github/ohmyzsh
1
0
Fork 0
mirror of https://github.com/ohmyzsh/ohmyzsh.git synced 2025-11-05 05:51:17 +08:00
Code Issues Projects Releases Wiki Activity
7,618 Commits 1 Branch 0 Tags
Commit Graph

98 Commits

Author SHA1 Message Date
dependabot[bot]
ac92582961
chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#13378) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-21 11:33:03 +03:00
dependabot[bot]
1672a12704
chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 (#13376) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-21 11:29:15 +03:00
dependabot[bot]
064f0c1d0a
chore(deps): bump idna in /.github/workflows/dependencies (#13377) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-21 11:28:57 +03:00
dependabot[bot]
c5f64018ff
chore(deps): bump github/codeql-action from 3.30.6 to 4.30.8 (#13364) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-13 11:57:33 +02:00
dependabot[bot]
c6482fa5be
chore(deps): bump github/codeql-action from 3.30.5 to 3.30.6 (#13351) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-06 09:21:58 +02:00
dependabot[bot]
d4cb4f249c
chore(deps): bump certifi in /.github/workflows/dependencies (#13353) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-06 09:21:45 +02:00
dependabot[bot]
182dfdf210
chore(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 (#13352) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-06 09:21:34 +02:00
dependabot[bot]
9ac3b895d4
chore(deps): bump pyyaml in /.github/workflows/dependencies (#13337) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-29 08:31:23 +02:00
dependabot[bot]
e7528a5b37
chore(deps): bump github/codeql-action from 3.30.3 to 3.30.5 (#13336) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-29 08:27:53 +02:00
Marc Cornellà
242e2faa51
ci: improve security in project.yml workflow (#13329) 
There is no inherent security vulnerability in the workflow, but there were
certain practices that increased latent risk. In this commit, we:

- Explicitly bind app token for each step that needs it, instead of setting it for
  all steps after "Store app token"
- Refactor "classify" step, to not rely on files passed around, and instead uses
  only awk script.
- Remove all instances of template injection within `run` scripts. There was nothing
  dangerous, but the practice is unsafe.
- Sanitize all unwanted characters from PR plugin and theme names.

References: W2M1-06 W2M1-07
 2025-09-27 20:00:50 +02:00
dependabot[bot]
58cba61465
chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 (#13322) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-22 10:50:59 +02:00
dependabot[bot]
b428e31770
chore(deps): bump actions/checkout from 4.3.0 to 5.0.0 (#13323) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-22 10:50:42 +02:00
Carlo Sala
ddd77516ef
ci: add scorecard automatic update (#13319) 2025-09-19 17:55:16 +02:00
StepSecurity Bot
7f3d8a34e2
ci: Harden GitHub Actions [StepSecurity] (#13318) 2025-09-19 17:30:10 +02:00
dependabot[bot]
8c168e2662
chore(deps): bump actions/setup-python from 5 to 6 (#13293) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-08 12:06:41 +08:00
dependabot[bot]
b95022dde6
chore(deps): bump requests in /.github/workflows/dependencies (#13280) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-25 02:37:09 +02:00
dependabot[bot]
c2a69fe590
chore(deps): bump actions/checkout from 4 to 5 (#13271) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-18 08:32:18 +02:00
dependabot[bot]
9fe2c26abd
chore(deps): bump certifi in /.github/workflows/dependencies (#13246) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-11 13:47:37 +02:00
dependabot[bot]
73024e8f08
chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#13257) 
Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.2 to 3.4.3.
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.2...3.4.3)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-version: 3.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-11 10:25:23 +02:00
Carlo Sala
5c804257ce
ci: use actions/create-github-app-token (#13233) 2025-07-28 19:20:50 +02:00
Marc Cornellà
98a182d71b
ci: add strict permissions to dependencies.yml workflow (#13232) 
Just use `contents:read` initial permission. The other permissions needed are
those attached to the @ohmyzsh GitHub App.
 2025-07-28 19:13:35 +02:00
dependabot[bot]
52f7ad6913
chore(deps): bump certifi in /.github/workflows/dependencies (#13218) 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2025.4.26 to 2025.7.14.
- [Commits](https://github.com/certifi/python-certifi/compare/2025.04.26...2025.07.14)

---
updated-dependencies:
- dependency-name: certifi
  dependency-version: 2025.7.14
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-28 18:55:43 +02:00
dependabot[bot]
7ee92de190
chore(deps): bump urllib3 in /.github/workflows/dependencies (#13176) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-19 10:02:32 +02:00
dependabot[bot]
042605ee6b
chore(deps): bump requests in /.github/workflows/dependencies (#13164) 
Bumps [requests](https://github.com/psf/requests) from 2.32.3 to 2.32.4.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.32.3...v2.32.4)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.32.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-10 16:15:59 +02:00
dependabot[bot]
8648cd640b
chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#13100) 
Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.1 to 3.4.2.
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.1...3.4.2)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-version: 3.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-05-04 17:22:51 +02:00
dependabot[bot]
137bfbbfd1
chore(deps): bump certifi in /.github/workflows/dependencies (#13094) 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2025.1.31 to 2025.4.26.
- [Commits](https://github.com/certifi/python-certifi/compare/2025.01.31...2025.04.26)

---
updated-dependencies:
- dependency-name: certifi
  dependency-version: 2025.4.26
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-27 14:55:23 +02:00
dependabot[bot]
a84a0332a8
chore(deps): bump urllib3 in /.github/workflows/dependencies (#13065) 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.3.0...2.4.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-13 23:11:55 +02:00
dependabot[bot]
2b547d113b
chore(deps): bump certifi in /.github/workflows/dependencies (#12955) 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.12.14 to 2025.1.31.
- [Commits](https://github.com/certifi/python-certifi/compare/2024.12.14...2025.01.31)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-02 13:38:22 +01:00
dependabot[bot]
9ffc14c3e1
chore(deps): bump semver from 3.0.3 to 3.0.4 in /.github/workflows/dependencies (#12938) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-26 14:11:35 +01:00
dependabot[bot]
6e9cda3d30
chore(deps): bump semver in /.github/workflows/dependencies (#12924) 
Bumps [semver](https://github.com/python-semver/python-semver) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/python-semver/python-semver/releases)
- [Changelog](https://github.com/python-semver/python-semver/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/python-semver/python-semver/compare/3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-19 23:30:40 +01:00
dependabot[bot]
9c8afcc3ee
chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#12874) 
Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.0 to 3.4.1.
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.0...3.4.1)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-29 13:22:49 +01:00
dependabot[bot]
f733dc340b
chore(deps): bump urllib3 from 2.2.3 to 2.3.0 in /.github/workflows/dependencies (#12863) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-22 16:19:12 +01:00
dependabot[bot]
62e3e0b2fd
chore(deps): bump certifi from 2024.8.30 to 2024.12.14 in /.github/workflows/dependencies (#12848) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-15 23:38:56 +01:00
Marc Cornellà
4ada154190
chore(installer): only serve installer in / and /install.sh 
This avoids false positive detections on other bruteforced paths,
such as .zsh_history or others, which eventually result in
automated false vulnerability submissions.
 2024-10-18 14:27:54 +02:00
Marc Cornellà
b3ba8da421
ci(dependencies): use tag version in git commit if available (#12756) 
Related: https://github.com/ohmyzsh/ohmyzsh/pull/12747#issuecomment-2410440748
 2024-10-14 13:15:39 +02:00
dependabot[bot]
9bfa3395f3
chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#12749) 
Bumps [charset-normalizer](https://github.com/Ousret/charset_normalizer) from 3.3.2 to 3.4.0.
- [Release notes](https://github.com/Ousret/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Ousret/charset_normalizer/compare/3.3.2...3.4.0)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-13 21:11:03 +02:00
dependabot[bot]
f11cc8fea1
chore(deps): bump idna in /.github/workflows/dependencies (#12688) 
Bumps [idna](https://github.com/kjd/idna) from 3.9 to 3.10.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](https://github.com/kjd/idna/compare/v3.9...v3.10)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-22 16:20:33 +02:00
dependabot[bot]
ec7d01faf8
chore(deps): bump urllib3 in /.github/workflows/dependencies (#12677) 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.2.2 to 2.2.3.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.2.2...2.2.3)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-15 19:36:24 +02:00
dependabot[bot]
8c13f021bf
chore(deps): bump idna in /.github/workflows/dependencies (#12678) 
Bumps [idna](https://github.com/kjd/idna) from 3.8 to 3.9.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](https://github.com/kjd/idna/compare/v3.8...v3.9)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-15 19:36:08 +02:00
dependabot[bot]
b8c69d2652
chore(deps): bump certifi in /.github/workflows/dependencies (#12646) 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.7.4 to 2024.8.30.
- [Commits](https://github.com/certifi/python-certifi/compare/2024.07.04...2024.08.30)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-01 21:02:04 +02:00
dependabot[bot]
f622e6a636
chore(deps): bump idna from 3.7 to 3.8 in /.github/workflows/dependencies (#12638) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-25 17:15:23 +02:00
dependabot[bot]
f1764f8a56
chore(deps): bump pyyaml from 6.0.1 to 6.0.2 in /.github/workflows/dependencies (#12610) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-11 19:51:32 +02:00
Marc Cornellà
3476148b19 chore(dependencies): sort dependencies.yml 2024-07-23 18:56:01 +02:00
dependabot[bot]
608d62b2a5
chore(deps): bump certifi in dependencies workflow (#12543) 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.6.2 to 2024.7.4.
- [Commits](https://github.com/certifi/python-certifi/compare/2024.06.02...2024.07.04)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-06 20:51:57 +02:00
dependabot[bot]
dd4be1b6fb
chore(deps): bump requests from 2.31.0 to 2.32.3 in /.github/workflows/dependencies (#12518) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-28 11:53:03 +02:00
dependabot[bot]
a4313db16a
chore(deps): bump certifi from 2024.2.2 to 2024.6.2 in /.github/workflows/dependencies (#12519) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-28 11:52:47 +02:00
dependabot[bot]
c432ca0993
chore(deps): bump urllib3 to 2.2.2 in dependencies workflow (#12516) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-06-18 13:40:27 +02:00
Carlo Sala
203369b0f9
ci(dependencies): run on sunday CET morning 2024-05-22 15:36:03 +02:00
Carlo Sala
04b66b2308
chore(dependencies): PR wording 2024-05-21 20:46:54 +02:00
Carlo Sala
0621944db5
fix(dependencies): only open PR if there are changes 2024-05-21 20:43:26 +02:00