Niels Lohmann
899cf31255
Harden CI: validate PR artifact inputs, migrate off deprecated Semgrep action ( #5232 )
...
* Harden CI workflows: validate PR artifact inputs and migrate off deprecated Semgrep action
Address two CI/supply-chain hardening items from the 2026-07-03 security
audit:
- comment_check_amalgamation.yml (todo 117): the privileged `workflow_run`
job consumes an untrusted PR artifact. Validate `author` against a strict
GitHub-username pattern and `number` as a positive integer before use, and
extract the artifact into a dedicated directory (`unzip -o pr.zip -d
./pr_artifact`), reading only the two expected files by fixed path. This
prevents Markdown/mention injection via the attacker-controlled `author`
text and avoids a malicious archive touching the workspace.
- semgrep.yml (todo 118): `returntocorp/semgrep-action` is deprecated (the
org was renamed to `semgrep/*`). Replace it with an explicit `semgrep ci`
invocation via the maintained CLI; the deployment is inferred from
SEMGREP_APP_TOKEN.
Todo 116 (CIFuzz `@master` refs) already carries a comment documenting the
OSS-Fuzz-recommended exception, so no change is needed there.
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
* Fix Semgrep step: use `semgrep scan` instead of token-gated `semgrep ci`
The CI `Scan` job failed with "Path does not exist: semgrep.sarif" because
`semgrep ci` requires a login token (SEMGREP_APP_TOKEN), which this repo does
not have configured, so it bailed without producing a SARIF file. The former
returntocorp/semgrep-action, given no token, fell back to plain
`semgrep scan --sarif`; match that with `semgrep scan --config auto`, which
needs no token and always produces the SARIF for upload.
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
---------
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com >
2026-07-04 11:10:02 +02:00
dependabot[bot]
518c5c887a
🤜 Bump github/codeql-action/upload-sarif from 4.36.2 to 4.36.3 ( #5225 )
...
Bumps [github/codeql-action/upload-sarif](https://github.com/github/codeql-action ) from 4.36.2 to 4.36.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/8aad20d150bbac5944a9f9d289da16a4b0d87c1e...54f647b7e1bb85c95cddabcd46b0c578ec92bc1a )
---
updated-dependencies:
- dependency-name: github/codeql-action/upload-sarif
dependency-version: 4.36.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-07-02 23:04:05 +02:00
Niels Lohmann
272411c5e6
Overwork project infrastructure ( #5218 )
...
* 📡 overwork project infrastructure
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
* 🚷 fix GCC16 issue
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
* 🚷 fix GCC16 issue
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
* 🚷 only build module for GCC
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
* 🚷 fix build
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
* 📡 fix documentation
Closes #5012 : fix the error_handler_t::ignore wording
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
* 📡 fix documentation
Closes #4354 : fix "Custom data source" example
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
---------
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
2026-06-30 18:09:06 +02:00
dependabot[bot]
25c58ac6bd
Bump actions/checkout from 6.0.3 to 7.0.0 ( #5213 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6.0.3 to 7.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/df4cb1c069e1874edd31b4311f1884172cec0e10...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 7.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-23 13:17:52 +02:00
dependabot[bot]
a39f33b951
Bump actions/checkout from 6.0.2 to 6.0.3 ( #5201 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 6.0.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-11 09:41:52 +02:00
dependabot[bot]
e4bdf1be72
Bump github/codeql-action from 4.36.0 to 4.36.2 ( #5202 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.36.0 to 4.36.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/7211b7c8077ea37d8641b6271f6a365a22a5fbfa...8aad20d150bbac5944a9f9d289da16a4b0d87c1e )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.36.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-07 17:04:26 +02:00
dependabot[bot]
484483acad
Bump github/codeql-action from 4.35.5 to 4.36.0 ( #5191 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.5 to 4.36.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/9e0d7b8d25671d64c341c19c0152d693099fb5ba...7211b7c8077ea37d8641b6271f6a365a22a5fbfa )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.36.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-22 20:16:56 +02:00
dependabot[bot]
a69a42a930
Bump step-security/harden-runner from 2.19.3 to 2.19.4 ( #5188 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.19.3 to 2.19.4.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/ab7a9404c0f3da075243ca237b5fac12c98deaa5...9af89fc71515a100421586dfdb3dc9c984fbf411 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.19.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-21 22:20:29 +02:00
dependabot[bot]
e08b3cab68
Bump step-security/harden-runner from 2.19.2 to 2.19.3 ( #5173 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.19.2 to 2.19.3.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/9ca718d3bf646d6534007c269a635b3e54cadf99...ab7a9404c0f3da075243ca237b5fac12c98deaa5 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.19.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-15 20:59:12 +02:00
dependabot[bot]
65c52ae1c8
Bump github/codeql-action from 4.35.4 to 4.35.5 ( #5174 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.4 to 4.35.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/68bde559dea0fdcac2102bfdf6230c5f70eb485e...9e0d7b8d25671d64c341c19c0152d693099fb5ba )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.35.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-15 20:59:03 +02:00
dependabot[bot]
630beaeb05
Bump step-security/harden-runner from 2.19.1 to 2.19.2 ( #5170 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.19.1 to 2.19.2.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/a5ad31d6a139d249332a2605b85202e8c0b78450...9ca718d3bf646d6534007c269a635b3e54cadf99 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.19.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-14 20:04:56 +02:00
dependabot[bot]
a038cc4ef8
Bump step-security/harden-runner from 2.19.0 to 2.19.1 ( #5157 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.19.0 to 2.19.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/8d3c67de8e2fe68ef647c8db1e6a09f647780f40...a5ad31d6a139d249332a2605b85202e8c0b78450 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.19.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-08 07:49:26 +02:00
dependabot[bot]
889dd78eb9
Bump github/codeql-action from 4.35.2 to 4.35.4 ( #5159 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.2 to 4.35.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/95e58e9a2cdfd71adc6e0353d5c52f41a045d225...68bde559dea0fdcac2102bfdf6230c5f70eb485e )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.35.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-08 06:58:24 +02:00
dependabot[bot]
8d849594f8
Bump step-security/harden-runner from 2.17.0 to 2.19.0 ( #5147 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.17.0 to 2.19.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/f808768d1510423e83855289c910610ca9b43176...8d3c67de8e2fe68ef647c8db1e6a09f647780f40 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.19.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-24 20:27:17 +02:00
dependabot[bot]
53e9b56ec3
Bump github/codeql-action from 4.35.1 to 4.35.2 ( #5148 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.35.1 to 4.35.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...95e58e9a2cdfd71adc6e0353d5c52f41a045d225 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.35.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-24 20:27:06 +02:00
dependabot[bot]
43c8ea198f
Bump github/codeql-action from 4.32.6 to 4.35.1 ( #5125 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.32.6 to 4.35.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/0d579ffd059c29b07949a3cce3983f0780820c98...c10b8064de6f491fea524254123dbe5e09572f13 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.35.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-24 16:48:51 +02:00
dependabot[bot]
a5381281bf
Bump step-security/harden-runner from 2.16.1 to 2.17.0 ( #5132 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.16.1 to 2.17.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/fe104658747b27e96e4f7e80cd0a94068e53901d...f808768d1510423e83855289c910610ca9b43176 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.17.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-24 16:48:22 +02:00
dependabot[bot]
3946872265
Bump step-security/harden-runner from 2.16.0 to 2.16.1 ( #5127 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.16.0 to 2.16.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594...fe104658747b27e96e4f7e80cd0a94068e53901d )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.16.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-06 18:35:48 +02:00
dependabot[bot]
2413fc0b1d
Bump step-security/harden-runner from 2.15.1 to 2.16.0 ( #5113 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.15.1 to 2.16.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/58077d3c7e43986b6b15fba718e8ea69e387dfcc...fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.16.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-28 21:03:14 +01:00
dependabot[bot]
eba0a92bfb
Bump github/codeql-action from 4.32.5 to 4.32.6 ( #5101 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.32.5 to 4.32.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/c793b717bc78562f491db7b0e93a3a178b099162...0d579ffd059c29b07949a3cce3983f0780820c98 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.32.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-13 07:18:58 +01:00
dependabot[bot]
707c012e9c
Bump step-security/harden-runner from 2.15.0 to 2.15.1 ( #5100 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.15.0 to 2.15.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/a90bcbc6539c36a85cdfeb73f7e2f433735f215b...58077d3c7e43986b6b15fba718e8ea69e387dfcc )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.15.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-13 07:17:01 +01:00
dependabot[bot]
533228a88c
🤜 Bump github/codeql-action from 4.32.4 to 4.32.5 ( #5092 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.32.4 to 4.32.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/89a39a4e59826350b863aa6b6252a07ad50cf83e...c793b717bc78562f491db7b0e93a3a178b099162 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.32.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-03 20:23:52 +01:00
dependabot[bot]
ad12e0ebed
🤜 Bump github/codeql-action from 4.32.3 to 4.32.4 ( #5084 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.32.3 to 4.32.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/9e907b5e64f6b83e7804b09294d44122997950d6...89a39a4e59826350b863aa6b6252a07ad50cf83e )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.32.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-03 10:20:50 +01:00
dependabot[bot]
4fd26a4ead
🤜 Bump step-security/harden-runner from 2.14.2 to 2.15.0 ( #5088 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.14.2 to 2.15.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/5ef0c079ce82195b2a36a210272d6b661572d83e...a90bcbc6539c36a85cdfeb73f7e2f433735f215b )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.15.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-03 08:00:34 +01:00
dependabot[bot]
8167d2f641
🤜 Bump github/codeql-action from 4.32.1 to 4.32.3 ( #5077 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.32.1 to 4.32.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/6bc82e05fd0ea64601dd4b465378bbcf57de0314...9e907b5e64f6b83e7804b09294d44122997950d6 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.32.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-16 19:36:02 +01:00
dependabot[bot]
904592d2a8
🤜 Bump step-security/harden-runner from 2.14.1 to 2.14.2 ( #5075 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.14.1 to 2.14.2.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/e3f713f2d8f53843e71c69a996d56f51aa9adfb9...5ef0c079ce82195b2a36a210272d6b661572d83e )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.14.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-09 20:15:00 +01:00
dependabot[bot]
21b53746c9
🤜 Bump github/codeql-action from 4.32.0 to 4.32.1 ( #5067 )
2026-02-03 07:33:53 +01:00
dependabot[bot]
553c314fb8
🤜 Bump github/codeql-action from 4.31.10 to 4.32.0 ( #5064 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.10 to 4.32.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/cdefb33c0f6224e58673d9004f47f7cb3e328b89...b20883b0cd1f46c72ae0ba6d1090936928f9fa30 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.32.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-27 17:53:44 +01:00
dependabot[bot]
fa02f62316
🤜 Bump step-security/harden-runner from 2.14.0 to 2.14.1 ( #5062 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.14.0 to 2.14.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/20cf305ff2072d973412fa9b1e3a4f227bda3c76...e3f713f2d8f53843e71c69a996d56f51aa9adfb9 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.14.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-27 17:08:28 +01:00
dependabot[bot]
5aef01cca1
🤜 Bump actions/checkout from 6.0.1 to 6.0.2 ( #5058 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 6.0.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-27 17:06:55 +01:00
dependabot[bot]
2bb9d59fde
🤜 Bump github/codeql-action from 4.31.9 to 4.31.10 ( #5051 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.9 to 4.31.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/5d4e8d1aca955e8d8589aabd499c5cae939e33c7...cdefb33c0f6224e58673d9004f47f7cb3e328b89 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.31.10
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-12 21:28:21 +01:00
dependabot[bot]
ae9c8d82ca
🤜 Bump github/codeql-action from 4.31.8 to 4.31.9 ( #5033 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.8 to 4.31.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/1b168cd39490f61582a9beae412bb7057a6b2c4e...5d4e8d1aca955e8d8589aabd499c5cae939e33c7 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.31.9
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-19 07:38:44 +01:00
dependabot[bot]
9f35919110
🤜 Bump github/codeql-action from 4.31.7 to 4.31.8 ( #5031 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.7 to 4.31.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/cf1bb45a277cb3c205638b2cd5c984db1c46a412...1b168cd39490f61582a9beae412bb7057a6b2c4e )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.31.8
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:01:17 +01:00
dependabot[bot]
75d9166a68
🤜 Bump step-security/harden-runner from 2.13.3 to 2.14.0 ( #5029 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.13.3 to 2.14.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/df199fb7be9f65074067a9eb93f12bb4c5547cf2...20cf305ff2072d973412fa9b1e3a4f227bda3c76 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.14.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-10 15:57:58 +00:00
dependabot[bot]
ea3950e040
🤜 Bump github/codeql-action from 4.31.6 to 4.31.7 ( #5027 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.6 to 4.31.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/fe4161a26a8629af62121b670040955b330f9af2...cf1bb45a277cb3c205638b2cd5c984db1c46a412 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.31.7
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-09 16:32:57 +00:00
dependabot[bot]
c89e8fac63
🤜 Bump actions/checkout from 6.0.0 to 6.0.1 ( #5025 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3...8e8c483db84b4bee98b60c0593521ed34d9990e8 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 6.0.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-03 18:11:27 +01:00
dependabot[bot]
baceef2286
🤜 Bump step-security/harden-runner from 2.13.2 to 2.13.3 ( #5020 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.13.2 to 2.13.3.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](https://github.com/step-security/harden-runner/compare/95d9a5deda9de15063e7595e9719c11c38c90ae2...df199fb7be9f65074067a9eb93f12bb4c5547cf2 )
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-version: 2.13.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-02 16:54:33 +01:00
dependabot[bot]
942d0225c5
🤜 Bump github/codeql-action from 4.31.4 to 4.31.6 ( #5019 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.4 to 4.31.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/e12f0178983d466f2f6028f5cc7a6d786fd97f4b...fe4161a26a8629af62121b670040955b330f9af2 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.31.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-01 21:19:40 +01:00
dependabot[bot]
a0e9fb1e63
🤜 Bump actions/checkout from 5.0.1 to 6.0.0 ( #5008 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 5.0.1 to 6.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/93cb6efe18208431cddfb8368fd83d5badbf9bfd...1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 6.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-21 23:57:41 +01:00
dependabot[bot]
2b40a69a25
🤜 Bump github/codeql-action from 4.31.3 to 4.31.4 ( #5003 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.3 to 4.31.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/014f16e7ab1402f30e7c3329d33797e7948572db...e12f0178983d466f2f6028f5cc7a6d786fd97f4b )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.31.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-19 18:57:59 +01:00
dependabot[bot]
8fb6fca692
🤜 Bump actions/checkout from 5.0.0 to 5.0.1 ( #5001 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/08c6903cd8c0fde910a37f88322edcfb5dd907a8...93cb6efe18208431cddfb8368fd83d5badbf9bfd )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 5.0.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-18 18:15:21 +01:00
dependabot[bot]
d9878dff1c
🤜 Bump github/codeql-action from 4.31.2 to 4.31.3 ( #4995 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.2 to 4.31.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v4.31.2...014f16e7ab1402f30e7c3329d33797e7948572db )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.31.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-17 20:00:54 +01:00
dependabot[bot]
af524ab666
🤜 Bump step-security/harden-runner from 2.13.1 to 2.13.2 ( #4990 )
2025-11-05 18:07:31 +01:00
dependabot[bot]
63bc495cf8
🤜 Bump returntocorp/semgrep-action ( #4988 )
...
Bumps [returntocorp/semgrep-action](https://github.com/returntocorp/semgrep-action ) from fcd5ab7459e8d91cb1777481980d1b18b4fc6735 to 713efdd345f3035192eaa63f56867b88e63e4e5d.
- [Changelog](https://github.com/returntocorp/semgrep-action/blob/develop/CHANGELOG.md )
- [Commits](https://github.com/returntocorp/semgrep-action/compare/fcd5ab7459e8d91cb1777481980d1b18b4fc6735...713efdd345f3035192eaa63f56867b88e63e4e5d )
---
updated-dependencies:
- dependency-name: returntocorp/semgrep-action
dependency-version: 713efdd345f3035192eaa63f56867b88e63e4e5d
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-04 11:26:36 +01:00
Niels Lohmann
c8b66cf36e
👪 harden runners ( #4985 )
2025-11-03 06:33:14 +01:00
Niels Lohmann
8deac49f50
Update GitHub Actions versions in semgrep.yml ( #4982 )
...
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
2025-10-31 20:36:36 +01:00
Niels Lohmann
e137f2ac88
Add Semgrep workflow for code scanning ( #4980 )
...
Signed-off-by: Niels Lohmann <mail@nlohmann.me >
2025-10-31 17:47:28 +01:00