From 4d38e3bdc5a847aedfc462cf12f1f81f2fd5c8d9 Mon Sep 17 00:00:00 2001 From: Hawthorne001 <110597351+Hawthorne001@users.noreply.github.com> Date: Mon, 29 Jan 2024 07:04:32 -0500 Subject: [PATCH 1/8] Create python-publish.yml --- .github/workflows/python-publish.yml | 39 ++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/python-publish.yml diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml new file mode 100644 index 00000000000000..bdaab28a48d6b2 --- /dev/null +++ b/.github/workflows/python-publish.yml @@ -0,0 +1,39 @@ +# This workflow will upload a Python Package using Twine when a release is created +# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: Upload Python Package + +on: + release: + types: [published] + +permissions: + contents: read + +jobs: + deploy: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - name: Set up Python + uses: actions/setup-python@v3 + with: + python-version: '3.x' + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install build + - name: Build package + run: python -m build + - name: Publish package + uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29 + with: + user: __token__ + password: ${{ secrets.PYPI_API_TOKEN }} From a9665ddfcbe70310d4146721a20995eaeef27c5b Mon Sep 17 00:00:00 2001 From: Hawthorne001 <110597351+Hawthorne001@users.noreply.github.com> Date: Sun, 3 Mar 2024 09:19:35 -0500 Subject: [PATCH 2/8] Hawt Signed-off-by: Hawthorne001 <110597351+Hawthorne001@users.noreply.github.com> --- .github/workflows/codeql.yml | 84 ++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000000000..6ee510b1b7a5ff --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,84 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ "Hawthorne01" ] + pull_request: + branches: [ "Hawthorne01" ] + schedule: + - cron: '30 15 * * 5' + +jobs: + analyze: + name: Analyze + # Runner size impacts CodeQL analysis time. To learn more, please see: + # - https://gh.io/recommended-hardware-resources-for-running-codeql + # - https://gh.io/supported-runners-and-hardware-resources + # - https://gh.io/using-larger-runners + # Consider using larger runners for possible analysis time improvements. + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} + permissions: + # required for all workflows + security-events: write + + # only required for workflows in private repositories + actions: read + contents: read + + strategy: + fail-fast: false + matrix: + language: [ 'javascript-typescript', 'python', 'ruby' ] + # CodeQL supports [ 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' ] + # Use only 'java-kotlin' to analyze code written in Java, Kotlin or both + # Use only 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v3 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" From b9bfbf1241dce5ab90afa3dea46ac72ace9082d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Mar 2024 03:19:43 +0000 Subject: [PATCH 3/8] Bump the bundler group across 1 directory with 1 update Bumps the bundler group with 1 update in the / directory: [nokogiri](https://github.com/sparklemotion/nokogiri). Updates `nokogiri` from 1.14.3 to 1.16.3 - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.14.3...v1.16.3) --- updated-dependencies: - dependency-name: nokogiri dependency-type: indirect dependency-group: bundler-security-group ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 21a6074d83a08a..cbfef462907cd9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -236,9 +236,9 @@ GEM jekyll-feed (~> 0.9) jekyll-seo-tag (~> 2.1) minitest (5.19.0) - nokogiri (1.14.3-arm64-darwin) + nokogiri (1.16.3-arm64-darwin) racc (~> 1.4) - nokogiri (1.14.3-x86_64-linux) + nokogiri (1.16.3-x86_64-linux) racc (~> 1.4) octokit (4.25.1) faraday (>= 1, < 3) @@ -252,7 +252,7 @@ GEM ruby-rc4 ttfunk public_suffix (4.0.7) - racc (1.6.2) + racc (1.7.3) rainbow (3.1.1) rb-fsevent (0.11.2) rb-inotify (0.10.1) From ed86f7626281f3739cb742a27ee22f4f7cc8ab0b Mon Sep 17 00:00:00 2001 From: Hawthorne001 <110597351+Hawthorne001@users.noreply.github.com> Date: Sat, 23 Mar 2024 03:24:30 -0400 Subject: [PATCH 4/8] Create jekyll-docker.yml Signed-off-by: Hawthorne001 <110597351+Hawthorne001@users.noreply.github.com> --- .github/workflows/jekyll-docker.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 .github/workflows/jekyll-docker.yml diff --git a/.github/workflows/jekyll-docker.yml b/.github/workflows/jekyll-docker.yml new file mode 100644 index 00000000000000..453a5613c8bafd --- /dev/null +++ b/.github/workflows/jekyll-docker.yml @@ -0,0 +1,20 @@ +name: Jekyll site CI + +on: + push: + branches: [ "Hawthorne01" ] + pull_request: + branches: [ "Hawthorne01" ] + +jobs: + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - name: Build the site in the jekyll/builder container + run: | + docker run \ + -v ${{ github.workspace }}:/srv/jekyll -v ${{ github.workspace }}/_site:/srv/jekyll/_site \ + jekyll/builder:latest /bin/bash -c "chmod -R 777 /srv/jekyll && jekyll build --future" From a5c5591197659b3319f70d08299f1e532f2c518c Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 17 May 2024 07:18:18 +0000 Subject: [PATCH 5/8] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-REXML-6861566 --- Gemfile | 2 +- Gemfile.lock | 105 ++++++++++++++++++++++++++++----------------------- 2 files changed, 58 insertions(+), 49 deletions(-) diff --git a/Gemfile b/Gemfile index b69ec372167c63..fe5ac39d259d5c 100644 --- a/Gemfile +++ b/Gemfile @@ -12,7 +12,7 @@ gem "minima", "~> 2.0" # If you have any plugins, put them here! group :jekyll_plugins do - gem "github-pages", "228" + gem "github-pages", "229" end # Windows does not include zoneinfo files, so bundle the tzinfo-data gem diff --git a/Gemfile.lock b/Gemfile.lock index cbfef462907cd9..98c8ce2fef3b8f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -9,23 +9,24 @@ GEM i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - addressable (2.8.4) + addressable (2.8.6) public_suffix (>= 2.0.2, < 6.0) afm (0.2.2) async (2.5.0) console (~> 1.10) io-event (~> 1.1) timers (~> 4.1) + base64 (0.2.0) coffee-script (2.4.1) coffee-script-source execjs - coffee-script-source (1.11.1) + coffee-script-source (1.12.2) colorator (1.1.0) commonmarker (0.23.10) - concurrent-ruby (1.2.2) + concurrent-ruby (1.2.3) console (1.16.2) fiber-local - dnsruby (1.70.0) + dnsruby (1.72.1) simpleidn (~> 0.2.1) eip_validator (0.8.2) activemodel @@ -36,33 +37,34 @@ GEM ethon (0.16.0) ffi (>= 1.15.0) eventmachine (1.2.7) - execjs (2.8.1) - faraday (2.7.4) + execjs (2.9.1) + faraday (2.8.1) + base64 faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) faraday-net_http (3.0.2) - ffi (1.15.5) + ffi (1.16.3) fiber-local (1.0.0) forwardable-extended (2.6.0) front_matter_parser (0.1.1) - gemoji (3.0.1) - github-pages (228) - github-pages-health-check (= 1.17.9) - jekyll (= 3.9.3) - jekyll-avatar (= 0.7.0) - jekyll-coffeescript (= 1.1.1) + gemoji (4.1.0) + github-pages (229) + github-pages-health-check (= 1.18.2) + jekyll (= 3.9.4) + jekyll-avatar (= 0.8.0) + jekyll-coffeescript (= 1.2.2) jekyll-commonmark-ghpages (= 0.4.0) - jekyll-default-layout (= 0.1.4) - jekyll-feed (= 0.15.1) + jekyll-default-layout (= 0.1.5) + jekyll-feed (= 0.17.0) jekyll-gist (= 1.5.0) - jekyll-github-metadata (= 2.13.0) + jekyll-github-metadata (= 2.16.1) jekyll-include-cache (= 0.2.1) jekyll-mentions (= 1.6.0) jekyll-optional-front-matter (= 0.3.2) jekyll-paginate (= 1.1.0) jekyll-readme-index (= 0.3.0) jekyll-redirect-from (= 0.16.0) - jekyll-relative-links (= 0.6.1) + jekyll-relative-links (= 0.7.0) jekyll-remote-theme (= 0.4.3) jekyll-sass-converter (= 1.5.2) jekyll-seo-tag (= 2.8.0) @@ -82,20 +84,20 @@ GEM jekyll-theme-tactile (= 0.2.0) jekyll-theme-time-machine (= 0.2.0) jekyll-titles-from-headings (= 0.5.3) - jemoji (= 0.12.0) - kramdown (= 2.3.2) + jemoji (= 0.13.0) + kramdown (= 2.4.0) kramdown-parser-gfm (= 1.1.0) liquid (= 4.0.4) mercenary (~> 0.3) minima (= 2.5.1) nokogiri (>= 1.13.6, < 2.0) - rouge (= 3.26.0) + rouge (= 3.30.0) terminal-table (~> 1.4) - github-pages-health-check (1.17.9) + github-pages-health-check (1.18.2) addressable (~> 2.3) dnsruby (~> 1.60) - octokit (~> 4.0) - public_suffix (>= 3.0, < 5.0) + octokit (>= 4, < 8) + public_suffix (>= 3.0, < 6.0) typhoeus (~> 1.3) hashery (2.1.2) html-pipeline (2.14.3) @@ -111,10 +113,10 @@ GEM yell (~> 2.0) zeitwerk (~> 2.5) http_parser.rb (0.8.0) - i18n (1.14.1) + i18n (1.14.5) concurrent-ruby (~> 1.0) io-event (1.1.7) - jekyll (3.9.3) + jekyll (3.9.4) addressable (~> 2.4) colorator (~> 1.0) em-websocket (~> 0.5) @@ -127,11 +129,11 @@ GEM pathutil (~> 0.9) rouge (>= 1.7, < 4) safe_yaml (~> 1.0) - jekyll-avatar (0.7.0) + jekyll-avatar (0.8.0) jekyll (>= 3.0, < 5.0) - jekyll-coffeescript (1.1.1) + jekyll-coffeescript (1.2.2) coffee-script (~> 2.2) - coffee-script-source (~> 1.11.1) + coffee-script-source (~> 1.12) jekyll-commonmark (1.4.0) commonmarker (~> 0.22) jekyll-commonmark-ghpages (0.4.0) @@ -139,15 +141,15 @@ GEM jekyll (~> 3.9.0) jekyll-commonmark (~> 1.4.0) rouge (>= 2.0, < 5.0) - jekyll-default-layout (0.1.4) - jekyll (~> 3.0) - jekyll-feed (0.15.1) + jekyll-default-layout (0.1.5) + jekyll (>= 3.0, < 5.0) + jekyll-feed (0.17.0) jekyll (>= 3.7, < 5.0) jekyll-gist (1.5.0) octokit (~> 4.2) - jekyll-github-metadata (2.13.0) + jekyll-github-metadata (2.16.1) jekyll (>= 3.4, < 5.0) - octokit (~> 4.0, != 4.4.0) + octokit (>= 4, < 7, != 4.4.0) jekyll-include-cache (0.2.1) jekyll (>= 3.7, < 5.0) jekyll-mentions (1.6.0) @@ -160,7 +162,7 @@ GEM jekyll (>= 3.0, < 5.0) jekyll-redirect-from (0.16.0) jekyll (>= 3.3, < 5.0) - jekyll-relative-links (0.6.1) + jekyll-relative-links (0.7.0) jekyll (>= 3.3, < 5.0) jekyll-remote-theme (0.4.3) addressable (~> 2.0) @@ -218,27 +220,31 @@ GEM jekyll (>= 3.3, < 5.0) jekyll-watch (2.2.1) listen (~> 3.0) - jemoji (0.12.0) - gemoji (~> 3.0) + jemoji (0.13.0) + gemoji (>= 3, < 5) html-pipeline (~> 2.2) jekyll (>= 3.0, < 5.0) - kramdown (2.3.2) + kramdown (2.4.0) rexml kramdown-parser-gfm (1.1.0) kramdown (~> 2.0) liquid (4.0.4) - listen (3.8.0) + listen (3.9.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) mercenary (0.3.6) + mini_portile2 (2.8.6) minima (2.5.1) jekyll (>= 3.5, < 5.0) jekyll-feed (~> 0.9) jekyll-seo-tag (~> 2.1) - minitest (5.19.0) - nokogiri (1.16.3-arm64-darwin) + minitest (5.23.0) + nokogiri (1.15.6) + mini_portile2 (~> 2.8.2) + racc (~> 1.4) + nokogiri (1.15.6-arm64-darwin) racc (~> 1.4) - nokogiri (1.16.3-x86_64-linux) + nokogiri (1.15.6-x86_64-linux) racc (~> 1.4) octokit (4.25.1) faraday (>= 1, < 3) @@ -251,14 +257,15 @@ GEM hashery (~> 2.0) ruby-rc4 ttfunk - public_suffix (4.0.7) + public_suffix (5.0.5) racc (1.7.3) rainbow (3.1.1) rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) - rexml (3.2.5) - rouge (3.26.0) + rexml (3.2.8) + strscan (>= 3.0.9) + rouge (3.30.0) ruby-rc4 (0.1.5) ruby2_keywords (0.0.5) rubyzip (2.3.2) @@ -271,19 +278,20 @@ GEM sawyer (0.9.2) addressable (>= 2.3.5) faraday (>= 0.17.3, < 3) - simpleidn (0.2.1) + simpleidn (0.2.2) unf (~> 0.1.4) + strscan (3.1.0) terminal-table (1.8.0) unicode-display_width (~> 1.1, >= 1.1.1) timers (4.3.5) ttfunk (1.7.0) - typhoeus (1.4.0) + typhoeus (1.4.1) ethon (>= 0.9.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) unf (0.1.4) unf_ext - unf_ext (0.0.8.2) + unf_ext (0.0.9.1) unicode-display_width (1.8.0) webrick (1.8.1) yell (2.2.2) @@ -291,11 +299,12 @@ GEM PLATFORMS arm64-darwin-22 + ruby x86_64-linux DEPENDENCIES eip_validator (>= 0.8.2) - github-pages (= 228) + github-pages (= 229) html-proofer (>= 5.0.7) minima (~> 2.0) tzinfo-data From e86f6bdccac419954fded2b541ac450c6d1f93dc Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 30 May 2024 14:46:05 +0000 Subject: [PATCH 6/8] fix: Gemfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-NOKOGIRI-7164639 --- Gemfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index b69ec372167c63..bacb794dfcc2b3 100644 --- a/Gemfile +++ b/Gemfile @@ -12,7 +12,7 @@ gem "minima", "~> 2.0" # If you have any plugins, put them here! group :jekyll_plugins do - gem "github-pages", "228" + gem "github-pages", "229" end # Windows does not include zoneinfo files, so bundle the tzinfo-data gem @@ -21,7 +21,7 @@ gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw, :jruby] # Performance-booster for watching directories on Windows gem "wdm", "~> 0.1.1" if Gem.win_platform? -gem "html-proofer", '>=5.0.7' +gem "html-proofer", ">= 5.0.8" gem "eip_validator", ">=0.8.2" From 5ca3d606b6db50de797d9f48cedc87abc2eeb970 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 18 Jul 2024 06:32:38 +0000 Subject: [PATCH 7/8] fix: Gemfile to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-REXML-7462086 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index bacb794dfcc2b3..2b611e3d5afc30 100644 --- a/Gemfile +++ b/Gemfile @@ -12,7 +12,7 @@ gem "minima", "~> 2.0" # If you have any plugins, put them here! group :jekyll_plugins do - gem "github-pages", "229" + gem "github-pages", "230" end # Windows does not include zoneinfo files, so bundle the tzinfo-data gem From 3222c09a438d527dba50f6d87b5ca343ce4010bf Mon Sep 17 00:00:00 2001 From: Tyler Hawthorne <110597351+Hawthorne001@users.noreply.github.com> Date: Mon, 11 Nov 2024 10:08:22 -0500 Subject: [PATCH 8/8] Create SECURITY.md Signed-off-by: Tyler Hawthorne <110597351+Hawthorne001@users.noreply.github.com> --- SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000000000..034e848032092e --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 5.1.x | :white_check_mark: | +| 5.0.x | :x: | +| 4.0.x | :white_check_mark: | +| < 4.0 | :x: | + +## Reporting a Vulnerability + +Use this section to tell people how to report a vulnerability. + +Tell them where to go, how often they can expect to get an update on a +reported vulnerability, what to expect if the vulnerability is accepted or +declined, etc.