Niels Lohmann
899cf31255
Harden CI: validate PR artifact inputs, migrate off deprecated Semgrep action ( #5232 )
...
* Harden CI workflows: validate PR artifact inputs and migrate off deprecated Semgrep action
Address two CI/supply-chain hardening items from the 2026-07-03 security
audit:
- comment_check_amalgamation.yml (todo 117): the privileged `workflow_run`
job consumes an untrusted PR artifact. Validate `author` against a strict
GitHub-username pattern and `number` as a positive integer before use, and
extract the artifact into a dedicated directory (`unzip -o pr.zip -d
./pr_artifact`), reading only the two expected files by fixed path. This
prevents Markdown/mention injection via the attacker-controlled `author`
text and avoids a malicious archive touching the workspace.
- semgrep.yml (todo 118): `returntocorp/semgrep-action` is deprecated (the
org was renamed to `semgrep/*`). Replace it with an explicit `semgrep ci`
invocation via the maintained CLI; the deployment is inferred from
SEMGREP_APP_TOKEN.
Todo 116 (CIFuzz `@master` refs) already carries a comment documenting the
OSS-Fuzz-recommended exception, so no change is needed there.
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
* Fix Semgrep step: use `semgrep scan` instead of token-gated `semgrep ci`
The CI `Scan` job failed with "Path does not exist: semgrep.sarif" because
`semgrep ci` requires a login token (SEMGREP_APP_TOKEN), which this repo does
not have configured, so it bailed without producing a SARIF file. The former
returntocorp/semgrep-action, given no token, fell back to plain
`semgrep scan --sarif`; match that with `semgrep scan --config auto`, which
needs no token and always produces the SARIF for upload.
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
---------
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com >
2026-07-04 11:10:02 +02:00
Niels Lohmann
c363dc3e4d
Bump codeql-action to v4.36.3 and group future updates ( #5230 )
...
Bumps init/analyze/autobuild together (previously split across #5226 ,
#5227 , #5228 , which each failed CI due to a version mismatch between
the CodeQL config and the running action). Also adds a dependabot
group so future codeql-action bumps land in a single PR.
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
2026-07-03 08:04:41 +02:00
Niels Lohmann
972f5cc10b
Attach a ready-to-apply patch when the amalgamation check fails ( #5229 )
...
When a PR is not amalgamated/formatted, the astyle version friction (see
the recurring blocker across many PRs) means contributors often struggle
to reproduce the exact fix locally. The check now regenerates the
amalgamation and formatting, captures the difference as a patch, and
uploads it as the `amalgamation-patch` artifact. The failure comment
links to that artifact and tells contributors to run
`git apply amalgamation.patch`, so they no longer need to install the
pinned astyle version themselves.
The pass/fail verdict is unchanged: the same PRs fail as before, and a
correctly amalgamated PR uploads nothing and passes.
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com >
2026-07-02 23:05:00 +02:00
dependabot[bot]
518c5c887a
🤜 Bump github/codeql-action/upload-sarif from 4.36.2 to 4.36.3 ( #5225 )
...
Bumps [github/codeql-action/upload-sarif](https://github.com/github/codeql-action ) from 4.36.2 to 4.36.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/8aad20d150bbac5944a9f9d289da16a4b0d87c1e...54f647b7e1bb85c95cddabcd46b0c578ec92bc1a )
---
updated-dependencies:
- dependency-name: github/codeql-action/upload-sarif
dependency-version: 4.36.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-02 23:04:05 +02:00
Niels Lohmann
c944317002
Add more compilers ( #5220 )
...
* 👷 add ipcx and nvc++
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
* 🚷 fix nvc++ build
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
* 🚷 fix nvc++ build
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
* 👷 add more MSVC images
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
* 👷 add more MSVC images
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
---------
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
2026-07-02 17:13:49 +02:00
Niels Lohmann
272411c5e6
Overwork project infrastructure ( #5218 )
...
* 📡 overwork project infrastructure
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
* 🚷 fix GCC16 issue
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
* 🚷 fix GCC16 issue
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
* 🚷 only build module for GCC
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
* 🚷 fix build
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
* 📡 fix documentation
Closes #5012 : fix the error_handler_t::ignore wording
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
* 📡 fix documentation
Closes #4354 : fix "Custom data source" example
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
---------
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
2026-06-30 18:09:06 +02:00
dependabot[bot]
25c58ac6bd
Bump actions/checkout from 6.0.3 to 7.0.0 ( #5213 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6.0.3 to 7.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/df4cb1c069e1874edd31b4311f1884172cec0e10...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 7.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-23 13:17:52 +02:00
dependabot[bot]
87f1eb436e
Bump lukka/get-cmake from 4.3.3 to 4.3.4 ( #5214 )
...
Bumps [lukka/get-cmake](https://github.com/lukka/get-cmake ) from 4.3.3 to 4.3.4.
- [Release notes](https://github.com/lukka/get-cmake/releases )
- [Changelog](https://github.com/lukka/get-cmake/blob/main/RELEASE_PROCESS.md )
- [Commits](https://github.com/lukka/get-cmake/compare/591817e96fcad43505fb4eae36172462abb3a42e...f5b8fbb4d77cec1acc5a5f9f0df4beffaf5d98d9 )
---
updated-dependencies:
- dependency-name: lukka/get-cmake
dependency-version: 4.3.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-23 13:17:19 +02:00
Niels Lohmann
a5f8e230ac
Document number conversion ( #5208 )
...
* 📡 document number conversion
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
* 👷 fix CI
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
---------
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
2026-06-16 22:05:44 +02:00
dependabot[bot]
a39f33b951
Bump actions/checkout from 6.0.2 to 6.0.3 ( #5201 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 6.0.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-11 09:41:52 +02:00
dependabot[bot]
e4bdf1be72
Bump github/codeql-action from 4.36.0 to 4.36.2 ( #5202 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.36.0 to 4.36.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/7211b7c8077ea37d8641b6271f6a365a22a5fbfa...8aad20d150bbac5944a9f9d289da16a4b0d87c1e )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.36.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-07 17:04:26 +02:00
dependabot[bot]
d10879bca8
Bump lukka/get-cmake from 4.3.2 to 4.3.3 ( #5192 )
2026-05-26 07:20:57 +02:00
dependabot[bot]
484483acad
Bump github/codeql-action from 4.35.5 to 4.36.0 ( #5191 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.5 to 4.36.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/9e0d7b8d25671d64c341c19c0152d693099fb5ba...7211b7c8077ea37d8641b6271f6a365a22a5fbfa )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.36.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-22 20:16:56 +02:00
dependabot[bot]
a69a42a930
Bump step-security/harden-runner from 2.19.3 to 2.19.4 ( #5188 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.19.3 to 2.19.4.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/ab7a9404c0f3da075243ca237b5fac12c98deaa5...9af89fc71515a100421586dfdb3dc9c984fbf411 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.19.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-21 22:20:29 +02:00
dependabot[bot]
77388b95fc
Bump actions/stale from 10.2.0 to 10.3.0 ( #5189 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 10.2.0 to 10.3.0.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/stale/compare/b5d41d4e1d5dceea10e7104786b73624c18a190f...eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 )
---
updated-dependencies:
- dependency-name: actions/stale
dependency-version: 10.3.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-21 22:20:05 +02:00
dependabot[bot]
d96329f8d6
Bump david-a-wheeler/flawfinder from 2.0.19 to 2.0.20 ( #5184 )
2026-05-19 07:13:57 +02:00
dependabot[bot]
e08b3cab68
Bump step-security/harden-runner from 2.19.2 to 2.19.3 ( #5173 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.19.2 to 2.19.3.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/9ca718d3bf646d6534007c269a635b3e54cadf99...ab7a9404c0f3da075243ca237b5fac12c98deaa5 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.19.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-15 20:59:12 +02:00
dependabot[bot]
65c52ae1c8
Bump github/codeql-action from 4.35.4 to 4.35.5 ( #5174 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.4 to 4.35.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...9e0d7b8d25671d64c341c19c0152d693099fb5ba )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.35.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-15 20:59:03 +02:00
dependabot[bot]
630beaeb05
Bump step-security/harden-runner from 2.19.1 to 2.19.2 ( #5170 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.19.1 to 2.19.2.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/a5ad31d6a139d249332a2605b85202e8c0b78450...9ca718d3bf646d6534007c269a635b3e54cadf99 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.19.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-14 20:04:56 +02:00
dependabot[bot]
216c50365e
Bump peaceiris/actions-gh-pages from 4.0.0 to 4.1.0 ( #5166 )
2026-05-13 07:23:10 +02:00
dependabot[bot]
f0bf4c731a
Bump actions/dependency-review-action from 4.9.0 to 5.0.0 ( #5165 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 4.9.0 to 5.0.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](https://github.com/actions/dependency-review-action/compare/2031cfc080254a8a887f58cffee85186f0e49e48...a1d282b36b6f3519aa1f3fc636f609c47dddb294 )
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-version: 5.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-12 10:25:16 +02:00
dependabot[bot]
a038cc4ef8
Bump step-security/harden-runner from 2.19.0 to 2.19.1 ( #5157 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.19.0 to 2.19.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/8d3c67de8e2fe68ef647c8db1e6a09f647780f40...a5ad31d6a139d249332a2605b85202e8c0b78450 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.19.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-08 07:49:26 +02:00
dependabot[bot]
889dd78eb9
Bump github/codeql-action from 4.35.2 to 4.35.4 ( #5159 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.2 to 4.35.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/95e58e9a2cdfd71adc6e0353d5c52f41a045d225...68bde559dea0fdcac2102bfdf6230c5f70eb485e )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.35.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-08 06:58:24 +02:00
dependabot[bot]
98386eb08b
Bump lukka/get-cmake from 4.3.1 to 4.3.2 ( #5145 )
...
Bumps [lukka/get-cmake](https://github.com/lukka/get-cmake ) from 4.3.1 to 4.3.2.
- [Release notes](https://github.com/lukka/get-cmake/releases )
- [Changelog](https://github.com/lukka/get-cmake/blob/main/RELEASE_PROCESS.md )
- [Commits](https://github.com/lukka/get-cmake/compare/ea83089aa35e08e459464341fe24ad024ee2466f...7bfc9baacbbdcb5e37957ad05c3546b3e222be3c )
---
updated-dependencies:
- dependency-name: lukka/get-cmake
dependency-version: 4.3.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-24 20:27:33 +02:00
dependabot[bot]
75498c1fbd
Bump actions/upload-artifact from 7.0.0 to 7.0.1 ( #5146 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: 7.0.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-24 20:27:25 +02:00
dependabot[bot]
8d849594f8
Bump step-security/harden-runner from 2.17.0 to 2.19.0 ( #5147 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.17.0 to 2.19.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/f808768d1510423e83855289c910610ca9b43176...8d3c67de8e2fe68ef647c8db1e6a09f647780f40 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.19.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-24 20:27:17 +02:00
dependabot[bot]
53e9b56ec3
Bump github/codeql-action from 4.35.1 to 4.35.2 ( #5148 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.1 to 4.35.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...95e58e9a2cdfd71adc6e0353d5c52f41a045d225 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.35.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-24 20:27:06 +02:00
dependabot[bot]
94c73171b3
Bump mymindstorm/setup-emsdk from 15 to 16 ( #5133 )
...
Bumps [mymindstorm/setup-emsdk](https://github.com/mymindstorm/setup-emsdk ) from 15 to 16.
- [Release notes](https://github.com/mymindstorm/setup-emsdk/releases )
- [Commits](https://github.com/mymindstorm/setup-emsdk/compare/667eb33f24e84e7f362c16d8d7fff0629a73e15e...4528d102f7230f0e7b276855c01ea1159be0e984 )
---
updated-dependencies:
- dependency-name: mymindstorm/setup-emsdk
dependency-version: '16'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-24 16:49:22 +02:00
dependabot[bot]
43c8ea198f
Bump github/codeql-action from 4.32.6 to 4.35.1 ( #5125 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.32.6 to 4.35.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/0d579ffd059c29b07949a3cce3983f0780820c98...c10b8064de6f491fea524254123dbe5e09572f13 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.35.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-24 16:48:51 +02:00
dependabot[bot]
a5381281bf
Bump step-security/harden-runner from 2.16.1 to 2.17.0 ( #5132 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.16.1 to 2.17.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/fe104658747b27e96e4f7e80cd0a94068e53901d...f808768d1510423e83855289c910610ca9b43176 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.17.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-24 16:48:22 +02:00
dependabot[bot]
a8e7442b29
Bump actions/github-script from 8.0.0 to 9.0.0 ( #5134 )
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 8.0.0 to 9.0.0.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3 )
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-version: 9.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-24 16:48:17 +02:00
dependabot[bot]
8f3d9a5e97
Bump lukka/get-cmake from 4.2.3 to 4.3.1 ( #5124 )
...
Bumps [lukka/get-cmake](https://github.com/lukka/get-cmake ) from 4.2.3 to 4.3.1.
- [Release notes](https://github.com/lukka/get-cmake/releases )
- [Changelog](https://github.com/lukka/get-cmake/blob/main/RELEASE_PROCESS.md )
- [Commits](https://github.com/lukka/get-cmake/compare/f176ccd3f28bda569c43aae4894f06b2435a3375...ea83089aa35e08e459464341fe24ad024ee2466f )
---
updated-dependencies:
- dependency-name: lukka/get-cmake
dependency-version: 4.3.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-24 16:45:53 +02:00
dependabot[bot]
3946872265
Bump step-security/harden-runner from 2.16.0 to 2.16.1 ( #5127 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.16.0 to 2.16.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594...fe104658747b27e96e4f7e80cd0a94068e53901d )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.16.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-06 18:35:48 +02:00
dependabot[bot]
f36f976e73
Bump mymindstorm/setup-emsdk from 14 to 15 ( #5131 )
...
Bumps [mymindstorm/setup-emsdk](https://github.com/mymindstorm/setup-emsdk ) from 14 to 15.
- [Release notes](https://github.com/mymindstorm/setup-emsdk/releases )
- [Commits](https://github.com/mymindstorm/setup-emsdk/compare/6ab9eb1bda2574c4ddb79809fc9247783eaf9021...667eb33f24e84e7f362c16d8d7fff0629a73e15e )
---
updated-dependencies:
- dependency-name: mymindstorm/setup-emsdk
dependency-version: '15'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-06 18:35:18 +02:00
dependabot[bot]
2413fc0b1d
Bump step-security/harden-runner from 2.15.1 to 2.16.0 ( #5113 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.15.1 to 2.16.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/58077d3c7e43986b6b15fba718e8ea69e387dfcc...fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.16.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-28 21:03:14 +01:00
dependabot[bot]
eba0a92bfb
Bump github/codeql-action from 4.32.5 to 4.32.6 ( #5101 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.32.5 to 4.32.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/c793b717bc78562f491db7b0e93a3a178b099162...0d579ffd059c29b07949a3cce3983f0780820c98 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.32.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-13 07:18:58 +01:00
dependabot[bot]
707c012e9c
Bump step-security/harden-runner from 2.15.0 to 2.15.1 ( #5100 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.15.0 to 2.15.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/a90bcbc6539c36a85cdfeb73f7e2f433735f215b...58077d3c7e43986b6b15fba718e8ea69e387dfcc )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.15.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-13 07:17:01 +01:00
dependabot[bot]
7d0218f738
Bump actions/dependency-review-action from 4.8.3 to 4.9.0 ( #5098 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 4.8.3 to 4.9.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](https://github.com/actions/dependency-review-action/compare/05fe4576374b728f0c523d6a13d64c25081e0803...2031cfc080254a8a887f58cffee85186f0e49e48 )
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-version: 4.9.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-04 20:47:49 +01:00
dependabot[bot]
533228a88c
🤜 Bump github/codeql-action from 4.32.4 to 4.32.5 ( #5092 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.32.4 to 4.32.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/89a39a4e59826350b863aa6b6252a07ad50cf83e...c793b717bc78562f491db7b0e93a3a178b099162 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.32.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-03 20:23:52 +01:00
dependabot[bot]
d293f604bf
🤜 Bump actions/upload-artifact from 6.0.0 to 7.0.0 ( #5094 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: 7.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-03 20:23:21 +01:00
dependabot[bot]
aecccbf57e
🤜 Bump srvaroa/labeler ( #5093 )
...
Bumps [srvaroa/labeler](https://github.com/srvaroa/labeler ) from 471cdb892ebac76de6cb869105a2017fa3b9b9b3 to e8fbb2561481ef6e711a770f0234e9379dc76892.
- [Release notes](https://github.com/srvaroa/labeler/releases )
- [Commits](https://github.com/srvaroa/labeler/compare/471cdb892ebac76de6cb869105a2017fa3b9b9b3...e8fbb2561481ef6e711a770f0234e9379dc76892 )
---
updated-dependencies:
- dependency-name: srvaroa/labeler
dependency-version: e8fbb2561481ef6e711a770f0234e9379dc76892
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-03 20:22:24 +01:00
dependabot[bot]
ad12e0ebed
🤜 Bump github/codeql-action from 4.32.3 to 4.32.4 ( #5084 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.32.3 to 4.32.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/9e907b5e64f6b83e7804b09294d44122997950d6...89a39a4e59826350b863aa6b6252a07ad50cf83e )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.32.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-03 10:20:50 +01:00
dependabot[bot]
d9cffc35ad
🤜 Bump actions/dependency-review-action from 4.8.2 to 4.8.3 ( #5083 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 4.8.2 to 4.8.3.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](https://github.com/actions/dependency-review-action/compare/3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261...05fe4576374b728f0c523d6a13d64c25081e0803 )
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-version: 4.8.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-03 10:20:25 +01:00
dependabot[bot]
313b85d199
🤜 Bump actions/stale from 10.1.1 to 10.2.0 ( #5081 )
...
Bumps [actions/stale](https://github.com/actions/stale ) from 10.1.1 to 10.2.0.
- [Release notes](https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/stale/compare/997185467fa4f803885201cee163a9f38240193d...b5d41d4e1d5dceea10e7104786b73624c18a190f )
---
updated-dependencies:
- dependency-name: actions/stale
dependency-version: 10.2.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-03 10:20:04 +01:00
dependabot[bot]
4fd26a4ead
🤜 Bump step-security/harden-runner from 2.14.2 to 2.15.0 ( #5088 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.14.2 to 2.15.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/5ef0c079ce82195b2a36a210272d6b661572d83e...a90bcbc6539c36a85cdfeb73f7e2f433735f215b )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.15.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-03 08:00:34 +01:00
dependabot[bot]
95cfd7a3b5
🤜 Bump lukka/get-cmake from 4.2.2 to 4.2.3 ( #5065 )
...
Bumps [lukka/get-cmake](https://github.com/lukka/get-cmake ) from 4.2.2 to 4.2.3.
- [Release notes](https://github.com/lukka/get-cmake/releases )
- [Changelog](https://github.com/lukka/get-cmake/blob/main/RELEASE_PROCESS.md )
- [Commits](https://github.com/lukka/get-cmake/compare/dc05ee1ee5ba69770230c73a6a4e947595745cab...f176ccd3f28bda569c43aae4894f06b2435a3375 )
---
updated-dependencies:
- dependency-name: lukka/get-cmake
dependency-version: 4.2.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-03 08:00:06 +01:00
dependabot[bot]
8167d2f641
🤜 Bump github/codeql-action from 4.32.1 to 4.32.3 ( #5077 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.32.1 to 4.32.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/6bc82e05fd0ea64601dd4b465378bbcf57de0314...9e907b5e64f6b83e7804b09294d44122997950d6 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.32.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-16 19:36:02 +01:00
dependabot[bot]
e5e06e1a7b
🤜 Bump srvaroa/labeler ( #5080 )
...
Bumps [srvaroa/labeler](https://github.com/srvaroa/labeler ) from b4493338d7929ddc4ffc95fadf6f28c73bae2e90 to 471cdb892ebac76de6cb869105a2017fa3b9b9b3.
- [Release notes](https://github.com/srvaroa/labeler/releases )
- [Commits](https://github.com/srvaroa/labeler/compare/b4493338d7929ddc4ffc95fadf6f28c73bae2e90...471cdb892ebac76de6cb869105a2017fa3b9b9b3 )
---
updated-dependencies:
- dependency-name: srvaroa/labeler
dependency-version: 471cdb892ebac76de6cb869105a2017fa3b9b9b3
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-16 19:35:48 +01:00
dependabot[bot]
904592d2a8
🤜 Bump step-security/harden-runner from 2.14.1 to 2.14.2 ( #5075 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.14.1 to 2.14.2.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/e3f713f2d8f53843e71c69a996d56f51aa9adfb9...5ef0c079ce82195b2a36a210272d6b661572d83e )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.14.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-09 20:15:00 +01:00
dependabot[bot]
21b53746c9
🤜 Bump github/codeql-action from 4.32.0 to 4.32.1 ( #5067 )
2026-02-03 07:33:53 +01:00