Skip to content

Bump the major group across 1 directory with 6 updates #307

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
dependabot wants to merge 1 commit into from
Closed

Bump the major group across 1 directory with 6 updates #307

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/cargo-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
# Remove this when it no longer FTBFS on `ring` in CI.
CARGO_PROFILE_TEST_BUILD_OVERRIDE_DEBUG: true
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6

Check warning on line 34 in .github/workflows/cargo-build.yml

View workflow job for this annotation

GitHub Actions / zizmor

artipacked 

cargo-build.yml:34: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- uses: actions-rust-lang/setup-rust-toolchain@v1
- name: Install dependencies
run: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/cargo-clippy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
- "openapi/*.json"
name: cargo clippy
jobs:
cargoclippy:

Check warning on line 22 in .github/workflows/cargo-clippy.yml

View workflow job for this annotation

GitHub Actions / zizmor

excessive-permissions 

cargo-clippy.yml:22: overly broad permissions: default permissions used due to no permissions: block
name: cargo clippy
runs-on: ubuntu-latest
env:
Expand All @@ -30,7 +30,7 @@
# Remove this when it no longer FTBFS on `ring` in CI.
CARGO_PROFILE_TEST_BUILD_OVERRIDE_DEBUG: true
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6

Check warning on line 33 in .github/workflows/cargo-clippy.yml

View workflow job for this annotation

GitHub Actions / zizmor

artipacked 

cargo-clippy.yml:33: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- uses: actions-rust-lang/setup-rust-toolchain@v1
with:
components: clippy
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/cargo-fmt.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
# Remove this when it no longer FTBFS on `ring` in CI.
CARGO_PROFILE_TEST_BUILD_OVERRIDE_DEBUG: true
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6

Check warning on line 34 in .github/workflows/cargo-fmt.yml

View workflow job for this annotation

GitHub Actions / zizmor

artipacked 

cargo-fmt.yml:34: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- uses: actions-rust-lang/setup-rust-toolchain@v1
with:
components: rustfmt
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/cargo-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
# Remove this when it no longer FTBFS on `ring` in CI.
CARGO_PROFILE_TEST_BUILD_OVERRIDE_DEBUG: true
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6

Check warning on line 31 in .github/workflows/cargo-test.yml

View workflow job for this annotation

GitHub Actions / zizmor

artipacked 

cargo-test.yml:31: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- uses: actions-rust-lang/setup-rust-toolchain@v1
- uses: taiki-e/install-action@cargo-llvm-cov
- uses: taiki-e/install-action@nextest
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/make-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
tags:
- v*
permissions:
contents: write

Check failure on line 6 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

excessive-permissions 

make-release.yml:6: overly broad permissions: contents: write is overly broad at the workflow level
name: make-release
jobs:
makerelease:
Expand All @@ -13,13 +13,13 @@
name: make release
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6

Check warning on line 16 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

artipacked 

make-release.yml:16: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v2.1.7'
uses: 'google-github-actions/auth@v3.0.0'
with:
credentials_json: '${{ secrets.GOOGLE_CLOUD_DL_SA }}'
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v2.1.2
uses: google-github-actions/setup-gcloud@v3.0.1
with:
project_id: zooapi
- name: Install latest nightly
Expand All @@ -41,17 +41,17 @@

cargo install toml-cli
- name: Cache cargo registry
uses: actions/cache@v4

Check failure on line 44 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

cache-poisoning 

make-release.yml:44: runtime artifacts potentially vulnerable to a cache poisoning attack: cache enabled by default here
with:
path: ~/.cargo/registry
key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
- name: Cache cargo index
uses: actions/cache@v4

Check failure on line 49 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

cache-poisoning 

make-release.yml:49: runtime artifacts potentially vulnerable to a cache poisoning attack: cache enabled by default here
with:
path: ~/.cargo/git
key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
- name: Cache cargo build
uses: actions/cache@v4

Check failure on line 54 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

cache-poisoning 

make-release.yml:54: runtime artifacts potentially vulnerable to a cache poisoning attack: cache enabled by default here
with:
path: target
key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}
Expand All @@ -67,10 +67,10 @@
export VERSION=v$(toml get Cargo.toml package.version | jq -r .)
mkdir -p releases/$(basename $(pwd))
cp -r cross releases/$(basename $(pwd))/${VERSION}
cp cross/README.md cross/${{matrix.os}}-${{github.ref_name}}-README.md

Check failure on line 70 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

template-injection 

make-release.yml:70: code injection via template expansion: may expand into attacker-controllable code
- name: 'upload binary files'
id: upload-files
uses: google-github-actions/upload-cloud-storage@v2.2.1
uses: google-github-actions/upload-cloud-storage@v3.0.0
with:
path: releases
destination: dl.kittycad.io
Expand All @@ -91,7 +91,7 @@
needs: [makerelease]
name: createrelease
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6

Check warning on line 94 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

artipacked 

make-release.yml:94: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
- name: Install latest nightly
uses: dtolnay/rust-toolchain@stable
- uses: actions/download-artifact@v4
Expand All @@ -114,8 +114,8 @@
ls -la
echo 'These instructions are meant as an easy way to install. Note: you likely need to install `coreutils` in order to have the `sha256sum` command.' > release.md
echo "" >> release.md
cat macos-latest-${{github.ref_name}}-README.md \

Check failure on line 117 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

template-injection 

make-release.yml:117: code injection via template expansion: may expand into attacker-controllable code
ubuntu-latest-${{github.ref_name}}-README.md \

Check failure on line 118 in .github/workflows/make-release.yml

View workflow job for this annotation

GitHub Actions / zizmor

template-injection 

make-release.yml:118: code injection via template expansion: may expand into attacker-controllable code
>> release.md
rm build/*-README.md
rm build/README.md
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/update-spec-for-repos.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,22 +13,22 @@
group: repos-spec-${{ github.ref }}
cancel-in-progress: true
jobs:
update-spec:

Check warning on line 16 in .github/workflows/update-spec-for-repos.yml

View workflow job for this annotation

GitHub Actions / zizmor

excessive-permissions 

update-spec-for-repos.yml:16: overly broad permissions: default permissions used due to no permissions: block
strategy:
matrix:
repo: [modeling-app]
runs-on: ubuntu-latest
steps:
- uses: actions/create-github-app-token@v1
- uses: actions/create-github-app-token@v2
id: app-token
with:
# required
app-id: ${{ secrets.GH_ORG_APP_ID }}
private-key: ${{ secrets.GH_ORG_APP_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
- uses: actions/checkout@v4
- uses: actions/checkout@v6

Check warning on line 29 in .github/workflows/update-spec-for-repos.yml

View workflow job for this annotation

GitHub Actions / zizmor

artipacked 

update-spec-for-repos.yml:29: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
# Checkout the repo since we will want to update the file there.
- uses: actions/checkout@v4
- uses: actions/checkout@v6

Check warning on line 31 in .github/workflows/update-spec-for-repos.yml

View workflow job for this annotation

GitHub Actions / zizmor

artipacked 

update-spec-for-repos.yml:31: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
with:
repository: 'kittycad/${{ matrix.repo }}'
path: ${{ matrix.repo }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/validate-openapi-spec.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@ jobs:
format:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4.1.0
- uses: actions/checkout@v6
- uses: actions/setup-node@v6.1.0
with:
node-version: '18'
- name: Install our tools
Expand Down
Loading