Cornelicorn/oh-my-zsh
1
0
Fork 0
mirror of https://github.com/robbyrussell/oh-my-zsh.git synced 2026-04-20 05:18:37 +02:00
Code Issues Releases Wiki Activity

Compare commits

base: Cornelicorn:7c10d9839f05b8b73e26aa4e0f04cc886fbba6a6
Branches Tags
Cornelicorn:master Cornelicorn:dependabot/github_actions/github/codeql-action-4.35.2 Cornelicorn:dependabot/github_actions/step-security/harden-runner-2.18.0
...
compare: Cornelicorn:dependabot/github_actions/github/codeql-action-4.35.2
Branches Tags
Cornelicorn:dependabot/github_actions/github/codeql-action-4.35.2 Cornelicorn:dependabot/github_actions/step-security/harden-runner-2.18.0 Cornelicorn:master

6 Commits
7c10d9839f ... dependabot

Author SHA1 Message Date
dependabot[bot]
8c6e4473e5 chore(deps): bump github/codeql-action from 4.35.1 to 4.35.2 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.1 to 4.35.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](c10b8064de...95e58e9a2c)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.35.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-19 12:52:28 +00:00
Carlo Sala
e42ac8c57b ci: add strong permission (#13694) 2026-04-16 19:05:24 +02:00
Carlo Sala
061f773dd3 ci: use client-id rather than app-id (#13690) 2026-04-13 11:31:03 +02:00
dependabot[bot]
c53cfb2de4 chore(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 (#13689) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-13 10:51:45 +02:00
dependabot[bot]
1708d84b70 chore(deps): bump step-security/harden-runner from 2.16.1 to 2.17.0 (#13687) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-13 09:54:42 +02:00
dependabot[bot]
46c673072e chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#13688) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-13 09:54:23 +02:00
5 changed files with 15 additions and 12 deletions
Expand all files Collapse all files

9
.github/workflows/dependencies.yml vendored
View File

@@ -4,6 +4,9 @@ on:
schedule:
- cron: "0 6 * * 0"
permissions:
contents: read
jobs:
check:
name: Check for updates
@@ -13,7 +16,7 @@ jobs:
contents: write # this is needed to push commits and branches
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with:
egress-policy: audit
@@ -23,9 +26,9 @@ jobs:
fetch-depth: 0
- name: Authenticate as @ohmyzsh
id: generate-token
uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
with:
app-id: ${{ secrets.OHMYZSH_APP_ID }}
client-id: ${{ secrets.OHMYZSH_CLIENT_ID }}
private-key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }}
- name: Setup Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0

4
.github/workflows/installer.yml vendored
View File

@@ -26,7 +26,7 @@ jobs:
- macos-latest
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with:
egress-policy: audit
@@ -47,7 +47,7 @@ jobs:
- test
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with:
egress-policy: audit

2
.github/workflows/main.yml vendored
View File

@@ -24,7 +24,7 @@ jobs:
if: github.repository == 'ohmyzsh/ohmyzsh'
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with:
egress-policy: audit

6
.github/workflows/project.yml vendored
View File

@@ -17,14 +17,14 @@ jobs:
if: github.repository == 'ohmyzsh/ohmyzsh'
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with:
egress-policy: audit
- name: Authenticate as @ohmyzsh
id: generate-token
uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
with:
app-id: ${{ secrets.OHMYZSH_APP_ID }}
client-id: ${{ secrets.OHMYZSH_CLIENT_ID }}
private-key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }}
- name: Read project data
env:

6
.github/workflows/scorecard.yml vendored
View File

@@ -36,7 +36,7 @@ jobs:
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d # v2.16.1
uses: step-security/harden-runner@f808768d1510423e83855289c910610ca9b43176 # v2.17.0
with:
egress-policy: audit
@@ -53,13 +53,13 @@ jobs:
publish_results: true
- name: "Upload artifact"
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: SARIF file
path: results.sarif
retention-days: 5
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
with:
sarif_file: results.sarif