Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,10 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5

- name: Setup Node.js
uses: actions/setup-node@v4
uses: actions/setup-node@v5
with:
node-version: 22
# No cache: npm — package-lock.json is gitignored in this project.
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/dependency-security.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5

- name: Setup Node.js
uses: actions/setup-node@v4
uses: actions/setup-node@v5
with:
node-version: 22
# No cache: npm — package-lock.json is gitignored in this project.
Expand All @@ -48,7 +48,7 @@ jobs:

- name: Upload audit report
if: always()
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@v5
with:
name: npm-audit-report
path: npm-audit-full.json
Expand All @@ -60,10 +60,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5

- name: Setup Node.js
uses: actions/setup-node@v4
uses: actions/setup-node@v5
with:
node-version: 22

Expand All @@ -82,13 +82,13 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5

- name: Setup Rust toolchain
uses: dtolnay/rust-toolchain@stable

- name: Cache Cargo registry
uses: actions/cache@v4
uses: actions/cache@v5
with:
path: |
~/.cargo/registry
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/desktop-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ jobs:
- db2 # "Fox Schema DB2" — adds DB2, drops AppImage
runs-on: ${{ matrix.platform }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v5

- name: Install Rust
uses: dtolnay/rust-toolchain@stable
Expand All @@ -65,7 +65,7 @@ jobs:
workspaces: apps/desktop/src-tauri

- name: Install Node
uses: actions/setup-node@v4
uses: actions/setup-node@v5
with:
node-version: 22

Expand Down
20 changes: 10 additions & 10 deletions .github/workflows/release-gate.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,8 @@ jobs:
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
with:
node-version: 22
- run: npm install --ignore-scripts
Expand All @@ -39,8 +39,8 @@ jobs:
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
with:
node-version: 22
- run: npm install --ignore-scripts
Expand All @@ -53,8 +53,8 @@ jobs:
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
with:
node-version: 22
- run: npm install --package-lock-only --ignore-scripts
Expand All @@ -67,7 +67,7 @@ jobs:
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Install Gitleaks
Expand All @@ -86,9 +86,9 @@ jobs:
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v5
- uses: dtolnay/rust-toolchain@stable
- uses: actions/cache@v4
- uses: actions/cache@v5
with:
path: |
~/.cargo/registry
Expand All @@ -107,7 +107,7 @@ jobs:
permissions:
contents: write
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v5
with:
fetch-depth: 0

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/secret-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
# Full history required for push/schedule scans.
# PR scans only need the tip but fetch-depth: 0 is safe for both.
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/version-bump.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@v4
uses: actions/checkout@v5
with:
# Use a PAT or the default GITHUB_TOKEN.
# GITHUB_TOKEN is enough for pushing to non-protected branches.
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/web-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
build-and-push:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v5

- name: Determine image tag
id: ver
Expand Down
2 changes: 1 addition & 1 deletion apps/cli/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
"ink-select-input": "^6.2.0",
"ink-spinner": "^5.0.0",
"ink-text-input": "^6.0.0",
"react": "^18.3.1"
"react": "^19.2.0"
},
"devDependencies": {
"@types/react": "^19.2.17",
Expand Down
8 changes: 8 additions & 0 deletions apps/desktop/src-tauri/.cargo/audit.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# quick-xml 0.39.x is pulled in transitively via plist → tauri. plist parses
# trusted app metadata, not attacker-controlled XML via NsReader. Remove these
# ignores once plist adopts quick-xml >= 0.41 (see rust-plist PR #191).
[advisories]
ignore = [
"RUSTSEC-2026-0194",
"RUSTSEC-2026-0195",
]
2 changes: 2 additions & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,8 @@
"node": ">=22.5"
},
"devDependencies": {
"ink": "^7.1.0",
"react": "^19.2.0",
"typescript": "~6.0.2",
"vitest": "^4.1.8",
"eslint": "^10.6.0",
Expand Down
Loading