7a984f831f
bump backend deps ( #9713 )
...
* bump backend deps
* lower xmlsec to fix build
* add permament pin
* lower allauth as there are api changes
* unify dependabot config
2025-06-02 11:26:49 +10:00
9ab82a187e
fix(ci): dependabot config ( #9514 )
...
* fix(ci): dependabot config
* bump now updatable lingui/cli
2025-04-16 08:04:54 +10:00
9bc0d599bc
chore: improve ci security ( #9384 )
...
* pin docker files
* pin github actions
* enforce hashes that are already present
* run style checks on cicd changes
2025-03-26 13:04:45 +11:00
6863b4fcdd
Fix dependabot version detection ( #9080 )
...
* Revert "lower runtime to try fix dependabot resolution (#9031 )"
This reverts commit 72c077c861
2025-02-15 07:45:49 +11:00
72c077c861
lower runtime to try fix dependabot resolution ( #9031 )
...
* lower runtime to fix dependabot resolution
* Revert "split up python updates and assign to @matmair for manual fixes where necessary (#8772 )"
This reverts commit 04d7a96dde
2025-02-05 09:23:16 +11:00
04d7a96dde
split up python updates and assign to @matmair for manual fixes where necessary ( #8772 )
2024-12-27 08:14:32 +11:00
6c089d3869
fix path to CI dependencies ( #7755 )
2024-07-30 20:53:02 +10:00
acdf7f5ec0
Bump mkdocstrings[python] from 0.25.0 to 0.25.1 in /docs ( #7212 )
...
* Bump mkdocstrings[python] from 0.25.0 to 0.25.1 in /docs
Bumps [mkdocstrings[python]](https://github.com/mkdocstrings/mkdocstrings ) from 0.25.0 to 0.25.1.
- [Release notes](https://github.com/mkdocstrings/mkdocstrings/releases )
- [Changelog](https://github.com/mkdocstrings/mkdocstrings/blob/main/CHANGELOG.md )
- [Commits](https://github.com/mkdocstrings/mkdocstrings/compare/0.25.0...0.25.1 )
---
updated-dependencies:
- dependency-name: mkdocstrings[python]
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix req
* bump rest of docs reqs
* group dependabot settings
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com >
2024-05-22 09:29:51 +10:00
83191d3fbf
Improve reproduciblity of image ( #7120 )
...
* hard-pin doc requirements
* update docs and commands
* hard pin container requirements
* check hashes in image build
* remove seperate uv install (is in base_requirements)
* containers already ships 3.11 - adjust packaging
* move build deps to general ci requirements
* install yarn using native tools
Closes https://github.com/inventree/InvenTree/security/code-scanning/95
Closes https://github.com/inventree/InvenTree/security/code-scanning/96
* merge install steps
* adapt install command args to be similar
* adapt docs to suggest safer install arg
* fix install path
* update dependabot settings
2024-04-29 11:04:45 +10:00
2e0b197457
Group dependabot PRs per ecosystem ( #7098 )
2024-04-23 08:19:26 +10:00
7b77fd31a7
Cleanups for refactor ( #6933 )
...
* adjust depandabot targets and interval
* add git blame ignore to make git diff more useable
* adjust test path
* fix ci path
2024-04-03 19:59:02 +11:00
b46b200101
Add OSSF Scorecard ( #6769 )
...
* Create scorecard.yml
* Add badge
* disable publishing
* Add security improvements (#181 )
* Add OSSF Scorecard (#179 )
* Create scorecard.yml
* Add badge
* disable publishing
* [StepSecurity] Apply security best practices (#180 )
* [StepSecurity] Apply security best practices
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io >
* Update .pre-commit-config.yaml
* Update dependabot.yml
* Delete .github/workflows/dependency-review.yml
---------
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io >
Co-authored-by: Matthias Mair <code@mjmair.com >
---------
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io >
Co-authored-by: StepSecurity Bot <bot@stepsecurity.io >
* Update to upstream project
* disable shellcheck for now
---------
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io >
Co-authored-by: StepSecurity Bot <bot@stepsecurity.io >
2024-03-21 10:11:49 +11:00
