7e8915d76ea1dbc3078a09d19dd4ee61ba5333ef
14 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
renovate[bot]
|
02879fa377 |
Update actions/setup-node action to v6 (#21249)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
ac8ac2c677 |
Update actions/setup-node action to v5 (#20407)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
2c8aa6e9e3 |
Update dependency node to v22 (#20410)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
9e4acd8bdd | Update actions/checkout action to v5 (#20404) | ||
|
renovate[bot]
|
ed4866a00b |
Update actions/setup-node action to v4.4.0 (#17514)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
12d7fad4ef |
Update actions/setup-node action to v4.3.0 (#17259)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/setup-node](https://redirect.github.com/actions/setup-node) | action | minor | `v4` -> `v4.3.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v4.3.0`](https://redirect.github.com/actions/setup-node/compare/v4.2.0...v4.3.0) [Compare Source](https://redirect.github.com/actions/setup-node/compare/v4.2.0...v4.3.0) ### [`v4.2.0`](https://redirect.github.com/actions/setup-node/releases/tag/v4.2.0) [Compare Source](https://redirect.github.com/actions/setup-node/compare/v4.1.0...v4.2.0) #### What's Changed - Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by [@​aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) in [https://github.com/actions/setup-node/pull/1174](https://redirect.github.com/actions/setup-node/pull/1174) - Add recommended permissions section to readme by [@​benwells](https://redirect.github.com/benwells) in [https://github.com/actions/setup-node/pull/1193](https://redirect.github.com/actions/setup-node/pull/1193) - Configure Dependabot settings by [@​HarithaVattikuti](https://redirect.github.com/HarithaVattikuti) in [https://github.com/actions/setup-node/pull/1192](https://redirect.github.com/actions/setup-node/pull/1192) - Upgrade `@actions/cache` to `^4.0.0` by [@​priyagupta108](https://redirect.github.com/priyagupta108) in [https://github.com/actions/setup-node/pull/1191](https://redirect.github.com/actions/setup-node/pull/1191) - Upgrade pnpm/action-setup from 2 to 4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-node/pull/1194](https://redirect.github.com/actions/setup-node/pull/1194) - Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-node/pull/1195](https://redirect.github.com/actions/setup-node/pull/1195) - Upgrade semver from 7.6.0 to 7.6.3 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-node/pull/1196](https://redirect.github.com/actions/setup-node/pull/1196) - Upgrade [@​types/jest](https://redirect.github.com/types/jest) from 29.5.12 to 29.5.14 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-node/pull/1201](https://redirect.github.com/actions/setup-node/pull/1201) - Upgrade undici from 5.28.4 to 5.28.5 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-node/pull/1205](https://redirect.github.com/actions/setup-node/pull/1205) #### New Contributors - [@​benwells](https://redirect.github.com/benwells) made their first contribution in [https://github.com/actions/setup-node/pull/1193](https://redirect.github.com/actions/setup-node/pull/1193) **Full Changelog**: https://github.com/actions/setup-node/compare/v4...v4.2.0 ### [`v4.1.0`](https://redirect.github.com/actions/setup-node/releases/tag/v4.1.0) [Compare Source](https://redirect.github.com/actions/setup-node/compare/v4.0.4...v4.1.0) #### What's Changed - Resolve High Security Alerts by upgrading Dependencies by [@​aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) in [https://github.com/actions/setup-node/pull/1132](https://redirect.github.com/actions/setup-node/pull/1132) - Upgrade IA Publish by [@​Jcambass](https://redirect.github.com/Jcambass) in [https://github.com/actions/setup-node/pull/1134](https://redirect.github.com/actions/setup-node/pull/1134) - Revise `isGhes` logic by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/setup-node/pull/1148](https://redirect.github.com/actions/setup-node/pull/1148) - Add architecture to cache key by [@​pengx17](https://redirect.github.com/pengx17) in [https://github.com/actions/setup-node/pull/843](https://redirect.github.com/actions/setup-node/pull/843) This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format. #### New Contributors - [@​jww3](https://redirect.github.com/jww3) made their first contribution in [https://github.com/actions/setup-node/pull/1148](https://redirect.github.com/actions/setup-node/pull/1148) - [@​pengx17](https://redirect.github.com/pengx17) made their first contribution in [https://github.com/actions/setup-node/pull/843](https://redirect.github.com/actions/setup-node/pull/843) **Full Changelog**: https://github.com/actions/setup-node/compare/v4...v4.1.0 ### [`v4.0.4`](https://redirect.github.com/actions/setup-node/releases/tag/v4.0.4) [Compare Source](https://redirect.github.com/actions/setup-node/compare/v4.0.3...v4.0.4) #### What's Changed - Add workflow file for publishing releases to immutable action package by [@​Jcambass](https://redirect.github.com/Jcambass) in [https://github.com/actions/setup-node/pull/1125](https://redirect.github.com/actions/setup-node/pull/1125) - Enhance Windows ARM64 Setup and Update micromatch Dependency by [@​priyagupta108](https://redirect.github.com/priyagupta108) in [https://github.com/actions/setup-node/pull/1126](https://redirect.github.com/actions/setup-node/pull/1126) ##### Documentation changes: - Documentation update in the README file by [@​suyashgaonkar](https://redirect.github.com/suyashgaonkar) in [https://github.com/actions/setup-node/pull/1106](https://redirect.github.com/actions/setup-node/pull/1106) - Correct invalid 'lts' version string reference by [@​fulldecent](https://redirect.github.com/fulldecent) in [https://github.com/actions/setup-node/pull/1124](https://redirect.github.com/actions/setup-node/pull/1124) #### New Contributors - [@​suyashgaonkar](https://redirect.github.com/suyashgaonkar) made their first contribution in [https://github.com/actions/setup-node/pull/1106](https://redirect.github.com/actions/setup-node/pull/1106) - [@​priyagupta108](https://redirect.github.com/priyagupta108) made their first contribution in [https://github.com/actions/setup-node/pull/1126](https://redirect.github.com/actions/setup-node/pull/1126) - [@​Jcambass](https://redirect.github.com/Jcambass) made their first contribution in [https://github.com/actions/setup-node/pull/1125](https://redirect.github.com/actions/setup-node/pull/1125) - [@​fulldecent](https://redirect.github.com/fulldecent) made their first contribution in [https://github.com/actions/setup-node/pull/1124](https://redirect.github.com/actions/setup-node/pull/1124) **Full Changelog**: https://github.com/actions/setup-node/compare/v4...v4.0.4 ### [`v4.0.3`](https://redirect.github.com/actions/setup-node/releases/tag/v4.0.3) [Compare Source](https://redirect.github.com/actions/setup-node/compare/v4.0.2...v4.0.3) ##### What's Changed ##### Bug fixes: - Fix macos latest check failures by [@​HarithaVattikuti](https://redirect.github.com/HarithaVattikuti) in [https://github.com/actions/setup-node/pull/1041](https://redirect.github.com/actions/setup-node/pull/1041) ##### Documentation changes: - Documentation update to update default Node version to 20 by [@​bengreeley](https://redirect.github.com/bengreeley) in [https://github.com/actions/setup-node/pull/949](https://redirect.github.com/actions/setup-node/pull/949) ##### Dependency updates: - Bump undici from 5.26.5 to 5.28.3 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-node/pull/965](https://redirect.github.com/actions/setup-node/pull/965) - Bump braces from 3.0.2 to 3.0.3 and other dependency updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-node/pull/1087](https://redirect.github.com/actions/setup-node/pull/1087) ##### New Contributors - [@​bengreeley](https://redirect.github.com/bengreeley) made their first contribution in [https://github.com/actions/setup-node/pull/949](https://redirect.github.com/actions/setup-node/pull/949) - [@​HarithaVattikuti](https://redirect.github.com/HarithaVattikuti) made their first contribution in [https://github.com/actions/setup-node/pull/1041](https://redirect.github.com/actions/setup-node/pull/1041) **Full Changelog**: https://github.com/actions/setup-node/compare/v4...v4.0.3 ### [`v4.0.2`](https://redirect.github.com/actions/setup-node/releases/tag/v4.0.2) [Compare Source](https://redirect.github.com/actions/setup-node/compare/v4.0.1...v4.0.2) ##### What's Changed - Add support for `volta.extends` by [@​ThisIsManta](https://redirect.github.com/ThisIsManta) in [https://github.com/actions/setup-node/pull/921](https://redirect.github.com/actions/setup-node/pull/921) - Add support for arm64 Windows by [@​dmitry-shibanov](https://redirect.github.com/dmitry-shibanov) in [https://github.com/actions/setup-node/pull/927](https://redirect.github.com/actions/setup-node/pull/927) ##### New Contributors - [@​ThisIsManta](https://redirect.github.com/ThisIsManta) made their first contribution in [https://github.com/actions/setup-node/pull/921](https://redirect.github.com/actions/setup-node/pull/921) **Full Changelog**: https://github.com/actions/setup-node/compare/v4.0.1...v4.0.2 ### [`v4.0.1`](https://redirect.github.com/actions/setup-node/releases/tag/v4.0.1) [Compare Source](https://redirect.github.com/actions/setup-node/compare/v4...v4.0.1) ##### What's Changed - Ignore engines in Yarn 1 e2e-cache tests by [@​trivikr](https://redirect.github.com/trivikr) in [https://github.com/actions/setup-node/pull/882](https://redirect.github.com/actions/setup-node/pull/882) - Update setup-node references in the README.md file to setup-node@v4 by [@​jwetzell](https://redirect.github.com/jwetzell) in [https://github.com/actions/setup-node/pull/884](https://redirect.github.com/actions/setup-node/pull/884) - Update reusable workflows to use Node.js v20 by [@​MaksimZhukov](https://redirect.github.com/MaksimZhukov) in [https://github.com/actions/setup-node/pull/889](https://redirect.github.com/actions/setup-node/pull/889) - Add fix for cache to resolve slow post action step by [@​aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) in [https://github.com/actions/setup-node/pull/917](https://redirect.github.com/actions/setup-node/pull/917) - Fix README.md by [@​takayamaki](https://redirect.github.com/takayamaki) in [https://github.com/actions/setup-node/pull/898](https://redirect.github.com/actions/setup-node/pull/898) - Add `package.json` to `node-version-file` list of examples. by [@​TWiStErRob](https://redirect.github.com/TWiStErRob) in [https://github.com/actions/setup-node/pull/879](https://redirect.github.com/actions/setup-node/pull/879) - Fix node-version-file interprets entire package.json as a version by [@​NullVoxPopuli](https://redirect.github.com/NullVoxPopuli) in [https://github.com/actions/setup-node/pull/865](https://redirect.github.com/actions/setup-node/pull/865) ##### New Contributors - [@​trivikr](https://redirect.github.com/trivikr) made their first contribution in [https://github.com/actions/setup-node/pull/882](https://redirect.github.com/actions/setup-node/pull/882) - [@​jwetzell](https://redirect.github.com/jwetzell) made their first contribution in [https://github.com/actions/setup-node/pull/884](https://redirect.github.com/actions/setup-node/pull/884) - [@​aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) made their first contribution in [https://github.com/actions/setup-node/pull/917](https://redirect.github.com/actions/setup-node/pull/917) - [@​takayamaki](https://redirect.github.com/takayamaki) made their first contribution in [https://github.com/actions/setup-node/pull/898](https://redirect.github.com/actions/setup-node/pull/898) - [@​TWiStErRob](https://redirect.github.com/TWiStErRob) made their first contribution in [https://github.com/actions/setup-node/pull/879](https://redirect.github.com/actions/setup-node/pull/879) - [@​NullVoxPopuli](https://redirect.github.com/NullVoxPopuli) made their first contribution in [https://github.com/actions/setup-node/pull/865](https://redirect.github.com/actions/setup-node/pull/865) **Full Changelog**: https://github.com/actions/setup-node/compare/v4...v4.0.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/astral-sh/ruff). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMjcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjIyNy4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbnRlcm5hbCJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
796e7510c4 |
Update actions/checkout action to v4.2.2 (#17257)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://redirect.github.com/actions/checkout) | action | minor | `v4` -> `v4.2.2` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.2.2`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v422) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.2.1...v4.2.2) - `url-helper.ts` now leverages well-known environment variables by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1941](https://redirect.github.com/actions/checkout/pull/1941) - Expand unit test coverage for `isGhes` by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1946](https://redirect.github.com/actions/checkout/pull/1946) ### [`v4.2.1`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v421) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.2.0...v4.2.1) - Check out other refs/\* by commit if provided, fall back to ref by [@​orhantoy](https://redirect.github.com/orhantoy) in [https://github.com/actions/checkout/pull/1924](https://redirect.github.com/actions/checkout/pull/1924) ### [`v4.2.0`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v420) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.7...v4.2.0) - Add Ref and Commit outputs by [@​lucacome](https://redirect.github.com/lucacome) in [https://github.com/actions/checkout/pull/1180](https://redirect.github.com/actions/checkout/pull/1180) - Dependency updates by [@​dependabot-](https://redirect.github.com/dependabot-) [https://github.com/actions/checkout/pull/1777](https://redirect.github.com/actions/checkout/pull/1777), [https://github.com/actions/checkout/pull/1872](https://redirect.github.com/actions/checkout/pull/1872) ### [`v4.1.7`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v417) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.6...v4.1.7) - Bump the minor-npm-dependencies group across 1 directory with 4 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1739](https://redirect.github.com/actions/checkout/pull/1739) - Bump actions/checkout from 3 to 4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1697](https://redirect.github.com/actions/checkout/pull/1697) - Check out other refs/\* by commit by [@​orhantoy](https://redirect.github.com/orhantoy) in [https://github.com/actions/checkout/pull/1774](https://redirect.github.com/actions/checkout/pull/1774) - Pin actions/checkout's own workflows to a known, good, stable version. by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1776](https://redirect.github.com/actions/checkout/pull/1776) ### [`v4.1.6`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://redirect.github.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v415) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.4...v4.1.5) - Update NPM dependencies by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://redirect.github.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://redirect.github.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://redirect.github.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://redirect.github.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://redirect.github.com/actions/checkout/pull/1707) ### [`v4.1.4`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://redirect.github.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://redirect.github.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://redirect.github.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://redirect.github.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v413) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.2...v4.1.3) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://redirect.github.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://redirect.github.com/actions/checkout/pull/1685) - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://redirect.github.com/actions/checkout/pull/1650) ### [`v4.1.2`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://redirect.github.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://redirect.github.com/actions/checkout/pull/1598) ### [`v4.1.1`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v411) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.0...v4.1.1) - Correct link to GitHub Docs by [@​peterbe](https://redirect.github.com/peterbe) in [https://github.com/actions/checkout/pull/1511](https://redirect.github.com/actions/checkout/pull/1511) - Link to release page from what's new section by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1514](https://redirect.github.com/actions/checkout/pull/1514) ### [`v4.1.0`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v410) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.0.0...v4.1.0) - [Add support for partial checkout filters](https://redirect.github.com/actions/checkout/pull/1396) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/astral-sh/ruff). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMjcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjIyNy4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbnRlcm5hbCJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
dbdb46dcd2 |
Pin dependencies (#16791)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [CodSpeedHQ/action](https://redirect.github.com/CodSpeedHQ/action) | action | pinDigest | -> `0010eb0` | | [PyO3/maturin-action](https://redirect.github.com/PyO3/maturin-action) | action | pinDigest | -> `36db840` | | [SebRollen/toml-action](https://redirect.github.com/SebRollen/toml-action) | action | pinDigest | -> `b1b3628` | | [Swatinem/rust-cache](https://redirect.github.com/Swatinem/rust-cache) | action | pinDigest | -> `f0deed1` | | [actions/cache](https://redirect.github.com/actions/cache) | action | pinDigest | -> `d4323d4` | | [actions/checkout](https://redirect.github.com/actions/checkout) | action | pinDigest | -> `11bd719` | | [actions/download-artifact](https://redirect.github.com/actions/download-artifact) | action | pinDigest | -> `cc20338` | | [actions/github-script](https://redirect.github.com/actions/github-script) | action | pinDigest | -> `60a0d83` | | [actions/setup-node](https://redirect.github.com/actions/setup-node) | action | pinDigest | -> `cdca736` | | [actions/setup-python](https://redirect.github.com/actions/setup-python) | action | pinDigest | -> `4237552` | | [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | pinDigest | -> `4cec3d8` | | [astral-sh/setup-uv](https://redirect.github.com/astral-sh/setup-uv) | action | pinDigest | -> `f94ec6b` | | [dawidd6/action-download-artifact](https://redirect.github.com/dawidd6/action-download-artifact) | action | pinDigest | -> `20319c5` | | [docker/build-push-action](https://redirect.github.com/docker/build-push-action) | action | pinDigest | -> `471d1dc` | | [docker/login-action](https://redirect.github.com/docker/login-action) | action | pinDigest | -> `74a5d14` | | [docker/metadata-action](https://redirect.github.com/docker/metadata-action) | action | pinDigest | -> `902fa8e` | | [docker/setup-buildx-action](https://redirect.github.com/docker/setup-buildx-action) | action | pinDigest | -> `b5ca514` | | [extractions/setup-just](https://redirect.github.com/extractions/setup-just) | action | pinDigest | -> `dd310ad` | | [jetli/wasm-bindgen-action](https://redirect.github.com/jetli/wasm-bindgen-action) | action | pinDigest | -> `20b33e2` | | [jetli/wasm-pack-action](https://redirect.github.com/jetli/wasm-pack-action) | action | pinDigest | -> `0d096b0` | | [peter-evans/create-or-update-comment](https://redirect.github.com/peter-evans/create-or-update-comment) | action | pinDigest | -> `71345be` | | [peter-evans/find-comment](https://redirect.github.com/peter-evans/find-comment) | action | pinDigest | -> `3eae4d3` | | [taiki-e/install-action](https://redirect.github.com/taiki-e/install-action) | action | pinDigest | -> `2c41309` | | [uraimo/run-on-arch-action](https://redirect.github.com/uraimo/run-on-arch-action) | action | pinDigest | -> `ac33288` | | [webfactory/ssh-agent](https://redirect.github.com/webfactory/ssh-agent) | action | pinDigest | -> `dc588b6` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/astral-sh/ruff). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDAuMCIsInVwZGF0ZWRJblZlciI6IjM5LjIwMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbnRlcm5hbCJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
Brent Westbrook
|
b385c7d22a |
Specify the wasm-pack version for release workflows (#16278)
This PR uses the same version specified in https://github.com/astral-sh/ruff/pull/14465 for the CI workflow to prevent random versions from being pulled like in the 0.9.7 [release](https://github.com/astral-sh/ruff/actions/runs/13436100909/job/37539387595). |
||
|
Alex Waygood
|
58e7db89a1 |
Run zizmor in CI, and fix most warnings (#14844)
## Summary A [recent exploit](https://github.com/advisories/GHSA-7x29-qqmq-v6qc) brought attention to how easy it can be for attackers to use template expansion in GitHub Actions workflows to inject arbitrary code into a repository. That vulnerability [would have been caught by the zizmor linter](https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection), which looks for potential security vulnerabilities in GitHub Actions workflows. This PR adds [zizmor](https://github.com/woodruffw/zizmor) as a pre-commit hook and fixes the high- and medium-severity warnings flagged by the tool. All the warnings fixed in this PR are related to this zizmor check: https://woodruffw.github.io/zizmor/audits/#artipacked. The summary of the check is that `actions/checkout` will by default persist git configuration for the duration of the workflow, which can be insecure. It's unnecessary unless you actually need to do things with `git` later on in the workflow. None of our workflows do except for `publish-docs.yml` and `sync-typeshed.yml`, so I set `persist-credentials: true` for those two but `persist-credentials: false` for all other uses of `actions/checkout`. Unfortunately there are several warnings in `release.yml`, including four high-severity warnings. However, this is a generated workflow file, so I have deliberately excluded this file from the check. These are the findings in `release.yml`: <details> <summary>release.yml findings</summary> ``` warning[artipacked]: credential persistence through GitHub Actions artifacts --> /Users/alexw/dev/ruff/.github/workflows/release.yml:62:9 | 62 | - uses: actions/checkout@v4 | _________- 63 | | with: 64 | | submodules: recursive | |_______________________________- does not set persist-credentials: false | = note: audit confidence → Low warning[artipacked]: credential persistence through GitHub Actions artifacts --> /Users/alexw/dev/ruff/.github/workflows/release.yml:124:9 | 124 | - uses: actions/checkout@v4 | _________- 125 | | with: 126 | | submodules: recursive | |_______________________________- does not set persist-credentials: false | = note: audit confidence → Low warning[artipacked]: credential persistence through GitHub Actions artifacts --> /Users/alexw/dev/ruff/.github/workflows/release.yml:174:9 | 174 | - uses: actions/checkout@v4 | _________- 175 | | with: 176 | | submodules: recursive | |_______________________________- does not set persist-credentials: false | = note: audit confidence → Low warning[artipacked]: credential persistence through GitHub Actions artifacts --> /Users/alexw/dev/ruff/.github/workflows/release.yml:249:9 | 249 | - uses: actions/checkout@v4 | _________- 250 | | with: 251 | | submodules: recursive 252 | | # Create a GitHub Release while uploading all files to it | |_______________________________________________________________- does not set persist-credentials: false | = note: audit confidence → Low error[excessive-permissions]: overly broad workflow or job-level permissions --> /Users/alexw/dev/ruff/.github/workflows/release.yml:17:1 | 17 | / permissions: 18 | | "contents": "write" ... | 39 | | # If there's a prerelease-style suffix to the version, then the release(s) 40 | | # will be marked as a prerelease. | |_________________________________^ contents: write is overly broad at the workflow level | = note: audit confidence → High error[template-injection]: code injection via template expansion --> /Users/alexw/dev/ruff/.github/workflows/release.yml:80:9 | 80 | - id: plan | _________^ 81 | | run: | | |_________^ 82 | || dist ${{ (inputs.tag && inputs.tag != 'dry-run' && format('host --steps=create --tag={0}', inputs.tag)) || 'plan' }} --out... 83 | || echo "dist ran successfully" 84 | || cat plan-dist-manifest.json 85 | || echo "manifest=$(jq -c "." plan-dist-manifest.json)" >> "$GITHUB_OUTPUT" | ||__________________________________________________________________________________^ this step | ||__________________________________________________________________________________^ inputs.tag may expand into attacker-controllable code | = note: audit confidence → Low error[template-injection]: code injection via template expansion --> /Users/alexw/dev/ruff/.github/workflows/release.yml:80:9 | 80 | - id: plan | _________^ 81 | | run: | | |_________^ 82 | || dist ${{ (inputs.tag && inputs.tag != 'dry-run' && format('host --steps=create --tag={0}', inputs.tag)) || 'plan' }} --out... 83 | || echo "dist ran successfully" 84 | || cat plan-dist-manifest.json 85 | || echo "manifest=$(jq -c "." plan-dist-manifest.json)" >> "$GITHUB_OUTPUT" | ||__________________________________________________________________________________^ this step | ||__________________________________________________________________________________^ inputs.tag may expand into attacker-controllable code | = note: audit confidence → Low error[template-injection]: code injection via template expansion --> /Users/alexw/dev/ruff/.github/workflows/release.yml:80:9 | 80 | - id: plan | _________^ 81 | | run: | | |_________^ 82 | || dist ${{ (inputs.tag && inputs.tag != 'dry-run' && format('host --steps=create --tag={0}', inputs.tag)) || 'plan' }} --out... 83 | || echo "dist ran successfully" 84 | || cat plan-dist-manifest.json 85 | || echo "manifest=$(jq -c "." plan-dist-manifest.json)" >> "$GITHUB_OUTPUT" | ||__________________________________________________________________________________^ this step | ||__________________________________________________________________________________^ inputs.tag may expand into attacker-controllable code | = note: audit confidence → Low ``` </details> ## Test Plan `uvx pre-commit run -a` |
||
|
Micha Reiser
|
2ff36530c3 | Upgrade to Rust 1.82 (#13816) | ||
|
Micha Reiser
|
6d7da7bdbe | Revert "Upgrade to Rust 1.82 toolchain" (#13810) | ||
|
Micha Reiser
|
ff72055558 | Upgrade to Rust 1.82 toolchain (#13808) | ||
|
Matthew Runyon
|
fe04f2b09d | Publish wasm API to npm (#12317) |