From 7d413f9ed5afab1373c563dc5cf98f26f5607192 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Mar 2026 01:33:54 +0000 Subject: [PATCH 1/6] chore(deps): bump docker/setup-buildx-action from 3 to 4 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 2 +- .github/workflows/validate.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 10383ff..c6d87a3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -24,7 +24,7 @@ jobs: uses: actions/checkout@v6 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 with: version: ${{ env.SETUP_BUILDX_VERSION }} driver: docker diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 134070c..e6bbe6f 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -42,7 +42,7 @@ jobs: steps: - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 with: version: ${{ env.SETUP_BUILDX_VERSION }} driver: docker From e1a8c01cf35d16d1e8a0340694663dfc0b90e4f3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Mar 2026 01:33:50 +0000 Subject: [PATCH 2/6] chore(deps): bump docker/bake-action from 6 to 7 Bumps [docker/bake-action](https://github.com/docker/bake-action) from 6 to 7. - [Release notes](https://github.com/docker/bake-action/releases) - [Commits](https://github.com/docker/bake-action/compare/v6...v7) Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- updated-dependencies: - dependency-name: docker/bake-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 2 +- .github/workflows/update-dist.yml | 2 +- .github/workflows/validate.yml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c6d87a3..9cc2e8e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -30,7 +30,7 @@ jobs: driver: docker - name: Test - uses: docker/bake-action@v6 + uses: docker/bake-action@v7 with: source: . targets: test diff --git a/.github/workflows/update-dist.yml b/.github/workflows/update-dist.yml index 744588f..4dc3802 100644 --- a/.github/workflows/update-dist.yml +++ b/.github/workflows/update-dist.yml @@ -28,7 +28,7 @@ jobs: token: ${{ steps.docker-read-app.outputs.token || github.token }} - name: Build - uses: docker/bake-action@v6 + uses: docker/bake-action@v7 with: source: . targets: build diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index e6bbe6f..438dca4 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -27,7 +27,7 @@ jobs: - name: List targets id: generate - uses: docker/bake-action/subaction/list-targets@v6 + uses: docker/bake-action/subaction/list-targets@v7 with: target: validate @@ -48,6 +48,6 @@ jobs: driver: docker - name: Validate - uses: docker/bake-action@v6 + uses: docker/bake-action@v7 with: targets: ${{ matrix.target }} From 9c7fb5dc45c1fdd51ba3a99b60196a9c37a3eb3f Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Fri, 6 Mar 2026 10:09:09 +0100 Subject: [PATCH 3/6] ci: switch to matrix subaction Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- .github/workflows/validate.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 438dca4..377f7d6 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -19,15 +19,15 @@ jobs: prepare: runs-on: ubuntu-latest outputs: - targets: ${{ steps.generate.outputs.targets }} + matrix: ${{ steps.generate.outputs.matrix }} steps: - name: Checkout uses: actions/checkout@v6 - - name: List targets + name: Generate matrix id: generate - uses: docker/bake-action/subaction/list-targets@v7 + uses: docker/bake-action/subaction/matrix@v7 with: target: validate @@ -38,7 +38,7 @@ jobs: strategy: fail-fast: false matrix: - target: ${{ fromJson(needs.prepare.outputs.targets) }} + include: ${{ fromJson(needs.prepare.outputs.matrix) }} steps: - name: Set up Docker Buildx From bfdecb822f8164ce0e12c2912c8b09ce143e1efd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Mar 2026 01:34:29 +0000 Subject: [PATCH 4/6] chore(deps): bump actions/create-github-app-token from 2 to 3 Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2 to 3. - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](https://github.com/actions/create-github-app-token/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/update-dist.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-dist.yml b/.github/workflows/update-dist.yml index 4dc3802..fefe728 100644 --- a/.github/workflows/update-dist.yml +++ b/.github/workflows/update-dist.yml @@ -14,7 +14,7 @@ jobs: - name: GitHub auth token from GitHub App id: docker-read-app - uses: actions/create-github-app-token@v2 + uses: actions/create-github-app-token@v3 with: app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }} private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }} From 18f12cbd7c2e5e26d19b7371d0c807646a35e39a Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Fri, 20 Mar 2026 11:58:21 +0100 Subject: [PATCH 5/6] ci: enable SAST scanning with CodeQL Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- .github/workflows/codeql.yml | 45 ++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..07ce72d --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,45 @@ +name: codeql + +on: + push: + branches: + - 'master' + - 'releases/v*' + pull_request: + +permissions: + actions: read + contents: read + security-events: write + +env: + NODE_VERSION: "24" + +jobs: + analyze: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v6 + - + name: Enable corepack + run: | + corepack enable + yarn --version + - + name: Set up Node + uses: actions/setup-node@v6 + with: + node-version: ${{ env.NODE_VERSION }} + - + name: Initialize CodeQL + uses: github/codeql-action/init@v4 + with: + languages: javascript-typescript + build-mode: none + - + name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v4 + with: + category: "/language:javascript-typescript" From d21311de6c2dec65397c41a240424dd5cbfc6c72 Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Wed, 25 Mar 2026 12:41:04 +0100 Subject: [PATCH 6/6] ci: bump crazy-max/.github to 1.1.0 Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- .github/workflows/pr-assign-author.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-assign-author.yml b/.github/workflows/pr-assign-author.yml index f56fa03..571b370 100644 --- a/.github/workflows/pr-assign-author.yml +++ b/.github/workflows/pr-assign-author.yml @@ -11,7 +11,7 @@ on: jobs: run: - uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf + uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@20ef82212dc54bab5749f5e05576ca6d3c8a5773 # v1.1.0 permissions: contents: read pull-requests: write