diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 85b3a123a..137a3c846 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,3 +8,5 @@ updates: schedule: interval: yearly open-pull-requests-limit: 0 + cooldown: + default-days: 7 diff --git a/.github/workflows/binsuite.yml b/.github/workflows/binsuite.yml index f931ea678..5d90785fa 100644 --- a/.github/workflows/binsuite.yml +++ b/.github/workflows/binsuite.yml @@ -129,7 +129,7 @@ jobs: node-version-file: .node-version - name: Setup pnpm - uses: pnpm/action-setup@58e6119fe4f3092a76a7771efb55e04d25b6b26f # v5 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 - name: Install dependencies run: pnpm install --frozen-lockfile @@ -595,7 +595,7 @@ jobs: node-version-file: .node-version - name: Setup pnpm - uses: pnpm/action-setup@58e6119fe4f3092a76a7771efb55e04d25b6b26f # v5 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 - name: Install dependencies run: pnpm install --frozen-lockfile @@ -1026,7 +1026,7 @@ jobs: node-version-file: .node-version - name: Setup pnpm - uses: pnpm/action-setup@58e6119fe4f3092a76a7771efb55e04d25b6b26f # v5 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 - name: Install dependencies run: pnpm install --frozen-lockfile diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fb9e33e8b..4f7c32473 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -51,7 +51,7 @@ jobs: cache: '' - name: Setup pnpm - uses: pnpm/action-setup@58e6119fe4f3092a76a7771efb55e04d25b6b26f # v5 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 - name: Install dependencies run: pnpm install --frozen-lockfile @@ -117,7 +117,7 @@ jobs: cache: '' - name: Setup pnpm - uses: pnpm/action-setup@58e6119fe4f3092a76a7771efb55e04d25b6b26f # v5 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 - name: Install dependencies run: pnpm install --frozen-lockfile diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index aefe14e08..957afbecc 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -130,7 +130,7 @@ jobs: fi - name: Setup pnpm - uses: pnpm/action-setup@58e6119fe4f3092a76a7771efb55e04d25b6b26f # v5 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 - name: Setup Node.js uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 diff --git a/.github/workflows/ink.yml b/.github/workflows/ink.yml index 40df1e3a7..d73f30a06 100644 --- a/.github/workflows/ink.yml +++ b/.github/workflows/ink.yml @@ -86,7 +86,7 @@ jobs: node-version: ${{ steps.tool-versions.outputs.node-version }} - name: Setup pnpm - uses: pnpm/action-setup@58e6119fe4f3092a76a7771efb55e04d25b6b26f # v5 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 # Note: version is specified in package.json packageManager field, not here - name: Install dependencies diff --git a/.github/workflows/iocraft.yml b/.github/workflows/iocraft.yml index 0a9362026..622ae8798 100644 --- a/.github/workflows/iocraft.yml +++ b/.github/workflows/iocraft.yml @@ -144,7 +144,7 @@ jobs: node-version: ${{ steps.tool-versions.outputs.node-version }} - name: Setup pnpm - uses: pnpm/action-setup@58e6119fe4f3092a76a7771efb55e04d25b6b26f # v5 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 # Note: version is specified in package.json packageManager field, not here - name: Install dependencies diff --git a/.github/workflows/lief.yml b/.github/workflows/lief.yml index 18c865a4e..63da16fd8 100644 --- a/.github/workflows/lief.yml +++ b/.github/workflows/lief.yml @@ -128,7 +128,7 @@ jobs: fi - name: Setup pnpm - uses: pnpm/action-setup@58e6119fe4f3092a76a7771efb55e04d25b6b26f # v5 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 - name: Setup Node.js uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 diff --git a/.github/workflows/models.yml b/.github/workflows/models.yml index 29d2f315f..3fe33f853 100644 --- a/.github/workflows/models.yml +++ b/.github/workflows/models.yml @@ -67,7 +67,7 @@ jobs: node-version: ${{ steps.tool-versions.outputs.node-version }} - name: Setup pnpm - uses: pnpm/action-setup@58e6119fe4f3092a76a7771efb55e04d25b6b26f # v5 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 # Note: version is specified in package.json packageManager field, not here - name: Install dependencies diff --git a/.github/workflows/node-smol.yml b/.github/workflows/node-smol.yml index bb8779b22..2e0e8fd42 100644 --- a/.github/workflows/node-smol.yml +++ b/.github/workflows/node-smol.yml @@ -201,7 +201,7 @@ jobs: echo "Loaded Node.js build version: $NODE_BUILD_VERSION" - name: Setup pnpm - uses: pnpm/action-setup@58e6119fe4f3092a76a7771efb55e04d25b6b26f # v5 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 - name: Install dependencies run: pnpm install --frozen-lockfile diff --git a/.github/workflows/onnxruntime.yml b/.github/workflows/onnxruntime.yml index 18b92bc45..68c6a4529 100644 --- a/.github/workflows/onnxruntime.yml +++ b/.github/workflows/onnxruntime.yml @@ -99,7 +99,7 @@ jobs: node-version: ${{ steps.tool-versions.outputs.node-version }} - name: Setup pnpm - uses: pnpm/action-setup@58e6119fe4f3092a76a7771efb55e04d25b6b26f # v5 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 # Note: version is specified in package.json packageManager field, not here - name: Install dependencies diff --git a/.github/workflows/stubs.yml b/.github/workflows/stubs.yml index 6747b9326..2f3b52f2b 100644 --- a/.github/workflows/stubs.yml +++ b/.github/workflows/stubs.yml @@ -208,7 +208,7 @@ jobs: - name: Setup pnpm if: matrix.os != 'linux' - uses: pnpm/action-setup@58e6119fe4f3092a76a7771efb55e04d25b6b26f # v5 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 - name: Setup Node.js if: matrix.os != 'linux' diff --git a/.github/workflows/weekly-update.yml b/.github/workflows/weekly-update.yml index b4e34afe3..684586dff 100644 --- a/.github/workflows/weekly-update.yml +++ b/.github/workflows/weekly-update.yml @@ -39,7 +39,7 @@ jobs: cache: '' - name: Setup pnpm - uses: pnpm/action-setup@58e6119fe4f3092a76a7771efb55e04d25b6b26f # v5 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 - name: Install dependencies run: pnpm install --frozen-lockfile @@ -182,7 +182,7 @@ jobs: cache: '' - name: Setup pnpm - uses: pnpm/action-setup@58e6119fe4f3092a76a7771efb55e04d25b6b26f # v5 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 - name: Install dependencies run: pnpm install --frozen-lockfile diff --git a/.github/workflows/yoga-layout.yml b/.github/workflows/yoga-layout.yml index 041ad6f86..3c0cba105 100644 --- a/.github/workflows/yoga-layout.yml +++ b/.github/workflows/yoga-layout.yml @@ -99,7 +99,7 @@ jobs: node-version: ${{ steps.tool-versions.outputs.node-version }} - name: Setup pnpm - uses: pnpm/action-setup@58e6119fe4f3092a76a7771efb55e04d25b6b26f # v5 + uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5 # Note: version is specified in package.json packageManager field, not here - name: Install dependencies diff --git a/.github/zizmor.yml b/.github/zizmor.yml index 7a0c00d62..73eed5721 100644 --- a/.github/zizmor.yml +++ b/.github/zizmor.yml @@ -5,14 +5,17 @@ rules: cache-poisoning: ignore: # False positive: We explicitly disabled caching with cache: '' - # Line 43: checks job - Setup Node.js step - - ci.yml:43 + # Line 48: checks job - Setup Node.js step + - ci.yml:48 # False positive: We explicitly disabled caching with cache: '' - # Line 97: test job - Setup Node.js step - - ci.yml:97 + # Line 114: test job - Setup Node.js step + - ci.yml:114 # False positive: We explicitly disabled caching with cache: '' - # Line 180: stubs workflow - Setup Node.js step - - stubs.yml:180 + # Line 215: stubs workflow - Setup Node.js step + - stubs.yml:215 + + secrets-outside-env: + disable: true template-injection: ignore: