Cornelicorn/oh-my-zsh
1
0
Fork 0
mirror of https://github.com/robbyrussell/oh-my-zsh.git synced 2025-12-06 07:20:40 +01:00
Code Issues Releases Wiki Activity
7,655 Commits 2 Branches 0 Tags
master
Commit Graph

112 Commits

Author SHA1 Message Date
Marc Cornellà
e9fc134236 ci(dependencies): update job permissions, change commits to chore (#13457) 2025-12-01 11:22:14 +01:00
Carlo Sala
ca5c467db1 fix(dependencies): only open PR if there are relevant changes (#13454) 
Fixes cases like #13453
 2025-12-01 09:59:09 +01:00
dependabot[bot]
a449c0247d chore(deps): bump actions/setup-python from 6.0.0 to 6.1.0 (#13455) 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 6.0.0 to 6.1.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](e797f83bcb...83679a892e)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-30 16:29:07 +01:00
dependabot[bot]
343c5a83cb chore(deps): bump github/codeql-action from 4.31.4 to 4.31.5 (#13456) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.4 to 4.31.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](e12f017898...fdbfb4d275)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-30 16:28:47 +01:00
dependabot[bot]
beadd56dd7 chore(deps): bump actions/create-github-app-token from 2.1.4 to 2.2.0 (#13440) 
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 2.1.4 to 2.2.0.
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](6701853927...7e473efe3c)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-23 22:37:35 +01:00
dependabot[bot]
0116e7a5af chore(deps): bump github/codeql-action from 4.31.3 to 4.31.4 (#13439) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.3 to 4.31.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](014f16e7ab...e12f017898)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-23 22:36:07 +01:00
dependabot[bot]
441299ca77 chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#13438) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](08c6903cd8...1af3b93b68)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-23 22:35:53 +01:00
dependabot[bot]
8a4d6fc0a2 chore(deps): bump github/codeql-action from 4.31.2 to 4.31.3 (#13430) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.2 to 4.31.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](0499de31b9...014f16e7ab)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-16 09:09:09 -03:00
dependabot[bot]
73d79fe137 chore(deps): bump certifi in /.github/workflows/dependencies (#13431) 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2025.10.5 to 2025.11.12.
- [Commits](https://github.com/certifi/python-certifi/compare/2025.10.05...2025.11.12)

---
updated-dependencies:
- dependency-name: certifi
  dependency-version: 2025.11.12
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-16 09:08:43 -03:00
dependabot[bot]
18d0a63df8 chore(deps): bump step-security/harden-runner from 2.13.1 to 2.13.2 (#13414) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-09 20:03:00 +01:00
dependabot[bot]
423e9aef52 chore(deps): bump github/codeql-action from 4.31.0 to 4.31.2 (#13408) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.0 to 4.31.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](4e94bd11f7...0499de31b9)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-03 08:29:39 +01:00
dependabot[bot]
829b8fdea4 chore(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#13395) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-26 06:17:45 -07:00
dependabot[bot]
279e91e132 chore(deps): bump github/codeql-action from 4.30.9 to 4.31.0 (#13394) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-26 06:16:55 -07:00
Carlo Sala
38423b4b5c ci(deps): ensure push permissions are available (#13389) 2025-10-23 05:16:17 -07:00
dependabot[bot]
ac92582961 chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#13378) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-21 11:33:03 +03:00
dependabot[bot]
1672a12704 chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 (#13376) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-21 11:29:15 +03:00
dependabot[bot]
064f0c1d0a chore(deps): bump idna in /.github/workflows/dependencies (#13377) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-21 11:28:57 +03:00
dependabot[bot]
c5f64018ff chore(deps): bump github/codeql-action from 3.30.6 to 4.30.8 (#13364) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-13 11:57:33 +02:00
dependabot[bot]
c6482fa5be chore(deps): bump github/codeql-action from 3.30.5 to 3.30.6 (#13351) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-06 09:21:58 +02:00
dependabot[bot]
d4cb4f249c chore(deps): bump certifi in /.github/workflows/dependencies (#13353) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-06 09:21:45 +02:00
dependabot[bot]
182dfdf210 chore(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 (#13352) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-06 09:21:34 +02:00
dependabot[bot]
9ac3b895d4 chore(deps): bump pyyaml in /.github/workflows/dependencies (#13337) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-29 08:31:23 +02:00
dependabot[bot]
e7528a5b37 chore(deps): bump github/codeql-action from 3.30.3 to 3.30.5 (#13336) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-29 08:27:53 +02:00
Marc Cornellà
242e2faa51 ci: improve security in project.yml workflow (#13329) 
There is no inherent security vulnerability in the workflow, but there were
certain practices that increased latent risk. In this commit, we:

- Explicitly bind app token for each step that needs it, instead of setting it for
  all steps after "Store app token"
- Refactor "classify" step, to not rely on files passed around, and instead uses
  only awk script.
- Remove all instances of template injection within `run` scripts. There was nothing
  dangerous, but the practice is unsafe.
- Sanitize all unwanted characters from PR plugin and theme names.

References: W2M1-06 W2M1-07
 2025-09-27 20:00:50 +02:00
dependabot[bot]
58cba61465 chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.2 (#13322) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-22 10:50:59 +02:00
dependabot[bot]
b428e31770 chore(deps): bump actions/checkout from 4.3.0 to 5.0.0 (#13323) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-22 10:50:42 +02:00
Carlo Sala
ddd77516ef ci: add scorecard automatic update (#13319) 2025-09-19 17:55:16 +02:00
StepSecurity Bot
7f3d8a34e2 ci: Harden GitHub Actions [StepSecurity] (#13318) 2025-09-19 17:30:10 +02:00
dependabot[bot]
8c168e2662 chore(deps): bump actions/setup-python from 5 to 6 (#13293) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-08 12:06:41 +08:00
dependabot[bot]
b95022dde6 chore(deps): bump requests in /.github/workflows/dependencies (#13280) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-25 02:37:09 +02:00
dependabot[bot]
c2a69fe590 chore(deps): bump actions/checkout from 4 to 5 (#13271) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-18 08:32:18 +02:00
dependabot[bot]
9fe2c26abd chore(deps): bump certifi in /.github/workflows/dependencies (#13246) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-11 13:47:37 +02:00
dependabot[bot]
73024e8f08 chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#13257) 
Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.2 to 3.4.3.
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.2...3.4.3)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-version: 3.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-11 10:25:23 +02:00
Carlo Sala
5c804257ce ci: use actions/create-github-app-token (#13233) 2025-07-28 19:20:50 +02:00
Marc Cornellà
98a182d71b ci: add strict permissions to dependencies.yml workflow (#13232) 
Just use `contents:read` initial permission. The other permissions needed are
those attached to the @ohmyzsh GitHub App.
 2025-07-28 19:13:35 +02:00
dependabot[bot]
52f7ad6913 chore(deps): bump certifi in /.github/workflows/dependencies (#13218) 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2025.4.26 to 2025.7.14.
- [Commits](https://github.com/certifi/python-certifi/compare/2025.04.26...2025.07.14)

---
updated-dependencies:
- dependency-name: certifi
  dependency-version: 2025.7.14
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-07-28 18:55:43 +02:00
dependabot[bot]
7ee92de190 chore(deps): bump urllib3 in /.github/workflows/dependencies (#13176) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-19 10:02:32 +02:00
dependabot[bot]
042605ee6b chore(deps): bump requests in /.github/workflows/dependencies (#13164) 
Bumps [requests](https://github.com/psf/requests) from 2.32.3 to 2.32.4.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.32.3...v2.32.4)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.32.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-10 16:15:59 +02:00
dependabot[bot]
8648cd640b chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#13100) 
Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.1 to 3.4.2.
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.1...3.4.2)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-version: 3.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-05-04 17:22:51 +02:00
dependabot[bot]
137bfbbfd1 chore(deps): bump certifi in /.github/workflows/dependencies (#13094) 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2025.1.31 to 2025.4.26.
- [Commits](https://github.com/certifi/python-certifi/compare/2025.01.31...2025.04.26)

---
updated-dependencies:
- dependency-name: certifi
  dependency-version: 2025.4.26
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-27 14:55:23 +02:00
dependabot[bot]
a84a0332a8 chore(deps): bump urllib3 in /.github/workflows/dependencies (#13065) 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.3.0...2.4.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-13 23:11:55 +02:00
dependabot[bot]
2b547d113b chore(deps): bump certifi in /.github/workflows/dependencies (#12955) 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.12.14 to 2025.1.31.
- [Commits](https://github.com/certifi/python-certifi/compare/2024.12.14...2025.01.31)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-02 13:38:22 +01:00
dependabot[bot]
9ffc14c3e1 chore(deps): bump semver from 3.0.3 to 3.0.4 in /.github/workflows/dependencies (#12938) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-26 14:11:35 +01:00
dependabot[bot]
6e9cda3d30 chore(deps): bump semver in /.github/workflows/dependencies (#12924) 
Bumps [semver](https://github.com/python-semver/python-semver) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/python-semver/python-semver/releases)
- [Changelog](https://github.com/python-semver/python-semver/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/python-semver/python-semver/compare/3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-19 23:30:40 +01:00
dependabot[bot]
9c8afcc3ee chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#12874) 
Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.0 to 3.4.1.
- [Release notes](https://github.com/jawah/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.0...3.4.1)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-29 13:22:49 +01:00
dependabot[bot]
f733dc340b chore(deps): bump urllib3 from 2.2.3 to 2.3.0 in /.github/workflows/dependencies (#12863) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-22 16:19:12 +01:00
dependabot[bot]
62e3e0b2fd chore(deps): bump certifi from 2024.8.30 to 2024.12.14 in /.github/workflows/dependencies (#12848) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-15 23:38:56 +01:00
Marc Cornellà
4ada154190 chore(installer): only serve installer in / and /install.sh 
This avoids false positive detections on other bruteforced paths,
such as .zsh_history or others, which eventually result in
automated false vulnerability submissions.
 2024-10-18 14:27:54 +02:00
Marc Cornellà
b3ba8da421 ci(dependencies): use tag version in git commit if available (#12756) 
Related: https://github.com/ohmyzsh/ohmyzsh/pull/12747#issuecomment-2410440748
 2024-10-14 13:15:39 +02:00
dependabot[bot]
9bfa3395f3 chore(deps): bump charset-normalizer in /.github/workflows/dependencies (#12749) 
Bumps [charset-normalizer](https://github.com/Ousret/charset_normalizer) from 3.3.2 to 3.4.0.
- [Release notes](https://github.com/Ousret/charset_normalizer/releases)
- [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Ousret/charset_normalizer/compare/3.3.2...3.4.0)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-13 21:11:03 +02:00