Merge branch 'main' into main_qutech

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# By default all of the repository is owned by the qcodes maintainers.
+*       @microsoft/qcodes-maintainers

.github/PULL_REQUEST_TEMPLATE.md

@@ -22,7 +22,7 @@ If this fixes a known bug reported against QCoDeS:
 
 - [ ] Please include a string in the following form ``closes #xxx`` where ``xxx``` is the number of the bug fixed.
 
-Please have a look at [the contributing guide](https://qcodes.github.io/Qcodes/community/contributing.html)
+Please have a look at [the contributing guide](https://microsoft.github.io/Qcodes/community/contributing.html)
 for more information.
 
 If you are in doubt about any of this please ask and we will be happy to help.

.github/dependabot.yml

@@ -4,10 +4,35 @@ updates:
   directory: "/"
   schedule:
     interval: daily
-  open-pull-requests-limit: 10
+  open-pull-requests-limit: 20
   rebase-strategy: "disabled"
+  versioning-strategy: increase-if-necessary
+  groups:
+    zhinst:
+      patterns:
+        - "zhinst*"
+    ipywidgets:
+      patterns:
+        - "ipywidgets"
+        - "widgetsnbextension"
+        - "jupyterlab-widgets"
+    sphinx:
+      patterns:
+        - "sphinx"
+        - "sphinxcontrib*"
+
 - package-ecosystem: github-actions
   directory: "/"
   rebase-strategy: "disabled"
   schedule:
     interval: "daily"
+
+- package-ecosystem: pip
+  directory: /.binder
+  schedule:
+    interval: daily
+
+- package-ecosystem: npm
+  directory: /.github
+  schedule:
+    interval: daily

.github/package.json

@@ -0,0 +1,5 @@
+{
+"devDependencies": {
+	"pyright": "1.1.386"
+}
+}

.github/workflows/codeql-analysis.yml

@@ -4,6 +4,15 @@ on:
   workflow_dispatch:
   schedule:
     - cron: '42 15 * * 0'
+  push:
+    branches:
+      - 'main'
+      - 'release/*'
+  pull_request:
+
+
+permissions:
+  contents: read
 
 jobs:
   analyze:
@@ -20,17 +29,22 @@ jobs:
         language: [ 'python' ]
 
     steps:
+    - name: Harden Runner
+      uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+      with:
+        egress-policy: audit
+
     - name: Checkout repository
-      uses: actions/checkout@v3.0.2
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
       with:
         languages: ${{ matrix.language }}
 
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0

.github/workflows/dependency-review.yml

@@ -0,0 +1,27 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request,
+# surfacing known-vulnerable versions of the packages declared or updated in the PR.
+# Once installed, if the workflow run is marked as required,
+# PRs introducing known-vulnerable packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        with:
+          egress-policy: audit
+
+      - name: 'Checkout Repository'
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@a6993e2c61fd5dc440b409aa1d6904921c5e1894 # v4.3.5