From e9ebc35797576c7b47105a8bce04635b3eab38fe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Oct 2025 15:34:41 +0000 Subject: [PATCH 1/5] Bump github/codeql-action from 3 to 4 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3...v4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index eaec50e..9814d65 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -45,7 +45,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: ${{ matrix.language }} config-file: ./.github/codeql/codeql-config.yml @@ -57,7 +57,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@v4 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -71,4 +71,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 From e76ac74a21067f67803b772b93102971ca8a64a4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Oct 2025 15:34:59 +0000 Subject: [PATCH 2/5] Bump actions/setup-node from 5 to 6 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/check-dist.yml | 2 +- .github/workflows/ci.yml | 2 +- .github/workflows/licensed.yml | 2 +- .github/workflows/linter.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml index 3f83e07..cf9182b 100644 --- a/.github/workflows/check-dist.yml +++ b/.github/workflows/check-dist.yml @@ -34,7 +34,7 @@ jobs: # Setup Node.js using the version specified in `.node-version`. - name: Setup Node.js id: setup-node - uses: actions/setup-node@v5 + uses: actions/setup-node@v6 with: node-version-file: .node-version cache: npm diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 574517f..5a650dd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,7 +23,7 @@ jobs: - name: Setup Node.js id: setup-node - uses: actions/setup-node@v5 + uses: actions/setup-node@v6 with: node-version-file: .node-version cache: npm diff --git a/.github/workflows/licensed.yml b/.github/workflows/licensed.yml index 00be788..9de7f57 100644 --- a/.github/workflows/licensed.yml +++ b/.github/workflows/licensed.yml @@ -31,7 +31,7 @@ jobs: - name: Setup Node.js id: setup-node - uses: actions/setup-node@v5 + uses: actions/setup-node@v6 with: node-version-file: .node-version cache: npm diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index f9dda92..5a9ecfc 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -34,7 +34,7 @@ jobs: # Setup Node.js using the version specified in `.node-version`. - name: Setup Node.js id: setup-node - uses: actions/setup-node@v5 + uses: actions/setup-node@v6 with: node-version-file: .node-version cache: npm From 8469b2099b6586957761fd781a0d7bb35d22757e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Oct 2025 15:40:32 +0000 Subject: [PATCH 3/5] Bump actions/upload-artifact from 4 to 5 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/check-dist.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml index 3f83e07..69ef536 100644 --- a/.github/workflows/check-dist.yml +++ b/.github/workflows/check-dist.yml @@ -70,7 +70,7 @@ jobs: - if: ${{ failure() && steps.diff.outcome == 'failure' }} name: Upload Artifact id: upload - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: name: dist path: dist/ From f878528272dacebc3c501cc4c9766264e2043496 Mon Sep 17 00:00:00 2001 From: Nick Alteen Date: Thu, 30 Oct 2025 16:29:40 -0400 Subject: [PATCH 4/5] Add custom checkov config --- .checkov.yaml | 3 --- .checkov.yml | 7 +++++++ .github/workflows/linter.yml | 5 +---- 3 files changed, 8 insertions(+), 7 deletions(-) delete mode 100644 .checkov.yaml create mode 100644 .checkov.yml diff --git a/.checkov.yaml b/.checkov.yaml deleted file mode 100644 index 2645248..0000000 --- a/.checkov.yaml +++ /dev/null @@ -1,3 +0,0 @@ -quiet: true -skip-check: - - CKV_GHA_7 diff --git a/.checkov.yml b/.checkov.yml new file mode 100644 index 0000000..63bfa27 --- /dev/null +++ b/.checkov.yml @@ -0,0 +1,7 @@ +# See: https://www.checkov.io/1.Welcome/Quick%20Start.html + +compact: true +quiet: true +skip-path: + - coverage + - node_modules diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index f9dda92..4ffb0ce 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -24,14 +24,12 @@ jobs: runs-on: ubuntu-latest steps: - # Checkout the repository. - name: Checkout id: checkout uses: actions/checkout@v5 with: fetch-depth: 0 - # Setup Node.js using the version specified in `.node-version`. - name: Setup Node.js id: setup-node uses: actions/setup-node@v5 @@ -39,16 +37,15 @@ jobs: node-version-file: .node-version cache: npm - # Install dependencies using `npm ci`. - name: Install Dependencies id: install run: npm ci - # Lint the codebase using the `super-linter/super-linter` action. - name: Lint Codebase id: super-linter uses: super-linter/super-linter/slim@v8 env: + CHECKOV_FILE_NAME: .checkov.yml DEFAULT_BRANCH: main FILTER_REGEX_EXCLUDE: dist/**/* GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From d8e2f77a33b1833fa8220dd19cbb11009ad81e86 Mon Sep 17 00:00:00 2001 From: Nick Alteen Date: Fri, 31 Oct 2025 10:29:08 -0400 Subject: [PATCH 5/5] Skip check --- .checkov.yml | 2 ++ .github/workflows/example-workflow.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.checkov.yml b/.checkov.yml index 63bfa27..0bc5a4f 100644 --- a/.checkov.yml +++ b/.checkov.yml @@ -5,3 +5,5 @@ quiet: true skip-path: - coverage - node_modules +skip-check: + - CKV_GHA_7 diff --git a/.github/workflows/example-workflow.yml b/.github/workflows/example-workflow.yml index 8853bc8..40a2fc8 100644 --- a/.github/workflows/example-workflow.yml +++ b/.github/workflows/example-workflow.yml @@ -6,7 +6,7 @@ on: who-to-greet: description: Who to greet in the log required: true - default: 'World' + default: World type: string permissions: