editor

mirror of https://github.com/maputnik/editor.git synced 2026-06-26 09:07:26 +00:00

Author	SHA1	Message	Date
Frank Elsinga	006eb89fae	chore(sec): pin github deps to shas (#1444 ) ## Launch Checklist Our CI uses a few actions. For these actions, we currently just use the mutable GitHub tag. Since we use Dependabot to update the versions, we should use SHAs. This makes sure that we are not affected by a certain class of supply chain vulnerability where attackers re-publish bad tags. Using SHAs matches GitHub recommendations and is a part of the OpenSSFs Scorecard. - [x] Confirm your changes do not include backports from Mapbox projects (unless with compliant license) - if you are not sure about this, please ask! - [ ] Add an entry to `CHANGELOG.md` under the `## main` section. ^--- not sure if you want this. Other maintenance actions don't show up as well.	2025-10-10 13:55:05 +00:00
Frank Elsinga	8cd5e28f3a	chore(sec): remove not needed permissions (#1442 ) this PR removes a few permissions in CI where I don't think they are needed	2025-10-10 16:40:03 +03:00
dependabot[bot]	ba24695a29	chore(deps): Bump dependabot/fetch-metadata from 2.3.0 to 2.4.0 (#1188 ) Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 2.3.0 to 2.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dependabot/fetch-metadata/releases">dependabot/fetch-metadata's releases</a>.</em></p> <blockquote> <h2>v2.4.0</h2> <h2>What's Changed</h2> <ul> <li>Bump actions/create-github-app-token from 1.11.0 to 1.11.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/598">dependabot/fetch-metadata#598</a></li> <li>Bump <code>@vercel/ncc</code> from 0.38.1 to 0.38.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/578">dependabot/fetch-metadata#578</a></li> <li>Add missing <code>@octokit/request-error</code> to <code>package.json</code> by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/605">dependabot/fetch-metadata#605</a></li> <li>Bump to ESLint 9 by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/606">dependabot/fetch-metadata#606</a></li> <li>Stop using a node16 devcontainer image by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/608">dependabot/fetch-metadata#608</a></li> <li>Make typescript compile to <code>"es2022"</code> by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/609">dependabot/fetch-metadata#609</a></li> <li>Bump the dev-dependencies group across 1 directory with 8 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/607">dependabot/fetch-metadata#607</a></li> <li>Tidy up examples slightly by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/611">dependabot/fetch-metadata#611</a></li> <li>Fixup some anchor tags that weren't deeplinking by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/614">dependabot/fetch-metadata#614</a></li> <li>Remove unnecessary hardcoding of <code>ref</code> by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/617">dependabot/fetch-metadata#617</a></li> <li>Bump actions/create-github-app-token from 1.11.3 to 2.0.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/616">dependabot/fetch-metadata#616</a></li> <li>Enable caching of <code>npm install</code>/<code>npm ci</code> for <code>setup-node</code> action by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/618">dependabot/fetch-metadata#618</a></li> <li>Add workflow to publish new version of immutable action on every release by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/623">dependabot/fetch-metadata#623</a></li> <li>Bump actions/create-github-app-token from 2.0.2 to 2.0.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/621">dependabot/fetch-metadata#621</a></li> <li>v2.4.0 by <a href="https://github.com/fetch-metadata-action-automation"><code>@fetch-metadata-action-automation</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/594">dependabot/fetch-metadata#594</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dependabot/fetch-metadata/compare/v2...v2.4.0">https://github.com/dependabot/fetch-metadata/compare/v2...v2.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dependabot/fetch-metadata/commit/08eff52bf64351f401fb50d4972fa95b9f2c2d1b"><code>08eff52</code></a> v2.4.0 (<a href="https://redirect.github.com/dependabot/fetch-metadata/issues/594">#594</a>)</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/821b65425137ec0dd9fa4e4931297ce81a017ed7"><code>821b654</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/621">#621</a> from dependabot/dependabot/github_actions/actions/cre...</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/2c22a370e3e9f4d539470325c4c46acc607ef78e"><code>2c22a37</code></a> Bump actions/create-github-app-token from 2.0.2 to 2.0.6</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/6ad01a0495c3f8488ba16705f5031cadde56c8ba"><code>6ad01a0</code></a> Add workflow to publish new version of immutable action on every release (<a href="https://redirect.github.com/dependabot/fetch-metadata/issues/623">#623</a>)</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/8ca800c1642f5e46fd4fe73c07af0e3baf1375d6"><code>8ca800c</code></a> Enable caching of <code>npm install</code>/<code>npm ci</code> for <code>setup-node</code> action (<a href="https://redirect.github.com/dependabot/fetch-metadata/issues/618">#618</a>)</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/67876354acc60aadf59dc57d46959117cee2b764"><code>6787635</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/616">#616</a> from dependabot/dependabot/github_actions/actions/cre...</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/a09d4affbb4e2c87349169de0a2ced55e3c27168"><code>a09d4af</code></a> Bump actions/create-github-app-token from 1.11.3 to 2.0.2</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/3a5ce46470ca6c67f17694ac27f0db1caf53b518"><code>3a5ce46</code></a> Remove unnecessary hardcoding of <code>ref</code> (<a href="https://redirect.github.com/dependabot/fetch-metadata/issues/617">#617</a>)</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/798f45cdc56b81396c637207204f29f0f55da017"><code>798f45c</code></a> Fixup some anchor tags that weren't deeplinking (<a href="https://redirect.github.com/dependabot/fetch-metadata/issues/614">#614</a>)</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/6c031ac618d23a38e886535b1c8ea06caaf2a444"><code>6c031ac</code></a> Tidy up examples slightly (<a href="https://redirect.github.com/dependabot/fetch-metadata/issues/611">#611</a>)</li> <li>Additional commits viewable in <a href="https://github.com/dependabot/fetch-metadata/compare/v2.3.0...v2.4.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dependabot/fetch-metadata&package-manager=github_actions&previous-version=2.3.0&new-version=2.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-05-12 13:41:46 +00:00
dependabot[bot]	535cb63093	Bump dependabot/fetch-metadata from 2.2.0 to 2.3.0 (#1034 ) Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 2.2.0 to 2.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dependabot/fetch-metadata/releases">dependabot/fetch-metadata's releases</a>.</em></p> <blockquote> <h2>v2.3.0</h2> <h2>What's Changed</h2> <ul> <li>Bump actions/create-github-app-token from 1.10.2 to 1.10.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/537">dependabot/fetch-metadata#537</a></li> <li>Update readme to include an if conditional by <a href="https://github.com/Nishnha"><code>@Nishnha</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/548">dependabot/fetch-metadata#548</a></li> <li>Silence audit and funding messages from <code>npm</code> by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/550">dependabot/fetch-metadata#550</a></li> <li>Bump actions/create-github-app-token from 1.10.3 to 1.11.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/554">dependabot/fetch-metadata#554</a></li> <li>fix readme action example by <a href="https://github.com/CloudNStoyan"><code>@CloudNStoyan</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/563">dependabot/fetch-metadata#563</a></li> <li>Fixed missing outputs in action.yml by <a href="https://github.com/CatChen"><code>@CatChen</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/564">dependabot/fetch-metadata#564</a></li> <li>Handle branch names containing dependency group by <a href="https://github.com/CloudNStoyan"><code>@CloudNStoyan</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/565">dependabot/fetch-metadata#565</a></li> <li>v2.3.0 by <a href="https://github.com/fetch-metadata-action-automation"><code>@fetch-metadata-action-automation</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/543">dependabot/fetch-metadata#543</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/CloudNStoyan"><code>@CloudNStoyan</code></a> made their first contribution in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/563">dependabot/fetch-metadata#563</a></li> <li><a href="https://github.com/CatChen"><code>@CatChen</code></a> made their first contribution in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/564">dependabot/fetch-metadata#564</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dependabot/fetch-metadata/compare/v2...v2.3.0">https://github.com/dependabot/fetch-metadata/compare/v2...v2.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dependabot/fetch-metadata/commit/d7267f607e9d3fb96fc2fbe83e0af444713e90b7"><code>d7267f6</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/543">#543</a> from dependabot/bump-to-v2.3.0</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/e3dd295a04f6eccc15a116fc5cde058f1735c05d"><code>e3dd295</code></a> v2.3.0</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/3da9521b8c62beab87c4d18ad1e9bd7fd7b9d3bf"><code>3da9521</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/565">#565</a> from CloudNStoyan/main</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/de52f600152fa3f48a82e88e06e864cba8421436"><code>de52f60</code></a> update build</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/59d2b1fb73ac123a1953e2ddc99ea8f1b869463a"><code>59d2b1f</code></a> fix incorrect parsing of directory when using dependency-group</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/0d270694949cee4e6c179fc89629d95e0b9fb763"><code>0d27069</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/564">#564</a> from CatChen/fixed-missing-outputs-in-action-yml</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/5a7546a6e709997b54d62d4e673a23eaa8621a26"><code>5a7546a</code></a> Fixed missing outputs in action.yml</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/06ea45a2e4582d87b11f03c7ce596ae3261f39f6"><code>06ea45a</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/563">#563</a> from CloudNStoyan/main</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/bbfca7ec1c0b06b16cc955f242ebc9f1c8daa4f4"><code>bbfca7e</code></a> fix readme action example</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/b0d0393a82702c1819b5ae7ad6ea780cd8c18aae"><code>b0d0393</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/554">#554</a> from dependabot/dependabot/github_actions/actions/cre...</li> <li>Additional commits viewable in <a href="https://github.com/dependabot/fetch-metadata/compare/v2.2.0...v2.3.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dependabot/fetch-metadata&package-manager=github_actions&previous-version=2.2.0&new-version=2.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-01-27 13:55:19 +00:00
Birk Skyum	891bcf1777	Dependabot automerge workflow (#997 ) Follow up to - #972 Closes #971 - #971 ## Launch Checklist <!-- Thanks for the PR! Feel free to add or remove items from the checklist. --> - [ ] Briefly describe the changes in this PR. - [ ] Link to related issues. - [ ] Include before/after visuals or gifs if this PR includes visual changes. - [ ] Write tests for all new functionality. - [ ] Add an entry to `CHANGELOG.md` under the `## main` section. Co-authored-by: Harel M <harel.mazor@gmail.com>	2025-01-21 12:34:00 +00:00

5 Commits