Mirrors/super-productivity
1
0
Fork 0
mirror of https://github.com/johannesjo/super-productivity.git synced 2026-01-23 10:45:57 +00:00
Code Issues Projects Releases Wiki Activity
18271 commits 48 branches 590 tags 336 MiB
Commit graph

16 commits

Author SHA1 Message Date
Corey Newton
ababd99b57
docs(ci): Exclude docs/wiki/** from some actions 
There is no reason to run certain checks on simple documentation
updates. These Actions showed up during the initial v0.1 PR and added
noise to the PR process.
 2026-01-21 20:04:16 -08:00
dependabot[bot]
58be8c5b07
chore(deps)(deps): bump github/codeql-action from 3.31.10 to 4.31.10 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.31.10 to 4.31.10.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](4bdb89f480...cdefb33c0f)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.10
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-21 13:45:05 +00:00
Johannes Millan
9b2afbe109 security: pin all GitHub Actions to commit SHAs (CVE-2025-30066 mitigation) 
Pin all GitHub Actions to immutable commit SHAs to prevent supply chain attacks.
This protects against tag-poisoning attacks like the March 2025 tj-actions compromise
that affected 23,000+ repositories.

Changes:
- Pin 55 action references across 19 workflow files to commit SHAs
- Add version comments (e.g., "# v6") for readability
- Manually resolved: gradle/actions, github/codeql-action, actions/setup-node

All actions now use immutable references following GitHub security best practices:
https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions

Future updates should be managed via Dependabot to automate SHA updates.
 2026-01-21 14:30:24 +01:00
Johannes Millan
7870c9238e build(ci): update CodeQL analysis permissions for security events 2026-01-06 13:19:21 +01:00
dependabot[bot]
63a6856148
chore(deps): bump actions/checkout from 5 to 6 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-01 14:25:22 +00:00
dependabot[bot]
986154c4ad
build(deps): bump actions/checkout from 3 to 5 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-01 23:36:57 +00:00
Johannes Millan
0335c0e3e8 build: allow for release branches 2024-11-29 19:10:46 +01:00
dependabot[bot]
a6fc5d47d6 build(deps): bump github/codeql-action from 2 to 3 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-02 17:22:43 +01:00
Johannes Millan
b2f2348c44 build: upgrade checkout action 2023-12-29 12:57:34 +01:00
Johannes Millan
acc56ff923 build: fix attempt for npm install 2 2022-08-19 13:26:38 +02:00
Johannes Millan
ab4706b77e build: downgrade to actions/checkout@v2 2022-08-19 13:22:29 +02:00
Johannes Millan
d498174f73 build: fix github install not working anymore 2022-08-19 13:19:18 +02:00
dependabot[bot]
18bbba2130 build(deps): bump actions/checkout from 1 to 3 
Bumps [actions/checkout](https://github.com/actions/checkout) from 1 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v1...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-03 16:19:28 +02:00
dependabot[bot]
063d93cf93 build(deps): bump github/codeql-action from 1 to 2 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-05-03 00:13:21 +02:00
Johannes Millan
4ffc073fbe build: update all build scripts to use npm 2021-07-21 18:21:54 +02:00
Johannes Millan
d106701924
built: add code analysis 2020-10-01 10:52:45 +02:00