59ecf2daf0
chore(deps): update github/codeql-action action to v4.35.3
2026-05-09 05:37:39 +00:00
5b317bc39f
chore(deps): update github/codeql-action action to v4.35.2
2026-05-02 04:12:05 +00:00
2d3824ffd0
chore(deps): update github/codeql-action action to v4.35.1
2026-04-18 05:41:11 +00:00
7475a47be6
chore(deps): update github/codeql-action action to v4.34.1
2026-03-28 05:29:37 +00:00
81959f44ce
chore(deps): update github/codeql-action action to v4.32.6
2026-03-21 07:10:32 +00:00
ba16033f24
ci(workflow): Harden GitHub Actions security across all workflows
...
Fix all findings from actionlint and zizmor security linters:
- Add persist-credentials: false to all checkout steps across 14 workflows
- Fix template injection in repomix action by using env vars instead of ${{ inputs.* }}
- Pin Homebrew actions to SHA (50b8c2ab) instead of @main tag
- Add zizmor config to ignore artipacked for schema-update.yml (needs credentials for push)
- Add zizmor linter job and config path to ci.yml
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com >
2026-03-07 20:56:55 +09:00
c96b1e39a2
chore(deps): update actions/checkout action to v6.0.2
2026-01-24 02:11:18 +00:00
aa5ae37ae8
fix(deps): update all non-major dependencies
2025-12-30 13:52:35 +00:00
805d427e47
fix(deps): update all non-major dependencies
2025-12-13 05:50:40 +00:00
92ef98329d
fix(deps): update all non-major dependencies
2025-12-03 15:16:23 +00:00
056bfbdbbc
chore(deps): update actions/checkout action to v6
2025-12-01 01:12:44 +00:00
e5b5a204d4
fix(deps): update all non-major dependencies
2025-11-27 10:16:30 +00:00
18ef52acc1
fix(deps): update all non-major dependencies
2025-11-11 13:38:56 +00:00
c5a7f52681
fix(deps): update all non-major dependencies
2025-11-03 16:39:17 +09:00
8b6bd0cb40
fix(deps): update all non-major dependencies
2025-10-30 09:57:02 +00:00
092cd08973
chore(deps): update github/codeql-action action to v4
2025-10-20 02:39:31 +00:00
1f9f243a75
fix(deps): update all non-major dependencies
2025-10-13 08:58:25 +00:00
372c8d7f00
fix(deps): update all non-major dependencies
2025-10-08 07:53:07 +00:00
cd185a1ea3
chore(ci): replace ratchet with pinact for GitHub Actions SHA pinning
...
This replaces the ratchet tool with pinact for managing GitHub Actions SHA pinning across all workflow files. The changes include:
- Remove ratchet-update.yml and ratchet-verify.yml workflows
- Add new pinact.yml workflow for automated SHA pinning
- Update all workflow files to use pinact-style comments (# v1.2.3 instead of # ratchet:action@v1)
- Add .pinact.yaml configuration file with ignore rules for Homebrew actions and local actions
- Update package.json scripts to use pinact commands instead of ratchet
Pinact provides more reliable SHA pinning with better GitHub Actions integration.
2025-09-23 23:18:06 +09:00
cd128fc45c
chore(deps): update actions/checkout action to v5
2025-09-22 01:02:08 +00:00
8cfc400a9f
chore(ci): Update GitHub Actions SHAs to latest versions
...
- Update all workflow files with latest action SHAs using ratchet
- Ensure security through SHA pinning while using current versions
- Automated update as part of ratchet workflow implementation
2025-08-20 23:55:39 +09:00
2b04948a6d
Merge pull request #786 from yamadashy/dependabot/github_actions/github/codeql-action-3.29.10
2025-08-19 09:56:46 +09:00
17f78d2c87
chore(deps): bump github/codeql-action from 3.29.8 to 3.29.10
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.8 to 3.29.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/76621b61decf072c1cee8dd1ce2d2a82d33c17ed...96f518a34f7a870018057716cc4d7a5c014bd61c )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 3.29.10
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-08-18 19:09:51 +00:00
7c77a4953e
chore(deps): update actions/checkout digest to 08eba0b
2025-08-18 01:51:47 +00:00
a9483abe24
chore(deps): bump actions/checkout from 4.2.2 to 5.0.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.2.2 to 5.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/11bd71901bbe5b1630ceea73d27597364c9af683...08c6903cd8c0fde910a37f88322edcfb5dd907a8 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 5.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-08-12 01:04:26 +00:00
dd0941d2b5
chore(deps): bump github/codeql-action from 3.29.3 to 3.29.8
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.3 to 3.29.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/d6bbdef45e766d081b84a2def353b0055f728d3e...76621b61decf072c1cee8dd1ce2d2a82d33c17ed )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 3.29.8
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-08-11 18:24:27 +00:00
86fa1f9b86
chore(deps): bump github/codeql-action from 3.29.2 to 3.29.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.2 to 3.29.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/181d5eefc20863364f96762470ba6f862bdef56b...d6bbdef45e766d081b84a2def353b0055f728d3e )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 3.29.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-07-21 15:45:16 +00:00
80417443a5
chore(deps): bump github/codeql-action from 3.29.1 to 3.29.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.1 to 3.29.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/39edc492dbe16b1465b0cafca41432d857bdb31a...181d5eefc20863364f96762470ba6f862bdef56b )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 3.29.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-07-02 12:52:38 +09:00
2e93a0ddfb
chore(deps): bump github/codeql-action from 3.29.0 to 3.29.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.0 to 3.29.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/ce28f5bb42b7a9f2c824e633a3f6ee835bab6858...39edc492dbe16b1465b0cafca41432d857bdb31a )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 3.29.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-06-27 13:48:24 +00:00
9df336b999
Fix: pin all GitHub Actions to immutable SHAs via ratchet
2025-06-15 14:20:37 +09:00
ea6f6e3075
chore(ci): Create codeql.yml
2024-09-22 23:08:32 +09:00
renovate[bot]
yamadashy
dependabot[bot]
Krish Ray