From 51a65021e3958a33e7bdb35ae1b03032f553432e Mon Sep 17 00:00:00 2001 From: Yeikel Santana Date: Wed, 16 Jul 2025 09:32:57 -0400 Subject: [PATCH 1/8] Update dependabot.yml --- .github/dependabot.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c11f1d976..0de94a267 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -20,6 +20,20 @@ updates: update-types: - "patch" - "minor" + confluent-minor-patch-dependencies: + patterns: + - "io.confluent:*" + - "org.apache.kafka:*" + # We will handle major upgrades manually + update-types: + - "patch" + - "minor" + confluent-major-dependencies: + patterns: + - "io.confluent:*" + - "org.apache.kafka:*" + update-types: + - "major" other-dependencies: patterns: - "*" From c530f5f516b84eefe53c4e8d2189cb59b4ce0b19 Mon Sep 17 00:00:00 2001 From: Yeikel Santana Date: Wed, 16 Jul 2025 09:34:38 -0400 Subject: [PATCH 2/8] Update dependabot.yml --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 0de94a267..23b1c3bbb 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -33,7 +33,7 @@ updates: - "io.confluent:*" - "org.apache.kafka:*" update-types: - - "major" + - "major" other-dependencies: patterns: - "*" From dd8f44c8145b9ec70a503b94df01b144eee75c84 Mon Sep 17 00:00:00 2001 From: Yeikel Santana Date: Wed, 16 Jul 2025 09:35:03 -0400 Subject: [PATCH 3/8] Update dependabot.yml --- .github/dependabot.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 23b1c3bbb..954474dd4 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -28,12 +28,6 @@ updates: update-types: - "patch" - "minor" - confluent-major-dependencies: - patterns: - - "io.confluent:*" - - "org.apache.kafka:*" - update-types: - - "major" other-dependencies: patterns: - "*" From b3f7c21e01dc78f374bfc2aeb95cd9322daf8fab Mon Sep 17 00:00:00 2001 From: Yeikel Santana Date: Wed, 16 Jul 2025 09:36:49 -0400 Subject: [PATCH 4/8] Update dependabot.yml --- .github/dependabot.yml | 153 +++++++++++++++++++++-------------------- 1 file changed, 79 insertions(+), 74 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 954474dd4..fa0caaf94 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,80 +1,85 @@ version: 2 updates: -- package-ecosystem: gradle - directory: "/" - schedule: - interval: weekly - time: "10:00" - timezone: Europe/London - open-pull-requests-limit: 10 - labels: - - "type/dependencies" - - "scope/backend" - groups: - spring-boot-dependencies: - patterns: - - "org.springframework.boot:*" - - "io.spring.dependency-management" - # We will handle major upgrades manually - update-types: - - "patch" - - "minor" - confluent-minor-patch-dependencies: - patterns: - - "io.confluent:*" - - "org.apache.kafka:*" - # We will handle major upgrades manually - update-types: - - "patch" - - "minor" - other-dependencies: - patterns: - - "*" - update-types: - - "patch" - - "minor" + - package-ecosystem: gradle + directory: "/" + schedule: + interval: weekly + time: "10:00" + timezone: Europe/London + open-pull-requests-limit: 10 + labels: + - "type/dependencies" + - "scope/backend" + groups: + spring-boot-dependencies: + patterns: + - "org.springframework.boot:*" + - "io.spring.dependency-management" + # We will handle major upgrades manually + update-types: + - "patch" + - "minor" + confluent-minor-patch-dependencies: + patterns: + - "io.confluent:*" + - "org.apache.kafka:*" + update-types: + - "patch" + - "minor" + confluent-major-upgrades: + patterns: + - "io.confluent:*" + - "org.apache.kafka:*" + update-types: + - "major" + other-dependencies: + patterns: + - "*" + update-types: + - "patch" + - "minor" -- package-ecosystem: docker - directory: "/api" - schedule: - interval: weekly - time: "10:00" - timezone: Europe/London - open-pull-requests-limit: 10 - ignore: - - dependency-name: "azul/zulu-openjdk-alpine" - update-types: ["version-update:semver-major"] - labels: - - "type/dependencies" - - "scope/backend" + - package-ecosystem: docker + directory: "/api" + schedule: + interval: weekly + time: "10:00" + timezone: Europe/London + open-pull-requests-limit: 10 + ignore: + - dependency-name: "azul/zulu-openjdk-alpine" + update-types: ["version-update:semver-major"] + labels: + - "type/dependencies" + - "scope/backend" -- package-ecosystem: npm - directory: "/frontend" - schedule: - interval: weekly - time: "10:00" - timezone: Europe/London - open-pull-requests-limit: 10 - versioning-strategy: increase-if-necessary - labels: - - "type/dependencies" - - "scope/frontend" - groups: - pnpm-dependencies: - patterns: - - "*" - update-types: - - "patch" - - "minor" + - package-ecosystem: npm + directory: "/frontend" + schedule: + interval: weekly + time: "10:00" + timezone: Europe/London + open-pull-requests-limit: 10 + versioning-strategy: increase-if-necessary + labels: + - "type/dependencies" + - "scope/frontend" + groups: + pnpm-dependencies: + patterns: + - "*" + update-types: + - "patch" + - "minor" -- package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: weekly - time: "10:00" - timezone: Europe/London - open-pull-requests-limit: 10 - labels: - - "type/dependencies" - - "scope/infra" + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: weekly + time: "10:00" + timezone: Europe/London + open-pull-requests-limit: 10 + labels: + - "type/dependencies" + - "scope/infra" From 37fe93760448737bf970955d2b6a27462023a892 Mon Sep 17 00:00:00 2001 From: Yeikel Santana Date: Wed, 16 Jul 2025 19:53:00 -0400 Subject: [PATCH 5/8] Update dependabot.yml --- .github/dependabot.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index fa0caaf94..c66aaccd6 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -27,12 +27,6 @@ updates: update-types: - "patch" - "minor" - confluent-major-upgrades: - patterns: - - "io.confluent:*" - - "org.apache.kafka:*" - update-types: - - "major" other-dependencies: patterns: - "*" From bbd6b051013edf0e30cace5a6eb1e5e3c5f42411 Mon Sep 17 00:00:00 2001 From: Yeikel Santana Date: Mon, 21 Jul 2025 08:42:41 -0400 Subject: [PATCH 6/8] Update dependabot.yml --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c66aaccd6..cbe2f6c83 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -27,6 +27,12 @@ updates: update-types: - "patch" - "minor" + confluent-major-upgrade: + patterns: + - "io.confluent:*" + - "org.apache.kafka:*" + update-types: + - "major" other-dependencies: patterns: - "*" From 184e4da8dd6facf9a3ae6e5b19cc2caf8a30ae0b Mon Sep 17 00:00:00 2001 From: Yeikel Santana Date: Mon, 21 Jul 2025 08:44:25 -0400 Subject: [PATCH 7/8] Update dependabot.yml --- .github/dependabot.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index cbe2f6c83..6c651bfb5 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,6 +1,5 @@ version: 2 updates: - - package-ecosystem: gradle directory: "/" schedule: @@ -27,19 +26,18 @@ updates: update-types: - "patch" - "minor" - confluent-major-upgrade: + confluent-major-upgrade: patterns: - "io.confluent:*" - "org.apache.kafka:*" update-types: - - "major" + - "major" other-dependencies: patterns: - "*" update-types: - "patch" - "minor" - - package-ecosystem: docker directory: "/api" schedule: From 330ab139e082df156c5e79c8055f313daca610ba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Aug 2025 14:24:44 +0000 Subject: [PATCH 8/8] Bump actions/checkout from 4.0.0 to 5.0.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.0.0 to 5.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/1e31de5234b9f8995739874a8ce0492dc87873e2...08c6903cd8c0fde910a37f88322edcfb5dd907a8) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/backend_tests.yml | 2 +- .github/workflows/branch-deploy.yml | 2 +- .github/workflows/branch-remove.yml | 2 +- .github/workflows/build-public-image.yml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/cve_checks.yml | 2 +- .github/workflows/docker_build.yml | 2 +- .github/workflows/e2e-playwright.yml | 2 +- .github/workflows/e2e-run.yml | 4 ++-- .github/workflows/frontend_tests.yml | 2 +- .github/workflows/main.yml | 2 +- .github/workflows/md-links.yml | 2 +- .github/workflows/release-serde-api.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/separate_env_public_create.yml | 2 +- .github/workflows/workflow_linter.yml | 2 +- 16 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/backend_tests.yml b/.github/workflows/backend_tests.yml index 749a3e68c..0e5ea359f 100644 --- a/.github/workflows/backend_tests.yml +++ b/.github/workflows/backend_tests.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # infered from @v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # infered from @v4 with: token: ${{ github.token }} fetch-depth: 0 diff --git a/.github/workflows/branch-deploy.yml b/.github/workflows/branch-deploy.yml index ef2758953..60bd4fdd7 100644 --- a/.github/workflows/branch-deploy.yml +++ b/.github/workflows/branch-deploy.yml @@ -15,7 +15,7 @@ jobs: if: ${{ github.event.label.name == 'status/feature_testing' || github.event.label.name == 'status/feature_testing_public' }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # infered from @v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # infered from @v4 with: ref: ${{ github.event.pull_request.head.sha }} token: ${{ github.token }} diff --git a/.github/workflows/branch-remove.yml b/.github/workflows/branch-remove.yml index 3f5999676..e90c9c81a 100644 --- a/.github/workflows/branch-remove.yml +++ b/.github/workflows/branch-remove.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest if: ${{ (github.event.label.name == 'status/feature_testing' || github.event.label.name == 'status/feature_testing_public') || (github.event.action == 'closed' && (contains(github.event.pull_request.labels.*.name, 'status/feature_testing') || contains(github.event.pull_request.labels.*.name, 'status/feature_testing_public'))) }} steps: - - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # infered from @v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # infered from @v4 with: token: ${{ github.token }} - name: clone diff --git a/.github/workflows/build-public-image.yml b/.github/workflows/build-public-image.yml index ca13bae2b..2a34b1b32 100644 --- a/.github/workflows/build-public-image.yml +++ b/.github/workflows/build-public-image.yml @@ -15,7 +15,7 @@ jobs: if: ${{ github.event.label.name == 'status/image_testing' }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # infered from @v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # infered from @v4 with: ref: ${{ github.event.pull_request.head.sha }} token: ${{ github.token }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 056b34905..a3319abe5 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -38,7 +38,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # infered from @v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # infered from @v4 with: token: ${{ github.token }} diff --git a/.github/workflows/cve_checks.yml b/.github/workflows/cve_checks.yml index 19d4c2532..8882b633b 100644 --- a/.github/workflows/cve_checks.yml +++ b/.github/workflows/cve_checks.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # infered from @v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # infered from @v4 with: token: ${{ github.token }} diff --git a/.github/workflows/docker_build.yml b/.github/workflows/docker_build.yml index 35ecc5390..bbc27296c 100644 --- a/.github/workflows/docker_build.yml +++ b/.github/workflows/docker_build.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # infered from @v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # infered from @v4 with: ref: ${{ github.event.pull_request.head.sha }} token: ${{ github.token }} diff --git a/.github/workflows/e2e-playwright.yml b/.github/workflows/e2e-playwright.yml index d8a98d3c0..7f6cea484 100644 --- a/.github/workflows/e2e-playwright.yml +++ b/.github/workflows/e2e-playwright.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # infered from @v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # infered from @v4 with: token: ${{ github.token }} ref: ${{ inputs.sha }} diff --git a/.github/workflows/e2e-run.yml b/.github/workflows/e2e-run.yml index 954ae62c3..67675859e 100644 --- a/.github/workflows/e2e-run.yml +++ b/.github/workflows/e2e-run.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # infered from @v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # infered from @v4 with: token: ${{ github.token }} ref: ${{ inputs.sha }} @@ -70,7 +70,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # infered from @v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # infered from @v4 with: token: ${{ github.token }} ref: ${{ inputs.sha }} diff --git a/.github/workflows/frontend_tests.yml b/.github/workflows/frontend_tests.yml index 8dbb9c9bc..50b52772d 100644 --- a/.github/workflows/frontend_tests.yml +++ b/.github/workflows/frontend_tests.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # infered from @v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # infered from @v4 with: # Disabling shallow clone is recommended for improving relevancy of reporting fetch-depth: 0 diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 94e6f92f9..98d956b15 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # infered from @v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # infered from @v4 with: ref: ${{ github.event.pull_request.head.sha }} token: ${{ github.token }} diff --git a/.github/workflows/md-links.yml b/.github/workflows/md-links.yml index 5638f91b5..58503ee3e 100644 --- a/.github/workflows/md-links.yml +++ b/.github/workflows/md-links.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # infered from @v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # infered from @v4 with: token: ${{ github.token }} - name: Check URLs in files diff --git a/.github/workflows/release-serde-api.yml b/.github/workflows/release-serde-api.yml index e19a6e38d..fda9cfc1f 100644 --- a/.github/workflows/release-serde-api.yml +++ b/.github/workflows/release-serde-api.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # infered from @v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # infered from @v4 with: fetch-depth: 0 token: ${{ github.token }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d8f700916..6de7f1abd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,7 +15,7 @@ jobs: outputs: version: ${{steps.build.outputs.version}} steps: - - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # infered from @v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # infered from @v4 with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/separate_env_public_create.yml b/.github/workflows/separate_env_public_create.yml index 760449b68..c8d57d822 100644 --- a/.github/workflows/separate_env_public_create.yml +++ b/.github/workflows/separate_env_public_create.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # infered from @v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # infered from @v4 with: ref: ${{ github.event.pull_request.head.sha }} token: ${{ github.token }} diff --git a/.github/workflows/workflow_linter.yml b/.github/workflows/workflow_linter.yml index 9ff82674b..d61295919 100644 --- a/.github/workflows/workflow_linter.yml +++ b/.github/workflows/workflow_linter.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # infered from @v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # infered from @v4 with: fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }}