From 73afb0f0c177e04c0cda581891e2e43ea51ffae1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 05:53:32 +0000 Subject: [PATCH 01/10] Bump jinja2 from 3.1.3 to 3.1.4 Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/3.1.3...3.1.4) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- test_requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test_requirements.txt b/test_requirements.txt index d23b5ab..e2329b9 100644 --- a/test_requirements.txt +++ b/test_requirements.txt @@ -1,6 +1,6 @@ tox >= 3.23.0 pygments >= 2.8.0 -jinja2 == 3.1.3 +jinja2 == 3.1.4 babel >= 2.9.1 sphinx >= 4.0.2 pytest >= 7.4.3 From 9ad6cace150b43c56028369b61fbae3e8f380060 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jul 2024 18:45:25 +0000 Subject: [PATCH 02/10] Bump setuptools from 68.2.2 to 70.0.0 Bumps [setuptools](https://github.com/pypa/setuptools) from 68.2.2 to 70.0.0. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](https://github.com/pypa/setuptools/compare/v68.2.2...v70.0.0) --- updated-dependencies: - dependency-name: setuptools dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- poetry.lock | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/poetry.lock b/poetry.lock index 9ab783d..4a076e6 100644 --- a/poetry.lock +++ b/poetry.lock @@ -589,19 +589,18 @@ use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"] [[package]] name = "setuptools" -version = "68.2.2" +version = "70.0.0" description = "Easily download, build, install, upgrade, and uninstall Python packages" optional = false python-versions = ">=3.8" files = [ - {file = "setuptools-68.2.2-py3-none-any.whl", hash = "sha256:b454a35605876da60632df1a60f736524eb73cc47bbc9f3f1ef1b644de74fd2a"}, - {file = "setuptools-68.2.2.tar.gz", hash = "sha256:4ac1475276d2f1c48684874089fefcd83bd7162ddaafb81fac866ba0db282a87"}, + {file = "setuptools-70.0.0-py3-none-any.whl", hash = "sha256:54faa7f2e8d2d11bcd2c07bed282eef1046b5c080d1c32add737d7b5817b1ad4"}, + {file = "setuptools-70.0.0.tar.gz", hash = "sha256:f211a66637b8fa059bb28183da127d4e86396c991a942b028c6650d4319c3fd0"}, ] [package.extras] -docs = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "pygments-github-lexers (==0.0.5)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-favicon", "sphinx-hoverxref (<2)", "sphinx-inline-tabs", "sphinx-lint", "sphinx-notfound-page (>=1,<2)", "sphinx-reredirects", "sphinxcontrib-towncrier"] -testing = ["build[virtualenv]", "filelock (>=3.4.0)", "flake8-2020", "ini2toml[lite] (>=0.9)", "jaraco.develop (>=7.21)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "pip (>=19.1)", "pytest (>=6)", "pytest-black (>=0.3.7)", "pytest-checkdocs (>=2.4)", "pytest-cov", "pytest-enabler (>=2.2)", "pytest-mypy (>=0.9.1)", "pytest-perf", "pytest-ruff", "pytest-timeout", "pytest-xdist", "tomli-w (>=1.0.0)", "virtualenv (>=13.0.0)", "wheel"] -testing-integration = ["build[virtualenv] (>=1.0.3)", "filelock (>=3.4.0)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "packaging (>=23.1)", "pytest", "pytest-enabler", "pytest-xdist", "tomli", "virtualenv (>=13.0.0)", "wheel"] +docs = ["furo", "jaraco.packaging (>=9.3)", "jaraco.tidelift (>=1.4)", "pygments-github-lexers (==0.0.5)", "pyproject-hooks (!=1.1)", "rst.linker (>=1.9)", "sphinx (>=3.5)", "sphinx-favicon", "sphinx-inline-tabs", "sphinx-lint", "sphinx-notfound-page (>=1,<2)", "sphinx-reredirects", "sphinxcontrib-towncrier"] +testing = ["build[virtualenv] (>=1.0.3)", "filelock (>=3.4.0)", "importlib-metadata", "ini2toml[lite] (>=0.14)", "jaraco.develop (>=7.21)", "jaraco.envs (>=2.2)", "jaraco.path (>=3.2.0)", "mypy (==1.9)", "packaging (>=23.2)", "pip (>=19.1)", "pyproject-hooks (!=1.1)", "pytest (>=6,!=8.1.1)", "pytest-checkdocs (>=2.4)", "pytest-cov", "pytest-enabler (>=2.2)", "pytest-home (>=0.5)", "pytest-mypy", "pytest-perf", "pytest-ruff (>=0.2.1)", "pytest-subprocess", "pytest-timeout", "pytest-xdist (>=3)", "tomli", "tomli-w (>=1.0.0)", "virtualenv (>=13.0.0)", "wheel"] [[package]] name = "snowballstemmer" From 606c771a468398bc904ba24351f0b85be2678a55 Mon Sep 17 00:00:00 2001 From: Prakash B R Date: Wed, 17 Jul 2024 15:15:19 +0530 Subject: [PATCH 03/10] Improved the output of generate_knobs_delta function --- src/xmlcli/modules/helpers.py | 30 ++++++++++-------------------- 1 file changed, 10 insertions(+), 20 deletions(-) diff --git a/src/xmlcli/modules/helpers.py b/src/xmlcli/modules/helpers.py index c824345..2676059 100644 --- a/src/xmlcli/modules/helpers.py +++ b/src/xmlcli/modules/helpers.py @@ -155,22 +155,15 @@ def generate_knobs_delta(ref_xml, new_xml, out_file=r'KnobsDiff.log', compare_ta new_knobs_map[new_knob_name][current_tag] = new_value file_content = "" - log_msg = f'\n\nWriting delta knobs for comparing following fields \"{compare_tag}\"\n RefXmlBiosVer = Arg 1 File = {ref_knobs_bios_version} \n MyXmlBiosVer = Arg 2 File = {new_knobs_bios_version} ' - log_msg += '--------------------------------------------------|----------------------|---------------------|' - '\n Knob Name (compare_tag) | RefXmlDefVal | MyXmlDefVal |' - '\n | Arg 1 File | Arg 2 File |' - '\n--------------------------------------------------|----------------------|---------------------|' + log_msg = f'\n\nWriting delta knobs for comparing following fields \"{compare_tag}\"\n RefXmlBiosVer = Arg 1 File = {ref_knobs_bios_version} \n MyXmlBiosVer = Arg 2 File = {new_knobs_bios_version}\n' log.info(log_msg) if os.path.splitext(out_file)[-1].lower() not in ['.ini', '.cfg']: file_content += log_msg else: - file_content += ';-------------------------------------------------\n' - '; Knob Entries for XmlCli based setup, trying to clone {current_compare_tags[0]} from File 2\n' - '; The name entry here should be identical as the name from the XML file (retain the case)\n' - ';-------------------------------------------------\n' - '[BiosKnobs]\n' - + file_content += ';-------------------------------------------------\n; Knob Entries for XmlCli based setup, trying to clone {current_compare_tags[0]} from File 2\n; The name entry here should be identical as the name from the XML file (retain the case)\n;-------------------------------------------------\n[BiosKnobs]\n' + header_list = ['Knob Name (compare_tag)', 'RefXmlDefVal (Arg 1 File)', 'MyXmlDefVal (Arg 2 File)'] missing_in_new_knobs = [] + knobs_dictionary=[] for knob in ref_knobs_map: if knob not in new_knobs_map: missing_in_new_knobs.append(knob) @@ -180,10 +173,8 @@ def generate_knobs_delta(ref_xml, new_xml, out_file=r'KnobsDiff.log', compare_ta ref_str_value = ref_knobs_map[knob][current_tag] new_str_value = new_knobs_map[knob][current_tag] if ref_str_value != new_str_value: - log.info(f' {"%s (%s)" % (knob, current_tag):>48} | {ref_str_value:>20} | {new_str_value:<19} |') - if os.path.splitext(out_file)[-1].lower() not in ['.ini', '.cfg']: - file_content += f' {"%s (%s)" % (knob, current_tag):>48} | {ref_str_value:>20} | {new_str_value:<19} |\n' - else: + knobs_dictionary.append([f"{knob} ({current_tag})",ref_str_value,new_str_value]) + if os.path.splitext(out_file)[-1].lower() in ['.ini', '.cfg']: if print_first_tag: file_content += f'{knob} = {new_str_value}\n' print_first_tag = False @@ -191,9 +182,10 @@ def generate_knobs_delta(ref_xml, new_xml, out_file=r'KnobsDiff.log', compare_ta missing_in_ref_knobs = [] for knob in new_knobs_map: missing_in_ref_knobs.append(knob) - log.info('--------------------------------------------------|----------------------|---------------------|') if os.path.splitext(out_file)[-1].lower() not in ['.ini', '.cfg']: - file_content += '--------------------------------------------------|----------------------|---------------------|\n' + file_content += utils.Table().create_table(header=header_list, data=knobs_dictionary, width=0) + log.result(utils.Table().create_table(header=header_list, data=knobs_dictionary, width=0)) + if len(missing_in_ref_knobs) != 0: log.info(f'Following Knobs are missing in Arg 1 File\n\t [ {", ".join(missing_in_ref_knobs)} ]') @@ -206,8 +198,6 @@ def generate_knobs_delta(ref_xml, new_xml, out_file=r'KnobsDiff.log', compare_ta with open(out_file, 'w') as out: out.write(file_content) - return file_content - def compare_bios_knobs(reference_bin_file, new_bin_file, result_log_file=r'KnobsDifference.log', compare_tag='default'): """Take difference of Setup Option between two BIOS/IFWI @@ -222,7 +212,7 @@ def compare_bios_knobs(reference_bin_file, new_bin_file, result_log_file=r'Knobs new_xml = clb.KnobsXmlFile.replace('BiosKnobs', 'MyBiosKnobs') cli.savexml(reference_xml, reference_bin_file) cli.savexml(new_xml, new_bin_file) - return generate_knobs_delta(reference_xml, new_xml, result_log_file, compare_tag) + generate_knobs_delta(reference_xml, new_xml, result_log_file, compare_tag) def launch_web_gui(): From 75f5a9291388ce50c45357c9ce975e279d648ba9 Mon Sep 17 00:00:00 2001 From: Stewart Blacklock Date: Thu, 22 Aug 2024 09:17:48 -0700 Subject: [PATCH 04/10] Create dependabot.yml Adding dependabot update to ensure scorecard is maintained --- .github/dependabot.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..e95c0ec --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,15 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" # Location of package manifests + schedule: + interval: "weekly" + groups: + all-github: + patterns: + - "*" From 02a2fd1cdbd6e5a655d34281a6f84a5060960bfb Mon Sep 17 00:00:00 2001 From: Luis Alvarez Date: Tue, 13 Aug 2024 11:46:37 -0600 Subject: [PATCH 05/10] Chain import exceptions for tools.restricted.EnableXmlCli and tools.EnableXmlCli --- src/xmlcli/XmlCliLib.py | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/src/xmlcli/XmlCliLib.py b/src/xmlcli/XmlCliLib.py index e0716c4..57254d1 100644 --- a/src/xmlcli/XmlCliLib.py +++ b/src/xmlcli/XmlCliLib.py @@ -792,12 +792,13 @@ def ConfXmlCli(SkipEnable=0): try: from .tools.restricted import EnableXmlCli as exc except (ModuleNotFoundError, ImportError) as e: - from .tools import EnableXmlCli as exc - except ImportError: - log.error(f'Import error on EnableXmlCli, current Python version {sys.version}') - CloseInterface() - LastErrorSig = 0x13E4 # import error - return 0xF + try: + from .tools import EnableXmlCli as exc + except ImportError: + log.error(f'Import error on EnableXmlCli, current Python version {sys.version}') + CloseInterface() + LastErrorSig = 0x13E4 # import error + return 0xF Status = exc.EnableXmlCli() if Status == 0: Status = 2 @@ -824,11 +825,12 @@ def TriggerXmlCliEntry(): try: from .tools.restricted import EnableXmlCli as exc except (ModuleNotFoundError, ImportError) as e: - from .tools import EnableXmlCli as exc - except ImportError: - log.error(f'Import error on EnableXmlCli, current Python version {sys.version}') - LastErrorSig = 0x13E4 # import error - return 1 + try: + from .tools import EnableXmlCli as exc + except ImportError: + log.error(f'Import error on EnableXmlCli, current Python version {sys.version}') + LastErrorSig = 0x13E4 # import error + return 1 status = exc.XmlCliApiAuthenticate() if status: LastErrorSig = 0xE7CA # Error Triggering XmlCli command, Authentication Failed From 7999a5f0726865657bd7c662b43495c7be9100f8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Oct 2024 15:28:53 +0000 Subject: [PATCH 06/10] Bump the all-github group across 1 directory with 6 updates Bumps the all-github group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `3` | `4` | | [github/codeql-action](https://github.com/github/codeql-action) | `2` | `3` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.1.2` | `2.4.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `3.1.0` | `4.4.0` | | [abatilo/actions-poetry](https://github.com/abatilo/actions-poetry) | `2` | `3` | | [actions/setup-python](https://github.com/actions/setup-python) | `3` | `5` | Updates `actions/checkout` from 3 to 4 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v3...v4) Updates `github/codeql-action` from 2 to 3 - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v2...v3) Updates `ossf/scorecard-action` from 2.1.2 to 2.4.0 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/e38b1902ae4f44df626f11ba0734b14fb91f8f86...62b2cac7ed8198b15735ed49ab1e5cf35480ba46) Updates `actions/upload-artifact` from 3.1.0 to 4.4.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/3cea5372237819ed00197afe530f5a7ea3e805c8...50769540e7f4bd5e21e526ee35c689e35e0d6874) Updates `abatilo/actions-poetry` from 2 to 3 - [Release notes](https://github.com/abatilo/actions-poetry/releases) - [Changelog](https://github.com/abatilo/actions-poetry/blob/master/.releaserc) - [Commits](https://github.com/abatilo/actions-poetry/compare/v2...v3) Updates `actions/setup-python` from 3 to 5 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v3...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-github - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github - dependency-name: abatilo/actions-poetry dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 8 ++++---- .github/workflows/ossf_scorecard.yml | 8 ++++---- .github/workflows/publish-to-test-pypi.yml | 4 ++-- .github/workflows/python-package.yml | 6 +++--- .github/workflows/python-publish.yml | 4 ++-- .github/workflows/test-execution.yml | 6 +++--- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 69b8302..218b340 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -55,11 +55,11 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -74,7 +74,7 @@ jobs: # If this step fails, then you should remove it and run the build manually (see below) - if: matrix.language == 'python' name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 - if: matrix.language == 'cpp' name: Build C @@ -93,6 +93,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml index 7f04ae3..1baa7c2 100644 --- a/.github/workflows/ossf_scorecard.yml +++ b/.github/workflows/ossf_scorecard.yml @@ -32,12 +32,12 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@6b42224f41ee5dfe5395e27c8b2746f1f9955030 # v3.1.0 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0 + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: name: SARIF file path: results.sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4 + uses: github/codeql-action/upload-sarif@430e27ef200cf61455a15dd5b56e130c8227a563 # v2.26.11 with: sarif_file: results.sarif diff --git a/.github/workflows/publish-to-test-pypi.yml b/.github/workflows/publish-to-test-pypi.yml index 75161c5..7b54498 100644 --- a/.github/workflows/publish-to-test-pypi.yml +++ b/.github/workflows/publish-to-test-pypi.yml @@ -33,8 +33,8 @@ jobs: name: Build and publish Python 🐍 distributions 📦 to TestPyPI runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: abatilo/actions-poetry@v2 + - uses: actions/checkout@v4 + - uses: abatilo/actions-poetry@v3 with: poetry-version: 1.4.0 - name: Publish distribution 📦 to Test PyPI diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index c276ef8..d16c61a 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -36,12 +36,12 @@ jobs: python-version: ["3.8", "3.9", "3.10"] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v3 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} - - uses: abatilo/actions-poetry@v2 + - uses: abatilo/actions-poetry@v3 with: poetry-version: 1.4.0 - name: Install dependencies diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index ea233cb..e216538 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -35,8 +35,8 @@ jobs: name: Build and publish Python 🐍 distributions 📦 to TestPyPI runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: abatilo/actions-poetry@v2 + - uses: actions/checkout@v4 + - uses: abatilo/actions-poetry@v3 with: poetry-version: 1.4.0 - name: Publish distribution 📦 to PyPI diff --git a/.github/workflows/test-execution.yml b/.github/workflows/test-execution.yml index df96405..55d439b 100644 --- a/.github/workflows/test-execution.yml +++ b/.github/workflows/test-execution.yml @@ -35,12 +35,12 @@ jobs: matrix: python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v3 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} - - uses: abatilo/actions-poetry@v2 + - uses: abatilo/actions-poetry@v3 with: poetry-version: 1.4.0 - name: Install dependencies From e0510b24ca045ac7682afb34b8498ae39e456ab2 Mon Sep 17 00:00:00 2001 From: Stewart Blacklock Date: Mon, 21 Oct 2024 13:02:44 -0700 Subject: [PATCH 07/10] Update codeql.yml Set top level permissions --- .github/workflows/codeql.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 218b340..5031144 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -35,6 +35,9 @@ on: schedule: - cron: '45 23 * * 0' +# Declare default permissions as read only. +permissions: read-all + jobs: analyze: name: Analyze From 97d867ac81e2c48a857d9a60688fbd766427567c Mon Sep 17 00:00:00 2001 From: Stewart Blacklock Date: Mon, 21 Oct 2024 13:03:45 -0700 Subject: [PATCH 08/10] Update pull-request-analytics.yml Set top level permissions to read-all to pass OpenSSF Scorecard open --- .github/workflows/pull-request-analytics.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/pull-request-analytics.yml b/.github/workflows/pull-request-analytics.yml index 56f57e2..7d3c729 100644 --- a/.github/workflows/pull-request-analytics.yml +++ b/.github/workflows/pull-request-analytics.yml @@ -8,6 +8,10 @@ on: report_date_end: description: "Report date end(d/MM/yyyy)" required: false + +# Declare default permissions as read only. +permissions: read-all + jobs: create-report: name: "Create report" From e458345c202eab53835ccf1b5ab58843a765582a Mon Sep 17 00:00:00 2001 From: Stewart Blacklock Date: Mon, 21 Oct 2024 13:04:30 -0700 Subject: [PATCH 09/10] Update python-package.yml Set top level permissions to read-all to pass OpenSSF Scorecard open --- .github/workflows/python-package.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index d16c61a..8f84c17 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -26,6 +26,9 @@ on: schedule: - cron: '45 23 * * 0' +# Declare default permissions as read only. +permissions: read-all + jobs: build: From 959e4829d5882e8e8e091bbe73bf71728ecc982d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 15:45:00 +0000 Subject: [PATCH 10/10] Bump the all-github group with 2 updates Bumps the all-github group with 2 updates: [github/codeql-action](https://github.com/github/codeql-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `github/codeql-action` from 2.26.11 to 3.26.13 - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v2.26.11...v3.26.13) Updates `actions/upload-artifact` from 4.4.0 to 4.4.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/50769540e7f4bd5e21e526ee35c689e35e0d6874...b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-github - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-github ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/ossf_scorecard.yml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5031144..80903d8 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -62,7 +62,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v3.26.13 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -77,7 +77,7 @@ jobs: # If this step fails, then you should remove it and run the build manually (see below) - if: matrix.language == 'python' name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@v3.26.13 - if: matrix.language == 'cpp' name: Build C @@ -96,6 +96,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v3.26.13 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/ossf_scorecard.yml b/.github/workflows/ossf_scorecard.yml index 1baa7c2..e04fe98 100644 --- a/.github/workflows/ossf_scorecard.yml +++ b/.github/workflows/ossf_scorecard.yml @@ -59,7 +59,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: SARIF file path: results.sarif @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@430e27ef200cf61455a15dd5b56e130c8227a563 # v2.26.11 + uses: github/codeql-action/upload-sarif@b0b722f202d6f76a52f990a286c2b1eacfc5a9ff # v2.26.11 with: sarif_file: results.sarif