Mirrored_Repos/InvenTree
1
0
Fork 0
mirror of https://github.com/inventree/InvenTree synced 2024-08-30 18:33:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
15,326 Commits 6 Branches 99 Tags 484 MiB
9435a4c3fd
Commit Graph

7 Commits

Author SHA1 Message Date
dependabot[bot]
0575c167aa
Bump github/codeql-action from 3.24.10 to 3.25.0 (#7036) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.10 to 3.25.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](4355270be1...df5a14dc28)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-16 09:56:27 +10:00
dependabot[bot]
252cc7975a
Bump github/codeql-action from 3.24.9 to 3.24.10 (#6976) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.9 to 3.24.10.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](1b1aada464...4355270be1)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-12 07:05:07 +10:00
Matthias Mair
4db61df8cd
Security improvements (#6890) 
* Set write permissions at job level

* publish scorecard results

* Update scorecard.yml

* Update scorecard.yml

* Create .sonarcloud.properties

* Delete .deepsource.toml

* replace badge

* pin requests, pyyaml, jc

* pin yarn version

* pin uv

* reduce settings

* set test path
 2024-04-02 17:35:01 +11:00
dependabot[bot]
8e5ebf49a9
Bump actions/upload-artifact from 3.1.0 to 4.3.1 (#6851) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.0 to 4.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3.1.0...5d5d22a31266ced268874388b861e4b58bb5c2f3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-26 07:52:51 +11:00
dependabot[bot]
d935936295
Bump github/codeql-action from 2.2.4 to 3.24.9 (#6852) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.4 to 3.24.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](17573ee1cc...1b1aada464)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-26 07:48:33 +11:00
dependabot[bot]
5385d93a22
Bump ossf/scorecard-action from 2.1.2 to 2.3.1 (#6803) 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](e38b1902ae...0864cf1902)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-03-23 18:11:10 +11:00
Matthias Mair
b46b200101
Add OSSF Scorecard (#6769) 
* Create scorecard.yml

* Add badge

* disable publishing

* Add security improvements (#181)

* Add OSSF Scorecard (#179)

* Create scorecard.yml

* Add badge

* disable publishing

* [StepSecurity] Apply security best practices (#180)

* [StepSecurity] Apply security best practices

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>

* Update .pre-commit-config.yaml

* Update dependabot.yml

* Delete .github/workflows/dependency-review.yml

---------

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: Matthias Mair <code@mjmair.com>

---------

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: StepSecurity Bot <bot@stepsecurity.io>

* Update to upstream project

* disable shellcheck for now

---------

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: StepSecurity Bot <bot@stepsecurity.io>
 2024-03-21 10:11:49 +11:00