Skip to content

Bump the major group across 1 directory with 7 updates #1408

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the major group across 1 directory with 7 updates #1408

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .github/workflows/cargo-build-stable.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,25 +19,25 @@
- 'spec.json'
name: cargo build (stable)
jobs:
cargobuild:

Check warning on line 22 in .github/workflows/cargo-build-stable.yml

View workflow job for this annotation

GitHub Actions / zizmor

excessive-permissions 

cargo-build-stable.yml:22: overly broad permissions: default permissions used due to no permissions: block
name: cargo build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master

Check warning on line 26 in .github/workflows/cargo-build-stable.yml

View workflow job for this annotation

GitHub Actions / zizmor

artipacked 

cargo-build-stable.yml:26: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- name: Install latest rust
uses: dtolnay/rust-toolchain@stable
- name: Cache cargo registry
uses: actions/cache@v4
uses: actions/cache@v5
with:
path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
- name: Cache cargo index
uses: actions/cache@v4
uses: actions/cache@v5
with:
path: ~/.cargo/git
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
- name: Cache cargo build
uses: actions/cache@v4
uses: actions/cache@v5
with:
path: target
key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/cargo-clippy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,27 +12,27 @@
pull_request:
name: cargo clippy
jobs:
cargoclippy:

Check warning on line 15 in .github/workflows/cargo-clippy.yml

View workflow job for this annotation

GitHub Actions / zizmor

excessive-permissions 

cargo-clippy.yml:15: overly broad permissions: default permissions used due to no permissions: block
name: cargo clippy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master

Check warning on line 19 in .github/workflows/cargo-clippy.yml

View workflow job for this annotation

GitHub Actions / zizmor

artipacked 

cargo-clippy.yml:19: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- name: Install latest rust
uses: dtolnay/rust-toolchain@stable
with:
components: clippy
- name: Cache cargo registry
uses: actions/cache@v4
uses: actions/cache@v5
with:
path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
- name: Cache cargo index
uses: actions/cache@v4
uses: actions/cache@v5
with:
path: ~/.cargo/git
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
- name: Cache cargo build
uses: actions/cache@v4
uses: actions/cache@v5
with:
path: target
key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/cargo-fmt.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
name: cargo fmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6

Check warning on line 23 in .github/workflows/cargo-fmt.yml

View workflow job for this annotation

GitHub Actions / zizmor

artipacked 

cargo-fmt.yml:23: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false

- name: Install latest rust
uses: dtolnay/rust-toolchain@stable
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/cargo-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,24 +23,24 @@
name: cargo test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master

Check warning on line 26 in .github/workflows/cargo-test.yml

View workflow job for this annotation

GitHub Actions / zizmor

artipacked 

cargo-test.yml:26: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- name: Install latest rust
uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
override: true
- name: Cache cargo registry
uses: actions/cache@v4
uses: actions/cache@v5
with:
path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
- name: Cache cargo index
uses: actions/cache@v4
uses: actions/cache@v5
with:
path: ~/.cargo/git
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
- name: Cache cargo build
uses: actions/cache@v4
uses: actions/cache@v5
with:
path: target
key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/flakehub.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ jobs:
id-token: "write"
contents: "read"
steps:
- uses: "actions/checkout@v5"
- uses: "actions/checkout@v6"
with:
persist-credentials: false
- uses: "DeterminateSystems/determinate-nix-action@v3"
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/generate-website-docs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,25 +11,25 @@
group: docs-${{ github.ref }}
cancel-in-progress: true
jobs:
generate-website-docs:

Check warning on line 14 in .github/workflows/generate-website-docs.yml

View workflow job for this annotation

GitHub Actions / zizmor

excessive-permissions 

generate-website-docs.yml:14: overly broad permissions: default permissions used due to no permissions: block
name: make-release
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6

Check warning on line 18 in .github/workflows/generate-website-docs.yml

View workflow job for this annotation

GitHub Actions / zizmor

artipacked 

generate-website-docs.yml:18: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- name: Install latest rust
uses: dtolnay/rust-toolchain@stable
- name: Cache cargo registry
uses: actions/cache@v4
uses: actions/cache@v5

Check failure on line 22 in .github/workflows/generate-website-docs.yml

View workflow job for this annotation

GitHub Actions / zizmor

cache-poisoning 

generate-website-docs.yml:22: runtime artifacts potentially vulnerable to a cache poisoning attack: cache enabled by default here
with:
path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
- name: Cache cargo index
uses: actions/cache@v4
uses: actions/cache@v5

Check failure on line 27 in .github/workflows/generate-website-docs.yml

View workflow job for this annotation

GitHub Actions / zizmor

cache-poisoning 

generate-website-docs.yml:27: runtime artifacts potentially vulnerable to a cache poisoning attack: cache enabled by default here
with:
path: ~/.cargo/git
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
- name: Cache cargo build
uses: actions/cache@v4
uses: actions/cache@v5

Check failure on line 32 in .github/workflows/generate-website-docs.yml

View workflow job for this annotation

GitHub Actions / zizmor

cache-poisoning 

generate-website-docs.yml:32: runtime artifacts potentially vulnerable to a cache poisoning attack: cache enabled by default here
with:
path: target
key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}
Expand All @@ -49,7 +49,7 @@
private-key: ${{ secrets.GH_ORG_APP_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
# Checkout the docs repo since we will want to update the files there.
- uses: actions/checkout@v4
- uses: actions/checkout@v6

Check warning on line 52 in .github/workflows/generate-website-docs.yml

View workflow job for this annotation

GitHub Actions / zizmor

artipacked 

generate-website-docs.yml:52: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
with:
repository: 'kittycad/documentation'
path: 'docs'
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/make-cross.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
name: make cross
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@master

Check warning on line 26 in .github/workflows/make-cross.yml

View workflow job for this annotation

GitHub Actions / zizmor

artipacked 

make-cross.yml:26: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- name: Install latest nightly
uses: dtolnay/rust-toolchain@stable
- if: ${{ matrix.os == 'ubuntu-latest' }}
Expand All @@ -39,17 +39,17 @@
coreutils \
jq
- name: Cache cargo registry
uses: actions/cache@v4
uses: actions/cache@v5
with:
path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
- name: Cache cargo index
uses: actions/cache@v4
uses: actions/cache@v5
with:
path: ~/.cargo/git
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
- name: Cache cargo build
uses: actions/cache@v4
uses: actions/cache@v5
with:
path: target
key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}
Expand Down
36 changes: 18 additions & 18 deletions .github/workflows/make-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
tags:
- v*
permissions:
contents: write

Check failure on line 6 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

excessive-permissions 

make-release.yml:6: overly broad permissions: contents: write is overly broad at the workflow level
name: make-release
jobs:
makerelease:
Expand All @@ -13,13 +13,13 @@
name: make release
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v2.1.11'
uses: 'google-github-actions/auth@v3.0.0'
with:
credentials_json: '${{ secrets.GOOGLE_CLOUD_DL_SA }}'
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v2.1.5
uses: google-github-actions/setup-gcloud@v3.0.1
with:
project_id: kittycadapi
- name: Install latest nightly
Expand All @@ -39,17 +39,17 @@

cargo install toml-cli
- name: Cache cargo registry
uses: actions/cache@v4
uses: actions/cache@v5

Check failure on line 42 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

cache-poisoning 

make-release.yml:42: runtime artifacts potentially vulnerable to a cache poisoning attack: cache enabled by default here
with:
path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
- name: Cache cargo index
uses: actions/cache@v4
uses: actions/cache@v5

Check failure on line 47 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

cache-poisoning 

make-release.yml:47: runtime artifacts potentially vulnerable to a cache poisoning attack: cache enabled by default here
with:
path: ~/.cargo/git
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
- name: Cache cargo build
uses: actions/cache@v4
uses: actions/cache@v5

Check failure on line 52 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

cache-poisoning 

make-release.yml:52: runtime artifacts potentially vulnerable to a cache poisoning attack: cache enabled by default here
with:
path: target
key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}
Expand All @@ -65,22 +65,22 @@
export VERSION=v$(toml get Cargo.toml package.version | jq -r .)
mkdir -p releases/$(basename $(pwd))
cp -r cross releases/$(basename $(pwd))/${VERSION}
cp cross/README.md cross/${{matrix.os}}-${{github.ref_name}}-README.md

Check failure on line 68 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

template-injection 

make-release.yml:68: code injection via template expansion: may expand into attacker-controllable code
- name: 'upload binary files'
id: upload-files
uses: google-github-actions/upload-cloud-storage@v2.2.3
uses: google-github-actions/upload-cloud-storage@v3.0.0
with:
path: releases
destination: dl.kittycad.io
# Store the binary artifacts for retrival later.
- name: Upload artifacts
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v6
with:
name: release-${{ matrix.os }}-${{github.ref_name}}
path: ./cross
# Store the readme as an artifact so we can combine the two.
- name: Archive the README.md data
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v6
with:
name: ${{matrix.os}}-${{github.ref_name}}-README.md
path: ${{github.workspace}}/cross/${{matrix.os}}-${{github.ref_name}}-README.md
Expand All @@ -89,21 +89,21 @@
needs: [makerelease]
name: createrelease
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Install latest nightly
uses: dtolnay/rust-toolchain@stable
- uses: actions/download-artifact@v4
- uses: actions/download-artifact@v7
with:
name: release-macos-latest-${{github.ref_name}}
path: build
- uses: actions/download-artifact@v4
- uses: actions/download-artifact@v7
with:
name: release-ubuntu-latest-${{github.ref_name}}
path: build
- uses: actions/download-artifact@v4
- uses: actions/download-artifact@v7
with:
name: ubuntu-latest-${{github.ref_name}}-README.md
- uses: actions/download-artifact@v4
- uses: actions/download-artifact@v7
with:
name: macos-latest-${{github.ref_name}}-README.md
- name: combine readmes
Expand All @@ -112,8 +112,8 @@
ls -la
echo 'These instructions are meant as an easy way to install. Note: you likely need to install `coreutils` in order to have the `sha256sum` command.' > release.md
echo "" >> release.md
cat macos-latest-${{github.ref_name}}-README.md \

Check failure on line 115 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

template-injection 

make-release.yml:115: code injection via template expansion: may expand into attacker-controllable code
ubuntu-latest-${{github.ref_name}}-README.md \

Check failure on line 116 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

template-injection 

make-release.yml:116: code injection via template expansion: may expand into attacker-controllable code
>> release.md
rm build/*-README.md
rm build/README.md
Expand Down Expand Up @@ -145,11 +145,11 @@
steps:
- uses: actions/checkout@master
- name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v2.1.11'
uses: 'google-github-actions/auth@v3.0.0'
with:
credentials_json: '${{ secrets.GOOGLE_CLOUD_DL_SA }}'
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v2.1.5
uses: google-github-actions/setup-gcloud@v3.0.1
with:
project_id: kittycadapi
- name: Install deps
Expand Down Expand Up @@ -217,7 +217,7 @@
cp -r homebrew releases/$(basename $(pwd))/${VERSION}
- name: 'upload binary files'
id: upload-files
uses: google-github-actions/upload-cloud-storage@v2.2.3
uses: google-github-actions/upload-cloud-storage@v3.0.0
with:
path: releases
destination: dl.kittycad.io
Expand All @@ -228,7 +228,7 @@
app-id: ${{ secrets.GH_ORG_APP_ID }}
private-key: ${{ secrets.GH_ORG_APP_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- uses: actions/checkout@v4
- uses: actions/checkout@v6
with:
repository: 'kittycad/homebrew-kittycad'
path: 'homebrew-kittycad'
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/nix.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
nix-flake-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
with:
submodules: recursive

Expand All @@ -28,7 +28,7 @@ jobs:
nix-build-linux:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
with:
submodules: recursive

Expand All @@ -42,7 +42,7 @@ jobs:
nix-build-macos:
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
with:
submodules: recursive

Expand Down
Loading