From 6bc07b70e5f4d7a1919cadaade3bf86187563df3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Mar 2026 04:54:56 +0000 Subject: [PATCH 1/3] Bump the github-actions group with 3 updates Bumps the github-actions group with 3 updates: [github/codeql-action](https://github.com/github/codeql-action), [actions/dependency-review-action](https://github.com/actions/dependency-review-action) and [actions/setup-node](https://github.com/actions/setup-node). Updates `github/codeql-action` from 4.32.4 to 4.32.6 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/89a39a4e59826350b863aa6b6252a07ad50cf83e...0d579ffd059c29b07949a3cce3983f0780820c98) Updates `actions/dependency-review-action` from 4.8.3 to 4.9.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/05fe4576374b728f0c523d6a13d64c25081e0803...2031cfc080254a8a887f58cffee85186f0e49e48) Updates `actions/setup-node` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/6044e13b5dc448c55e2357c09f80417699197238...53b83947a5a98c8d113130e565377fae1a50d02f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/dependency-review-action dependency-version: 4.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 4 ++-- .github/workflows/dependency-review.yml | 2 +- .github/workflows/sonar-scan.yml | 2 +- .github/workflows/test.yml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c4e1651..5ba3ec4 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -33,12 +33,12 @@ jobs: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4 + uses: github/codeql-action/init@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 with: languages: ${{ matrix.language }} queries: +security-and-quality - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4 + uses: github/codeql-action/analyze@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 44deeac..02daa24 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -15,4 +15,4 @@ jobs: persist-credentials: false - name: "Dependency Review" - uses: actions/dependency-review-action@05fe4576374b728f0c523d6a13d64c25081e0803 # v4.7 + uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.7 diff --git a/.github/workflows/sonar-scan.yml b/.github/workflows/sonar-scan.yml index 625fe91..be9a12e 100644 --- a/.github/workflows/sonar-scan.yml +++ b/.github/workflows/sonar-scan.yml @@ -25,7 +25,7 @@ jobs: persist-credentials: false - name: Setup Node.js - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: 18 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a2b5925..58bc4e1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -25,7 +25,7 @@ jobs: persist-credentials: false - name: Set up Node.js - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: node-version: "${{ env.NODE }}" cache: npm From f65509c94dcf596ac34abfd7cab71c5730a1c859 Mon Sep 17 00:00:00 2001 From: Christian Oliff Date: Fri, 13 Mar 2026 13:57:20 +0900 Subject: [PATCH 2/3] Add CODEOWNERS file to define code ownership --- .github/CODEOWNERS | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .github/CODEOWNERS diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..6b4c901 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,3 @@ +# About CODEOWNERS - https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners + +* @coliff From f4ec0041d11ccf1da322addbcc3a626396d615af Mon Sep 17 00:00:00 2001 From: Christian Oliff Date: Fri, 13 Mar 2026 13:59:31 +0900 Subject: [PATCH 3/3] Remove Ryan Kuhn from Trusted Committer list --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index ea9e526..63233d7 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,6 @@ The Developer Guidelines website is run by the Developer Guidelines Working Grou |-------------------|-----------------| | Owner / Chair | Jeff Doolittle | | Trusted Committer | Matthew Dexter | -| Trusted Committer | Ryan Kuhn | | Trusted Committer | Kevin Chapman | | Trusted Committer | Christian Oliff | | Trusted Committer | Ian Welch |