Commit Graph

5 Commits

Author SHA1 Message Date
dependabot[bot]
acdf7f5ec0
Bump mkdocstrings[python] from 0.25.0 to 0.25.1 in /docs (#7212)
* Bump mkdocstrings[python] from 0.25.0 to 0.25.1 in /docs

Bumps [mkdocstrings[python]](https://github.com/mkdocstrings/mkdocstrings) from 0.25.0 to 0.25.1.
- [Release notes](https://github.com/mkdocstrings/mkdocstrings/releases)
- [Changelog](https://github.com/mkdocstrings/mkdocstrings/blob/main/CHANGELOG.md)
- [Commits](https://github.com/mkdocstrings/mkdocstrings/compare/0.25.0...0.25.1)

---
updated-dependencies:
- dependency-name: mkdocstrings[python]
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix req

* bump rest of docs reqs

* group dependabot settings

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2024-05-22 09:29:51 +10:00
Matthias Mair
83191d3fbf
Improve reproduciblity of image (#7120)
* hard-pin doc requirements

* update docs and commands

* hard pin container requirements

* check hashes in image build

* remove seperate uv install (is in base_requirements)

* containers already ships 3.11 - adjust packaging

* move build deps to general ci requirements

* install yarn using native tools

Closes https://github.com/inventree/InvenTree/security/code-scanning/95
Closes https://github.com/inventree/InvenTree/security/code-scanning/96

* merge install steps

* adapt install command args to be similar

* adapt docs to suggest safer install arg

* fix install path

* update dependabot settings
2024-04-29 11:04:45 +10:00
Matthias Mair
2e0b197457
Group dependabot PRs per ecosystem (#7098) 2024-04-23 08:19:26 +10:00
Matthias Mair
7b77fd31a7
Cleanups for refactor (#6933)
* adjust depandabot targets and interval

* add git blame ignore to make git diff more useable

* adjust test path

* fix ci path
2024-04-03 19:59:02 +11:00
Matthias Mair
b46b200101
Add OSSF Scorecard (#6769)
* Create scorecard.yml

* Add badge

* disable publishing

* Add security improvements (#181)

* Add OSSF Scorecard (#179)

* Create scorecard.yml

* Add badge

* disable publishing

* [StepSecurity] Apply security best practices (#180)

* [StepSecurity] Apply security best practices

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>

* Update .pre-commit-config.yaml

* Update dependabot.yml

* Delete .github/workflows/dependency-review.yml

---------

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: Matthias Mair <code@mjmair.com>

---------

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: StepSecurity Bot <bot@stepsecurity.io>

* Update to upstream project

* disable shellcheck for now

---------

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: StepSecurity Bot <bot@stepsecurity.io>
2024-03-21 10:11:49 +11:00