Skip to content

Commit 5320da1

Browse files
NathanWalkerNathanWalker
authored
Merge branch 'main' into feat/webpack-es-module-support
2 parents 742a7c3 + d6d3800 commit 5320da1

35 files changed

+2617
-49
lines changed

.github/dependabot.yml

Lines changed: 226 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,226 @@
1+
version: 2
2+
updates:
3+
- package-ecosystem: github-actions
4+
directory: /
5+
schedule:
6+
interval: monthly
7+
8+
- package-ecosystem: npm
9+
directory: /apps/automated
10+
schedule:
11+
interval: monthly
12+
time: "23:00"
13+
open-pull-requests-limit: 10
14+
ignore:
15+
- dependency-name: "*"
16+
update-types: ["version-update:semver-major"]
17+
18+
- package-ecosystem: npm
19+
directory: /apps/automated/src/pages
20+
schedule:
21+
interval: monthly
22+
time: "23:00"
23+
open-pull-requests-limit: 10
24+
ignore:
25+
- dependency-name: "*"
26+
update-types: ["version-update:semver-major"]
27+
28+
- package-ecosystem: npm
29+
directory: /apps/automated/src/ui/lifecycle
30+
schedule:
31+
interval: monthly
32+
time: "23:00"
33+
open-pull-requests-limit: 10
34+
ignore:
35+
- dependency-name: "*"
36+
update-types: ["version-update:semver-major"]
37+
38+
- package-ecosystem: npm
39+
directory: /apps/automated/src/ui/root-view/mymodule
40+
schedule:
41+
interval: monthly
42+
time: "23:00"
43+
open-pull-requests-limit: 10
44+
ignore:
45+
- dependency-name: "*"
46+
update-types: ["version-update:semver-major"]
47+
48+
- package-ecosystem: npm
49+
directory: /apps/automated/src/xml-declaration/mymodulewithxml
50+
schedule:
51+
interval: monthly
52+
time: "23:00"
53+
open-pull-requests-limit: 10
54+
ignore:
55+
- dependency-name: "*"
56+
update-types: ["version-update:semver-major"]
57+
58+
- package-ecosystem: npm
59+
directory: /apps/automated/src/xml-declaration
60+
schedule:
61+
interval: monthly
62+
time: "23:00"
63+
open-pull-requests-limit: 10
64+
ignore:
65+
- dependency-name: "*"
66+
update-types: ["version-update:semver-major"]
67+
68+
- package-ecosystem: npm
69+
directory: /apps/toolbox
70+
schedule:
71+
interval: monthly
72+
time: "23:00"
73+
open-pull-requests-limit: 10
74+
ignore:
75+
- dependency-name: "*"
76+
update-types: ["version-update:semver-major"]
77+
78+
- package-ecosystem: npm
79+
directory: /apps/ui
80+
schedule:
81+
interval: monthly
82+
time: "23:00"
83+
open-pull-requests-limit: 10
84+
ignore:
85+
- dependency-name: "*"
86+
update-types: ["version-update:semver-major"]
87+
88+
- package-ecosystem: npm
89+
directory: /
90+
schedule:
91+
interval: monthly
92+
time: "23:00"
93+
open-pull-requests-limit: 10
94+
ignore:
95+
- dependency-name: "*"
96+
update-types: ["version-update:semver-major"]
97+
98+
- package-ecosystem: npm
99+
directory: /packages/core/css-value
100+
schedule:
101+
interval: monthly
102+
time: "23:00"
103+
open-pull-requests-limit: 10
104+
ignore:
105+
- dependency-name: "*"
106+
update-types: ["version-update:semver-major"]
107+
108+
- package-ecosystem: npm
109+
directory: /packages/core/css
110+
schedule:
111+
interval: monthly
112+
time: "23:00"
113+
open-pull-requests-limit: 10
114+
ignore:
115+
- dependency-name: "*"
116+
update-types: ["version-update:semver-major"]
117+
118+
- package-ecosystem: npm
119+
directory: /packages/core/js-libs/easysax
120+
schedule:
121+
interval: monthly
122+
time: "23:00"
123+
open-pull-requests-limit: 10
124+
ignore:
125+
- dependency-name: "*"
126+
update-types: ["version-update:semver-major"]
127+
128+
- package-ecosystem: npm
129+
directory: /packages/core
130+
schedule:
131+
interval: monthly
132+
time: "23:00"
133+
open-pull-requests-limit: 10
134+
ignore:
135+
- dependency-name: "*"
136+
update-types: ["version-update:semver-major"]
137+
138+
- package-ecosystem: npm
139+
directory: /packages/devtools
140+
schedule:
141+
interval: monthly
142+
time: "23:00"
143+
open-pull-requests-limit: 10
144+
ignore:
145+
- dependency-name: "*"
146+
update-types: ["version-update:semver-major"]
147+
148+
- package-ecosystem: npm
149+
directory: /packages/types-android
150+
schedule:
151+
interval: monthly
152+
time: "23:00"
153+
open-pull-requests-limit: 10
154+
ignore:
155+
- dependency-name: "*"
156+
update-types: ["version-update:semver-major"]
157+
158+
- package-ecosystem: npm
159+
directory: /packages/types-ios
160+
schedule:
161+
interval: monthly
162+
time: "23:00"
163+
open-pull-requests-limit: 10
164+
ignore:
165+
- dependency-name: "*"
166+
update-types: ["version-update:semver-major"]
167+
168+
- package-ecosystem: npm
169+
directory: /packages/types-minimal
170+
schedule:
171+
interval: monthly
172+
time: "23:00"
173+
open-pull-requests-limit: 10
174+
ignore:
175+
- dependency-name: "*"
176+
update-types: ["version-update:semver-major"]
177+
178+
- package-ecosystem: npm
179+
directory: /packages/types
180+
schedule:
181+
interval: monthly
182+
time: "23:00"
183+
open-pull-requests-limit: 10
184+
ignore:
185+
- dependency-name: "*"
186+
update-types: ["version-update:semver-major"]
187+
188+
- package-ecosystem: npm
189+
directory: /packages/ui-mobile-base
190+
schedule:
191+
interval: monthly
192+
time: "23:00"
193+
open-pull-requests-limit: 10
194+
ignore:
195+
- dependency-name: "*"
196+
update-types: ["version-update:semver-major"]
197+
198+
- package-ecosystem: npm
199+
directory: /packages/webpack5
200+
schedule:
201+
interval: monthly
202+
time: "23:00"
203+
open-pull-requests-limit: 10
204+
ignore:
205+
- dependency-name: "*"
206+
update-types: ["version-update:semver-major"]
207+
208+
- package-ecosystem: npm
209+
directory: /packages/winter-tc
210+
schedule:
211+
interval: monthly
212+
time: "23:00"
213+
open-pull-requests-limit: 10
214+
ignore:
215+
- dependency-name: "*"
216+
update-types: ["version-update:semver-major"]
217+
218+
- package-ecosystem: npm
219+
directory: /tools/workspace-plugin
220+
schedule:
221+
interval: monthly
222+
time: "23:00"
223+
open-pull-requests-limit: 10
224+
ignore:
225+
- dependency-name: "*"
226+
update-types: ["version-update:semver-major"]

.github/workflows/apps_automated_android.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -23,25 +23,25 @@ jobs:
2323
runs-on: ubuntu-latest
2424

2525
steps:
26-
- uses: actions/checkout@v4
26+
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
2727

2828

29-
- uses: actions/setup-node@v4
29+
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
3030
with:
3131
node-version: 23.5.0
3232

3333
- name: Derive appropriate SHAs for base and head for `nx affected` commands
34-
uses: nrwl/nx-set-shas@v4
34+
uses: nrwl/nx-set-shas@826660b82addbef3abff5fa871492ebad618c9e1 # v4.3.3
3535
with:
3636
main-branch-name: 'main'
3737

38-
- uses: actions/setup-java@v4
38+
- uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
3939
with:
4040
distribution: 'temurin'
4141
java-version: '21'
4242

4343
- name: Install Python
44-
uses: actions/setup-python@v5
44+
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
4545
with:
4646
python-version: '3'
4747

@@ -65,7 +65,7 @@ jobs:
6565
sudo udevadm trigger --name-match=kvm
6666
6767
- name: Run tests on Android Emulator
68-
uses: reactivecircus/android-emulator-runner@v2
68+
uses: reactivecircus/android-emulator-runner@1dcd0090116d15e7c562f8db72807de5e036a4ed # v2.34.0
6969
with:
7070
api-level: 34
7171
arch: x86_64

.github/workflows/apps_automated_ios.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -24,17 +24,17 @@ jobs:
2424
runs-on: warp-macos-15-arm64-6x
2525

2626
steps:
27-
- uses: actions/checkout@v4
27+
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
2828

2929
# - name: ActionDebugger By Warpbuild
3030
# uses: Warpbuilds/[email protected]
3131

32-
- uses: actions/setup-node@v4
32+
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
3333
with:
3434
node-version: 23.5.0
3535

3636
- name: Derive appropriate SHAs for base and head for `nx affected` commands
37-
uses: nrwl/nx-set-shas@v4
37+
uses: nrwl/nx-set-shas@826660b82addbef3abff5fa871492ebad618c9e1 # v4.3.3
3838
with:
3939
main-branch-name: 'main'
4040

@@ -52,7 +52,7 @@ jobs:
5252
run: npx nx run-many --target=test --configuration=ci --projects=core
5353

5454
- name: Start iOS Simulator
55-
uses: futureware-tech/simulator-action@v4
55+
uses: futureware-tech/simulator-action@dab10d813144ef59b48d401cd95da151222ef8cd # v4
5656
with:
5757
model: 'iPhone 16 Pro'
5858
os_version: '18.4'

.github/workflows/dependency-review.yml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
# Dependency Review Action
2+
#
3+
# This Action will scan dependency manifest files that change as part of a Pull Request,
4+
# surfacing known-vulnerable versions of the packages declared or updated in the PR.
5+
# Once installed, if the workflow run is marked as required,
6+
# PRs introducing known-vulnerable packages will be blocked from merging.
7+
#
8+
# Source repository: https://github.com/actions/dependency-review-action
9+
name: 'Dependency Review'
10+
on: [pull_request]
11+
12+
permissions:
13+
contents: read
14+
15+
jobs:
16+
dependency-review:
17+
runs-on: ubuntu-latest
18+
steps:
19+
- name: 'Checkout Repository'
20+
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
21+
- name: 'Dependency Review'
22+
uses: actions/dependency-review-action@595b5aeba73380359d98a5e087f648dbb0edce1b # v4.7.3

.github/workflows/npm_release_core.yml

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,13 +19,18 @@ jobs:
1919
runs-on: ubuntu-latest
2020

2121
steps:
22-
- uses: actions/checkout@v2
22+
- name: Harden the runner (Audit all outbound calls)
23+
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
24+
with:
25+
egress-policy: audit
26+
27+
- uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
2328

2429
- name: Setup
2530
run: npm run setup
2631

2732
- name: Derive appropriate SHAs for base and head for `nx affected` commands
28-
uses: nrwl/nx-set-shas@v4
33+
uses: nrwl/nx-set-shas@826660b82addbef3abff5fa871492ebad618c9e1 # v4.3.3
2934
with:
3035
main-branch-name: 'main'
3136

.github/workflows/npm_release_tns_core.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,12 @@ jobs:
1818
runs-on: ubuntu-latest
1919

2020
steps:
21-
- uses: actions/checkout@v2
21+
- name: Harden the runner (Audit all outbound calls)
22+
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
23+
with:
24+
egress-policy: audit
25+
26+
- uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
2227

2328
- name: Setup
2429
run: npm install

.github/workflows/npm_release_types.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,10 +18,15 @@ jobs:
1818
runs-on: ubuntu-latest
1919

2020
steps:
21+
- name: Harden the runner (Audit all outbound calls)
22+
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
23+
with:
24+
egress-policy: audit
25+
2126
- name: Todo
2227
run: |
2328
echo "TODO: implement action"
24-
# - uses: actions/checkout@v2
29+
# - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
2530
#
2631
# - name: Setup
2732
# run: npm install

.github/workflows/npm_release_webpack.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,12 @@ jobs:
1717
runs-on: ubuntu-latest
1818

1919
steps:
20-
- uses: actions/checkout@v2
20+
- name: Harden the runner (Audit all outbound calls)
21+
uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
22+
with:
23+
egress-policy: audit
24+
25+
- uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
2126

2227
- name: Setup
2328
run: npm install

.github/workflows/ossf-scorecard.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,6 @@ jobs:
7373
# Upload the results to GitHub's code scanning dashboard (optional).
7474
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
7575
- name: "Upload to code-scanning"
76-
uses: github/codeql-action/upload-sarif@v3
76+
uses: github/codeql-action/upload-sarif@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.30.0
7777
with:
7878
sarif_file: results.sarif

0 commit comments

Comments
 (0)