jquery

mirror of https://github.com/jquery/jquery.git synced 2024-11-23 02:54:22 +00:00

Author	SHA1	Message	Date
dependabot[bot]	99151d7ab0	Build: Bump actions/setup-node and github/codeql-action 1: Bump actions/setup-node from 4.0.0 to 4.0.1 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](`8f152de45c...b39b52d121`) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-patch ... 2: Bump github/codeql-action from 2.22.5 to 3.22.12 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.5 to 3.22.12. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`74483a38d3...012739e508`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Closes gh-5381 Closes gh-5382 Signed-off-by: dependabot[bot] <support@github.com>	2024-01-03 16:30:28 +01:00
Michał Gołębiowski-Owczarek	c98597eaf5	Build: Reformat GitHub workflow Yaml files Use Prettier 3.1.0 to reformat the Yaml files. This makes their format identical to the one used on `3.x-stable`, making for much easier cherry-picks. The main difference is the list under `steps:` was not indented while all other lists were. Closes gh-5364	2023-11-20 18:20:16 +01:00
Michał Gołębiowski-Owczarek	fb0cc27291	Build: Bump @babel/traverse & multiple actions 1: Bump actions/cache from 3.3.1 to 3.3.2 Bumps [actions/cache](https://github.com/actions/cache) from 3.3.1 to 3.3.2. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](`88522ab9f3...704facf57e`) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... 2: Bump actions/checkout from 3.6.0 to 4.1.1 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.6.0 to 4.1.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`f43a0e5ff2...b4ffde65f4`) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... 3: Bump github/codeql-action from 2.21.5 to 2.22.5 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.5 to 2.22.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`00e563ead9...74483a38d3`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... 4: Bump actions/setup-node from 3.8.1 to 4.0.0 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.8.1 to 4.0.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](`5e21ff4d9b...8f152de45c`) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-major ... 5: Bump @babel/traverse from 7.22.5 to 7.23.2 Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.22.5 to 7.23.2. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-type: indirect ... Closes gh-5341 Closes gh-5349 Closes gh-5354 Closes gh-5355 Closes gh-5356 Closes gh-5363 Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-13 18:44:30 +01:00
Michał Gołębiowski-Owczarek	635cb152e7	Build: Don't run CI push workflows for dependabot branches Without this change, dependabot PRs run double checks - one set for the `push` part and one for the `pull_request` part. Closes gh-5353	2023-11-13 18:18:20 +01:00
dependabot[bot]	42e50f8c21	Build: Bump actions/checkout, actions/setup-node & github/codeql-action 1: Bump actions/checkout from 3.5.3 to 3.6.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 3.6.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`c85c95e3d7...f43a0e5ff2`) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... 2: Bump actions/setup-node from 3.6.0 to 3.8.1 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.6.0 to 3.8.1. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](`64ed1c7eab...5e21ff4d9b`) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... 3: Bump github/codeql-action from 2.20.1 to 2.21.5 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.1 to 2.21.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`f6e388ebf0...00e563ead9`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Closes gh-5311 Closes gh-5312 Closes gh-5313 Signed-off-by: dependabot[bot] <support@github.com>	2023-09-06 16:39:00 +02:00
dependabot[bot]	4a13266efd	Build: Bump github/codeql-action & actions/checkout 1: Bump github/codeql-action from 2.3.6 to 2.20.1 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.6 to 2.20.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`83f0fe6c49...f6e388ebf0`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... 2: Build: Bump actions/checkout from 3.5.2 to 3.5.3 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.2 to 3.5.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`8e5e7e5ab8...c85c95e3d7`) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Closes gh-5283 Closes gh-5284	2023-07-02 20:10:07 +02:00
Gabriela Gutierrez	784b9ba6e4	Build: Reference GitHub Actions by commit SHAs The SHAs are verified to come from the original repositories and not forks. For reference: https://github.com/github/codeql-action/releases/tag/v2.3.6 `83f0fe6c49` https://github.com/actions/checkout/releases/tag/v3.5.2 `8e5e7e5ab8` https://github.com/actions/cache/releases/tag/v3.3.1 `88522ab9f3` https://github.com/actions/setup-node/releases/tag/v3.6.0 `64ed1c7eab` Fixes gh-5266 Closes gh-5269 Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>	2023-06-13 23:22:07 +02:00
Alex	c909d6b1ff	Build: Limit permissions for GitHub workflows Add explicit permissions section[^1] to workflows. This is a security best practice because by default workflows run with extended set of permissions[^2] (except from `on: pull_request` from external forks[^3]. By specifying any permission explicitly all others are set to none. By using the principle of least privilege the damage a compromised workflow can do (because of an injection[^4] or compromised third party tool or action) is restricted. It is recommended to have most strict permissions on the top level[^5] and grant write permissions on job level[^6] on a case by case basis. [^1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions [^2]: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token [^3]: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ [^4]: https://securitylab.github.com/research/github-actions-untrusted-input/ [^5]: https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions [^6]: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs Closes gh-5119	2022-12-01 14:23:17 +01:00
Baoshuo Ren	016872ffe0	Docs: Remove git.io from a GitHub Actions comment All links on git.io are deprecated and may stop redirecting at a certain point. See https://github.blog/changelog/2022-04-25-git-io-deprecation/ Closes gh-5036	2022-07-12 17:27:04 +02:00
Michał Gołębiowski-Owczarek	52f452b2e8	Build: Update GitHub Actions * Build(deps): Bump github/codeql-action from 1 to 2 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... * Build(deps): Bump actions/cache from 2 to 3 Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... * Build(deps): Bump actions/setup-node from 2.1.2 to 3.3.0 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2.1.2 to 3.3.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v2.1.2...v3.3.0) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-major ... * Build(deps): Bump actions/checkout from 2 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Closes gh-5067	2022-06-27 18:53:31 +02:00
Timmy Willison	39c5778c64	build: set up periodic code scanning analysis	2020-06-25 17:32:02 -04:00

11 Commits