From 43160e3947ab8ced547ebe16d483be67bbd04608 Mon Sep 17 00:00:00 2001 From: Dan Harrin Date: Sat, 13 Jun 2026 18:19:11 +0100 Subject: [PATCH] Update security config --- .github/dependabot.yml | 33 +++++++++++++++++++------- .github/workflows/fix-code-style.yml | 4 ++-- .github/workflows/phpstan.yml | 4 ++-- .github/workflows/tests.yml | 4 ++-- .github/workflows/update-changelog.yml | 2 +- .github/workflows/zizmor.yml | 4 ++-- .gitignore | 1 - .npmrc | 1 + 8 files changed, 34 insertions(+), 19 deletions(-) create mode 100644 .npmrc diff --git a/.github/dependabot.yml b/.github/dependabot.yml index de6cf05..17286e9 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,16 +1,31 @@ -# Please see the documentation for all configuration options: -# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates - version: 2 updates: - - - package-ecosystem: "github-actions" - directory: "/" + - package-ecosystem: github-actions + directory: / schedule: - interval: "weekly" + interval: weekly open-pull-requests-limit: 10 cooldown: default-days: 7 labels: - - "dependencies" - - "github_actions" + - dependencies + + - package-ecosystem: composer + directory: / + schedule: + interval: weekly + open-pull-requests-limit: 0 + cooldown: + default-days: 7 + labels: + - dependencies + + - package-ecosystem: npm + directory: / + schedule: + interval: weekly + open-pull-requests-limit: 0 + cooldown: + default-days: 7 + labels: + - dependencies diff --git a/.github/workflows/fix-code-style.yml b/.github/workflows/fix-code-style.yml index 806706f..20cc43b 100644 --- a/.github/workflows/fix-code-style.yml +++ b/.github/workflows/fix-code-style.yml @@ -15,7 +15,7 @@ jobs: # persist-credentials: true is required so `git-auto-commit-action` below # can push the reformatted files back to the branch. - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # zizmor: ignore[artipacked] + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 # zizmor: ignore[artipacked] - name: Cache Composer dependencies uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 @@ -26,7 +26,7 @@ jobs: composer-cs- - name: Setup PHP - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 + uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # 2.37.1 with: php-version: 8.3 diff --git a/.github/workflows/phpstan.yml b/.github/workflows/phpstan.yml index 915cd0d..8a6a30d 100644 --- a/.github/workflows/phpstan.yml +++ b/.github/workflows/phpstan.yml @@ -30,7 +30,7 @@ jobs: php: 8.1 name: P${{ matrix.php }} - L${{ matrix.laravel }} - ${{ matrix.stability }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false @@ -52,7 +52,7 @@ jobs: phpstan-${{ matrix.php }}-${{ matrix.laravel }}- - name: Setup PHP - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 + uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # 2.37.1 with: php-version: ${{ matrix.php }} extensions: mbstring, pdo, pdo_sqlite diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 5a3d3fa..decf333 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -35,7 +35,7 @@ jobs: name: P${{ matrix.php }} - L${{ matrix.laravel }} - ${{ matrix.stability }} - ${{ matrix.os }} steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false @@ -49,7 +49,7 @@ jobs: composer-${{ matrix.os }}-${{ matrix.php }}- - name: Setup PHP - uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # 2.37.0 + uses: shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc # 2.37.1 with: php-version: ${{ matrix.php }} extensions: dom, curl, libxml, mbstring, zip, pcntl, pdo, sqlite, pdo_sqlite, bcmath, soap, intl, gd, exif, iconv, imagick, fileinfo diff --git a/.github/workflows/update-changelog.yml b/.github/workflows/update-changelog.yml index 09b951d..27204c1 100644 --- a/.github/workflows/update-changelog.yml +++ b/.github/workflows/update-changelog.yml @@ -15,7 +15,7 @@ jobs: # persist-credentials: true is required so `git-auto-commit-action` below # can push the CHANGELOG update. - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # zizmor: ignore[artipacked] + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 # zizmor: ignore[artipacked] with: ref: main diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index fb10097..d964f71 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -19,10 +19,10 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 with: persist-credentials: false - - uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3 + - uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 with: advanced-security: false diff --git a/.gitignore b/.gitignore index 8271e65..6e245f1 100644 --- a/.gitignore +++ b/.gitignore @@ -3,7 +3,6 @@ .phpunit.result.cache .vscode build -composer.lock coverage docs node_modules diff --git a/.npmrc b/.npmrc new file mode 100644 index 0000000..7253a5c --- /dev/null +++ b/.npmrc @@ -0,0 +1 @@ +min-release-age=7