Matthias Mair
9ab82a187e
fix(ci): dependabot config ( #9514 )
...
* fix(ci): dependabot config
* bump now updatable lingui/cli
2025-04-16 08:04:54 +10:00
Matthias Mair
9bc0d599bc
chore: improve ci security ( #9384 )
...
* pin docker files
* pin github actions
* enforce hashes that are already present
* run style checks on cicd changes
2025-03-26 13:04:45 +11:00
Matthias Mair
6863b4fcdd
Fix dependabot version detection ( #9080 )
...
* Revert "lower runtime to try fix dependabot resolution (#9031 )"
This reverts commit 72c077c861cb0a1a0841e489074d9d1af6f30cf6.
* this should temporarly fix dependabot
2025-02-15 07:45:49 +11:00
Matthias Mair
72c077c861
lower runtime to try fix dependabot resolution ( #9031 )
...
* lower runtime to fix dependabot resolution
* Revert "split up python updates and assign to @matmair for manual fixes where necessary (#8772 )"
This reverts commit 04d7a96ddea647fbc53bb33f06aa62b3809a4b5c.
2025-02-05 09:23:16 +11:00
Matthias Mair
04d7a96dde
split up python updates and assign to @matmair for manual fixes where necessary ( #8772 )
2024-12-27 08:14:32 +11:00
Matthias Mair
6c089d3869
fix path to CI dependencies ( #7755 )
2024-07-30 20:53:02 +10:00
dependabot[bot]
acdf7f5ec0
Bump mkdocstrings[python] from 0.25.0 to 0.25.1 in /docs ( #7212 )
...
* Bump mkdocstrings[python] from 0.25.0 to 0.25.1 in /docs
Bumps [mkdocstrings[python]](https://github.com/mkdocstrings/mkdocstrings ) from 0.25.0 to 0.25.1.
- [Release notes](https://github.com/mkdocstrings/mkdocstrings/releases )
- [Changelog](https://github.com/mkdocstrings/mkdocstrings/blob/main/CHANGELOG.md )
- [Commits](https://github.com/mkdocstrings/mkdocstrings/compare/0.25.0...0.25.1 )
---
updated-dependencies:
- dependency-name: mkdocstrings[python]
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix req
* bump rest of docs reqs
* group dependabot settings
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2024-05-22 09:29:51 +10:00
Matthias Mair
83191d3fbf
Improve reproduciblity of image ( #7120 )
...
* hard-pin doc requirements
* update docs and commands
* hard pin container requirements
* check hashes in image build
* remove seperate uv install (is in base_requirements)
* containers already ships 3.11 - adjust packaging
* move build deps to general ci requirements
* install yarn using native tools
Closes https://github.com/inventree/InvenTree/security/code-scanning/95
Closes https://github.com/inventree/InvenTree/security/code-scanning/96
* merge install steps
* adapt install command args to be similar
* adapt docs to suggest safer install arg
* fix install path
* update dependabot settings
2024-04-29 11:04:45 +10:00
Matthias Mair
2e0b197457
Group dependabot PRs per ecosystem ( #7098 )
2024-04-23 08:19:26 +10:00
Matthias Mair
7b77fd31a7
Cleanups for refactor ( #6933 )
...
* adjust depandabot targets and interval
* add git blame ignore to make git diff more useable
* adjust test path
* fix ci path
2024-04-03 19:59:02 +11:00
Matthias Mair
b46b200101
Add OSSF Scorecard ( #6769 )
...
* Create scorecard.yml
* Add badge
* disable publishing
* Add security improvements (#181 )
* Add OSSF Scorecard (#179 )
* Create scorecard.yml
* Add badge
* disable publishing
* [StepSecurity] Apply security best practices (#180 )
* [StepSecurity] Apply security best practices
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
* Update .pre-commit-config.yaml
* Update dependabot.yml
* Delete .github/workflows/dependency-review.yml
---------
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: Matthias Mair <code@mjmair.com>
---------
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: StepSecurity Bot <bot@stepsecurity.io>
* Update to upstream project
* disable shellcheck for now
---------
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: StepSecurity Bot <bot@stepsecurity.io>
2024-03-21 10:11:49 +11:00
