diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 356b0263f..3ba752efa 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -21,3 +21,38 @@ updates: directory: / schedule: interval: weekly + + - package-ecosystem: npm + directory: /devTools + schedule: + interval: "weekly" + + - package-ecosystem: docker + directory: /docker/backend + schedule: + interval: "weekly" + + - package-ecosystem: docker + directory: /docker/embedded + schedule: + interval: "weekly" + + - package-ecosystem: docker + directory: /docker/frontend + schedule: + interval: "weekly" + + - package-ecosystem: npm + directory: /frontend + schedule: + interval: "weekly" + + - package-ecosystem: cargo + directory: /frontend/src-tauri + schedule: + interval: "weekly" + + - package-ecosystem: pip + directory: /testing/cucumber + schedule: + interval: "weekly" diff --git a/.github/scripts/requirements_pre_commit.txt b/.github/scripts/requirements_pre_commit.txt index 459e46c2c..b98227afb 100644 --- a/.github/scripts/requirements_pre_commit.txt +++ b/.github/scripts/requirements_pre_commit.txt @@ -4,9 +4,9 @@ # # pip-compile --generate-hashes --output-file='.github\scripts\requirements_pre_commit.txt' --strip-extras '.github\scripts\requirements_pre_commit.in' # -cfgv==3.4.0 \ - --hash=sha256:b7265b1f29fd3316bfcd2b330d63d024f2bfd8bcb8b0272f8e19a504856c48f9 \ - --hash=sha256:e52591d4c5f5dead8e0f673fb16db7949d2cfb3f7da4582893288f0ded8fe560 +cfgv==3.5.0 \ + --hash=sha256:a8dc6b26ad22ff227d2634a65cb388215ce6cc96bbcc5cfde7641ae87e8dacc0 \ + --hash=sha256:d5b1034354820651caa73ede66a6294d6e95c1b00acc5e9b098e917404669132 # via pre-commit distlib==0.4.0 \ --hash=sha256:9659f7d87e46584a30b5780e43ac7a2143098441670ff0a49d5f9034c54a6c16 \ @@ -28,9 +28,9 @@ platformdirs==4.5.0 \ --hash=sha256:70ddccdd7c99fc5942e9fc25636a8b34d04c24b335100223152c2803e4063312 \ --hash=sha256:e578a81bb873cbb89a41fcc904c7ef523cc18284b7e3b3ccf06aca1403b7ebd3 # via virtualenv -pre-commit==4.3.0 \ - --hash=sha256:2b0747ad7e6e967169136edffee14c16e148a778a54e4f967921aa1ebf2308d8 \ - --hash=sha256:499fe450cc9d42e9d58e606262795ecb64dd05438943c62b66f6a8673da30b16 +pre-commit==4.5.0 \ + --hash=sha256:25e2ce09595174d9c97860a95609f9f852c0614ba602de3561e267547f2335e1 \ + --hash=sha256:dc5a065e932b19fc1d4c653c6939068fe54325af8e741e74e88db4d28a4dd66b # via -r .github/scripts/requirements_pre_commit.in pyyaml==6.0.3 \ --hash=sha256:00c4bdeba853cc34e7dd471f16b4114f4162dc03e6b7afcc2128711f0eca823c \ diff --git a/.github/scripts/requirements_sync_readme.in b/.github/scripts/requirements_sync_readme.in index 8141b8310..f7501c6d0 100644 --- a/.github/scripts/requirements_sync_readme.in +++ b/.github/scripts/requirements_sync_readme.in @@ -1 +1,2 @@ tomlkit +tomli-w diff --git a/.github/scripts/requirements_sync_readme.txt b/.github/scripts/requirements_sync_readme.txt index eb0cd9bf7..a5cf36a68 100644 --- a/.github/scripts/requirements_sync_readme.txt +++ b/.github/scripts/requirements_sync_readme.txt @@ -4,6 +4,10 @@ # # pip-compile --generate-hashes --output-file='.github\scripts\requirements_sync_readme.txt' --strip-extras '.github\scripts\requirements_sync_readme.in' # +tomli-w==1.2.0 \ + --hash=sha256:188306098d013b691fcadc011abd66727d3c414c571bb01b1a174ba8c983cf90 \ + --hash=sha256:2dd14fac5a47c27be9cd4c976af5a12d87fb1f0b4512f81d69cce3b35ae25021 + # via -r .github/scripts/requirements_sync_readme.in tomlkit==0.13.3 \ --hash=sha256:430cf247ee57df2b94ee3fbe588e71d362a941ebb545dec29b53961d61add2a1 \ --hash=sha256:c89c649d79ee40629a9fda55f8ace8c6a1b42deb912b2a8fd8d942ddadb606b0 diff --git a/.github/workflows/check_toml.yml b/.github/workflows/check_toml.yml index 2f3c4d7e5..afb70e0c9 100644 --- a/.github/workflows/check_toml.yml +++ b/.github/workflows/check_toml.yml @@ -200,7 +200,7 @@ jobs: - name: Install Python dependencies run: | - pip install tomli-w + pip install --require-hashes tomli-w==1.2.0 --hash sha256:188306098d013b691fcadc011abd66727d3c414c571bb01b1a174ba8c983cf90 - name: Run Python script to check files id: run-check diff --git a/.github/workflows/deploy-on-v2-commit.yml b/.github/workflows/deploy-on-v2-commit.yml index f2f90ccfa..4309d5233 100644 --- a/.github/workflows/deploy-on-v2-commit.yml +++ b/.github/workflows/deploy-on-v2-commit.yml @@ -23,10 +23,10 @@ jobs: egress-policy: audit - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Get commit hashes for frontend and backend id: commit-hashes @@ -86,14 +86,14 @@ jobs: - name: Login to Docker Hub - uses: docker/login-action@v3 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_API }} - name: Build and push frontend image if: steps.check-frontend.outputs.exists == 'false' - uses: docker/build-push-action@v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: context: . file: ./docker/frontend/Dockerfile @@ -106,7 +106,7 @@ jobs: - name: Build and push backend image if: steps.check-backend.outputs.exists == 'false' - uses: docker/build-push-action@v6 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: context: . file: ./docker/backend/Dockerfile diff --git a/.github/workflows/sync_files_v2.yml b/.github/workflows/sync_files_v2.yml index 8d8a6710b..d72ba8a9d 100644 --- a/.github/workflows/sync_files_v2.yml +++ b/.github/workflows/sync_files_v2.yml @@ -53,8 +53,7 @@ jobs: cache: "pip" # caching pip dependencies - name: Install Python dependencies - run: | - pip install tomli-w + run: pip install --require-hashes -r ./.github/scripts/requirements_sync_readme.txt - name: Sync translation TOML files run: | @@ -65,9 +64,6 @@ jobs: git add frontend/public/locales/*/translation.toml git diff --staged --quiet || git commit -m ":memo: Sync translation files (TOML)" || echo "No changes detected" - - name: Install README dependencies - run: pip install --require-hashes -r ./.github/scripts/requirements_sync_readme.txt - - name: Sync README.md run: | python scripts/counter_translation_v3.py diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d4c63e8a3..6541be423 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/astral-sh/ruff-pre-commit - rev: v0.14.2 + rev: v0.14.8 hooks: - id: ruff args: @@ -22,7 +22,7 @@ repos: files: \.(html|css|js|py|md)$ exclude: (.vscode|.devcontainer|app/core/src/main/resources|app/proprietary/src/main/resources|Dockerfile|.*/pdfjs.*|.*/thirdParty.*|bootstrap.*|.*\.min\..*|.*diff\.js) - repo: https://github.com/gitleaks/gitleaks - rev: v8.28.0 + rev: v8.30.0 hooks: - id: gitleaks - repo: https://github.com/pre-commit/pre-commit-hooks diff --git a/testing/cucumber/requirements.txt b/testing/cucumber/requirements.txt index 80c32cc3c..aa078aa00 100644 --- a/testing/cucumber/requirements.txt +++ b/testing/cucumber/requirements.txt @@ -7,10 +7,10 @@ behave==1.3.3 \ --hash=sha256:2b8f4b64ed2ea756a5a2a73e23defc1c4631e9e724c499e46661778453ebaf51 \ --hash=sha256:89bdb62af8fb9f147ce245736a5de69f025e5edfb66f1fbe16c5007493f842c0 - # via -r requirements.in -certifi==2025.10.5 \ - --hash=sha256:0f212c2744a9bb6de0c56639a6f68afe01ecd92d91f14ae897c4fe7bbeeef0de \ - --hash=sha256:47c09d31ccf2acf0be3f701ea53595ee7e0b8fa08801c6624be771df09ae7b43 + # via -r testing/cucumber/requirements.in +certifi==2025.11.12 \ + --hash=sha256:97de8790030bbd5c2d96b7ec782fc2f7820ef8dba6db909ccf95449f2d062d4b \ + --hash=sha256:d8ab5478f2ecd78af242878415affce761ca6bc54a22a27e026d7c25357c3316 # via requests charset-normalizer==3.4.4 \ --hash=sha256:027f6de494925c0ab2a55eab46ae5129951638a49a34d87f4c3eda90f696b4ad \ @@ -137,9 +137,9 @@ cucumber-expressions==18.0.1 \ --hash=sha256:86230d503cdda7ef35a1f2072a882d7d57c740aa4c163c82b07f039b6bc60c42 \ --hash=sha256:86ce41bf28ee520408416f38022e5a083d815edf04a0bd1dae46d474ca597c60 # via behave -cucumber-tag-expressions==8.0.0 \ - --hash=sha256:4af80282ff0349918c332428176089094019af6e2a381a2fd8f1c62a7a6bb7e8 \ - --hash=sha256:bfe552226f62a4462ee91c9643582f524af84ac84952643fb09057580cbb110a +cucumber-tag-expressions==8.1.0 \ + --hash=sha256:1de26f183b1e8748e881189edd4bcdf4a80d7ed1011ad7b38cf141fcdcc51094 \ + --hash=sha256:acc56dd19b7bd0b931fc7b124ebbb6737def0775be41186ace7f5e566338ce7d # via behave idna==3.11 \ --hash=sha256:771a87f49d9defaf64091e6e6fe9c18d4833f140bd19464795bc32d966ca37ea \ @@ -290,15 +290,15 @@ pycryptodome==3.23.0 \ --hash=sha256:dea827b4d55ee390dc89b2afe5927d4308a8b538ae91d9c6f7a5090f397af1aa \ --hash=sha256:e3f2d0aaf8080bda0587d58fc9fe4766e012441e2eed4269a77de6aea981c8be \ --hash=sha256:eb8f24adb74984aa0e5d07a2368ad95276cf38051fe2dc6605cbcf482e04f2a7 - # via -r requirements.in + # via -r testing/cucumber/requirements.in pypdf==6.4.0 \ --hash=sha256:4769d471f8ddc3341193ecc5d6560fa44cf8cd0abfabf21af4e195cc0c224072 \ --hash=sha256:55ab9837ed97fd7fcc5c131d52fcc2223bc5c6b8a1488bbf7c0e27f1f0023a79 - # via -r requirements.in -reportlab==4.4.4 \ - --hash=sha256:299b3b0534e7202bb94ed2ddcd7179b818dcda7de9d8518a57c85a58a1ebaadb \ - --hash=sha256:cb2f658b7f4a15be2cc68f7203aa67faef67213edd4f2d4bdd3eb20dab75a80d - # via -r requirements.in + # via -r testing/cucumber/requirements.in +reportlab==4.4.5 \ + --hash=sha256:0457d642aa76df7b36b0235349904c58d8f9c606a872456ed04436aafadc1510 \ + --hash=sha256:849773d7cd5dde2072fedbac18c8bc909506c8befba8f088ba7b09243c6684cc + # via -r testing/cucumber/requirements.in requests==2.32.5 \ --hash=sha256:2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6 \ --hash=sha256:dbba0bac56e100853db0ea71b82b4dfd5fe2bf6d3754a8893c3af500cec7d7cf