chore: Update trunk, linters, and allowed workflow endpoints (#3097)

This updates trunk and the linters. I've also fixed some CI stuff related to Harden Runner's allowed endpoints.
arcjet · Feb 5, 2025 · 92dc38b · 92dc38b
1 parent 901e38a
commit 92dc38b
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 11 deletions.
diff --git a/.github/workflows/reusable-examples.yml b/.github/workflows/reusable-examples.yml
@@ -4,6 +4,11 @@ name: Reusable examples workflow
 
 on: [workflow_call]
 
+env:
+  DO_NOT_TRACK: "1"
+  NEXT_TELEMETRY_DISABLED: "1"
+  TURBO_TELEMETRY_DISABLED: "1"
+
 jobs:
   nestjs:
     name: NestJS
@@ -182,6 +187,7 @@ jobs:
             fonts.gstatic.com:443
             github.com:443
             registry.npmjs.org:443
+            decide.arcjet.com:443
 
       # Checkout
       # Most toolchains require checkout first
@@ -224,6 +230,7 @@ jobs:
             fonts.gstatic.com:443
             github.com:443
             registry.npmjs.org:443
+            decide.arcjet.com:443
 
       # Checkout
       # Most toolchains require checkout first
@@ -266,6 +273,7 @@ jobs:
             fonts.gstatic.com:443
             github.com:443
             registry.npmjs.org:443
+            decide.arcjet.com:443
 
       # Checkout
       # Most toolchains require checkout first
@@ -308,6 +316,7 @@ jobs:
             fonts.gstatic.com:443
             github.com:443
             registry.npmjs.org:443
+            decide.arcjet.com:443
 
       # Checkout
       # Most toolchains require checkout first
@@ -352,6 +361,7 @@ jobs:
             fonts.gstatic.com:443
             github.com:443
             registry.npmjs.org:443
+            decide.arcjet.com:443
 
       # Checkout
       # Most toolchains require checkout first
@@ -396,6 +406,7 @@ jobs:
             fonts.gstatic.com:443
             github.com:443
             registry.npmjs.org:443
+            decide.arcjet.com:443
 
       # Checkout
       # Most toolchains require checkout first
@@ -438,6 +449,7 @@ jobs:
             fonts.gstatic.com:443
             github.com:443
             registry.npmjs.org:443
+            decide.arcjet.com:443
 
       # Checkout
       # Most toolchains require checkout first
@@ -483,6 +495,7 @@ jobs:
             fonts.gstatic.com:443
             github.com:443
             registry.npmjs.org:443
+            decide.arcjet.com:443
 
       # Checkout
       # Most toolchains require checkout first
@@ -528,6 +541,7 @@ jobs:
             fonts.gstatic.com:443
             github.com:443
             registry.npmjs.org:443
+            decide.arcjet.com:443
 
       # Checkout
       # Most toolchains require checkout first
@@ -570,6 +584,7 @@ jobs:
             fonts.gstatic.com:443
             github.com:443
             registry.npmjs.org:443
+            decide.arcjet.com:443
 
       # Checkout
       # Most toolchains require checkout first
@@ -612,6 +627,7 @@ jobs:
             fonts.gstatic.com:443
             github.com:443
             registry.npmjs.org:443
+            decide.arcjet.com:443
 
       # Checkout
       # Most toolchains require checkout first
@@ -654,6 +670,7 @@ jobs:
             fonts.gstatic.com:443
             github.com:443
             registry.npmjs.org:443
+            decide.arcjet.com:443
 
       # Checkout
       # Most toolchains require checkout first
@@ -696,6 +713,7 @@ jobs:
             fonts.gstatic.com:443
             github.com:443
             registry.npmjs.org:443
+            decide.arcjet.com:443
 
       # Checkout
       # Most toolchains require checkout first
@@ -741,6 +759,7 @@ jobs:
             fonts.gstatic.com:443
             github.com:443
             registry.npmjs.org:443
+            decide.arcjet.com:443
 
       # Checkout
       # Most toolchains require checkout first
@@ -783,6 +802,7 @@ jobs:
             fonts.gstatic.com:443
             github.com:443
             registry.npmjs.org:443
+            decide.arcjet.com:443
 
       # Checkout
       # Most toolchains require checkout first
@@ -903,6 +923,7 @@ jobs:
           allowed-endpoints: >
             github.com:443
             registry.npmjs.org:443
+            decide.arcjet.com:443
 
       # Checkout
       # Most toolchains require checkout first

diff --git a/.github/workflows/reusable-test.yml b/.github/workflows/reusable-test.yml
@@ -4,6 +4,11 @@ name: Reusable test workflow
 
 on: [workflow_call]
 
+env:
+  DO_NOT_TRACK: "1"
+  NEXT_TELEMETRY_DISABLED: "1"
+  TURBO_TELEMETRY_DISABLED: "1"
+
 jobs:
   test:
     name: "Run tests (OS: ${{matrix.os}}, Node: ${{ matrix.node }})"

diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml
@@ -2,35 +2,35 @@
 # To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml
 version: 0.1
 cli:
-  version: 1.22.2
+  version: 1.22.10
 # Trunk provides extensibility via plugins. (https://docs.trunk.io/plugins)
 plugins:
   sources:
     - id: trunk
-      ref: v1.6.0
+      ref: v1.6.7
       uri: https://github.com/trunk-io/plugins
 # Many linters and tools depend on runtimes - configure them here. (https://docs.trunk.io/runtimes)
 runtimes:
   enabled:
     - [email protected]
-    - node@18.12.1
+    - node@18.20.5
     - [email protected]
 # This is the section where you manage your linters. (https://docs.trunk.io/check/configuration)
 lint:
   enabled:
     - [email protected]
     - [email protected]
-    - trivy@0.52.1
+    - trivy@0.59.1
     - [email protected]
-    - semgrep@1.75.0
-    - gitleaks@8.18.3
-    - [email protected].1
+    - semgrep@1.107.0
+    - gitleaks@8.23.3
+    - [email protected].7
     - git-diff-check
-    - markdownlint@0.41.0
-    - osv-scanner@1.7.4
-    - prettier@3.3.2
+    - markdownlint@0.44.0
+    - osv-scanner@1.9.2
+    - prettier@3.4.2
     - [email protected]
-    - trufflehog@3.78.1
+    - trufflehog@3.88.4
   disabled:
     # tfsec and checkov are replaced by Trivy
     - tfsec