diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 36c35c9..91ed7c2 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,9 +3,13 @@ updates: - package-ecosystem: github-actions directory: "/" schedule: - interval: weekly + interval: monthly cooldown: default-days: 7 + groups: + github-actions: + patterns: + - "*" # Group all updates into a single larger pull request. - package-ecosystem: npm directory: "/" groups: @@ -14,6 +18,6 @@ updates: dependencies: dependency-type: production schedule: - interval: weekly + interval: monthly cooldown: default-days: 7 diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 7d1c18b..d3c8d2d 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -5,25 +5,21 @@ on: branches: - main pull_request: - # The branches below must be a subset of the branches above branches: - main schedule: - cron: '0 17 * * 5' -permissions: - actions: read - contents: read - security-events: write - jobs: codeQL: - # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest runs-on: ubuntu-latest - + permissions: + actions: read + contents: read + security-events: write steps: - name: Checkout repository - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: # Must fetch at least the immediate parents so that if this is # a pull request then we can checkout the head of the pull request. @@ -39,7 +35,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v4.35.4 + uses: github/codeql-action/init@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 # Override language selection by uncommenting this and choosing your languages with: languages: 'javascript-typescript' @@ -49,4 +45,4 @@ jobs: npm run all - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v4.35.4 + uses: github/codeql-action/analyze@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3e7217c..201b56c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -8,18 +8,17 @@ on: branches: - main -permissions: - contents: read +permissions: {} jobs: # make sure build/ci work properly build: runs-on: ubuntu-latest steps: - - uses: actions/setup-node@v6 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 24.x - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - run: | @@ -42,20 +41,17 @@ jobs: version: - "" - "latest" - - "v2.10" - - "v2.10.1" + - "v2.12" + - "v2.12.2" runs-on: ${{ matrix.os }} - permissions: - contents: read - pull-requests: read steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: actions/setup-node@v6 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 24.x - - uses: actions/setup-go@v6 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: oldstable - uses: ./ @@ -77,20 +73,17 @@ jobs: version: - "" - "latest" - - "v2.10.1" - - "f8861ca84d805a673945d037bae1559c3567aadc" + - "v2.12.1" + - "c0d3ddc9cf3faa61a4e378e879ece580256d76e5" runs-on: ${{ matrix.os }} - permissions: - contents: read - pull-requests: read steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: actions/setup-node@v6 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 24.x - - uses: actions/setup-go@v6 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: oldstable - uses: ./ @@ -113,16 +106,14 @@ jobs: - fixtures/go-mod - fixtures/go-tool runs-on: ${{ matrix.os }} - permissions: - contents: read steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: actions/setup-node@v6 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 24.x - - uses: actions/setup-go@v6 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: oldstable - uses: ./ @@ -143,20 +134,17 @@ jobs: version: - "" - "latest" - - "v2.10" - - "v2.10.1" + - "v2.12" + - "v2.12.1" runs-on: ${{ matrix.os }} - permissions: - contents: read - pull-requests: read steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: actions/setup-node@v6 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 24.x - - uses: actions/setup-go@v6 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: oldstable - uses: ./ @@ -175,17 +163,14 @@ jobs: - macos-latest - windows-latest runs-on: ${{ matrix.os }} - permissions: - contents: read - pull-requests: read steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false - - uses: actions/setup-node@v6 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version: 24.x - - uses: actions/setup-go@v6 + - uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: oldstable - uses: ./