mirrors/jj
1
0
Fork 1
mirror of https://github.com/martinvonz/jj.git synced 2025-01-05 20:55:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
2483 commits 100 branches 30 tags 63 MiB
Commit graph

110 commits

Author SHA1 Message Date
dependabot[bot]
efe72f714a github: bump dtolnay/rust-toolchain 
Bumps [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) from 22cb70465de2ebc761c76f91046abd5a6986040f to ce8f65846d7180d2ce63b1e74483d981800b9e22.
- [Release notes](https://github.com/dtolnay/rust-toolchain/releases)
- [Commits](22cb70465d...ce8f65846d)

---
updated-dependencies:
- dependency-name: dtolnay/rust-toolchain
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-23 08:32:50 -08:00
dependabot[bot]
a29b19fa9d github: bump dtolnay/rust-toolchain 
Bumps [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) from e645b0cf01249a964ec099494d38d2da0f0b349f to 22cb70465de2ebc761c76f91046abd5a6986040f.
- [Release notes](https://github.com/dtolnay/rust-toolchain/releases)
- [Commits](e645b0cf01...22cb70465d)

---
updated-dependencies:
- dependency-name: dtolnay/rust-toolchain
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-20 15:18:40 +00:00
dependabot[bot]
24e03e2ff5 github: bump github/codeql-action from 2.1.38 to 2.1.39 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.38 to 2.1.39.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](515828d974...a34ca99b46)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-19 08:10:30 -08:00
Michael Forster
27228ce292 Update MSRV to 1.61 
This is needed for compatibility with the sapling dag crate.
 2023-01-19 10:29:39 +01:00
Martin von Zweigbergk
ff3edb642f github: build and test all targets 
It seems that at least examples are not included in the default set of
targets, and we clearly want to check that the examples compile, as
that's an important reason we have them. We don't have any tests for
the examples yet, but let's add the flag now so we don't forget it
later.
 2023-01-18 23:03:30 -08:00
dependabot[bot]
7c1b796f3e github: bump github/codeql-action from 2.1.37 to 2.1.38 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.37 to 2.1.38.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](959cbb7472...515828d974)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-12 09:26:31 -08:00
dependabot[bot]
f2cba66029 github: bump actions/upload-artifact from 3.1.1 to 3.1.2 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](83fd05a356...0b7f8abb15)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-06 07:52:03 -08:00
dependabot[bot]
6a6724fd87 github: bump actions/checkout from 3.2.0 to 3.3.0 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](755da8c3cf...ac59398561)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-05 15:33:10 +00:00
Martin von Zweigbergk
635f5a5cb8 build: don't use vendored OpenSSL by default 
I added support for using a vendored OpenSSL in dbadbd68c0. That was
in order to get the musl binary to work. However, it shouldn't be
needed on most platforms, and we've had a few reports of issues caused
by it. Let's disable it by default and enable it specifically when
building the musl binary instead.
 2023-01-03 18:57:38 -08:00
dependabot[bot]
bb0cb7f8d1 github: bump ossf/scorecard-action from 2.1.1 to 2.1.2 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.1 to 2.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](15c10fcf1c...e38b1902ae)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-22 15:15:44 +00:00
Benjamin Saunders
aaa175eca7 lib: replace protobuf crate with prost 2022-12-22 07:04:35 -08:00
dependabot[bot]
1a11679539 github: bump ossf/scorecard-action from 2.1.0 to 2.1.1 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.0 to 2.1.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](937ffa90d7...15c10fcf1c)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-20 08:43:48 -08:00
dependabot[bot]
af32f0d3c3 github: bump ossf/scorecard-action from 2.0.6 to 2.1.0 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.6 to 2.1.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](99c53751e0...937ffa90d7)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-15 07:40:37 -08:00
dependabot[bot]
1f3cfcec9d github: bump github/codeql-action from 2.1.36 to 2.1.37 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.36 to 2.1.37.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](a669cc5936...959cbb7472)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-14 07:35:59 -08:00
dependabot[bot]
ae981ff33a github: bump actions/checkout from 3.1.0 to 3.2.0 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](93ea575cb5...755da8c3cf)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-13 11:35:27 -08:00
Martin von Zweigbergk
b87c1cb514 github: new attempt at Dependabot auto-merge 
This is an updated version of the workflow deleted in f5fc3c35f5,
trying the advice from
https://github.com/cli/cli/issues/6695#issuecomment-1348430969.
 2022-12-13 10:39:58 -08:00
dependabot[bot]
15d40ffa54 github: bump github/codeql-action from 2.1.35 to 2.1.36 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.35 to 2.1.36.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](b2a92eb56d...a669cc5936)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-09 11:09:59 -08:00
Martin von Zweigbergk
79d6779995 github: make Scorecard security scanner not use access token 
Google's security team asked us to remove this use of a PAT. It's
apparently supposed to work without it, it's just that it won't be
able to check that we have bronch protection set up.
 2022-12-08 14:54:28 -08:00
Martin von Zweigbergk
f5fc3c35f5 github: disable broken attempt to auto-merge Dependabot PRs again 
Sigh, I thought it was fixed now, but it seems it's only `gh pr ready`
that works with `GITHUB_TOKEN`. This rolls back commit ee7e7e1b62.
 2022-12-05 14:23:43 -08:00
dependabot[bot]
9a36f1d6e3 github: bump github/codeql-action from 2.1.32 to 2.1.35 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.32 to 2.1.35.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](4238421316...b2a92eb56d)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-12-05 10:07:43 -08:00
Martin von Zweigbergk
ee7e7e1b62 github: new attempt at auto-enabling merge of Dependabot PRs 
cli/cli#1314 is now marked fixed, so let's see if this works. This
rolls back commit 184280f8f801.
 2022-12-01 19:28:39 -08:00
dependabot[bot]
d90a08676c github: bump dtolnay/rust-toolchain 
Bumps [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) from 55c7845fad90d0ae8b2e83715cb900e5e861e8cb to e645b0cf01249a964ec099494d38d2da0f0b349f.
- [Release notes](https://github.com/dtolnay/rust-toolchain/releases)
- [Commits](55c7845fad...e645b0cf01)

---
updated-dependencies:
- dependency-name: dtolnay/rust-toolchain
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-28 05:22:27 -10:00
dependabot[bot]
f9f4f8b520 github: bump EmbarkStudios/cargo-deny-action from 1.3.2 to 1.4.0 
Bumps [EmbarkStudios/cargo-deny-action](https://github.com/EmbarkStudios/cargo-deny-action) from 1.3.2 to 1.4.0.
- [Release notes](https://github.com/EmbarkStudios/cargo-deny-action/releases)
- [Commits](7257a18a9c...8a8607bd8e)

---
updated-dependencies:
- dependency-name: EmbarkStudios/cargo-deny-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-17 07:57:43 -08:00
dependabot[bot]
1c76ea198f github: bump github/codeql-action from 2.1.31 to 2.1.32 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.31 to 2.1.32.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](c3b6fce4ee...4238421316)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-14 09:33:48 -08:00
dependabot[bot]
3e77fcdafa github: bump dtolnay/rust-toolchain 
Bumps [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) from ba37adf8f94a7d9affce79bd3baff1b9e3189c33 to 55c7845fad90d0ae8b2e83715cb900e5e861e8cb.
- [Release notes](https://github.com/dtolnay/rust-toolchain/releases)
- [Commits](ba37adf8f9...55c7845fad)

---
updated-dependencies:
- dependency-name: dtolnay/rust-toolchain
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-11 07:30:54 -08:00
dependabot[bot]
571952dac6 github: bump github/codeql-action from 2.1.30 to 2.1.31 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.30 to 2.1.31.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](18fe527fa8...c3b6fce4ee)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-08 07:40:08 -08:00
dependabot[bot]
e4e4fe4461 github: bump github/codeql-action from 2.1.29 to 2.1.30 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.29 to 2.1.30.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](ec3cf9c605...18fe527fa8)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-11-02 09:33:52 -07:00
dependabot[bot]
9548b6ad49 github: bump github/codeql-action from 2.1.28 to 2.1.29 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.28 to 2.1.29.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](cc7986c02b...ec3cf9c605)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-26 20:44:10 -07:00
dependabot[bot]
27937e6787 github: bump actions/upload-artifact from 3.1.0 to 3.1.1 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](3cea537223...83fd05a356)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-24 10:55:50 -07:00
dependabot[bot]
dc2237b592 github: bump ossf/scorecard-action from 2.0.4 to 2.0.6 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.4 to 2.0.6.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](e363bfca00...99c53751e0)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-19 16:09:53 -07:00
Martin von Zweigbergk
9f01456f84 github: move off of unmaintained actions-rs actions 2022-10-18 19:00:23 -07:00
dependabot[bot]
8789fde73f github: bump github/codeql-action from 2.1.27 to 2.1.28 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.27 to 2.1.28.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](807578363a...cc7986c02b)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-18 09:41:19 -07:00
Martin von Zweigbergk
5db47b7ae8 github: make release build create staging directory 
I think 672f9e85cb was correct in saying that we don't need the
`$staging/complete` directory, but we do seem to need the `$staging`
directory, so let's restore the code for creating that. While at it, I
also cleaned up a bit so we use the `$outdir` variable instead of
duplicating it.
 2022-10-17 21:43:05 -07:00
dependabot[bot]
c292cd8cff github: bump cachix/install-nix-action from 17 to 18 
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 17 to 18.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](d64e055310...daddc62a2e)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-12 08:55:40 -07:00
dependabot[bot]
c1d5a90156 github: bump github/codeql-action from 2.1.26 to 2.1.27 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.26 to 2.1.27.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](e0e5ded33c...807578363a)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-07 09:30:19 -07:00
dependabot[bot]
02ccbaa86e github: bump actions/checkout from 3.0.2 to 3.1.0 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.2 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](2541b1294d...93ea575cb5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-10-04 22:49:04 -07:00
dependabot[bot]
750878a3fd github: bump github/codeql-action from 2.1.25 to 2.1.26 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.25 to 2.1.26.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](86f3159a69...e0e5ded33c)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-09-30 09:09:30 -07:00
dependabot[bot]
62103baa99 github: bump ossf/scorecard-action from 2.0.3 to 2.0.4 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.3 to 2.0.4.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](865b409285...e363bfca00)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-09-28 09:01:07 -07:00
dependabot[bot]
f425e1bd4b github: bump github/codeql-action from 2.1.24 to 2.1.25 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.24 to 2.1.25.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](904260d7d9...86f3159a69)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-09-23 10:10:14 -07:00
Martin von Zweigbergk
86f216541a github: remove publish_results field in wrong place 
When I read
https://github.com/ossf/scorecard-action#breaking-changes-in-v2 for
6d7ce74a9a, it seems like I misread the "for" as "and" in "`include
id-token: write` for `publish_results: true`". The latter is not a
permissions, it's another setting we have defined further down.
 2022-09-18 00:14:39 -07:00
Martin von Zweigbergk
3c22ce11a4 github: remove stale comments indicating action versions 
Dependabot doesn't update the comments, so they go stale very quickly.
 2022-09-16 21:58:47 -07:00
dependabot[bot]
17765d08cd github: bump github/codeql-action from 2.1.23 to 2.1.24 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.23 to 2.1.24.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](6a38b7d4a1...904260d7d9)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-09-16 16:25:37 -05:00
Martin von Zweigbergk
6d7ce74a9a github: add new required permissions for ossf/scorecard 2022-09-16 08:53:11 -05:00
dependabot[bot]
53ccb8d59b github: bump github/codeql-action from 2.1.22 to 2.1.23 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.22 to 2.1.23.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](b398f525a5...6a38b7d4a1)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-09-15 21:52:07 -05:00
Martin von Zweigbergk
10d24ef267 github: remove broken workflow to enable auto-merge for Dependabot 
The workflow that was supposed to enable auto-merge for PRs from
Dependabot is failing like this:


```
Message: Resource not accessible by integration, Locations: [{Line:1 Column:72}]
```

I can't figure out why it's failing (maybe
https://github.com/cli/cli/issues/1314?), so let's just remove it.
 2022-09-12 10:23:58 -07:00
dependabot[bot]
210528e8ae github: bump ossf/scorecard-action from 1.1.2 to 2.0.3 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.1.2 to 2.0.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ce330fde6b...865b409285)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-09-12 09:00:26 -07:00
Martin von Zweigbergk
c7a782b0a1 github: give dependabot auto-merge action permission to update PR 
Hopefully this is the last bit I was missing to get this to work :)
 2022-09-09 12:43:56 -07:00
Martin von Zweigbergk
a33417fa35 github: pass --rebase to gh pr merge since it requires it 
It seems that there's no way to just enable auto-merge without
specifying a merge strategy (presumably because some projects allow
several GitHub merge strategies), so I guess we'll have to live with
the strategy being duplicated between here and the project settings.
 2022-09-06 16:08:24 -07:00
Martin von Zweigbergk
2ff710a131 github: enable auto-merge on Dependabot PRs 
To merge a Dependabot PR, I have to enable auto-merge (two clicks,
including one to confim) and then review and approve it. Since our
branch protections require the PR to be approved, it seems that that
should be enough. This patch adds a GitHub action that calls runs the
GitHub CLI to do that. It is based on
https://dev.to/slashgear_/how-to-automatically-merge-dependabot-pull-requests-with-github-actions--30pe
 2022-09-02 11:49:26 -07:00
dependabot[bot]
f0d7381fa6 github: bump github/codeql-action from 2.1.19 to 2.1.22 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.19 to 2.1.22.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](f5d217be74...b398f525a5)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-09-01 10:49:04 -07:00