⬆️ Bump mkdocs-material from 9.6.23 to 9.7.0 in /docs/mkdocs (#4991 )

Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.6.23 to 9.7.0. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.6.23...9.7.0) --- updated-dependencies: - dependency-name: mkdocs-material dependency-version: 9.7.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
⬆️ Bump actions/dependency-review-action from 4.8.1 to 4.8.2 (#4992 )
2025-11-24 11:54:34 +08:00 · 2025-11-12 19:52:47 +01:00 · 2025-11-12 19:52:39 +01:00 · 2025-11-05 18:07:31 +01:00 · 2025-11-04 11:26:49 +01:00 · 2025-11-04 11:26:36 +01:00
14 changed files with 119 additions and 17 deletions
--- a/.github/workflows/check_amalgamation.yml
+++ b/.github/workflows/check_amalgamation.yml
@@ -11,7 +11,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
        with:
          egress-policy: audit
@@ -34,7 +34,7 @@ jobs:
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
        with:
          egress-policy: audit
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -9,7 +9,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: Harden Runner
-      uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
      with:
        egress-policy: audit
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -27,7 +27,7 @@ jobs:
    steps:
    - name: Harden Runner
-      uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
      with:
        egress-policy: audit
--- a/.github/workflows/comment_check_amalgamation.yml
+++ b/.github/workflows/comment_check_amalgamation.yml
@@ -19,7 +19,7 @@ jobs:
      pull-requests: write
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
        with:
          egress-policy: audit
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -17,11 +17,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
        with:
          egress-policy: audit
      - name: 'Checkout Repository'
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      - name: 'Dependency Review'
-        uses: actions/dependency-review-action@40c09b7dc99638e5ddb0bfd91c1673effc064d8a # v4.8.1
+        uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
--- a/.github/workflows/flawfinder.yml
+++ b/.github/workflows/flawfinder.yml
@@ -0,0 +1,46 @@
 # This workflow uses actions that are not certified by GitHub.
 # They are provided by a third-party and are governed by
 # separate terms of service, privacy policy, and support
 # documentation.
 name: flawfinder
 permissions:
  contents: read
 on:
  push:
    branches: [ "develop" ]
  pull_request:
    # The branches below must be a subset of the branches above
    branches: [ "develop" ]
  schedule:
    - cron: '41 14 * * 3'
 jobs:
  flawfinder:
    name: Flawfinder
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
        with:
          egress-policy: audit
      - name: Checkout code
        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      - name: flawfinder_scan
        uses: david-a-wheeler/flawfinder@c57197cd6061453f10a496f30a732bc1905918d1 # v2.0.19
        with:
          arguments: '--sarif ./'
          output: 'flawfinder_results.sarif'
      - name: Upload analysis results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@7434149006143a4d75b82a2f411ef15b03ccc2d7 # v4
        with:
          sarif_file: ${{github.workspace}}/flawfinder_results.sarif
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -17,7 +17,7 @@ jobs:
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
        with:
          egress-policy: audit
--- a/.github/workflows/publish_documentation.yml
+++ b/.github/workflows/publish_documentation.yml
@@ -27,7 +27,7 @@ jobs:
    runs-on: ubuntu-22.04
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
        with:
          egress-policy: audit
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -36,7 +36,7 @@ jobs:
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
        with:
          egress-policy: audit
--- a/.github/workflows/semgrep.yml
+++ b/.github/workflows/semgrep.yml
@@ -0,0 +1,54 @@
 # This workflow uses actions that are not certified by GitHub.
 # They are provided by a third-party and are governed by
 # separate terms of service, privacy policy, and support
 # documentation.
 # This workflow file requires a free account on Semgrep.dev to
 # manage rules, file ignores, notifications, and more.
 #
 # See https://semgrep.dev/docs
 name: Semgrep
 on:
  push:
    branches: [ "develop" ]
  pull_request:
    # The branches below must be a subset of the branches above
    branches: [ "develop" ]
  schedule:
    - cron: '23 2 * * 4'
 permissions:
  contents: read
 jobs:
  semgrep:
    permissions:
      contents: read # for actions/checkout to fetch code
      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
    name: Scan
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
        with:
          egress-policy: audit
      # Checkout project source
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      # Scan code using project's configuration on https://semgrep.dev/manage
      - uses: returntocorp/semgrep-action@713efdd345f3035192eaa63f56867b88e63e4e5d
        with:
          publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
          publishDeployment: ${{ secrets.SEMGREP_DEPLOYMENT_ID }}
          generateSarif: "1"
      # Upload SARIF file generated in previous step
      - name: Upload SARIF file
        uses: github/codeql-action/upload-sarif@7434149006143a4d75b82a2f411ef15b03ccc2d7 # v4
        with:
          sarif_file: semgrep.sarif
        if: always()
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -16,7 +16,7 @@ jobs:
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
        with:
          egress-policy: audit
--- a/.github/workflows/ubuntu.yml
+++ b/.github/workflows/ubuntu.yml
@@ -46,7 +46,7 @@ jobs:
        target: [ci_test_amalgamation, ci_test_single_header, ci_cppcheck, ci_cpplint, ci_reproducible_tests, ci_non_git_tests, ci_offline_testdata, ci_reuse_compliance, ci_test_valgrind]
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
        with:
          egress-policy: audit
@@ -98,7 +98,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
        with:
          egress-policy: audit
@@ -251,7 +251,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
        with:
          egress-policy: audit
@@ -272,7 +272,7 @@ jobs:
        target: [ci_test_examples, ci_test_build_documentation]
    steps:
      - name: Harden Runner
-        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
        with:
          egress-policy: audit
--- a/README.md
+++ b/README.md
@@ -1883,6 +1883,8 @@ json/tests/src/make_test_data_available.hpp:23: FATAL ERROR: REQUIRE( utils::che
 In case you have downloaded the library rather than checked out the code via Git, test `cmake_fetch_content_configure` will fail. Please execute `ctest -LE git_required` to skip these tests. See [issue #2189](https://github.com/nlohmann/json/issues/2189) for more information.
 Some tests are requiring network to be properly execute. They are labeled as `git_required`. Please execute `ctest -LE git_required` to skip these tests. See [issue #4851](https://github.com/nlohmann/json/issues/4851) for more information.
 Some tests change the installed files and hence make the whole process not reproducible. Please execute `ctest -LE not_reproducible` to skip these tests. See [issue #2324](https://github.com/nlohmann/json/issues/2324) for more information. Furthermore, assertions must be switched off to ensure reproducible builds (see [discussion 4494](https://github.com/nlohmann/json/discussions/4494)).
 Note you need to call `cmake -LE "not_reproducible|git_required"` to exclude both labels. See [issue #2596](https://github.com/nlohmann/json/issues/2596) for more information.
--- a/docs/mkdocs/requirements.txt
+++ b/docs/mkdocs/requirements.txt
@@ -1,8 +1,8 @@
 wheel==0.45.1
 mkdocs==1.6.1                                       # documentation framework
-mkdocs-git-revision-date-localized-plugin==1.4.7    # plugin "git-revision-date-localized"
+mkdocs-git-revision-date-localized-plugin==1.5.0    # plugin "git-revision-date-localized"
-mkdocs-material==9.6.22                             # theme for mkdocs
+mkdocs-material==9.7.0                             # theme for mkdocs
 mkdocs-material-extensions==1.3.1                   # extensions
 mkdocs-minify-plugin==0.8.0                         # plugin "minify"
 mkdocs-redirects==1.2.2                             # plugin "redirects"
Author	SHA1	Message	Date
dependabot[bot]	49026f7999	⬆️ Bump mkdocs-material from 9.6.23 to 9.7.0 in /docs/mkdocs (#4991 ) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.6.23 to 9.7.0. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.6.23...9.7.0) --- updated-dependencies: - dependency-name: mkdocs-material dependency-version: 9.7.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-12 19:52:47 +01:00
dependabot[bot]	667c143262	⬆️ Bump actions/dependency-review-action from 4.8.1 to 4.8.2 (#4992 ) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.8.1 to 4.8.2. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](`40c09b7dc9...3c4e3dcb1a`) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-version: 4.8.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-12 19:52:39 +01:00
dependabot[bot]	af524ab666	⬆️ Bump step-security/harden-runner from 2.13.1 to 2.13.2 (#4990 )	2025-11-05 18:07:31 +01:00
dependabot[bot]	11627521ae	⬆️ Bump mkdocs-material from 9.6.22 to 9.6.23 in /docs/mkdocs (#4986 ) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.6.22 to 9.6.23. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.6.22...9.6.23) --- updated-dependencies: - dependency-name: mkdocs-material dependency-version: 9.6.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-04 11:26:49 +01:00
dependabot[bot]	63bc495cf8	⬆️ Bump returntocorp/semgrep-action (#4988 ) Bumps [returntocorp/semgrep-action](https://github.com/returntocorp/semgrep-action) from fcd5ab7459e8d91cb1777481980d1b18b4fc6735 to 713efdd345f3035192eaa63f56867b88e63e4e5d. - [Changelog](https://github.com/returntocorp/semgrep-action/blob/develop/CHANGELOG.md) - [Commits](`fcd5ab7459...713efdd345`) --- updated-dependencies: - dependency-name: returntocorp/semgrep-action dependency-version: 713efdd345f3035192eaa63f56867b88e63e4e5d dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-04 11:26:36 +01:00
dependabot[bot]	9c38185167	⬆️ Bump mkdocs-git-revision-date-localized-plugin (#4987 )	2025-11-04 08:03:46 +01:00
Niels Lohmann	c8b66cf36e	🔒 harden runners (#4985 )	2025-11-03 06:33:14 +01:00
Gianfranco Costamagna	0c9b68e110	Add a mention of git_required label to skil tests also in case of network issues (#4851 )	2025-11-02 08:34:30 +01:00
Niels Lohmann	8deac49f50	Update GitHub Actions versions in semgrep.yml (#4982 ) Signed-off-by: Niels Lohmann <mail@nlohmann.me>	2025-10-31 20:36:36 +01:00
Niels Lohmann	8c5344eeb2	Update flawfinder workflow with new versions (#4981 ) Signed-off-by: Niels Lohmann <mail@nlohmann.me>	2025-10-31 20:36:30 +01:00
Niels Lohmann	034f3ecdc6	Add Flawfinder workflow for security scanning (#4979 ) Signed-off-by: Niels Lohmann <mail@nlohmann.me>	2025-10-31 17:51:08 +01:00
Niels Lohmann	e137f2ac88	Add Semgrep workflow for code scanning (#4980 ) Signed-off-by: Niels Lohmann <mail@nlohmann.me>	2025-10-31 17:47:28 +01:00