHMYZSH_APP_ID }} private-key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }} - name: Setup Python - uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: "3.12" cache: "pip" -- cgit v1.2.3-70-g09d2 From e9fc134236323ce3ce376715b1e55a54ed6ac7ac Mon Sep 17 00:00:00 2001 From: Marc Cornellà Date: Mon, 1 Dec 2025 11:22:14 +0100 Subject: ci(dependencies): update job permissions, change commits to `chore` (#13457) --- .github/workflows/dependencies.yml | 5 ++--- .github/workflows/dependencies/updater.py | 4 ++-- 2 files changed, 4 insertions(+), 5 deletions(-) (limited to '.github/workflows/dependencies.yml') diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 000589087..a21803ec6 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -4,14 +4,13 @@ on: schedule: - cron: "0 6 * * 0" -permissions: - contents: write - jobs: check: name: Check for updates runs-on: ubuntu-latest if: github.repository == 'ohmyzsh/ohmyzsh' + permissions: + contents: write # this is needed to push commits and branches steps: - name: Harden the runner (Audit all outbound calls) uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 diff --git a/.github/workflows/dependencies/updater.py b/.github/workflows/dependencies/updater.py index aee15d9e0..783161d6c 100644 --- a/.github/workflows/dependencies/updater.py +++ b/.github/workflows/dependencies/updater.py @@ -238,7 +238,7 @@ class Dependency: # Create GitHub PR GitHub.create_pr( branch, - f"feat({self.name}): update to version {new_version}", + f"chore({self.name}): update to version {new_version}", f"""## Description Update for **{self.desc}**: update to version [{new_version}]({status["head_url"]}). @@ -423,7 +423,7 @@ class Git: f"user.email={user_email}", "commit", "-m", - f"feat({scope}): update to {version}", + f"chore({scope}): update to {version}", ], stage="CreateCommit", env=clean_env, -- cgit v1.2.3-70-g09d2 From 3b66f643e4cfc78dfd62bb332f28f82d7dff2461 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 7 Dec 2025 18:38:26 +0100 Subject: chore(deps): bump step-security/harden-runner from 2.13.2 to 2.13.3 (#13471) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.13.2 to 2.13.3. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/95d9a5deda9de15063e7595e9719c11c38c90ae2...df199fb7be9f65074067a9eb93f12bb4c5547cf2) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.13.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependencies.yml | 2 +- .github/workflows/installer.yml | 4 ++-- .github/workflows/main.yml | 2 +- .github/workflows/project.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) (limited to '.github/workflows/dependencies.yml') diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index a21803ec6..aeeda6711 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -13,7 +13,7 @@ jobs: contents: write # this is needed to push commits and branches steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 + uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 with: egress-policy: audit diff --git a/.github/workflows/installer.yml b/.github/workflows/installer.yml index 120381dd8..d48a9603e 100644 --- a/.github/workflows/installer.yml +++ b/.github/workflows/installer.yml @@ -26,7 +26,7 @@ jobs: - macos-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 + uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 with: egress-policy: audit @@ -47,7 +47,7 @@ jobs: - test steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 + uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 with: egress-policy: audit diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 8200f50a6..ea64e3a2f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -24,7 +24,7 @@ jobs: if: github.repository == 'ohmyzsh/ohmyzsh' steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 + uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 with: egress-policy: audit diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml index 6a236e691..baaa1f9f2 100644 --- a/.github/workflows/project.yml +++ b/.github/workflows/project.yml @@ -17,7 +17,7 @@ jobs: if: github.repository == 'ohmyzsh/ohmyzsh' steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 + uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 with: egress-policy: audit - name: Authenticate as @ohmyzsh diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 42a1dc0cb..cc8e0a8eb 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 + uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 with: egress-policy: audit -- cgit v1.2.3-70-g09d2 From 0ebeae78d0ebdefbd0af38bfdad10504770acb82 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 7 Dec 2025 18:38:44 +0100 Subject: chore(deps): bump actions/create-github-app-token from 2.2.0 to 2.2.1 (#13470) Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2.2.0 to 2.2.1. - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](https://github.com/actions/create-github-app-token/compare/7e473efe3cb98aa54f8d4bac15400b15fad77d94...29824e69f54612133e76f7eaac726eef6c875baf) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 2.2.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependencies.yml | 2 +- .github/workflows/project.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to '.github/workflows/dependencies.yml') diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index aeeda6711..753effdcb 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -23,7 +23,7 @@ jobs: fetch-depth: 0 - name: Authenticate as @ohmyzsh id: generate-token - uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 with: app-id: ${{ secrets.OHMYZSH_APP_ID }} private-key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }} diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml index baaa1f9f2..9bb3e6550 100644 --- a/.github/workflows/project.yml +++ b/.github/workflows/project.yml @@ -22,7 +22,7 @@ jobs: egress-policy: audit - name: Authenticate as @ohmyzsh id: generate-token - uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0 + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 with: app-id: ${{ secrets.OHMYZSH_APP_ID }} private-key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }} -- cgit v1.2.3-70-g09d2 From ddec79ad4384325e08104574a9e0b81bb8a7e9d9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 7 Dec 2025 18:39:14 +0100 Subject: chore(deps): bump actions/checkout from 6.0.0 to 6.0.1 (#13468) Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.0 to 6.0.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3...8e8c483db84b4bee98b60c0593521ed34d9990e8) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependencies.yml | 2 +- .github/workflows/installer.yml | 4 ++-- .github/workflows/main.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) (limited to '.github/workflows/dependencies.yml') diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 753effdcb..149c7fef7 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -18,7 +18,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 0 - name: Authenticate as @ohmyzsh diff --git a/.github/workflows/installer.yml b/.github/workflows/installer.yml index d48a9603e..dcf5b52d8 100644 --- a/.github/workflows/installer.yml +++ b/.github/workflows/installer.yml @@ -31,7 +31,7 @@ jobs: egress-policy: audit - name: Set up git repository - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Install zsh if: runner.os == 'Linux' run: sudo apt-get update; sudo apt-get install zsh @@ -52,7 +52,7 @@ jobs: egress-policy: audit - name: Checkout - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Install Vercel CLI run: npm install -g vercel - name: Setup project and deploy diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ea64e3a2f..a8363eceb 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -29,7 +29,7 @@ jobs: egress-policy: audit - name: Set up git repository - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Install zsh run: sudo apt-get update; sudo apt-get install zsh - name: Check syntax diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index cc8e0a8eb..068fb5e7d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -41,7 +41,7 @@ jobs: egress-policy: audit - name: "Checkout code" - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false -- cgit v1.2.3-70-g09d2 From 1fee750c3bf53164ea93f564fe53764bb727f9ea Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Dec 2025 09:59:52 +0100 Subject: chore(deps): bump step-security/harden-runner from 2.13.3 to 2.14.0 (#13483) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependencies.yml | 2 +- .github/workflows/installer.yml | 4 ++-- .github/workflows/main.yml | 2 +- .github/workflows/project.yml | 2 +- .github/workflows/scorecard.yml | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) (limited to '.github/workflows/dependencies.yml') diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 149c7fef7..8d8f5cc73 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -13,7 +13,7 @@ jobs: contents: write # this is needed to push commits and branches steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit diff --git a/.github/workflows/installer.yml b/.github/workflows/installer.yml index dcf5b52d8..eef5bf322 100644 --- a/.github/workflows/installer.yml +++ b/.github/workflows/installer.yml @@ -26,7 +26,7 @@ jobs: - macos-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit @@ -47,7 +47,7 @@ jobs: - test steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a8363eceb..5917d5316 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -24,7 +24,7 @@ jobs: if: github.repository == 'ohmyzsh/ohmyzsh' steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit diff --git a/.github/workflows/project.yml b/.github/workflows/project.yml index 9bb3e6550..70597cab6 100644 --- a/.github/workflows/project.yml +++ b/.github/workflows/project.yml @@ -17,7 +17,7 @@ jobs: if: github.repository == 'ohmyzsh/ohmyzsh' steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - name: Authenticate as @ohmyzsh diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3a1f5c92c..2ce0dd5ff 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@df199fb7be9f65074067a9eb93f12bb4c5547cf2 # v2.13.3 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit -- cgit v1.2.3-70-g09d2