github/ohmyzsh
1
0
Fork 0
mirror of https://github.com/ohmyzsh/ohmyzsh.git synced 2025-11-04 13:21:19 +08:00
Code Issues Projects Releases Wiki Activity
7,620 Commits 1 Branch 0 Tags
Commit Graph

167 Commits

Author SHA1 Message Date
dependabot[bot]
ac92582961
chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#13378) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-21 11:33:03 +03:00
dependabot[bot]
1672a12704
chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 (#13376) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-21 11:29:15 +03:00
dependabot[bot]
064f0c1d0a
chore(deps): bump idna in /.github/workflows/dependencies (#13377) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-21 11:28:57 +03:00
dependabot[bot]
c5f64018ff
chore(deps): bump github/codeql-action from 3.30.6 to 4.30.8 (#13364) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-13 11:57:33 +02:00
dependabot[bot]
c6482fa5be
chore(deps): bump github/codeql-action from 3.30.5 to 3.30.6 (#13351) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-06 09:21:58 +02:00
dependabot[bot]
d4cb4f249c
chore(deps): bump certifi in /.github/workflows/dependencies (#13353) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-06 09:21:45 +02:00
dependabot[bot]
182dfdf210
chore(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 (#13352) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-06 09:21:34 +02:00
dependabot[bot]
9ac3b895d4
chore(deps): bump pyyaml in /.github/workflows/dependencies (#13337) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-29 08:31:23 +02:00
dependabot[bot]
e7528a5b37
chore(deps): bump github/codeql-action from 3.30.3 to 3.30.5 (#13336) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-29 08:27:53 +02:00
Marc Cornellà
242e2faa51
ci: improve security in project.yml workflow (#13329) 
There is no inherent security vulnerability in the workflow, but there were
certain practices that increased latent risk. In this commit, we:

- Explicitly bind app token for each step that needs it, instead of setting it for
  all steps after "Store app token"
- Refactor "classify" step, to not rely on files passed around, and instead uses
  only awk script.
- Remove all instances of template injection within `run` scripts. There was nothing
  dangerous, but the practice is unsafe.
- Sanitize all unwanted characters from PR plugin and theme names.

References: W2M1-06 W2M1-07
 2025-09-27 20:00:50 +02:00
dependabot[bot]
58cba61465
chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 (#13322) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-22 10:50:59 +02:00
dependabot[bot]
b428e31770
chore(deps): bump actions/checkout from 4.3.0 to 5.0.0 (#13323) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-22 10:50:42 +02:00
Carlo Sala
ddd77516ef
ci: add scorecard automatic update (#13319) 2025-09-19 17:55:16 +02:00
StepSecurity Bot
7f3d8a34e2
ci: Harden GitHub Actions [StepSecurity] (#13318) 2025-09-19 17:30:10 +02:00
dependabot[bot]
8c168e2662
chore(deps): bump actions/setup-python from 5 to 6 (#13293) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-08 12:06:41 +08:00
dependabot[bot]
b95022dde6
chore(deps): bump requests in /.github/workflows/dependencies (#13280) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-25 02:37:09 +02:00
dependabot[bot]
c2a69fe590
chore(deps): bump actions/checkout from 4 to 5 (#13271) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-18 08:32:18 +02:00
dependabot[bot]
9fe2c26abd
chore(deps): bump certifi in /.github/workflows/dependencies (#13246) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-11 13:47:37 +02:00
dependabot[bot]
73024e8f08
chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#13257) 
Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.2 to 3.4.3.
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.2...3.4.3)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-version: 3.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-11 10:25:23 +02:00
Carlo Sala
5c804257ce
ci: use actions/create-github-app-token (#13233) 2025-07-28 19:20:50 +02:00
Marc Cornellà
98a182d71b
ci: add strict permissions to dependencies.yml workflow (#13232) 
Just use `contents:read` initial permission. The other permissions needed are
those attached to the @ohmyzsh GitHub App.
 2025-07-28 19:13:35 +02:00
dependabot[bot]
52f7ad6913
chore(deps): bump certifi in /.github/workflows/dependencies (#13218) 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2025.4.26 to 2025.7.14.
- [Commits](https://github.com/certifi/python-certifi/compare/2025.04.26...2025.07.14)

---
updated-dependencies:
- dependency-name: certifi
  dependency-version: 2025.7.14
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-28 18:55:43 +02:00
Marc Cornellà
3e7ef0182f
chore: document Incident Response Plan (#13195) 2025-07-01 17:59:18 +02:00
ohmyzsh[bot]
f9d3e0ff56
feat(wd): update to v0.10.1 (#13192) 
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
 2025-06-29 17:09:07 +02:00
dependabot[bot]
7ee92de190
chore(deps): bump urllib3 in /.github/workflows/dependencies (#13176) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-19 10:02:32 +02:00
dependabot[bot]
042605ee6b
chore(deps): bump requests in /.github/workflows/dependencies (#13164) 
Bumps [requests](https://github.com/psf/requests) from 2.32.3 to 2.32.4.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.32.3...v2.32.4)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.32.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-10 16:15:59 +02:00
ohmyzsh[bot]
3f8ea81b89
feat(z): update to cf9225fe (#13115) 
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
 2025-05-11 11:06:03 +02:00
dependabot[bot]
8648cd640b
chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#13100) 
Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.1 to 3.4.2.
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.1...3.4.2)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-version: 3.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-05-04 17:22:51 +02:00
dependabot[bot]
137bfbbfd1
chore(deps): bump certifi in /.github/workflows/dependencies (#13094) 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2025.1.31 to 2025.4.26.
- [Commits](https://github.com/certifi/python-certifi/compare/2025.01.31...2025.04.26)

---
updated-dependencies:
- dependency-name: certifi
  dependency-version: 2025.4.26
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-27 14:55:23 +02:00
ohmyzsh[bot]
44913a1f16
feat(wd): update to v0.10.0 (#13093) 
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
 2025-04-27 10:25:02 +02:00
dependabot[bot]
a84a0332a8
chore(deps): bump urllib3 in /.github/workflows/dependencies (#13065) 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.3.0...2.4.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-13 23:11:55 +02:00
dependabot[bot]
2b547d113b
chore(deps): bump certifi in /.github/workflows/dependencies (#12955) 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.12.14 to 2025.1.31.
- [Commits](https://github.com/certifi/python-certifi/compare/2024.12.14...2025.01.31)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-02 13:38:22 +01:00
ohmyzsh[bot]
2343ad517d
feat(wd): update to v0.9.3 (#12954) 
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
 2025-02-02 07:50:33 +01:00
dependabot[bot]
9ffc14c3e1
chore(deps): bump semver from 3.0.3 to 3.0.4 in /.github/workflows/dependencies (#12938) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-26 14:11:35 +01:00
dependabot[bot]
6e9cda3d30
chore(deps): bump semver in /.github/workflows/dependencies (#12924) 
Bumps [semver](https://github.com/python-semver/python-semver) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/python-semver/python-semver/releases)
- [Changelog](https://github.com/python-semver/python-semver/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/python-semver/python-semver/compare/3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-19 23:30:40 +01:00
ohmyzsh[bot]
d689aa289e
feat(gitfast): update to version v2.2 (#12923) 
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
 2025-01-19 11:20:14 +01:00
Felipe Contreras
8c5b71b2f4
ci(deps): update gitfast to its new structure (#12922) 
Co-authored-by: Carlo Sala <carlosalag@protonmail.com>
 2025-01-19 11:18:37 +01:00
dependabot[bot]
9c8afcc3ee
chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#12874) 
Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.0 to 3.4.1.
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.0...3.4.1)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-29 13:22:49 +01:00
dependabot[bot]
f733dc340b
chore(deps): bump urllib3 from 2.2.3 to 2.3.0 in /.github/workflows/dependencies (#12863) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-22 16:19:12 +01:00
ohmyzsh[bot]
048e166c9e
feat(z): update to dd94ef04 (#12862) 
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
 2024-12-22 11:46:24 +01:00
dependabot[bot]
62e3e0b2fd
chore(deps): bump certifi from 2024.8.30 to 2024.12.14 in /.github/workflows/dependencies (#12848) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-15 23:38:56 +01:00
ohmyzsh[bot]
366d254352
feat(wd): update to v0.9.2 (#12820) 
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
 2024-11-24 13:25:13 +01:00
Marc Cornellà
4ada154190
chore(installer): only serve installer in / and /install.sh 
This avoids false positive detections on other bruteforced paths,
such as .zsh_history or others, which eventually result in
automated false vulnerability submissions.
 2024-10-18 14:27:54 +02:00
Marc Cornellà
b3ba8da421
ci(dependencies): use tag version in git commit if available (#12756) 
Related: https://github.com/ohmyzsh/ohmyzsh/pull/12747#issuecomment-2410440748
 2024-10-14 13:15:39 +02:00
dependabot[bot]
9bfa3395f3
chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#12749) 
Bumps [charset-normalizer](https://github.com/Ousret/charset_normalizer) from 3.3.2 to 3.4.0.
- [Release notes](https://github.com/Ousret/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Ousret/charset_normalizer/compare/3.3.2...3.4.0)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-13 21:11:03 +02:00
ohmyzsh[bot]
a82f6c79ab
feat(wd): update to f0f47b71 (#12747) 
Co-authored-by: ohmyzsh[bot] <54982679+ohmyzsh[bot]@users.noreply.github.com>
 2024-10-13 21:10:29 +02:00
Marc Cornellà
29b81a38a4
chore: assign owner for terraform and k8s-related plugins 2024-10-08 19:58:10 +02:00
dependabot[bot]
f11cc8fea1
chore(deps): bump idna in /.github/workflows/dependencies (#12688) 
Bumps [idna](https://github.com/kjd/idna) from 3.9 to 3.10.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](https://github.com/kjd/idna/compare/v3.9...v3.10)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-22 16:20:33 +02:00
dependabot[bot]
ec7d01faf8
chore(deps): bump urllib3 in /.github/workflows/dependencies (#12677) 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.2.2 to 2.2.3.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.2.2...2.2.3)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-15 19:36:24 +02:00
dependabot[bot]
8c13f021bf
chore(deps): bump idna in /.github/workflows/dependencies (#12678) 
Bumps [idna](https://github.com/kjd/idna) from 3.8 to 3.9.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](https://github.com/kjd/idna/compare/v3.8...v3.9)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-15 19:36:08 +02:00