Skip to content

Merge #66

Open
Tanker187 wants to merge 60 commits intoDimvy-Clothing-brand:canaryfrom
Tanker187:canary
Open

Merge #66
Tanker187 wants to merge 60 commits intoDimvy-Clothing-brand:canaryfrom
Tanker187:canary

Conversation

@Tanker187
Copy link
Copy Markdown

@Tanker187 Tanker187 commented Aug 20, 2025

Get back

Tanker187 and others added 30 commits August 20, 2025 13:20
@Tanker187
Create node.js.yml
9d98089 
Signed-off-by: Tanker187 <yesim100ya@outlook.com>
@Tanker187
Create jekyll-gh-pages.yml
63390c7 
Signed-off-by: Tanker187 <yesim100ya@outlook.com>
@Tanker187
Create nuxtjs.yml
2b1212b 
Signed-off-by: Tanker187 <yesim100ya@outlook.com>
@Tanker187
Create greetings.yml
aa85d89 
Signed-off-by: Tanker187 <yesim100ya@outlook.com>
@Tanker187
Create generator-generic-ossf-slsa3-publish.yml
376154b 
Signed-off-by: Tanker187 <yesim100ya@outlook.com>
@Tanker187
Create docker-image.yml
09f4bb5 
Signed-off-by: Tanker187 <yesim100ya@outlook.com>
@Tanker187
Create summary.yml
27d9e5f 
Signed-off-by: Tanker187 <yesim100ya@outlook.com>
@Tanker187
Create npm-publish-github-packages.yml
9b5a4e6 
Signed-off-by: Tanker187 <yesim100ya@outlook.com>
@Tanker187
Create 1docker-image.yml
343c805 
Signed-off-by: Tanker187 <yesim100ya@outlook.com>
@Tanker187
Create 1webpack.yml
d72cf22 
Signed-off-by: Tanker187 <yesim100ya@outlook.com>
@Tanker187
Create 1codeql.yml
58d9f0f 
Signed-off-by: Tanker187 <yesim100ya@outlook.com>
@Tanker187
Create aws.yml
10338a2 
Signed-off-by: Tanker187 <yesim100ya@outlook.com>
@Tanker187
Create SECURITY.md
653bd55 
Signed-off-by: Tanker187 <yesim100ya@outlook.com>
@Tanker187
Create SECURITY.md
f1cf5a2 
Signed-off-by: Tanker187 <yesim100ya@outlook.com>
@dependabot
Bump json5 in /turbopack/crates/turbopack/tests/node-file-trace
db7b589 
Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v1.0.1...v1.0.2)

---
updated-dependencies:
- dependency-name: json5
  dependency-version: 1.0.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump next from 15.2.0-canary.19 to 15.4.10 in /packages/third-parties
709e706 
Bumps [next](https://github.com/vercel/next.js) from 15.2.0-canary.19 to 15.4.10.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.2.0-canary.19...v15.4.10)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 15.4.10
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@Tanker187 @github-advanced-security
Potential fix for code scanning alert no. 191: Server-side request fo…
0c9a669 
…rgery

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Tanker187 <yesim100ya@outlook.com>
@Tanker187 @github-advanced-security
Potential fix for code scanning alert no. 192: Server-side request fo…
e1cc217 
…rgery

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Tanker187 <yesim100ya@outlook.com>
@dependabot
Bump vm2 in /turbopack/crates/turbopack/tests/node-file-trace
18ba638 
Bumps [vm2](https://github.com/patriksimek/vm2) from 3.9.11 to 3.10.2.
- [Release notes](https://github.com/patriksimek/vm2/releases)
- [Commits](patriksimek/vm2@3.9.11...v3.10.2)

---
updated-dependencies:
- dependency-name: vm2
  dependency-version: 3.10.2
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump next from 14.2.2 to 15.5.10 in /examples/with-storybook
c10f03d 
Bumps [next](https://github.com/vercel/next.js) from 14.2.2 to 15.5.10.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.2...v15.5.10)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 15.5.10
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump next from 13.4.2 to 15.5.10 in /examples/with-clerk
0e9db2e 
Bumps [next](https://github.com/vercel/next.js) from 13.4.2 to 15.5.10.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v13.4.2...v15.5.10)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 15.5.10
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump tar from 6.1.15 to 7.5.7 in /packages/next
894aadb 
Bumps [tar](https://github.com/isaacs/node-tar) from 6.1.15 to 7.5.7.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.1.15...v7.5.7)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.7
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump tar in /turbopack/crates/turbopack/tests/node-file-trace
adcb42c 
Bumps [tar](https://github.com/isaacs/node-tar) from 6.1.11 to 6.2.1.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.1.11...v6.2.1)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 6.2.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump next from 10.0.4 to 16.1.5 in /examples/with-paste-typescript
c88f91d 
Bumps [next](https://github.com/vercel/next.js) from 10.0.4 to 16.1.5.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v10.0.4...v16.1.5)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 16.1.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump next in /examples/with-nhost-auth-realtime-graphql
6df07cb 
Bumps [next](https://github.com/vercel/next.js) from 10.0.7 to 16.1.5.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v10.0.7...v16.1.5)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 16.1.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump eslint from 9.12.0 to 9.26.0
841b3d0 
Bumps [eslint](https://github.com/eslint/eslint) from 9.12.0 to 9.26.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/v9.26.0/CHANGELOG.md)
- [Commits](eslint/eslint@v9.12.0...v9.26.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.26.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@Tanker187
Create 1nextjs.yml
f39a3e6 
Signed-off-by: Tanker187 <yesim100ya@outlook.com>
@dependabot
Bump next from 15.0.2 to 15.5.10 in /examples/blog-starter
7378046 
Bumps [next](https://github.com/vercel/next.js) from 15.0.2 to 15.5.10.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.0.2...v15.5.10)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 15.5.10
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @Tanker187
Bump mongoose in /turbopack/crates/turbopack/tests/node-file-trace
96ba80c 
Bumps [mongoose](https://github.com/Automattic/mongoose) from 5.13.15 to 6.13.6.
- [Release notes](https://github.com/Automattic/mongoose/releases)
- [Changelog](https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md)
- [Commits](Automattic/mongoose@5.13.15...6.13.6)

---
updated-dependencies:
- dependency-name: mongoose
  dependency-version: 6.13.6
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@Tanker187
Merge pull request #8 from Tanker187/dependabot/npm_and_yarn/turbopac…
84e9afa 
…k/crates/turbopack/tests/node-file-trace/json5-1.0.2

Bump json5 from 1.0.1 to 1.0.2 in /turbopack/crates/turbopack/tests/node-file-trace
Tanker187 and others added 30 commits February 11, 2026 11:48
@Tanker187
Merge pull request #10 from Tanker187/dependabot/npm_and_yarn/package…
4aabf06 
…s/third-parties/next-15.4.10

Bump next from 15.2.0-canary.19 to 15.4.10 in /packages/third-parties
@Tanker187
Merge pull request #11 from Tanker187/alert-autofix-191
1a325f5 
Potential fix for code scanning alert no. 191: Server-side request forgery
@Tanker187
Merge pull request #12 from Tanker187/alert-autofix-192
92b1bd9 
Potential fix for code scanning alert no. 192: Server-side request forgery
@Tanker187
Merge pull request #18 from Tanker187/dependabot/npm_and_yarn/turbopa…
48f75cb 
…ck/crates/turbopack/tests/node-file-trace/vm2-3.10.2

Bump vm2 from 3.9.11 to 3.10.2 in /turbopack/crates/turbopack/tests/node-file-trace
@Tanker187
Merge pull request #19 from Tanker187/dependabot/npm_and_yarn/example…
d42b5af 
…s/with-storybook/next-15.5.10

Bump next from 14.2.2 to 15.5.10 in /examples/with-storybook
@dependabot
Bump next from 15.4.10 to 15.5.10 in /packages/third-parties
177f8ab 
Bumps [next](https://github.com/vercel/next.js) from 15.4.10 to 15.5.10.
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v15.4.10...v15.5.10)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 15.5.10
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@Tanker187
Merge pull request #20 from Tanker187/dependabot/npm_and_yarn/example…
ed0dcdf 
…s/with-clerk/next-15.5.10

Bump next from 13.4.2 to 15.5.10 in /examples/with-clerk
@Tanker187
Merge pull request #22 from Tanker187/dependabot/npm_and_yarn/package…
0b068cf 
…s/next/tar-7.5.7

Bump tar from 6.1.15 to 7.5.7 in /packages/next
@Tanker187
Merge pull request #23 from Tanker187/dependabot/npm_and_yarn/turbopa…
1f47dec 
…ck/crates/turbopack/tests/node-file-trace/tar-6.2.1

Bump tar from 6.1.11 to 6.2.1 in /turbopack/crates/turbopack/tests/node-file-trace
@Tanker187
Merge pull request #39 from Tanker187/dependabot/npm_and_yarn/package…
4a07cfe 
…s/third-parties/next-15.5.10

Bump next from 15.4.10 to 15.5.10 in /packages/third-parties
@Tanker187
Merge pull request #24 from Tanker187/dependabot/npm_and_yarn/example…
0fcc2f8 
…s/with-paste-typescript/next-16.1.5

Bump next from 10.0.4 to 16.1.5 in /examples/with-paste-typescript
@Tanker187
Merge pull request #25 from Tanker187/dependabot/npm_and_yarn/example…
dcdee7b 
…s/with-nhost-auth-realtime-graphql/next-16.1.5

Bump next from 10.0.7 to 16.1.5 in /examples/with-nhost-auth-realtime-graphql
@Tanker187 @github-advanced-security
Potential fix for code scanning alert no. 218: Uncontrolled command line
b78f42c 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Tanker187 <yesim100ya@outlook.com>
@Tanker187
Merge pull request #41 from Tanker187/alert-autofix-218
2df6a9a 
Potential fix for code scanning alert no. 218: Uncontrolled command line
@Tanker187
Merge pull request #38 from Tanker187/dependabot/npm_and_yarn/example…
b963c53 
…s/blog-starter/next-15.5.10

Bump next from 15.0.2 to 15.5.10 in /examples/blog-starter
@Tanker187
Merge pull request #27 from Tanker187/dependabot/npm_and_yarn/eslint-…
8d0c44a 
…9.26.0

Bump eslint from 9.12.0 to 9.26.0
@Tanker187
Merge pull request #5 from Tanker187/Tanker187-patch-3
e42a702 
Create aws.yml
@Tanker187 @github-advanced-security
Potential fix for code scanning alert no. 301: Server-side request fo…
fa16662 
…rgery

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Tanker187 <yesim100ya@outlook.com>
@Tanker187
Merge pull request #52 from Tanker187/alert-autofix-301
413ee31 
Potential fix for code scanning alert no. 301: Server-side request forgery
@Tanker187
Merge pull request #6 from Tanker187/Tanker187-patch-4
369fd8d 
Create SECURITY.md
@Tanker187 @github-advanced-security
Potential fix for code scanning alert no. 239: Regular expression inj…
fe21644 
…ection

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Tanker187 <yesim100ya@outlook.com>
@Tanker187 @github-advanced-security
Potential fix for code scanning alert no. 283: DOM text reinterpreted…
8b80e32 
… as HTML

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Tanker187 <yesim100ya@outlook.com>
@Tanker187
Merge pull request #65 from Tanker187/alert-autofix-283
cd8f31e 
Potential fix for code scanning alert no. 283: DOM text reinterpreted as HTML
@Tanker187
Merge pull request #64 from Tanker187/alert-autofix-239
a9b84d1 
Potential fix for code scanning alert no. 239: Regular expression injection
@dependabot
Bump tar from 7.4.3 to 7.5.11
a41807a 
Bumps [tar](https://github.com/isaacs/node-tar) from 7.4.3 to 7.5.11.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v7.4.3...v7.5.11)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.11
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@stepsecurity-app
[StepSecurity] Apply security best practices
11a46f8 
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
@Tanker187
Merge pull request #75 from Tanker187/chore/GHA-171547-stepsecurity-r…
61acb7c 
…emediation

[StepSecurity] Apply security best practices
@dependabot
Bump socket.io-parser
1a3f2a5 
Bumps [socket.io-parser](https://github.com/socketio/socket.io) from 3.3.2 to 3.3.5.
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/socket.io-parser@3.3.5/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io/commits/socket.io-parser@3.3.5)

---
updated-dependencies:
- dependency-name: socket.io-parser
  dependency-version: 3.3.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@Tanker187
Merge pull request #69 from Tanker187/dependabot/npm_and_yarn/tar-7.5.11
936b691 
Bump tar from 7.4.3 to 7.5.11
@Tanker187
Merge pull request #79 from Tanker187/dependabot/npm_and_yarn/turbopa…
3455dd6 
…ck/crates/turbopack/tests/node-file-trace/socket.io-parser-3.3.5

Bump socket.io-parser from 3.3.2 to 3.3.5 in /turbopack/crates/turbopack/tests/node-file-trace
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Tanker187