2
0
mirror of https://github.com/inventree/InvenTree.git synced 2025-10-24 18:07:38 +00:00
Commit Graph

12 Commits

Author SHA1 Message Date
Matthias Mair
7a984f831f bump backend deps (#9713)
* bump backend deps

* lower xmlsec to fix build

* add permament pin

* lower allauth as there are api changes

* unify dependabot config
2025-06-02 11:26:49 +10:00
Matthias Mair
9ab82a187e fix(ci): dependabot config (#9514)
* fix(ci): dependabot config

* bump now updatable lingui/cli
2025-04-16 08:04:54 +10:00
Matthias Mair
9bc0d599bc chore: improve ci security (#9384)
* pin docker files

* pin github actions

* enforce hashes that are already present

* run style checks on cicd changes
2025-03-26 13:04:45 +11:00
Matthias Mair
6863b4fcdd Fix dependabot version detection (#9080)
* Revert "lower runtime to try fix dependabot resolution (#9031)"

This reverts commit 72c077c861.

* this should temporarly fix dependabot
2025-02-15 07:45:49 +11:00
Matthias Mair
72c077c861 lower runtime to try fix dependabot resolution (#9031)
* lower runtime to fix dependabot resolution

* Revert "split up python updates and assign to @matmair for manual fixes where necessary (#8772)"

This reverts commit 04d7a96dde.
2025-02-05 09:23:16 +11:00
Matthias Mair
04d7a96dde split up python updates and assign to @matmair for manual fixes where necessary (#8772) 2024-12-27 08:14:32 +11:00
Matthias Mair
6c089d3869 fix path to CI dependencies (#7755) 2024-07-30 20:53:02 +10:00
dependabot[bot]
acdf7f5ec0 Bump mkdocstrings[python] from 0.25.0 to 0.25.1 in /docs (#7212)
* Bump mkdocstrings[python] from 0.25.0 to 0.25.1 in /docs

Bumps [mkdocstrings[python]](https://github.com/mkdocstrings/mkdocstrings) from 0.25.0 to 0.25.1.
- [Release notes](https://github.com/mkdocstrings/mkdocstrings/releases)
- [Changelog](https://github.com/mkdocstrings/mkdocstrings/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mkdocstrings/mkdocstrings/compare/0.25.0...0.25.1)

---
updated-dependencies:
- dependency-name: mkdocstrings[python]
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix req

* bump rest of docs reqs

* group dependabot settings

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2024-05-22 09:29:51 +10:00
Matthias Mair
83191d3fbf Improve reproduciblity of image (#7120)
* hard-pin doc requirements

* update docs and commands

* hard pin container requirements

* check hashes in image build

* remove seperate uv install (is in base_requirements)

* containers already ships 3.11 - adjust packaging

* move build deps to general ci requirements

* install yarn using native tools

Closes https://github.com/inventree/InvenTree/security/code-scanning/95
Closes https://github.com/inventree/InvenTree/security/code-scanning/96

* merge install steps

* adapt install command args to be similar

* adapt docs to suggest safer install arg

* fix install path

* update dependabot settings
2024-04-29 11:04:45 +10:00
Matthias Mair
2e0b197457 Group dependabot PRs per ecosystem (#7098) 2024-04-23 08:19:26 +10:00
Matthias Mair
7b77fd31a7 Cleanups for refactor (#6933)
* adjust depandabot targets and interval

* add git blame ignore to make git diff more useable

* adjust test path

* fix ci path
2024-04-03 19:59:02 +11:00
Matthias Mair
b46b200101 Add OSSF Scorecard (#6769)
* Create scorecard.yml

* Add badge

* disable publishing

* Add security improvements (#181)

* Add OSSF Scorecard (#179)

* Create scorecard.yml

* Add badge

* disable publishing

* [StepSecurity] Apply security best practices (#180)

* [StepSecurity] Apply security best practices

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>

* Update .pre-commit-config.yaml

* Update dependabot.yml

* Delete .github/workflows/dependency-review.yml

---------

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: Matthias Mair <code@mjmair.com>

---------

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: StepSecurity Bot <bot@stepsecurity.io>

* Update to upstream project

* disable shellcheck for now

---------

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: StepSecurity Bot <bot@stepsecurity.io>
2024-03-21 10:11:49 +11:00