github/html5-boilerplate
1
1
Fork 0
mirror of https://github.com/h5bp/html5-boilerplate.git synced 2026-01-07 22:04:06 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,605 Commits 16 Branches 42 Tags
main
Commit Graph

81 Commits

Author SHA1 Message Date
dependabot[bot]
c3a1e71d98 chore(deps): bump actions/setup-node from 5.0.0 to 6.0.0 (#3318) 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](a0853c2454...2028fbc5c2)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-04 14:50:57 +09:00
dependabot[bot]
17f5731912 chore(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 (#3303) 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.4.2 to 2.4.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](05b42c6244...4eaacf0543)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-version: 2.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-01 16:08:14 +09:00
dependabot[bot]
97367a94f4 chore(deps): bump github/codeql-action from 3.30.1 to 3.30.5 (#3300) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.1 to 3.30.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](f1f6e5f6af...3599b3baa1)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.30.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-01 16:07:44 +09:00
Rob Larsen
b99ebd644a Updating dist via GitHub Actions and an automated PR (#3282) 
* trying this a different way!

* Update GitHub Actions to use specific commit SHAs

Changed actions/checkout and actions/setup-node to reference specific commit SHAs for improved security and reproducibility. Also set 'persist-credentials' to false for checkout.

---------

Co-authored-by: Christian Oliff <christian_oliff@trimble.com>
 2025-09-17 09:35:06 -04:00
Christian Oliff
f814431eea Add OSSF Scorecard security workflow (#3287) 
This also pins move GitHub Actions so our initial score will be higher.
 2025-09-10 12:31:34 -04:00
Christian Oliff
a0db7c3c5d Pin GitHub Actions to specific commit SHAs (#3284) 
Updated workflow files to use specific commit SHAs for actions/checkout, actions/setup-node, github/codeql-action, and streetsidesoftware/cspell-action. This improves security and reproducibility by preventing unexpected changes from upstream action updates. Also set 'persist-credentials: false' for checkout steps to enhance security.
 2025-09-10 10:13:59 -04:00
Christian Oliff
9a9f4e1990 Update Node Versions (for tests) (#3237) 
* Update Node Versions (for tests)

- Move all test to a single file
- test on Node 20, 22 and 24 - on Windows and Ubuntu
- Sort `package.json` (with VS Code extension of this https://www.npmjs.com/package/sort-package-json)

* Update test.yml
 2025-06-04 11:30:00 +02:00
dependabot[bot]
fdd2d89351 chore(deps): bump streetsidesoftware/cspell-action from 6 to 7 (#3243) 
Bumps [streetsidesoftware/cspell-action](https://github.com/streetsidesoftware/cspell-action) from 6 to 7.
- [Release notes](https://github.com/streetsidesoftware/cspell-action/releases)
- [Changelog](https://github.com/streetsidesoftware/cspell-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/streetsidesoftware/cspell-action/compare/v6...v7)

---
updated-dependencies:
- dependency-name: streetsidesoftware/cspell-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-02 13:13:02 +09:00
Christian Oliff
250757e847 Update Issue Config (#3160) 2024-09-04 13:11:43 -04:00
Christian Oliff
07e9dc66b9 GitHub Actions Tidy-up (#3114) 
- Allow CodeQL workflow to be run from GitHub Actions WebUI at any time
- Set CodeQL to also check for best practises/code problems (as well as security)
- Capitalize Publish GH Action
- Change Windows Test workflow for consistent file extension (also means its formatted with Prettier) and remove leading empty linebreak
- Run Prettier (maybe we should add this to build script to ensure all code is formatted?)
- Change .gitattributes to have LF line-endings for more file types
 2024-04-23 13:16:32 -04:00
Rob Larsen
519966c30c Update bug_report.yml 2024-04-10 14:56:35 -04:00
Rob Larsen
72a8f610c8 Fixing tests on Windows + Windows test action (#3110) 
* Updates for gulp 5

* .DS_Store ignored from copy operations
 2024-04-09 22:53:17 -04:00
Rob Larsen
d00a4b9fda node 18+ (#3104) 
* node 18+

* Remove LGTM mention (service is no longer available)

---------

Co-authored-by: Christian Oliff <christianoliff@pm.me>
 2024-04-08 16:22:49 -04:00
dependabot[bot]
e99a501a25 chore(deps): bump streetsidesoftware/cspell-action from 5 to 6 (#3097) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-04-01 16:28:34 +09:00
dependabot[bot]
ed6a205abb chore(deps): bump actions/dependency-review-action from 3 to 4 (#3074) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-01 16:53:22 +09:00
Arun Sathiya
64126bb84d ci: Use GITHUB_OUTPUT envvar instead of set-output command (#3068) 
* ci: Use GITHUB_OUTPUT envvar instead of set-output command

`save-state` and `set-output` commands used in GitHub Actions are deprecated and [GitHub recommends using environment files](https://github.blog/changelog/2023-07-24-github-actions-update-on-save-state-and-set-output-commands/).

This PR updates the usage of `::set-output` to `"$GITHUB_OUTPUT"`

Instructions for envvar usage from GitHub docs:

https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-an-output-parameter

* Patch up the remaining files too
 2024-01-22 20:59:38 -05:00
dependabot[bot]
9a1f33befb chore(deps): bump github/codeql-action from 2 to 3 (#3060) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-02 17:38:37 +09:00
coliff
e0689d1e8f Docs fixes 
- Fix a few typos
- Remove mention of LGTM (service closed)
- Update Theme Color docs
- Fix a markdown link
- Remove unnecessary 'Table of Contents' from FAQ since we only have 2 questions
- Rename GitHub Action file extensions from .yaml to .yml for consistency
- Run Prettier
- Fix typo on CHANGELOG
 2023-12-06 16:08:27 +09:00
dependabot[bot]
1837792897 chore(deps): bump streetsidesoftware/cspell-action from 4 to 5 (#3048) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-01 16:21:02 +09:00
dependabot[bot]
082f7ef8ba chore(deps): bump actions/setup-node from 3 to 4 (#3041) 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3 to 4.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-01 13:38:31 -04:00
dependabot[bot]
496430dc48 chore(deps): bump streetsidesoftware/cspell-action from 3 to 4 (#3042) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-01 16:02:57 +09:00
J Rob Gant
0a9f716d8f Remove normalize.css and Optimize head tag order. (#3034) 2023-10-05 17:42:37 +09:00
dependabot[bot]
cbd5b8b6d3 chore(deps): bump actions/checkout from 3 to 4 (#3012) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-08 09:19:29 +09:00
Christian Oliff
29d7d8054b Add Prettier (#3011) 
Consistent code formatting!
(it fixed a few minor bugs too)
 2023-09-07 16:20:47 -04:00
Christian Oliff
17073f50b0 Remove a few more Modernizr mentions 2023-09-06 10:23:04 -04:00
Rob Larsen
7e8b7e9c03 this has been broken forever (#3006) 2023-09-05 15:28:42 -04:00
Rob Larsen
0836867337 Update build-dist.yaml 2023-09-05 15:00:34 -04:00
Rob Larsen
47923c6c03 Trying to bypass branch protection rules (#3005) 2023-09-05 14:59:38 -04:00
dependabot[bot]
bc68f051db chore(deps): bump streetsidesoftware/cspell-action from 2 to 3 (#2997) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-01 16:45:39 +09:00
Rob Larsen
5df316b86b Drop Normalize (#2960) 
* npm updates

* tests and readme

* node versions
 2023-08-30 21:34:43 -04:00
Rob Larsen
e4b20602a8 Update Issue Template 2023-03-11 01:31:56 +09:00
dependabot[bot]
a34a3954e7 chore(deps): bump actions/dependency-review-action from 2 to 3 (#2880) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-01 16:09:29 +09:00
Alex
e1c825d925 Update push-to-template.yaml 2022-08-31 08:13:16 +01:00
Christian Oliff
f0f8369df7 Add Spellcheck GitHub Action 
This is setup to display typos in a PR review UI and will warn (but not error) if any detected.
 2022-07-13 10:43:54 +09:00
dependabot[bot]
58f76aaa44 chore(deps): bump actions/dependency-review-action from 1 to 2 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1 to 2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-06-27 02:33:24 +00:00
Christian Oliff
140fe31e5a Create codeql-analysis.yml 
FIxes: #2785
 2022-06-08 11:11:14 +09:00
Christian Oliff
a1d3ea3505 Remove apache-server-configs / .htaccess 2022-06-04 11:45:00 +09:00
Christian Oliff
3743365f8c Create dependency-review.yml 2022-04-18 20:16:01 +09:00
Christian Oliff
5ff5aad134 Update dependabot.yml 
change frequency to monthly. This keeps thing a bit quieter and makes git history less busy.
 2022-04-18 16:16:48 +09:00
Rob Larsen
d9f34cb5c3 Merge pull request #2740 from turrisxyz/naveen/feat/set-perms-actions 
Set permissions for GitHub actions
 2022-04-12 11:31:13 -04:00
Christian Oliff
ad158346ea update node version 
package.json to specify node 14.x and above (as support for Node 12.x ends very soon).
https://nodejs.org/en/about/releases/

Update GitHub Actions to use Maintained and Active versions of Node.
 2022-04-12 11:19:02 +09:00
naveensrinivasan
1b6f24e927 Set permissions for GitHub actions 
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-04-10 00:09:46 +00:00
dependabot[bot]
01889180e8 chore(deps): bump actions/cache from 2 to 3 
Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-28 07:11:30 +00:00
dependabot[bot]
28521df009 chore(deps): bump actions/checkout from 2 to 3 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-03-07 07:14:09 +00:00
dependabot[bot]
c8c777b0cc chore(deps): bump actions/setup-node from 2.5.1 to 3 (#2714) 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2.5.1 to 3.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v2.5.1...v3)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-02-28 12:55:35 -05:00
dependabot[bot]
4ebe7d9559 chore(deps): bump actions/setup-node from 2.5.0 to 2.5.1 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2.5.0 to 2.5.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v2.5.0...v2.5.1)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-03 07:11:02 +00:00
Rob Larsen
8860e8542c Update build-dist.yaml 2021-12-06 10:13:47 -05:00
dependabot[bot]
89863bab79 chore(deps): bump actions/setup-node from 2.4.1 to 2.5.0 (#2658) 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2.4.1 to 2.5.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v2.4.1...v2.5.0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-12-06 09:42:52 -05:00
Rob Larsen
899fb0b411 ci -> install 2021-12-03 23:00:57 -05:00
Rob Larsen
cc6785ebe5 Create build-dist.yaml 2021-12-03 22:49:03 -05:00