diff --git a/.github/license-reminder.md b/.github/license-reminder.md deleted file mode 100644 index 6fb1c3a..0000000 --- a/.github/license-reminder.md +++ /dev/null @@ -1,3 +0,0 @@ -It's a new year! 🎉 🎆 -Please update the LICENSE file to include the current year (e.g., 2025). -This helps keep the copyright notice accurate. diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md deleted file mode 100644 index 43a3703..0000000 --- a/.github/pull_request_template.md +++ /dev/null @@ -1,58 +0,0 @@ - - -## Pull request type - - - -Please check the type of change your PR introduces: - -- [ ] New blog post -- [ ] Bugfix -- [ ] Jekyll change(s) -- [ ] Liquid change(s) -- [ ] Markdown change(s) -- [ ] YAML change(s) -- [ ] Build error(s) -- [ ] Feature -- [ ] Code style update (formatting, renaming) -- [ ] Refactoring (no functional changes, no api changes) -- [ ] Build related changes -- [ ] Documentation content changes -- [ ] Other (please describe): - -## Language - -- [ ] awk -- [ ] C/C++/C# -- [ ] Ruby -- [ ] Python - -## Files added - -- - -## Files modified - -- - -## Files deleted - -- - -## What is the current behavior? - - - -Issue Number: N/A - -## What is the new behavior? - - - -- -- -- - -## Other information - - \ No newline at end of file diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..e6724ab --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,35 @@ +name: ci.yml – Continuous Integration +on: + push: + branches: + - main + pull_request: + branches: + - main +permissions: + contents: read + +jobs: + build: + name: "Test with Jekyll ${{ matrix.jekyll }}" + runs-on: "ubuntu-latest" + strategy: + matrix: + jekyll: ["~> 4.3.4", "~>4.4.1"] + env: + JEKYLL_VERSION: ${{ matrix.jekyll }} + steps: + - name: Harden Runner + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + with: + egress-policy: audit + + - name: Checkout Repository + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - name: Set Up Ruby 3.4.7 + uses: ruby/setup-ruby@4c24fa5ec04b2e79eb40571b1cee2a0d2b705771 # v1.278.0 + with: + ruby-version: 3.4.7 + bundler-cache: true + # - name: Run tests + # run: script/cibuild \ No newline at end of file diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a96bd99..68c6091 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,16 +41,16 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - name: Checkout repository - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 + uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -60,7 +60,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 + uses: github/codeql-action/autobuild@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -73,6 +73,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5 + uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: - category: "/language:${{matrix.language}}" + category: "/language:${{matrix.language}}" \ No newline at end of file diff --git a/.github/workflows/dependabot.txt b/.github/workflows/dependabot.txt new file mode 100644 index 0000000..28985a9 --- /dev/null +++ b/.github/workflows/dependabot.txt @@ -0,0 +1,35 @@ +# Basic `dependabot.yml` file with +# minimum configuration for two package managers + +version: 2 +updates: +permissions: + contents: write + # Enable version updates for npm + - package-ecosystem: "npm" + # Look for `package.json` and `lock` files in the `root` directory + directory: "/" + # Check the npm registry for updates every day (weekdays) + schedule: + interval: "daily" + commit-message: + prefix: "[info](sec) npm:" + + # Enable version updates for Ruby + - package-ecosystem: "bundler" + # Look for `Ruby Gems` in the following directories + directories: + - "/" + # - "_plugins" + # Check for updates once a week + schedule: + interval: "daily" + commit-message: + prefix: "[info](sec) bundler:" + + - package-ecosystem: github-actions + directory: / + schedule: + interval: daily +commit-message: + prefix: "[info](sec) gh-actions:" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 23b42d8..bafd3cb 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -2,26 +2,43 @@ # # This Action will scan dependency manifest files that change as part of a Pull Request, # surfacing known-vulnerable versions of the packages declared or updated in the PR. -# Once installed, if the workflow run is marked as required, -# PRs introducing known-vulnerable packages will be blocked from merging. +# Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable +# packages will be blocked from merging. # # Source repository: https://github.com/actions/dependency-review-action -name: 'dependency – Dependency Review' -on: [pull_request] +# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement +name: 'Dependency review' +on: + pull_request: + branches: [ "main", "main*" ] +# If using a dependency submission action in this workflow this permission will need to be set to: +# +# permissions: +# contents: write +# +# https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api permissions: contents: read + # Write permissions for pull-requests are required for using the `comment-summary-in-pr` option, comment out if you aren't using this option + pull-requests: write jobs: dependency-review: runs-on: ubuntu-latest steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - - name: 'Checkout Repository' - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: 'Checkout repository' + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: 'Dependency Review' - uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 + uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2 + # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options. + with: + comment-summary-in-pr: always + # fail-on-severity: moderate + # deny-licenses: GPL-1.0-or-later, LGPL-2.0-or-later + # retry-on-snapshot-warnings: true \ No newline at end of file diff --git a/.github/workflows/issueQuarterlyRelease.yml b/.github/workflows/issueQuarterlyRelease.yml index d38575e..3a7fbe3 100644 --- a/.github/workflows/issueQuarterlyRelease.yml +++ b/.github/workflows/issueQuarterlyRelease.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit @@ -44,4 +44,4 @@ jobs: - [ ] Create Quarterly Release. PINNED: false - CLOSE_PREVIOUS: false + CLOSE_PREVIOUS: false \ No newline at end of file diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml index d333234..95ab7f7 100644 --- a/.github/workflows/jekyll.yml +++ b/.github/workflows/jekyll.yml @@ -29,17 +29,17 @@ concurrency: jobs: # Build job build: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup Ruby - uses: ruby/setup-ruby@ab177d40ee5483edb974554986f56b33477e21d0 # v1.265.0 + uses: ruby/setup-ruby@4c24fa5ec04b2e79eb40571b1cee2a0d2b705771 # v1.278.0 with: ruby-version: '3.4.7' # Not needed with a .ruby-version file bundler-cache: true # runs 'bundle install' and caches installed gems automatically @@ -67,10 +67,10 @@ jobs: needs: build steps: - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - name: Deploy to GitHub Pages id: deployment - uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5 \ No newline at end of file diff --git a/.github/workflows/newYearUpdateCopyright.yml b/.github/workflows/newYearUpdateCopyright.yml index 06bc0e2..cf4bc6e 100644 --- a/.github/workflows/newYearUpdateCopyright.yml +++ b/.github/workflows/newYearUpdateCopyright.yml @@ -1,29 +1,40 @@ -name: newYearUpdateCopyright.yml – New Year LICENSE Reminder - +name: Create Issue to Update Year In Relevant Files +# developer: @RalphHightower on: schedule: - - cron: '0 5 1 1 *' # Midnight EST on Jan 1 America/New_York + - cron: "0 5 1 1 *" # America/New_York (UTC-5:00) #workflow_dispatch: -permissions: read-all - +permissions: + contents: read + jobs: - create-issue: + create_issue: + name: Create issue to update copyright year runs-on: ubuntu-latest permissions: issues: write steps: - - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 - with: - egress-policy: audit + - name: Happy New Year! + run: | + new_issue_url=$(gh issue create \ + --title "$TITLE" \ + --assignee "$ASSIGNEES" \ + --label "$LABELS" \ + --body "$BODY") + if [[ $PINNED == true ]]; then + gh issue pin "$new_issue_url" + fi + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_REPO: ${{ github.repository }} + TITLE: Happy New Year! 🎆 – 🍾 Update License Year + ASSIGNEES: RalphHightower + LABELS: "maintenance" + BODY: | + # New Year's Maintenance + + - [ ] Update LICENSE. Add new year to year's span. - - name: Create LICENSE update issue - uses: peter-evans/create-issue-from-file@fca9117c27cdc29c6c4db3b86c48e4115a786710 # v6.0.0 - with: - title: "Update LICENSE for the new year" - content-filepath: .github/license-reminder.md - assignees: RalphHightower - labels: | - maintenance - license \ No newline at end of file + PINNED: false + CLOSE_PREVIOUS: false \ No newline at end of file diff --git a/.github/workflows/permission_advisor.yml b/.github/workflows/permission_advisor.yml index 4ecec6d..d1a47f0 100644 --- a/.github/workflows/permission_advisor.yml +++ b/.github/workflows/permission_advisor.yml @@ -21,12 +21,12 @@ jobs: advisor: runs-on: ubuntu-latest steps: - - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + - name: Harden Runner + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - uses: GitHubSecurityLab/actions-permissions/advisor@babd69bc8d78e6cdece903dfdcfb72d4e1a4f00d # v1.0.2-beta5 with: name: ${{ inputs.name }} - count: ${{ inputs.count }} + count: ${{ inputs.count }} \ No newline at end of file diff --git a/.github/workflows/readme-checker.yml b/.github/workflows/readme-checker.yml index a83a33e..f0fc8d0 100644 --- a/.github/workflows/readme-checker.yml +++ b/.github/workflows/readme-checker.yml @@ -8,17 +8,18 @@ jobs: lint: runs-on: ubuntu-latest steps: - - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + - name: Harden Runner + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Checking markdown - uses: DavidAnson/markdownlint-cli2-action@05f32210e84442804257b2a6f20b273450ec8265 # v19.1.0 + uses: DavidAnson/markdownlint-cli2-action@07035fd053f7be764496c0f8d8f9f41f98305101 # v22.0.0 with: globs: | *.md **/*.md !test/*.md + !_data/*.md \ No newline at end of file diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 9dc24b4..1467229 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -6,29 +6,37 @@ on: permissions: actions: none + attestations: none checks: none contents: none deployments: none + id-token: none issues: none + discussions: none packages: none + pages: none pull-requests: none repository-projects: none security-events: none statuses: none - -name: release-please jobs: release-please: runs-on: ubuntu-latest steps: - - uses: googleapis/release-please-action@4.1.3 + - name: Harden Runner + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + with: + egress-policy: audit + + - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4.4.0 with: contents: write + pull-requests: write # this assumes that you have created a personal access token # (PAT) and configured it as a GitHub action secret named # `MY_RELEASE_PLEASE_TOKEN` (this secret name is not important). token: ${{ secrets.GITHUB_TOKEN }} # this is a built-in strategy in release-please, see "Action Inputs" # for more options - release-type: simple + release-type: simple \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index eea27d8..4480df3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,15 +16,15 @@ jobs: pull-requests: write # to be able to comment on released pull requests id-token: write # to enable use of OIDC for npm provenance name: release - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + - name: Harden Runner + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: cache: npm node-version: lts/* @@ -32,7 +32,7 @@ jobs: - run: corepack npm audit signatures # pinned version updated automatically by Renovate. # details at https://semantic-release.gitbook.io/semantic-release/usage/installation#global-installation - - run: npx semantic-release@v24.2.0 + - run: npx semantic-release@v24.2.3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - NPM_TOKEN: ${{ secrets.SEMANTIC_RELEASE_BOT_NPM_TOKEN }} + NPM_TOKEN: ${{ secrets.NPM_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d13b035..9b9037d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -1,41 +1,78 @@ -name: scorecard.yml — OpenSSF Scorecard -"on": +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: scorecard.yml – Scorecard supply-chain security +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained schedule: - - cron: 31 2 * * 1 + - cron: '18 23 * * 6' push: - branches: - - main + branches: [ "main" ] + +# Declare default permissions as read only. permissions: read-all + jobs: analysis: name: Scorecard analysis runs-on: ubuntu-latest permissions: + # Needed to upload the results to code-scanning dashboard. security-events: write + # Needed to publish results and get a badge (see publish_results below). id-token: write + # Uncomment the permissions below if installing in a private repository. + # contents: read + # actions: read + steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit - - name: Checkout code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: "Checkout code" + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: persist-credentials: false - - name: Run analysis - uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 + + - name: "Run analysis" + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 with: results_file: results.sarif results_format: sarif + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # - you are installing Scorecard on a *private* repository + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional. + repo_token: ${{ secrets.SCORECARD_TOKEN }} + + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. publish_results: true - - name: Upload artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: SARIF file path: results.sarif retention-days: 5 - - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e # v2.20.0 + + # Upload the results to GitHub's code scanning dashboard (optional). + # Commenting out will disable upload of results to your repo's Code Scanning dashboard + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.29.5 with: sarif_file: results.sarif \ No newline at end of file diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml index bb5c52e..d739293 100644 --- a/.github/workflows/semantic-release.yml +++ b/.github/workflows/semantic-release.yml @@ -16,7 +16,7 @@ # under the License. -name: systematic-release.yml – Pull Request +name: Semantic Pull Request on: pull_request: @@ -40,8 +40,12 @@ jobs: main: runs-on: ubuntu-latest steps: - name: semantic release - uses: amannn/action-semantic-pull-request@v5.5.3 + - name: Harden Runner + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 + with: + egress-policy: audit + + - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -121,4 +125,4 @@ jobs: # # [fix][test] flaky test V1_ProxyAuthenticationTest.anonymousSocketTest headerPattern: '^\[(\w*?)\](?:\[(.*?)\])?(?:\s*)(.*)$' - headerPatternCorrespondence: type, scope, subject + headerPatternCorrespondence: type, scope, subject \ No newline at end of file diff --git a/.github/workflows/stale-branches.yml b/.github/workflows/stale-branches.yml index bb0b437..5a83561 100644 --- a/.github/workflows/stale-branches.yml +++ b/.github/workflows/stale-branches.yml @@ -16,7 +16,7 @@ jobs: issues: write steps: - name: Harden the runner (Audit all outbound calls) - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 + uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0 with: egress-policy: audit @@ -37,4 +37,4 @@ jobs: # include-protected-branches: false # include-ruleset-branches: false # ignore-commit-messages: '' - # ignore-committers: '' + # ignore-committers: '' \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index cb65bea..eb03cbe 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -33,16 +33,16 @@ jobs: timeout-minutes: 5 steps: - - name: Harden the runner (Audit all outbound calls) + - name: Harden Runner uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - run: git config --global user.name github-actions - run: git config --global user.email github-actions@github.com - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 with: node-version: ${{ matrix.node-version }} cache: npm @@ -56,17 +56,17 @@ jobs: timeout-minutes: 5 steps: - - name: Harden the runner (Audit all outbound calls) + - name: Harden Runner uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit - name: Test - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - run: git config --global user.name github-actions - run: git config --global user.email github-actions@github.com - name: Use Node.js from .nvmrc - uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 + uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 with: node-version-file: .nvmrc cache: npm @@ -83,7 +83,7 @@ jobs: - test_matrix if: ${{ !cancelled() }} steps: - - name: Harden the runner (Audit all outbound calls) + - name: Harden Runner uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 with: egress-policy: audit diff --git a/.github/workflows/updateLabels.yml b/.github/workflows/updateLabels.yml new file mode 100644 index 0000000..5b95bf3 --- /dev/null +++ b/.github/workflows/updateLabels.yml @@ -0,0 +1,9 @@ +name: updateLabels.yml – Write labels to a file when there is a change in [a] label(s) + +permissions: + contents: read + +on: + label: + types: [created, edited, deleted] + workflow_dispatch: \ No newline at end of file diff --git a/.github/workflows/workflows.md b/.github/workflows/workflows.md index 569dc69..735fbff 100644 --- a/.github/workflows/workflows.md +++ b/.github/workflows/workflows.md @@ -3,28 +3,27 @@ layout: page title: GitHub Workflows --- -## Revision Date: 2025-01-11 1:05 AM +## Revision Date: 2025-03-06 10:39 AM | action | date | github | |---|---|---| -| DavidAnson/markdownlint-cli2-action@v19.1.0 | Jan 19, 2025 | [DavidAnson/markdownlint-cli2-action: A GitHub Action to run the markdownlint-cli2 tool for linting Markdown/CommonMark files with the markdownlint library](https://github.com/DavidAnson/markdownlint-cli2-action) | -| GitHubSecurityLab/actions-permissions/advisor@v1.0.2-beta5 | Dec 19, 2024 | [GitHubSecurityLab/actions-permissions: GitHub token permissions Monitor and Advisor actions](https://github.com/GitHubSecurityLab/actions-permissions) | -| actions/checkout@v4.2.2 | Oct 23, 2024 | [actions/checkout: Action for checking out a repo](https://github.com/actions/checkout) | +| DavidAnson/markdownlint-cli2-action@v20.0.0 | May 15, 2025 | [DavidAnson/markdownlint-cli2-action: A GitHub Action to run the markdownlint-cli2 tool for linting Markdown/CommonMark files with the markdownlint library](https://github.com/DavidAnson/markdownlint-cli2-action) | +| GitHubSecurityLab/actions-permissions/advisor@v1.0.2-beta7 | Sep 24, 2025 | [GitHubSecurityLab/actions-permissions: GitHub token permissions Monitor and Advisor actions](https://github.com/GitHubSecurityLab/actions-permissions) | +| actions/checkout@v5.0.0 | Aug 11, 2025 | [actions/checkout: Action for checking out a repo](https://github.com/actions/checkout) | | actions/configure-pages@v5.0.0 | Mar 29, 2024 | [actions/configure-pages: An action to enable Pages and extract various metadata about a site. It can also be used to configure various static site generators we support as starter workflows.](https://github.com/actions/configure-pages) | -| actions/dependency-review-action@v4.5.0 | Nov 20, 2024 | [actions/dependency-review-action: A GitHub Action for detecting vulnerable dependencies and invalid licenses in your PRs](https://github.com/actions/dependency-review-action) | +| actions/dependency-review-action@v4.8.0 | Sep 26, 2025 | [actions/dependency-review-action: A GitHub Action for detecting vulnerable dependencies and invalid licenses in your PRs](https://github.com/actions/dependency-review-action) | | actions/deploy-pages@4.0.5 | Mar 18, 2024 | [actions/deploy-pages: GitHub Action to publish artifacts to GitHub Pages for deployments](https://github.com/actions/deploy-pages) | | actions/jekyll-build-pages@v1.0.13 | Aug 6, 2024 | [actions/jekyll-build-pages: A simple GitHub Action for producing Jekyll build artifacts compatible with GitHub Pages.](https://github.com/actions/jekyll-build-pages) | -| actions/setup-node@v4.1.0 | Oct 24, 2024 | [actions/setup-node: Set up your GitHub Actions workflow with a specific version of node.js](https://github.com/actions/setup-node) | -| actions/upload-artifact@v4.6.0 | Jan 9, 2025 | [actions/upload-artifact](https://github.com/actions/upload-artifact) | -| actions/upload-pages-artifact@v3.0.1 | Feb 7, 2024 | [actions/upload-pages-artifact: A composite action for packaging and uploading an artifact that can be deployed to GitHub Pages.](https://github.com/actions/upload-pages-artifact) | -| amannn/action-semantic-pull-request@v5.5.3 | Jun 28, 2024 | [amannn/action-semantic-pull-request: A GitHub Action that ensures that your PR title matches the Conventional Commits spec](https://github.com/amannn/action-semantic-pull-request) | -| github/codeql-action/analyze@v2.20.1 | Dec 12, 2024 | [github/codeql-action: Actions for running CodeQL analysis](https://github.com/github/codeql-action) | -| github/codeql-action/autobuild@v2.20.1 | Dec 12, 2024 | [github/codeql-action: Actions for running CodeQL analysis](https://github.com/github/codeql-action) | -| github/codeql-action/init@v2.20.01 | Dec 12, 2024 | [github/codeql-action: Actions for running CodeQL analysis](https://github.com/github/codeql-action) | -| github/codeql-action/upload-sarif@v2.20.1 | Dec 12, 2024 | [github/codeql-action: Actions for running CodeQL analysis](https://github.com/github/codeql-action) | -| googleapis/release-please-action@4.1.3 | Jun 10, 2024 | [googleapis/release-please-action: automated releases based on conventional commits](https://github.com/googleapis/release-please-action) -| googleapis/release-please@v16.15.0 | Nov 13, 2024 | [googleapis/release-please: generate release PRs based on the conventionalcommits.org spec](https://github.com/googleapis/release-please) | +| actions/setup-node@v5.0.0 | Sep 3, 2025 | [actions/setup-node: Set up your GitHub Actions workflow with a specific version of node.js](https://github.com/actions/setup-node) | +| actions/upload-artifact@v4.6.2 | Mar 19, 2025 | [actions/upload-artifact](https://github.com/actions/upload-artifact) | +| actions/upload-pages-artifact@v4.0.0 | Aug 14, 2025 | [actions/upload-pages-artifact: A composite action for packaging and uploading an artifact that can be deployed to GitHub Pages.](https://github.com/actions/upload-pages-artifact) | +| amannn/action-semantic-pull-request@v6.1.1 | Aug 22, 2025 | [amannn/action-semantic-pull-request: A GitHub Action that ensures that your PR title matches the Conventional Commits spec](https://github.com/amannn/action-semantic-pull-request) | +| github/codeql-action/analyze@v3.28.11 | Mar 7, 2025 | [github/codeql-action: Actions for running CodeQL analysis](https://github.com/github/codeql-action) | +| github/codeql-action/autobuild@v3.28.11 | Mar 7, 2025 | [github/codeql-action: Actions for running CodeQL analysis](https://github.com/github/codeql-action) | +| github/codeql-action/init@v3.28.11 | Mar 7, 2025 | [github/codeql-action: Actions for running CodeQL analysis](https://github.com/github/codeql-action) | +| github/codeql-action/upload-sarif@v3.28.11 | Mar 7, 2025 | [github/codeql-action: Actions for running CodeQL analysis](https://github.com/github/codeql-action) | +| googleapis/release-please-action@v4.3.0 | **Aug 30, 2025** | [googleapis/release-please-action: automated releases based on conventional commits](https://github.com/googleapis/release-please-action) | lowlighter/metrics@3.34 | Sep 12, 2023 | [lowlighter/metrics: 📊 An infographics generator with 30+ plugins and 300+ options to display stats about your GitHub account and render them as SVG, Markdown, PDF or JSON!](https://github.com/lowlighter/metrics) | -| ossf/scorecard-action@v2.4.0 | Jul 26, 2024 | [ossf/scorecard-action: Official GitHub Action for OpenSSF Scorecard.](https://github.com/ossf/scorecard-action) | -| ruby/setup-ruby@v1.213.0 | Jan 18, 2025 | [ruby/setup-ruby: An action to download a prebuilt Ruby and add it to the PATH in 5 seconds](https://github.com/ruby/setup-ruby) | -| step-security/harden-runner@v2.10.3 | Jan 9, 2025 | [step-security/harden-runner: Network egress filtering and runtime security for GitHub-hosted and self-hosted runners](https://github.com/step-security/harden-runner) | +| ossf/scorecard-action@v2.4.2 | May 30, 2025 | [ossf/scorecard-action: Official GitHub Action for OpenSSF Scorecard.](https://github.com/ossf/scorecard-action) | +| ruby/setup-ruby@v1.263.0 | Sep 22, 2025 | [ruby/setup-ruby: An action to download a prebuilt Ruby and add it to the PATH in 5 seconds](https://github.com/ruby/setup-ruby) | +| step-security/harden-runner@v2.13.1 | Sep 9, 2025 | [step-security/harden-runner: Network egress filtering and runtime security for GitHub-hosted and self-hosted runners](https://github.com/step-security/harden-runner) |