From fc5981f1cf84c72d087a436ba2683d6793443915 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 11 Jan 2023 10:47:32 -0500 Subject: [PATCH 1/3] Update all dependencies (#271) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/cd.yml | 6 +++--- .github/workflows/ci.yml | 6 +++--- .github/workflows/scorecards.yml | 8 ++++---- mix.exs | 2 +- mix.lock | 4 ++-- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 84ba1ddc..e3219051 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -24,12 +24,12 @@ jobs: with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - - uses: erlef/setup-elixir@b980a5ac9b7316a23ebc16de2bb69b7c3ad731b5 # v1.15.0 + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + - uses: erlef/setup-elixir@e3f6ffe2878180f57318bf13febd3933ee81f664 # v1.15.2 with: otp-version: ${{ matrix.otp }} elixir-version: ${{ matrix.elixir }} - - uses: actions/cache@c17f4bf4666a8001b1a45c09eb7a485c41aa64c3 # v3.2.0 + - uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3.2.3 with: path: deps key: ${{ runner.os }}-mix-${{ hashFiles(format('{0}{1}', github.workspace, '/mix.lock')) }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b1827cae..661a3ea4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,12 +26,12 @@ jobs: with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 - - uses: erlef/setup-elixir@b980a5ac9b7316a23ebc16de2bb69b7c3ad731b5 # v1.15.0 + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + - uses: erlef/setup-elixir@e3f6ffe2878180f57318bf13febd3933ee81f664 # v1.15.2 with: otp-version: ${{ matrix.otp }} elixir-version: ${{ matrix.elixir }} - - uses: actions/cache@c17f4bf4666a8001b1a45c09eb7a485c41aa64c3 # v3.2.0 + - uses: actions/cache@58c146cc91c5b9e778e71775dfe9bf1442ad9a12 # v3.2.3 with: path: deps key: ${{ runner.os }}-mix-${{ hashFiles(format('{0}{1}', github.workspace, '/mix.lock')) }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 4746e8c0..be083da0 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -27,12 +27,12 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # tag=v2.0.6 + uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 with: results_file: results.sarif results_format: sarif @@ -51,7 +51,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: SARIF file path: results.sarif @@ -59,6 +59,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@cc7986c02bac29104a72998e67239bb5ee2ee110 # tag=v2.1.28 + uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2.1.37 with: sarif_file: results.sarif diff --git a/mix.exs b/mix.exs index 3d8e238a..01fd1f8c 100644 --- a/mix.exs +++ b/mix.exs @@ -44,7 +44,7 @@ defmodule Stellar.MixProject do {:dialyxir, "~> 1.0", only: [:dev], runtime: false}, {:excoveralls, "~> 0.15", only: :test}, {:credo, "~> 1.5", only: [:dev, :test], runtime: false}, - {:ex_doc, "~> 0.24", only: :dev, runtime: false} + {:ex_doc, "~> 0.29", only: :dev, runtime: false} ] end diff --git a/mix.lock b/mix.lock index 129cbcf7..2ba6dd42 100644 --- a/mix.lock +++ b/mix.lock @@ -4,12 +4,12 @@ "crc": {:hex, :crc, "0.10.4", "06f5f54e2ec2954968703dcd37d7a4c65cee7a5305c48a23c509dc20a5469d4f", [:mix, :rebar3], [{:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "90bdd5b5ac883f0b1860692324ed3f53fdaa6f1e8483771873fea07e71def91d"}, "credo": {:hex, :credo, "1.6.4", "ddd474afb6e8c240313f3a7b0d025cc3213f0d171879429bf8535d7021d9ad78", [:mix], [{:bunt, "~> 0.2.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:file_system, "~> 0.2.8", [hex: :file_system, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "c28f910b61e1ff829bffa056ef7293a8db50e87f2c57a9b5c3f57eee124536b7"}, "dialyxir": {:hex, :dialyxir, "1.1.0", "c5aab0d6e71e5522e77beff7ba9e08f8e02bad90dfbeffae60eaf0cb47e29488", [:mix], [{:erlex, ">= 0.2.6", [hex: :erlex, repo: "hexpm", optional: false]}], "hexpm", "07ea8e49c45f15264ebe6d5b93799d4dd56a44036cf42d0ad9c960bc266c0b9a"}, - "earmark_parser": {:hex, :earmark_parser, "1.4.25", "2024618731c55ebfcc5439d756852ec4e85978a39d0d58593763924d9a15916f", [:mix], [], "hexpm", "56749c5e1c59447f7b7a23ddb235e4b3defe276afc220a6227237f3efe83f51e"}, + "earmark_parser": {:hex, :earmark_parser, "1.4.29", "149d50dcb3a93d9f3d6f3ecf18c918fb5a2d3c001b5d3305c926cddfbd33355b", [:mix], [], "hexpm", "4902af1b3eb139016aed210888748db8070b8125c2342ce3dcae4f38dcc63503"}, "ed25519": {:hex, :ed25519, "1.4.0", "3eee373a77c8230ac25ab1d557f436eb6ec584946d7b76ca311f9fa18db84b55", [:mix], [], "hexpm", "420b52c68e2eda14a822c1d15df6c3e386f7b604d4351d6621a2f6baa68ed6dd"}, "elixir_make": {:hex, :elixir_make, "0.6.3", "bc07d53221216838d79e03a8019d0839786703129599e9619f4ab74c8c096eac", [:mix], [], "hexpm", "f5cbd651c5678bcaabdbb7857658ee106b12509cd976c2c2fca99688e1daf716"}, "elixir_xdr": {:hex, :elixir_xdr, "0.2.0", "24a7f911e580a06214d5b71c81d3fa9eb1c35db8c57042cdde409544c094ec99", [:mix], [], "hexpm", "17dc018949dcfc41441def0f229f8801240b1d3fc69ab55a2c98bd7b1a09bfdd"}, "erlex": {:hex, :erlex, "0.2.6", "c7987d15e899c7a2f34f5420d2a2ea0d659682c06ac607572df55a43753aa12e", [:mix], [], "hexpm", "2ed2e25711feb44d52b17d2780eabf998452f6efda104877a3881c2f8c0c0c75"}, - "ex_doc": {:hex, :ex_doc, "0.28.3", "6eea2f69995f5fba94cd6dd398df369fe4e777a47cd887714a0976930615c9e6", [:mix], [{:earmark_parser, "~> 1.4.19", [hex: :earmark_parser, repo: "hexpm", optional: false]}, {:makeup_elixir, "~> 0.14", [hex: :makeup_elixir, repo: "hexpm", optional: false]}, {:makeup_erlang, "~> 0.1", [hex: :makeup_erlang, repo: "hexpm", optional: false]}], "hexpm", "05387a6a2655b5f9820f3f627450ed20b4325c25977b2ee69bed90af6688e718"}, + "ex_doc": {:hex, :ex_doc, "0.29.1", "b1c652fa5f92ee9cf15c75271168027f92039b3877094290a75abcaac82a9f77", [:mix], [{:earmark_parser, "~> 1.4.19", [hex: :earmark_parser, repo: "hexpm", optional: false]}, {:makeup_elixir, "~> 0.14", [hex: :makeup_elixir, repo: "hexpm", optional: false]}, {:makeup_erlang, "~> 0.1", [hex: :makeup_erlang, repo: "hexpm", optional: false]}], "hexpm", "b7745fa6374a36daf484e2a2012274950e084815b936b1319aeebcf7809574f6"}, "excoveralls": {:hex, :excoveralls, "0.15.0", "ac941bf85f9f201a9626cc42b2232b251ad8738da993cf406a4290cacf562ea4", [:mix], [{:hackney, "~> 1.16", [hex: :hackney, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "9631912006b27eca30a2f3c93562bc7ae15980afb014ceb8147dc5cdd8f376f1"}, "file_system": {:hex, :file_system, "0.2.10", "fb082005a9cd1711c05b5248710f8826b02d7d1784e7c3451f9c1231d4fc162d", [:mix], [], "hexpm", "41195edbfb562a593726eda3b3e8b103a309b733ad25f3d642ba49696bf715dc"}, "hackney": {:hex, :hackney, "1.18.1", "f48bf88f521f2a229fc7bae88cf4f85adc9cd9bcf23b5dc8eb6a1788c662c4f6", [:rebar3], [{:certifi, "~>2.9.0", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "~>6.1.0", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "~>1.0.0", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "~>1.1", [hex: :mimerl, repo: "hexpm", optional: false]}, {:parse_trans, "3.3.1", [hex: :parse_trans, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "~>1.1.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}, {:unicode_util_compat, "~>0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "a4ecdaff44297e9b5894ae499e9a070ea1888c84afdd1fd9b7b2bc384950128e"}, From f627500e2437d380a4bb13d51596f4e7f268b5d6 Mon Sep 17 00:00:00 2001 From: Miguel Nieto A <39246879+miguelnietoa@users.noreply.github.com> Date: Mon, 16 Jan 2023 13:57:13 -0500 Subject: [PATCH 2/3] Block egress traffic and add stability badge (#272) * Block egress traffic * Add stability badge in README --- .github/workflows/cd.yml | 9 +++++++-- .github/workflows/ci.yml | 16 ++++++++++++---- .github/workflows/scorecards.yml | 14 ++++++++++++-- README.md | 2 ++ 4 files changed, 33 insertions(+), 8 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index e3219051..9ef83921 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -20,9 +20,14 @@ jobs: HEX_API_KEY: ${{ secrets.HEX_API_KEY }} steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v2.0.0 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + disable-sudo: true + egress-policy: block + allowed-endpoints: > + github.com:443 + hex.pm:443 + repo.hex.pm:443 - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - uses: erlef/setup-elixir@e3f6ffe2878180f57318bf13febd3933ee81f664 # v1.15.2 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 661a3ea4..ae1791be 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,9 +22,14 @@ jobs: MIX_ENV: test steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v2.0.0 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + disable-sudo: true + egress-policy: block + allowed-endpoints: > + coveralls.io:443 + github.com:443 + repo.hex.pm:443 - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - uses: erlef/setup-elixir@e3f6ffe2878180f57318bf13febd3933ee81f664 # v1.15.2 @@ -57,9 +62,12 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v2.0.0 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + disable-sudo: true + egress-policy: block + allowed-endpoints: > + coveralls.io:443 - name: Set BUILD_NUMBER for Pull Request event if: github.event_name == 'pull_request' diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index be083da0..fbb0fa27 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -22,9 +22,19 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@ebacdc22ef6c2cfb85ee5ded8f2e640f4c776dd5 # v2.0.0 + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + disable-sudo: true + egress-policy: block + allowed-endpoints: > + api.github.com:443 + api.osv.dev:443 + api.securityscorecards.dev:443 + bestpractices.coreinfrastructure.org:443 + fulcio.sigstore.dev:443 + github.com:443 + rekor.sigstore.dev:443 + sigstore-tuf-root.storage.googleapis.com:443 - name: "Checkout code" uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 diff --git a/README.md b/README.md index ec12904b..b24fbcb4 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,6 @@ # Elixir Stellar SDK + +![stability-beta](https://img.shields.io/badge/stability-beta-33bbff.svg?style=for-the-badge) ![Build Badge](https://img.shields.io/github/actions/workflow/status/kommitters/stellar_sdk/ci.yml?branch=main&style=for-the-badge) [![Coverage Status](https://img.shields.io/coveralls/github/kommitters/stellar_sdk?style=for-the-badge)](https://coveralls.io/github/kommitters/stellar_sdk) [![Version Badge](https://img.shields.io/hexpm/v/stellar_sdk?style=for-the-badge)](https://hexdocs.pm/stellar_sdk) From 90f7dea9cb8dc0d381260d6294e2e69d7f4cad5c Mon Sep 17 00:00:00 2001 From: Miguel Nieto A <39246879+miguelnietoa@users.noreply.github.com> Date: Mon, 16 Jan 2023 15:03:17 -0500 Subject: [PATCH 3/3] Prepare release v0.11.8 (#273) --- CHANGELOG.md | 5 +++++ README.md | 2 +- mix.exs | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 74706f65..1a1306b2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ # Changelog +## 0.11.8 (16.01.2023) +* Update all dependencies. +* Block egress traffic in GitHub Actions. +* Add stability badge in README. + ## 0.11.7 (27.12.2022) * Add Renovate as dependency update tool. * Add default permissions as read-only in the CI workflow. diff --git a/README.md b/README.md index b24fbcb4..a7267b32 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ The **Stellar SDK** is composed of two complementary components: **`TxBuild`** + ```elixir def deps do [ - {:stellar_sdk, "~> 0.11.7"} + {:stellar_sdk, "~> 0.11.8"} ] end ``` diff --git a/mix.exs b/mix.exs index 01fd1f8c..f512ee19 100644 --- a/mix.exs +++ b/mix.exs @@ -2,7 +2,7 @@ defmodule Stellar.MixProject do use Mix.Project @github_url "https://github.com/kommitters/stellar_sdk" - @version "0.11.7" + @version "0.11.8" def project do [