Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hash pin only sensible workflows #4214

Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

Hash pin only sensible workflows #4214

wants to merge 2 commits into from

Conversation

joycebrum
Copy link
Contributor

Closes #4058

I've hash pinned only the workflows that had write permissions and configure the dependabot to run monthly. It may, from to time, suggest major updates on other workflows, but it you can use a "dependabot command" to make it not suggest that upgrade anymore.

Pull request checklist

Read the Contribution Guidelines for detailed information.

  • Changes are described in the pull request, or an existing issue is referenced.
  • The test suite compiles and runs without error.
  • Code coverage is 100%. Test cases can be added by editing the test suite.
  • The source code is amalgamated; that is, after making changes to the sources in the include/nlohmann directory, run make amalgamate to create the single-header files single_include/nlohmann/json.hpp and single_include/nlohmann/json_fwd.hpp. The whole process is described here.

Please don't

  • The C++11 support varies between different compilers and versions. Please note the list of supported compilers. Some compilers like GCC 4.7 (and earlier), Clang 3.3 (and earlier), or Microsoft Visual Studio 13.0 and earlier are known not to work due to missing or incomplete C++11 support. Please refrain from proposing changes that work around these compiler's limitations with #ifdefs or other means.
  • Specifically, I am aware of compilation problems with Microsoft Visual Studio (there even is an issue label for this kind of bug). I understand that even in 2016, complete C++11 support isn't there yet. But please also understand that I do not want to drop features or uglify the code just to make Microsoft's sub-standard compiler happy. The past has shown that there are ways to express the functionality such that the code compiles with the most recent MSVC - unfortunately, this is not the main objective of the project.
  • Please refrain from proposing changes that would break JSON conformance. If you propose a conformant extension of JSON to be supported by the library, please motivate this extension.
  • Please do not open pull requests that address multiple issues.

step-security-bot and others added 2 commits November 24, 2023 17:23
@step-security-bot @joycebrum
[StepSecurity] Apply security best practices (#1)
e8f3c5c 
* [StepSecurity] Apply security best practices

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>

* Update dependabot.yml

Signed-off-by: Joyce <joycebrum@google.com>

* Update labeler.yml

Signed-off-by: Joyce <joycebrum@google.com>

---------

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Signed-off-by: Joyce <joycebrum@google.com>
Co-authored-by: Joyce <joycebrum@google.com>
@joycebrum
Update dependabot.yml
2890205 
Signed-off-by: Joyce <joycebrum@google.com>
@coveralls
Copy link

Coverage Status

coverage: 100.0%. remained the same
when pulling 2890205 on joycebrum:develop
into 6eab7a2 on nlohmann:develop.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nlohmann nlohmann Awaiting requested review from nlohmann nlohmann is a code owner

Assignees
No one assigned
Labels
CI M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Feat: hash pin github workflow dependencies
3 participants
@joycebrum @coveralls @step-security-bot