mirror of
https://github.com/basecamp/trix.git
synced 2026-04-02 06:07:39 +00:00
e62fcc3b58
* Add GitHub Actions audit job (actionlint + zizmor) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Configure dependabot for github-actions, npm, and bundler with batching and cooldowns Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Add local GitHub Actions linting (actionlint + zizmor) to bin/setup and bin/ci Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Pin all GitHub Actions to SHA hashes Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * Fix zizmor findings: add permissions and persist-credentials: false Set workflow-level permissions: {} and add per-job contents: read. Add persist-credentials: false to all checkout steps. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>