From bfc8072d9a66c8bf725b45349c50cc30dfa279d7 Mon Sep 17 00:00:00 2001 From: Tony Knight Date: Mon, 1 Sep 2025 15:30:03 +0100 Subject: [PATCH 1/4] Pin pkgchk-action version --- .github/workflows/sca.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sca.yml b/.github/workflows/sca.yml index c360fea..57a727f 100644 --- a/.github/workflows/sca.yml +++ b/.github/workflows/sca.yml @@ -26,6 +26,6 @@ jobs: - uses: actions/checkout@v4 - name: Dependency scan - uses: tonycknight/pkgchk-action@v1.0.22 + uses: tonycknight/pkgchk-action@v1 with: project-path: ${{ env.SOLUTION_NAME }} From 7a12d99880d1b03fb64ca490a646804d40cabe43 Mon Sep 17 00:00:00 2001 From: Tony Knight Date: Mon, 1 Sep 2025 15:30:25 +0100 Subject: [PATCH 2/4] Upgrade actions/checkout --- .github/workflows/buildtestpackage.yml | 4 ++-- .github/workflows/release.yaml | 2 +- .github/workflows/sast.yml | 2 +- .github/workflows/sca.yml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/buildtestpackage.yml b/.github/workflows/buildtestpackage.yml index f7a4347..14a7bd4 100644 --- a/.github/workflows/buildtestpackage.yml +++ b/.github/workflows/buildtestpackage.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Setup .NET uses: actions/setup-dotnet@v4 @@ -80,7 +80,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Setup .NET uses: actions/setup-dotnet@v4 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c531b45..740e44d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -19,7 +19,7 @@ jobs: if: github.ref == 'refs/heads/main' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Setup .NET uses: actions/setup-dotnet@v4 diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml index ad8ccbc..021e7de 100644 --- a/.github/workflows/sast.yml +++ b/.github/workflows/sast.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Initialize CodeQL uses: github/codeql-action/init@v3 diff --git a/.github/workflows/sca.yml b/.github/workflows/sca.yml index 57a727f..2446592 100644 --- a/.github/workflows/sca.yml +++ b/.github/workflows/sca.yml @@ -23,7 +23,7 @@ jobs: name: Dependency scan runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Dependency scan uses: tonycknight/pkgchk-action@v1 From 3c8b19f87d0846354f5b13756d53df2deddb67d4 Mon Sep 17 00:00:00 2001 From: Tony Knight Date: Mon, 1 Sep 2025 15:32:59 +0100 Subject: [PATCH 3/4] improve dependabot config --- .github/dependabot.yml | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 887389e..adc5647 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,14 +9,26 @@ updates: labels: - ":game_die: dependencies" - ":robot: bot" - open-pull-requests-limit: 10 + groups: + packages: + patterns: + - "*" ignore: - ## avoid Moq 4.20+ - dependency-name: "Moq" - ## Preserve backward compatibility for library consumers - dependency-name: "FluentValidation" - dependency-name: "FluentValidation.DependencyInjectionExtensions" - ## V8 onwards have licencing imposed - dependency-name: "FluentAssertions" - ## CsvHelper has binary incompatibilities - dependency-name: "CsvHelper" + - package-ecosystem: "github-actions" + directory: "/.github/workflows" + schedule: + interval: "daily" + time: "06:00" + timezone: "Europe/London" + labels: + - ":game_die: dependencies" + - ":robot: bot" + groups: + packages: + patterns: + - "*" From 658a0f0c46c9b3b550b44d04accd84f51a954f98 Mon Sep 17 00:00:00 2001 From: Tony Knight Date: Mon, 1 Sep 2025 15:36:05 +0100 Subject: [PATCH 4/4] upgrade tools --- .config/dotnet-tools.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.config/dotnet-tools.json b/.config/dotnet-tools.json index c200af2..7808b21 100644 --- a/.config/dotnet-tools.json +++ b/.config/dotnet-tools.json @@ -3,14 +3,14 @@ "isRoot": true, "tools": { "dotnet-stryker": { - "version": "4.5.1", + "version": "4.8.1", "commands": [ "dotnet-stryker" ], "rollForward": false }, "dotnet-reportgenerator-globaltool": { - "version": "5.4.7", + "version": "5.4.12", "commands": [ "reportgenerator" ],