From 5be33a9213113ae9484d61562579e7a3bc74c8a4 Mon Sep 17 00:00:00 2001 From: Alan de Freitas Date: Fri, 20 Feb 2026 21:45:14 -0500 Subject: [PATCH 1/2] ci(dependabot): disable alerts for doc npm dependencies --- .github/dependabot.yml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..39db88640 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,28 @@ +# Dependabot configuration +# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file +version: 2 +updates: + # Disable all Dependabot activity for the doc/ npm manifest. + # + # These are documentation build tools only (Antora, AsciiDoc extensions) + # and are never deployed or exposed to untrusted input, so security + # alerts for transitive dependencies here are not actionable. + # + # NOTE: This config prevents Dependabot from opening PRs (both version + # updates and security fixes). However, GitHub's dependency graph may + # still create security *alerts* for vulnerabilities it detects in + # doc/package-lock.json. Those alerts should be dismissed as + # "tolerable risk" since this manifest is doc-tooling only. + - package-ecosystem: "npm" + # Path to the directory containing package.json / package-lock.json. + directory: "/doc" + schedule: + # The schema requires a schedule interval even when all + # updates are effectively disabled via the settings below. + interval: "weekly" + # Do not open any version-update PRs for this manifest. + open-pull-requests-limit: 0 + # Ignore all npm dependencies so Dependabot does not open + # security-fix PRs for transitive vulnerabilities either. + ignore: + - dependency-name: "*" From af6a0fd66149f62dd306e3b3e67de7f6eb6a6766 Mon Sep 17 00:00:00 2001 From: Alan de Freitas Date: Mon, 23 Feb 2026 10:47:02 -0500 Subject: [PATCH 2/2] ci: update cpp-actions to v1.9.3 --- .github/workflows/ci.yml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0e4549476..1b9f3b0ae 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -53,7 +53,7 @@ jobs: matrix: ${{ steps.cpp-matrix.outputs.matrix }} steps: - name: Generate Test Matrix - uses: alandefreitas/cpp-actions/cpp-matrix@v1.9.0 + uses: alandefreitas/cpp-actions/cpp-matrix@v1.9.3 id: cpp-matrix with: compilers: | @@ -111,7 +111,7 @@ jobs: uses: actions/checkout@v4 - name: Setup C++ - uses: alandefreitas/cpp-actions/setup-cpp@v1.9.0 + uses: alandefreitas/cpp-actions/setup-cpp@v1.9.3 id: setup-cpp with: compiler: ${{ matrix.compiler }} @@ -119,13 +119,13 @@ jobs: - name: Install packages if: matrix.install != '' - uses: alandefreitas/cpp-actions/package-install@v1.9.0 + uses: alandefreitas/cpp-actions/package-install@v1.9.3 id: package-install with: apt-get: ${{ matrix.install }} - name: Clone Boost - uses: alandefreitas/cpp-actions/boost-clone@v1.9.0 + uses: alandefreitas/cpp-actions/boost-clone@v1.9.3 id: boost-clone with: branch: ${{ (github.ref_name == 'master' && github.ref_name) || 'develop' }} @@ -203,7 +203,7 @@ jobs: corpus- - name: CMake Workflow - uses: alandefreitas/cpp-actions/cmake-workflow@v1.9.0 + uses: alandefreitas/cpp-actions/cmake-workflow@v1.9.3 if: matrix.is-no-factor-intermediary != 'true' with: source-dir: ../boost-root @@ -226,7 +226,7 @@ jobs: trace-commands: true - name: CMake Integration Workflow - uses: alandefreitas/cpp-actions/cmake-workflow@v1.9.0 + uses: alandefreitas/cpp-actions/cmake-workflow@v1.9.3 if: matrix.is-no-factor-intermediary != 'true' with: source-dir: ../boost-root/libs/${{ steps.patch.outputs.module }}/test/cmake_test @@ -244,7 +244,7 @@ jobs: trace-commands: true - name: CMake Root Workflow - uses: alandefreitas/cpp-actions/cmake-workflow@v1.9.0 + uses: alandefreitas/cpp-actions/cmake-workflow@v1.9.3 if: matrix.is-no-factor-intermediary != 'true' with: source-dir: . @@ -263,7 +263,7 @@ jobs: trace-commands: true - name: B2 Workflow - uses: alandefreitas/cpp-actions/b2-workflow@v1.9.0 + uses: alandefreitas/cpp-actions/b2-workflow@v1.9.3 env: # Set flags via B2 options exclusively CFLAGS: '' @@ -291,7 +291,7 @@ jobs: warnings-as-errors: true - name: FlameGraph - uses: alandefreitas/cpp-actions/flamegraph@v1.9.0 + uses: alandefreitas/cpp-actions/flamegraph@v1.9.3 if: matrix.time-trace with: source-dir: ../boost-root/libs/url @@ -362,7 +362,7 @@ jobs: fetch-depth: 100 - name: Changelog - uses: alandefreitas/cpp-actions/create-changelog@v1.9.0 + uses: alandefreitas/cpp-actions/create-changelog@v1.9.3 with: thank-non-regular: ${{ startsWith(github.ref, 'refs/tags/') }} github-token: ${{ secrets.GITHUB_TOKEN }} @@ -385,7 +385,7 @@ jobs: shell: bash steps: - name: Install packages - uses: alandefreitas/cpp-actions/package-install@v1.9.0 + uses: alandefreitas/cpp-actions/package-install@v1.9.3 with: apt-get: git cmake @@ -393,7 +393,7 @@ jobs: uses: actions/checkout@v4 - name: Clone Boost - uses: alandefreitas/cpp-actions/boost-clone@v1.9.0 + uses: alandefreitas/cpp-actions/boost-clone@v1.9.3 id: boost-clone with: branch: ${{ (github.ref_name == 'master' && github.ref_name) || 'develop' }}