Commit graph

164 commits

Author SHA1 Message Date
dependabot[bot]
13350e71a1
chore(deps): bump actions/checkout from 6 to 7
Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-19 11:52:19 +00:00
El RIDO
630886e2c2
harden gihub actions
- restrict all default permissions
- content: read is not necessary for public repos
- security-events: write is needed for CodeQL uploads of SARIF reports
- persist-credentials: false prevents any github token to remain configured in the checked out repo (not necessary when not intending to push from the action)
2026-05-25 08:03:43 +02:00
El RIDO
e24614169d
Merge branch 'master' into zlib-1.3.2 2026-04-29 07:09:23 +02:00
dependabot[bot]
c8e4484de1
chore(deps): bump dawidd6/action-download-artifact from 20 to 21
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 20 to 21.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](8305c0f106...b6e2e70617)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-version: '21'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-28 11:52:55 +00:00
El RIDO
20bb19e5b4
Merge branch 'master' into zlib-1.3.2 2026-04-13 20:22:46 +02:00
El RIDO
68548c9c73
remove unused dependency, snyk should work as a static code scanner 2026-04-03 18:53:21 +02:00
dependabot[bot]
e00ae3fb44
chore(deps): bump dawidd6/action-download-artifact from 19 to 20
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 19 to 20.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](8a338493df...8305c0f106)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-version: '20'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-03 11:52:33 +00:00
dependabot[bot]
f5543d4317
chore(deps): bump dawidd6/action-download-artifact from 18 to 19
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 18 to 19.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](1f8785ff7a...8a338493df)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-version: '19'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-18 11:52:44 +00:00
dependabot[bot]
907c4d75f6
chore(deps): bump dawidd6/action-download-artifact from 17 to 18
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 17 to 18.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](09b07ec687...1f8785ff7a)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-version: '18'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-16 11:56:20 +00:00
dependabot[bot]
69ac3ad079
chore(deps): bump dawidd6/action-download-artifact from 16 to 17
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 16 to 17.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](2536c51d3d...09b07ec687)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-version: '17'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-12 11:52:43 +00:00
dependabot[bot]
380fe5b2c3
chore(deps): bump actions/upload-artifact from 6 to 7
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-02-27 11:52:45 +00:00
dependabot[bot]
e680917be9
chore(deps): bump dawidd6/action-download-artifact from 15 to 16
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 15 to 16.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](fe9d59ce33...2536c51d3d)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-version: '16'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-02-26 11:52:41 +00:00
dependabot[bot]
26e7e5eed9
Bump dawidd6/action-download-artifact from 14 to 15
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 14 to 15.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](5c98f0b039...fe9d59ce33)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-version: '15'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-02-18 11:52:39 +00:00
dependabot[bot]
6ef3993fed
Bump dawidd6/action-download-artifact from 12 to 14
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 12 to 14.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](0bd50d53a6...5c98f0b039)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-version: '14'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-02-02 13:08:51 +00:00
dependabot[bot]
db422cfe6a
Bump dawidd6/action-download-artifact from 11 to 12
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 11 to 12.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](ac66b43f0e...0bd50d53a6)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-version: '12'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-12-25 11:03:31 +00:00
dependabot[bot]
10b4a6ba4b
Bump actions/upload-artifact from 5 to 6
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-12-15 11:04:11 +00:00
dependabot[bot]
3f5858616d
Bump actions/cache from 4 to 5
Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-12-12 11:04:20 +00:00
El RIDO
c6343be01b
enable PHP 8.5 for testing 2025-12-02 06:44:53 +01:00
dependabot[bot]
3be3aeb080
Bump actions/checkout from 5 to 6
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-11-21 11:04:46 +00:00
dependabot[bot]
8526816468
Bump actions/upload-artifact from 4 to 5
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-10-27 12:00:40 +00:00
dependabot[bot]
3b45d8fa79
Bump actions/setup-node from 5 to 6
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-10-14 11:05:10 +00:00
El RIDO
8d98b9f1e1
unify workflow code styles 2025-10-10 15:08:35 +02:00
El RIDO
51eff47614
apply explicit permissions as per CodeQL suggestion
as per rule ID actions/missing-workflow-permissions
2025-10-10 15:07:44 +02:00
dependabot[bot]
317a0a09af
Bump actions/checkout from 4 to 5
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-10-09 11:36:44 +00:00
dependabot[bot]
ebc2365171
Bump actions/setup-node from 4 to 5
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 5.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-10-09 11:05:11 +00:00
El RIDO
ac1b16e803
Potential fix for code scanning alert no. 59: Workflow does not contain permissions
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2025-10-08 19:09:49 +02:00
rugk
851befb39d
Merge branch 'master' into eslint 2025-10-08 18:31:10 +02:00
El RIDO
a8901e6d6e
disable sarif generation, so we at least get a result 2025-10-08 13:58:40 +02:00
El RIDO
2eb26aced4
disable upload of results due to github code scanning API change 2025-10-08 09:23:49 +02:00
El RIDO
081a469a11
remove folders causing errors in report 2025-10-08 09:14:35 +02:00
El RIDO
d638b2dac4
correct version selector 2025-10-08 08:56:44 +02:00
El RIDO
ee531a0b81
update codeql actions to release 4 (node 24) and enable github action scanning 2025-10-08 08:45:06 +02:00
El RIDO
020818d3fc
move codacy action to workflows to get it to execute
we seem to have never noticed that it didn't ever run after adding it
2025-10-08 08:43:52 +02:00
rugk
3b7347d589 chore: also run when dependencies are updated 2025-10-06 17:06:16 +00:00
rugk
38bc1a2590 chore: obviously also run if workflow file is adusted 2025-10-06 17:04:51 +00:00
rugk
6b5908b202 chore: run EsLint on PRs 2025-10-06 17:01:48 +00:00
El RIDO
e775647206
attempting to make the condition list more readable 2025-09-13 07:56:54 +02:00
El RIDO
5cca4be89a
enable running tests on pull requests 2025-09-13 07:21:10 +02:00
El RIDO
86b1a4e9ac
disable running snyk if triggering user doesn't have access to the secret 2025-09-13 07:20:25 +02:00
dependabot[bot]
ba5dfb2a08
Bump actions/setup-node from 4 to 5
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 5.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-09-04 13:21:14 +00:00
dependabot[bot]
09bab8744f
Bump actions/checkout from 4 to 5
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-08-12 17:11:00 +00:00
El RIDO
09ba23ae22
adding a test stage for the configuration combinations 2025-07-26 08:40:48 +02:00
El RIDO
13869e46be
updating jdenticon library to 2.0.0, minimum PHP version 7.4 2025-07-14 22:01:11 +02:00
dependabot[bot]
d544d1281d
Bump dawidd6/action-download-artifact from 10 to 11
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 10 to 11.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](4c1e823582...ac66b43f0e)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-version: '11'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-06-16 12:22:51 +00:00
dependabot[bot]
3a1eb8d534
Bump dawidd6/action-download-artifact from 9 to 10
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 9 to 10.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](07ab29fd4a...4c1e823582)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-version: '10'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-06-02 12:46:39 +00:00
El RIDO
37871eac69
node 20 seems to fail with the updated jsdom, locally I had tested with 18 - lets downgrade till we can find a solution 2025-04-09 21:11:10 +02:00
dependabot[bot]
d89bc1b97b
Bump dawidd6/action-download-artifact from 8 to 9
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 8 to 9.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](20319c5641...07ab29fd4a)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-02-27 11:25:13 +00:00
dependabot[bot]
478b79b7b7
Bump slsa-framework/slsa-github-generator from 2.0.0 to 2.1.0
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v2.0.0...v2.1.0)

---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-02-25 11:57:15 +00:00
dependabot[bot]
6dbd9bd157
Bump dawidd6/action-download-artifact from 7 to 8
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 7 to 8.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](80620a5d27...20319c5641)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2025-01-22 11:07:30 +00:00
El RIDO
8b7ccb0fd4
PHP 8.4 is no longer a development release 2024-12-22 12:14:25 +01:00