Bump braces from 3.0.2 to 3.0.3 (#121)

* Bump braces from 3.0.2 to 3.0.3

Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump rhysd/actionlint from 1.6.27 to 1.7.1

* Update yarn.lock file

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: fabasoad <[email protected]>

Author: dependabot[bot]

.github/labels.yml

@@ -17,7 +17,7 @@ jobs:
       - name: Setup node
         uses: actions/setup-node@v4
         with:
-          node-version-file: ".nvmrc"
+          node-version-file: ".tool-versions"
       - name: Cache yarn dependencies
         id: yarn-cache
         uses: actions/cache@v4

.github/workflows/linting.yml

@@ -4,33 +4,9 @@ name: Release
 on:
   push:
     tags:
-      - 'v*.*.*'
+      - "v*.*.*"
 
 jobs:
-  create-release:
-    name: Create release
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout ${{ github.repository }}
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Get changelog
-        id: changelog
-        uses: simbo/changes-since-last-release-action@v1
-      - name: Create release
-        uses: softprops/action-gh-release@v2
-        with:
-          tag_name: ${{ github.ref }}
-          name: ${{ github.ref_name }}
-          token: ${{ secrets.GITHUB_TOKEN }}
-          body: |
-            # Changelog
-
-            ${{ steps.changelog.outputs.log }}
-          draft: false
-          prerelease: false
-      - name: Bump tags
-        uses: fischerscode/tagger@v0
-        with:
-          prefix: v
+  github:
+    name: GitHub
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-github-release.yml@main

.github/workflows/release.yml

@@ -7,53 +7,10 @@ on: # yamllint disable-line rule:truthy
     branches:
       - main
 
-defaults:
-  run:
-    shell: sh
-
 jobs:
-  code-scanning:
-    name: Code scanning
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout ${{ github.repository }}
-        uses: actions/checkout@v4
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
-        with:
-          languages: "javascript"
-      - name: Perform CodeQL Analysis
-        id: codeql-analysis
-        uses: github/codeql-action/analyze@v3
-      - name: Upload to GHAS
-        if: always()
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          category: "code-scanning"
-          sarif_file: "${{ steps.codeql-analysis.outputs.sarif-output }}"
-  yarn-audit:
-    name: Yarn audit
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout ${{ github.repository }}
-        uses: actions/checkout@v4
-      - name: Yarn audit
-        run: yarn npm audit --all
-  directory-scanning:
-    name: Directory scanning
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout ${{ github.repository }}
-        uses: actions/checkout@v4
-      - name: Scan current project
-        id: scan-directory
-        uses: anchore/scan-action@v3
-        with:
-          by-cve: "true"
-          path: "."
-      - name: Upload to GHAS
-        if: always()
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          category: "directory-scanning"
-          sarif_file: "${{ steps.scan-directory.outputs.sarif }}"
+  sast:
+    name: SAST
+    permissions:
+      contents: read
+      security-events: write
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-security-sast.yml@main

.github/workflows/security.yml

@@ -1,20 +1,13 @@
 ---
-name: Sync labels
+name: Labels
 
 on: # yamllint disable-line rule:truthy
   push:
     branches:
       - main
-    paths:
-      - .github/labels.yml
   workflow_dispatch: {}
 
 jobs:
-  sync-labels:
-    name: Sync labels
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout ${{ github.repository }}
-        uses: actions/checkout@v4
-      - name: Run Label Syncer
-        uses: micnncim/action-label-syncer@v1
+  maintenance:
+    name: Maintenance
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-sync-labels.yml@main

.github/workflows/sync-labels.yml

@@ -1,30 +1,11 @@
 ---
-name: Update license
+name: License
 
-on:
+on: # yamllint disable-line rule:truthy
   schedule:
-    - cron: '0 5 1 1 *'
+    - cron: "0 5 1 1 *"
 
 jobs:
-  run:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout ${{ github.repository }}
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Update LICENSE file
-        uses: FantasticFiasco/action-update-license-year@v3
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          assignees: ${{ github.repository_owner }}
-          labels: enhancement
-          prTitle: Update license copyright year to {{currentYear}}
-          prBody: |
-            ## Changelog
-
-            - Update license copyright year to {{currentYear}}
-
-            ---
-
-            Powered by [FantasticFiasco/action-update-license-year](https://github.com/FantasticFiasco/action-update-license-year)
+  maintenance:
+    name: Maintenance
+    uses: fabasoad/reusable-workflows/.github/workflows/wf-update-license.yml@main

.github/workflows/update-license.yml

@@ -1,2 +1,2 @@
-.yarn/releases/yarn-4.1.1.cjs:aws-access-token:149
-.yarn/releases/yarn-4.1.1.cjs:generic-api-key:567
+.yarn/releases/yarn-4.3.0.cjs:aws-access-token:149
+.yarn/releases/yarn-4.3.0.cjs:generic-api-key:567

.gitleaksignore

@@ -36,21 +36,21 @@ repos:
         verbose: false
         stages: ["push"]
   - repo: https://github.com/Yelp/detect-secrets
-    rev: v1.4.0
+    rev: v1.5.0
     hooks:
       - id: detect-secrets
   - repo: https://github.com/gitleaks/gitleaks
-    rev: v8.18.2
+    rev: v8.18.4
     hooks:
       - id: gitleaks
   - repo: https://github.com/fabasoad/pre-commit-snyk
-    rev: v0.5.0
+    rev: v0.6.2
     hooks:
       - id: snyk-test
         stages: ["push"]
   # Markdown
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.39.0
+    rev: v0.41.0
     hooks:
       - id: markdownlint-fix
         stages: ["commit"]
@@ -62,7 +62,7 @@ repos:
         stages: ["push"]
   # GitHub Actions
   - repo: https://github.com/rhysd/actionlint
-    rev: v1.6.27
+    rev: v1.7.1
     hooks:
       - id: actionlint
         args: ["-pyflakes="]

.nvmrc

@@ -0,0 +1 @@
+nodejs 22.3.0