Movatterモバイル変換

Skip to content

github/stack-graphsPublic

NotificationsYou must be signed in to change notification settings
Fork151
Star832

Commitd0b5947

hendrikvanantwerpen

hendrikvanantwerpen

authored

Merge pull request#477 from github/hendrikvanantwerpen/vulns

Fix actions vulnerabilities

2 parents2f261d4 +3a596d8 commitd0b5947Copy full SHA for d0b5947

File tree

10 files changed

+51

-21

lines changed

.github
- CODEOWNERS
- workflows

10 files changed

+51

-21

lines changed

`‎.github/CODEOWNERS`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-*@github/semantic-code`
	`1`	`+*@github/semantic-code@github/blackbird`

`‎.github/workflows/ci.yml`

Lines changed: 8 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,11 +1,15 @@`
`1`	`1`	`name:Continuous integration`
	`2`	`+`
`2`	`3`	`on:`
`3`	`4`	`push:`
`4`	`5`	`branches:[main]`
`5`	`6`	`pull_request:`
`6`	`7`	`schedule:`
`7`	`8`	`-cron:"0 0 1,15 * *"`
`8`	`9`
	`10`	`+permissions:`
	`11`	`+contents:read`
	`12`	`+`
`9`	`13`	`# In the event that there is a new push to the ref, cancel any running jobs because there are now obsolete, and wasting resources.`
`10`	`14`	`concurrency:`
`11`	`15`	`group:${{ github.workflow }}-${{ github.ref }}`
`@@ -23,7 +27,7 @@ jobs:`
`23`	`27`
`24`	`28`	`steps:`
`25`	`29`	`-name:Install Rust environment`
`26`		`-uses:hecrj/setup-rust-action@v1`
	`30`	`+uses:hecrj/setup-rust-action@110f36749599534ca96628b82f52ae67e5d95a3c# v2`
`27`	`31`	`with:`
`28`	`32`	`rust-version:${{ matrix.rust }}`
`29`	`33`	`-name:Install cargo-hack`
`@@ -75,7 +79,7 @@ jobs:`
`75`	`79`
`76`	`80`	`steps:`
`77`	`81`	`-name:Install Rust environment`
`78`		`-uses:hecrj/setup-rust-action@v1`
	`82`	`+uses:hecrj/setup-rust-action@110f36749599534ca96628b82f52ae67e5d95a3c# v2`
`79`	`83`	`with:`
`80`	`84`	`rust-version:${{ matrix.rust }}`
`81`	`85`	`-name:Checkout code`
`@@ -116,7 +120,7 @@ jobs:`
`116`	`120`
`117`	`121`	`steps:`
`118`	`122`	`-name:Install Rust environment`
`119`		`-uses:hecrj/setup-rust-action@v1`
	`123`	`+uses:hecrj/setup-rust-action@110f36749599534ca96628b82f52ae67e5d95a3c# v2`
`120`	`124`	`with:`
`121`	`125`	`rust-version:${{ matrix.rust }}`
`122`	`126`	`-name:Install cargo-hack`
`@@ -148,7 +152,7 @@ jobs:`
`148`	`152`
`149`	`153`	`steps:`
`150`	`154`	`-name:Install Rust environment`
`151`		`-uses:hecrj/setup-rust-action@v1`
	`155`	`+uses:hecrj/setup-rust-action@110f36749599534ca96628b82f52ae67e5d95a3c# v2`
`152`	`156`	`with:`
`153`	`157`	`rust-version:${{ matrix.rust }}`
`154`	`158`	`-name:Cache dependencies`

`‎.github/workflows/perf.yml`

Lines changed: 7 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,9 +1,14 @@`
`1`	`1`	`name:Performance testing`
	`2`	`+`
`2`	`3`	`on:`
`3`	`4`	`pull_request:`
`4`	`5`	`paths:`
`5`	`6`	`-'stack-graphs/**'`
`6`	`7`
	`8`	`+permissions:`
	`9`	`+contents:read`
	`10`	`+pull-requests:write`
	`11`	`+`
`7`	`12`	`# In the event that there is a new push to the ref, cancel any running jobs because there are now obsolete, and wasting resources.`
`8`	`13`	`concurrency:`
`9`	`14`	`group:${{ github.workflow }}-${{ github.ref }}`
`@@ -79,7 +84,7 @@ jobs:`
`79`	`84`	`BASE_SHA:${{ needs.changes.outputs.base-sha }}`
`80`	`85`	`steps:`
`81`	`86`	`-name:Install Rust environment`
`82`		`-uses:hecrj/setup-rust-action@v1`
	`87`	`+uses:hecrj/setup-rust-action@110f36749599534ca96628b82f52ae67e5d95a3c# v2`
`83`	`88`	`with:`
`84`	`89`	`rust-version:stable`
`85`	`90`	`-name:Cache Rust dependencies`
`@@ -148,7 +153,7 @@ jobs:`
`148`	`153`	`HEAD_SHA:${{ needs.changes.outputs.head-sha }}`
`149`	`154`	`steps:`
`150`	`155`	`-name:Install Rust environment`
`151`		`-uses:hecrj/setup-rust-action@v1`
	`156`	`+uses:hecrj/setup-rust-action@110f36749599534ca96628b82f52ae67e5d95a3c# v2`
`152`	`157`	`with:`
`153`	`158`	`rust-version:stable`
`154`	`159`	`-name:Cache Rust dependencies`

`‎.github/workflows/publish-lsp-positions.yml`

Lines changed: 5 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,9 @@ on:`
`5`	`5`	`tags:`
`6`	`6`	`-lsp-positions-v*`
`7`	`7`
	`8`	`+permissions:`
	`9`	`+contents:write`
	`10`	`+`
`8`	`11`	`jobs:`
`9`	`12`	`publish-crate:`
`10`	`13`	`runs-on:ubuntu-latest`
`@@ -14,7 +17,7 @@ jobs:`
`14`	`17`	`CRATE_DIR:'./lsp-positions'`
`15`	`18`	`steps:`
`16`	`19`	`-name:Install Rust environment`
`17`		`-uses:hecrj/setup-rust-action@v1`
	`20`	`+uses:hecrj/setup-rust-action@110f36749599534ca96628b82f52ae67e5d95a3c# v2`
`18`	`21`	`-name:Checkout repository`
`19`	`22`	`uses:actions/checkout@v4`
`20`	`23`	`# TODO Verify the crate version matches the tag`
`@@ -38,7 +41,7 @@ jobs:`
`38`	`41`	`-name:Checkout repository`
`39`	`42`	`uses:actions/checkout@v4`
`40`	`43`	`-name:Create GitHub release`
`41`		`-uses:ncipollo/release-action@v1`
	`44`	`+uses:ncipollo/release-action@440c8c1cb0ed28b9f43e4d1d670870f059653174#v1`
`42`	`45`	`with:`
`43`	`46`	`body:\|`
`44`	`47`	`Find more info on all releases at https://crates.io/crates/lsp-positions.`

`‎.github/workflows/publish-stack-graphs.yml`

Lines changed: 5 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,9 @@ on:`
`5`	`5`	`tags:`
`6`	`6`	`-stack-graphs-v*`
`7`	`7`
	`8`	`+permissions:`
	`9`	`+contents:write`
	`10`	`+`
`8`	`11`	`jobs:`
`9`	`12`	`publish-crate:`
`10`	`13`	`runs-on:ubuntu-latest`
`@@ -14,7 +17,7 @@ jobs:`
`14`	`17`	`CRATE_DIR:'./stack-graphs'`
`15`	`18`	`steps:`
`16`	`19`	`-name:Install Rust environment`
`17`		`-uses:hecrj/setup-rust-action@v1`
	`20`	`+uses:hecrj/setup-rust-action@110f36749599534ca96628b82f52ae67e5d95a3c# v2`
`18`	`21`	`-name:Checkout repository`
`19`	`22`	`uses:actions/checkout@v4`
`20`	`23`	`# TODO Verify the crate version matches the tag`
`@@ -38,7 +41,7 @@ jobs:`
`38`	`41`	`-name:Checkout repository`
`39`	`42`	`uses:actions/checkout@v4`
`40`	`43`	`-name:Create GitHub release`
`41`		`-uses:ncipollo/release-action@v1`
	`44`	`+uses:ncipollo/release-action@440c8c1cb0ed28b9f43e4d1d670870f059653174#v1`
`42`	`45`	`with:`
`43`	`46`	`body:\|`
`44`	`47`	`Find more info on all releases at https://crates.io/crates/stack-graphs.`

`‎.github/workflows/publish-tree-sitter-stack-graphs-java.yml`

Lines changed: 5 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,9 @@ on:`
`5`	`5`	`tags:`
`6`	`6`	`-tree-sitter-stack-graphs-java-v*`
`7`	`7`
	`8`	`+permissions:`
	`9`	`+contents:write`
	`10`	`+`
`8`	`11`	`jobs:`
`9`	`12`	`publish-crate:`
`10`	`13`	`runs-on:ubuntu-latest`
`@@ -14,7 +17,7 @@ jobs:`
`14`	`17`	`CRATE_DIR:'./languages/tree-sitter-stack-graphs-java'`
`15`	`18`	`steps:`
`16`	`19`	`-name:Install Rust environment`
`17`		`-uses:hecrj/setup-rust-action@v1`
	`20`	`+uses:hecrj/setup-rust-action@110f36749599534ca96628b82f52ae67e5d95a3c# v2`
`18`	`21`	`-name:Checkout repository`
`19`	`22`	`uses:actions/checkout@v4`
`20`	`23`	`# TODO Verify the crate version matches the tag`
`@@ -38,7 +41,7 @@ jobs:`
`38`	`41`	`-name:Checkout repository`
`39`	`42`	`uses:actions/checkout@v4`
`40`	`43`	`-name:Create GitHub release`
`41`		`-uses:ncipollo/release-action@v1`
	`44`	`+uses:ncipollo/release-action@440c8c1cb0ed28b9f43e4d1d670870f059653174#v1`
`42`	`45`	`with:`
`43`	`46`	`body:\|`
`44`	`47`	`Find more info on all releases at https://crates.io/crates/tree-sitter-stack-graphs-java.`

`‎.github/workflows/publish-tree-sitter-stack-graphs-javascript.yml`

Lines changed: 5 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,9 @@ on:`
`5`	`5`	`tags:`
`6`	`6`	`-tree-sitter-stack-graphs-javascript-v*`
`7`	`7`
	`8`	`+permissions:`
	`9`	`+contents:write`
	`10`	`+`
`8`	`11`	`jobs:`
`9`	`12`	`publish-crate:`
`10`	`13`	`runs-on:ubuntu-latest`
`@@ -14,7 +17,7 @@ jobs:`
`14`	`17`	`CRATE_DIR:'./languages/tree-sitter-stack-graphs-javascript'`
`15`	`18`	`steps:`
`16`	`19`	`-name:Install Rust environment`
`17`		`-uses:hecrj/setup-rust-action@v1`
	`20`	`+uses:hecrj/setup-rust-action@110f36749599534ca96628b82f52ae67e5d95a3c# v2`
`18`	`21`	`-name:Checkout repository`
`19`	`22`	`uses:actions/checkout@v4`
`20`	`23`	`# TODO Verify the crate version matches the tag`
`@@ -38,7 +41,7 @@ jobs:`
`38`	`41`	`-name:Checkout repository`
`39`	`42`	`uses:actions/checkout@v4`
`40`	`43`	`-name:Create GitHub release`
`41`		`-uses:ncipollo/release-action@v1`
	`44`	`+uses:ncipollo/release-action@440c8c1cb0ed28b9f43e4d1d670870f059653174#v1`
`42`	`45`	`with:`
`43`	`46`	`body:\|`
`44`	`47`	`Find more info on all releases at https://crates.io/crates/tree-sitter-stack-graphs-javascript.`

`‎.github/workflows/publish-tree-sitter-stack-graphs-python.yml`

Lines changed: 5 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,9 @@ on:`
`5`	`5`	`tags:`
`6`	`6`	`-tree-sitter-stack-graphs-python-v*`
`7`	`7`
	`8`	`+permissions:`
	`9`	`+contents:write`
	`10`	`+`
`8`	`11`	`jobs:`
`9`	`12`	`publish-crate:`
`10`	`13`	`runs-on:ubuntu-latest`
`@@ -14,7 +17,7 @@ jobs:`
`14`	`17`	`CRATE_DIR:'./languages/tree-sitter-stack-graphs-python'`
`15`	`18`	`steps:`
`16`	`19`	`-name:Install Rust environment`
`17`		`-uses:hecrj/setup-rust-action@v1`
	`20`	`+uses:hecrj/setup-rust-action@110f36749599534ca96628b82f52ae67e5d95a3c# v2`
`18`	`21`	`-name:Checkout repository`
`19`	`22`	`uses:actions/checkout@v4`
`20`	`23`	`# TODO Verify the crate version matches the tag`
`@@ -38,7 +41,7 @@ jobs:`
`38`	`41`	`-name:Checkout repository`
`39`	`42`	`uses:actions/checkout@v4`
`40`	`43`	`-name:Create GitHub release`
`41`		`-uses:ncipollo/release-action@v1`
	`44`	`+uses:ncipollo/release-action@440c8c1cb0ed28b9f43e4d1d670870f059653174#v1`
`42`	`45`	`with:`
`43`	`46`	`body:\|`
`44`	`47`	`Find more info on all releases at https://crates.io/crates/tree-sitter-stack-graphs-python.`

`‎.github/workflows/publish-tree-sitter-stack-graphs-typescript.yml`

Lines changed: 5 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,9 @@ on:`
`5`	`5`	`tags:`
`6`	`6`	`-tree-sitter-stack-graphs-typescript-v*`
`7`	`7`
	`8`	`+permissions:`
	`9`	`+contents:write`
	`10`	`+`
`8`	`11`	`jobs:`
`9`	`12`	`publish-crate:`
`10`	`13`	`runs-on:ubuntu-latest`
`@@ -14,7 +17,7 @@ jobs:`
`14`	`17`	`CRATE_DIR:'./languages/tree-sitter-stack-graphs-typescript'`
`15`	`18`	`steps:`
`16`	`19`	`-name:Install Rust environment`
`17`		`-uses:hecrj/setup-rust-action@v1`
	`20`	`+uses:hecrj/setup-rust-action@110f36749599534ca96628b82f52ae67e5d95a3c# v2`
`18`	`21`	`-name:Checkout repository`
`19`	`22`	`uses:actions/checkout@v4`
`20`	`23`	`# TODO Verify the crate version matches the tag`
`@@ -38,7 +41,7 @@ jobs:`
`38`	`41`	`-name:Checkout repository`
`39`	`42`	`uses:actions/checkout@v4`
`40`	`43`	`-name:Create GitHub release`
`41`		`-uses:ncipollo/release-action@v1`
	`44`	`+uses:ncipollo/release-action@440c8c1cb0ed28b9f43e4d1d670870f059653174#v1`
`42`	`45`	`with:`
`43`	`46`	`body:\|`
`44`	`47`	`Find more info on all releases at https://crates.io/crates/tree-sitter-stack-graphs-typescript.`

`‎.github/workflows/publish-tree-sitter-stack-graphs.yml`

Lines changed: 5 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,9 @@ on:`
`5`	`5`	`tags:`
`6`	`6`	`-tree-sitter-stack-graphs-v*`
`7`	`7`
	`8`	`+permissions:`
	`9`	`+contents:write`
	`10`	`+`
`8`	`11`	`jobs:`
`9`	`12`	`publish-crate:`
`10`	`13`	`runs-on:ubuntu-latest`
`@@ -14,7 +17,7 @@ jobs:`
`14`	`17`	`CRATE_DIR:'./tree-sitter-stack-graphs'`
`15`	`18`	`steps:`
`16`	`19`	`-name:Install Rust environment`
`17`		`-uses:hecrj/setup-rust-action@v1`
	`20`	`+uses:hecrj/setup-rust-action@110f36749599534ca96628b82f52ae67e5d95a3c# v2`
`18`	`21`	`-name:Checkout repository`
`19`	`22`	`uses:actions/checkout@v4`
`20`	`23`	`# TODO Verify the crate version matches the tag`
`@@ -38,7 +41,7 @@ jobs:`
`38`	`41`	`-name:Checkout repository`
`39`	`42`	`uses:actions/checkout@v4`
`40`	`43`	`-name:Create GitHub release`
`41`		`-uses:ncipollo/release-action@v1`
	`44`	`+uses:ncipollo/release-action@440c8c1cb0ed28b9f43e4d1d670870f059653174#v1`
`42`	`45`	`with:`
`43`	`46`	`body:\|`
`44`	`47`	`Find more info on all releases at https://crates.io/crates/tree-sitter-stack-graphs.`

0 commit comments

Comments

(0)

[8]ページ先頭

©2009-2025 Movatter.jp