AdamKorcz
1aca1d9445
🌱 convert packaging check to probe ( #3486 )
...
* 🌱 convert packaging check to probe
Signed-off-by: AdamKorcz <adam@adalogics.com>
* amend text in def.yml
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Correct short description in def.yml
Signed-off-by: AdamKorcz <adam@adalogics.com>
* log negative findings
Signed-off-by: AdamKorcz <adam@adalogics.com>
* rename probe
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Fix the broken e2e test: The probe returned minimum score instead of inconclusive score which was not consistent with the previous scoring. This commit also removes the debug statements
Signed-off-by: AdamKorcz <adam@adalogics.com>
* change score text
Signed-off-by: AdamKorcz <adam@adalogics.com>
* include file details. process all packaging workflows
Signed-off-by: AdamKorcz <adam@adalogics.com>
---------
Signed-off-by: AdamKorcz <adam@adalogics.com>
2023-10-24 19:12:05 +00:00
AdamKorcz
0e3a5233ae
🌱 Add license probe ( #3465 )
...
* 🌱 Add license probe
Signed-off-by: AdamKorcz <adam@adalogics.com>
* [WIP] add two remaining license checks as probes
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix nits
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Use Errorf in test
Signed-off-by: AdamKorcz <adam@adalogics.com>
* use zrunner
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix wrong return value
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix linting issues and remove empty default
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix double if statement
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Remove struct field from test
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Add test for nil-case of license files slice
Signed-off-by: AdamKorcz <adam@adalogics.com>
* rewrite multiple def.ymls
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix nits
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Add unit test with multiple unapproved license files
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Add link to approved license formats
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix linting
Signed-off-by: AdamKorcz <adam@adalogics.com>
* remove comment
Signed-off-by: AdamKorcz <adam@adalogics.com>
* preserve logging from original check
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix typo
Signed-off-by: AdamKorcz <adam@adalogics.com>
* remove redundant map manipulation
Signed-off-by: AdamKorcz <adam@adalogics.com>
* rename hasApproveLicense probe
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Return OutcomeNotApplicable if hasFSFOrOSIApprovedLicense probe does not find a license
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Include license file locations in log
Signed-off-by: AdamKorcz <adam@adalogics.com>
* fix linting issues
Signed-off-by: AdamKorcz <adam@adalogics.com>
* replace strings filtering with OutcomeNotApplicable in hasLicenseFileAtTopDir probe
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Fix linter issue
Signed-off-by: AdamKorcz <adam@adalogics.com>
* Include location of found license files
Signed-off-by: AdamKorcz <adam@adalogics.com>
---------
Signed-off-by: AdamKorcz <adam@adalogics.com>
2023-10-24 11:48:41 -07:00
Raghav Kaul
622f10442c
🌱 GitLab: track coverage for gitlab e2e tests ( #3601 )
...
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2023-10-24 11:19:43 -07:00
dependabot[bot]
52f950bf77
🌱 Bump github.com/golangci/golangci-lint in /tools ( #3592 )
...
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.54.2 to 1.55.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.54.2...v1.55.0 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-24 00:29:50 +00:00
Spencer Schrock
25c414d59b
🌱 remove unused osv helper tool. ( #3572 )
...
This is a followup cleanup of d4b44e52eb#2303 ).
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-23 23:35:28 +00:00
Spencer Schrock
5eca374b1e
🌱 enable style linter errname ( #3587 )
...
* enable errname linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert publish err to custom error type.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove unused exported error.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* convert unsupported exporter type to custom error type.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* exempt public errors from linter.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* exempt cron config errors from linter.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-23 23:10:04 +00:00
Spencer Schrock
1c649cb66d
🌱 enable gomoddirectives linter. ( #3584 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-23 22:57:43 +00:00
Spencer Schrock
2391edfbe1
🌱 add style linters: mirror, tenv, usestdlibvars ( #3586 )
...
* fix tenv linter and bug with t.Parallel
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix usestdlibvars linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix mirror linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-23 22:40:01 +00:00
dependabot[bot]
6fb5f8a56e
🌱 Bump github.com/onsi/gomega from 1.28.0 to 1.28.1 ( #3597 )
...
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.28.0 to 1.28.1.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.28.0...v1.28.1 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-23 15:17:53 -07:00
dependabot[bot]
8959d3f08a
🌱 Bump github.com/xanzy/go-gitlab from 0.93.1 to 0.93.2 ( #3593 )
...
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.93.1 to 0.93.2.
- [Changelog](https://github.com/xanzy/go-gitlab/blob/main/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.93.1...v0.93.2 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-23 14:46:56 -07:00
Gabriela Gutierrez
ca5c404a97
🐛 scanning gitlab private repositories ( #3596 )
...
* fix: Run for gitlab private repos
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* test: gitlab repo is accessible
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* fix: linter error
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
---------
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
2023-10-23 20:57:55 +00:00
Spencer Schrock
2d9319601e
🌱 use forbidigo linter to prevent print statements ( #3585 )
...
* enable forbidigo for print statements.
include reasoning as message exposed to developer.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove or grant exceptions for existing print statements
Signed-off-by: Spencer Schrock <sschrock@google.com>
* swap stdout to stderr
Signed-off-by: Spencer Schrock <sschrock@google.com>
* separate msg from regex for better readability.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-23 13:12:50 -07:00
Spencer Schrock
d0cefa519a
🌱 enable the golangci-lint bugs preset ( #3583 )
...
* enable bugs preset
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix noctx linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix bodyclose linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix contextcheck linter
Signed-off-by: Spencer Schrock <sschrock@google.com>
* This ignores all existing cases of musttag linter complaints.
This analyzer seems useful in the future, but some of this code
is old and I don't want to change it for existing code now.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* ignore existing nilerr lints.
This behavior is from the initial commit, and primarily affects metrics.
Leaving as is, and hope to benefit from the linter in the future.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-23 09:35:40 -07:00
Martin Costello
49c0eed3a4
🐛 SAST detect new GitHub app slug for CodeQL ( #3591 )
...
* Fix SAST no longer working for CodeQL
The app slug for CodeQL appears to have changed from `github-advanced-security` to `github-code-scanning`, causing the SAST rule to false-negative on commits.
Signed-off-by: martincostello <martin@martincostello.com>
* Fix lint warning
Fix lint warning.
Signed-off-by: martincostello <martin@martincostello.com>
---------
Signed-off-by: martincostello <martin@martincostello.com>
2023-10-20 14:13:08 -07:00
dependabot[bot]
4b8066a3c7
🌱 Bump actions/checkout from 4.1.0 to 4.1.1 ( #3580 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4
2023-10-19 22:28:54 +00:00
dependabot[bot]
1c0557129b
🌱 Bump github.com/google/ko from 0.14.1 to 0.15.0 in /tools ( #3578 )
...
Bumps [github.com/google/ko](https://github.com/google/ko ) from 0.14.1 to 0.15.0.
- [Release notes](https://github.com/google/ko/releases )
- [Changelog](https://github.com/ko-build/ko/blob/main/.goreleaser.yml )
- [Commits](https://github.com/google/ko/compare/v0.14.1...v0.15.0 )
---
updated-dependencies:
- dependency-name: github.com/google/ko
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-19 21:52:57 +00:00
dependabot[bot]
159c6c8723
🌱 Bump tj-actions/changed-files from 39.2.1 to 39.2.3 ( #3577 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 39.2.1 to 39.2.3.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](db153baf73...95690f9ece
2023-10-19 21:16:50 +00:00
dependabot[bot]
836c040177
🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 ( #3575 )
...
Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation ) from 2.7.0 to 2.8.0.
- [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases )
- [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.7.0...v2.8.0 )
---
updated-dependencies:
- dependency-name: github.com/bradleyfalzon/ghinstallation/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-19 20:27:09 +00:00
Pierre Cavin
f26ee46812
✨ Add fast-check test runners integrations ( #3568 )
...
Signed-off-by: Pierre Cavin <me@sherlox.io>
2023-10-19 18:41:28 +00:00
Spencer Schrock
63fff3c840
✨ scdiff: improve compare usability ( #3573 )
...
* fallback to cron style when parsing dates.
The cron output was never updated in #2712 . In the interim, support both formats.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* continue on first diff, to highlight all differences.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* tests for date fallback.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-16 16:05:12 -07:00
Spencer Schrock
b9bbb8236c
🐛 scdiff: fix generate cmd when no --checks arg provided. ( #3570 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-16 09:34:51 -07:00
AdamKorcz
8eaf0d7647
🌱 Add new outcome to UnmarshalYAML ( #3566 )
...
Signed-off-by: AdamKorcz <adam@adalogics.com>
2023-10-12 16:59:50 +00:00
AdamKorcz
05a1eade1f
🐛 Fix wrong quotes ( #3565 )
...
Signed-off-by: AdamKorcz <adam@adalogics.com>
2023-10-12 08:47:50 -07:00
dependabot[bot]
16ace558ad
🌱 Bump kubernetes-sigs/kubebuilder-release-tools ( #3553 )
...
Bumps [kubernetes-sigs/kubebuilder-release-tools](https://github.com/kubernetes-sigs/kubebuilder-release-tools ) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/kubernetes-sigs/kubebuilder-release-tools/releases )
- [Changelog](https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/RELEASE.md )
- [Commits](4f3d1085b4...d8367c29de
2023-10-12 06:23:36 +00:00
dependabot[bot]
e5955d0889
🌱 Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 ( #3557 )
...
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp ) from 0.5.9 to 0.6.0.
- [Release notes](https://github.com/google/go-cmp/releases )
- [Commits](https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0 )
---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-12 06:07:11 +00:00
dependabot[bot]
67431ba240
🌱 Bump github.com/onsi/ginkgo/v2 in /tools ( #3552 )
...
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.12.1 to 2.13.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.12.1...v2.13.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-12 04:44:28 +00:00
dependabot[bot]
3b63938f8b
🌱 Bump github.com/onsi/ginkgo/v2 from 2.12.1 to 2.13.0 ( #3551 )
...
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.12.1 to 2.13.0.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.12.1...v2.13.0 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-11 21:26:56 -07:00
Ryan Ware
7cbc4b1af1
🌱 Adding all Intel public GitHub repos ( #3556 )
...
Signed-off-by: Ryan Ware <ryan.ware@intel.com>
2023-10-11 21:00:38 -07:00
dependabot[bot]
bb5fede9e3
🌱 Bump golang.org/x/net from 0.14.0 to 0.17.0 in /tools ( #3562 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.14.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.14.0...v0.17.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-11 20:43:41 -07:00
dependabot[bot]
bada6585d9
🌱 Bump golang.org/x/net from 0.16.0 to 0.17.0 ( #3563 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.16.0...v0.17.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-11 19:17:18 -07:00
AdamKorcz
6c43301c26
🌱 Add map to Finding ( #3558 )
...
Signed-off-by: AdamKorcz <adam@adalogics.com>
2023-10-11 09:25:40 -07:00
Spencer Schrock
f2ce613960
🌱 checks/raw: fix struct alignment linter issue ( #3550 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-09 23:18:41 -04:00
guangwu
29aa5d2c3f
📖 fix "default" typo ( #3543 )
...
Signed-off-by: guoguangwu <guoguangwu@magic-shield.com>
2023-10-10 01:13:12 +00:00
DavidKorczynski
bd640f72e9
✨ Add additional fuzzing probes ( #3473 )
...
* Extend with additional fuzzing probes
Signed-off-by: David Korczynski <david@adalogics.com>
* fix formatting
Signed-off-by: David Korczynski <david@adalogics.com>
* cleanup formatting
Signed-off-by: David Korczynski <david@adalogics.com>
* make skip testing optional
Signed-off-by: David Korczynski <david@adalogics.com>
* address reviews
Signed-off-by: David Korczynski <david@adalogics.com>
* add todo
Signed-off-by: David Korczynski <david@adalogics.com>
* nit
Signed-off-by: David Korczynski <david@adalogics.com>
* nit
Signed-off-by: David Korczynski <david@adalogics.com>
* add swift fuzzing probe
Signed-off-by: David Korczynski <david@adalogics.com>
* avoid changing OnMatchingFileContentDo
Signed-off-by: David Korczynski <david@adalogics.com>
* nit
Signed-off-by: David Korczynski <david@adalogics.com>
* undo matching file content extension
Signed-off-by: David Korczynski <david@adalogics.com>
* nit: fix constant
Signed-off-by: David Korczynski <david@adalogics.com>
* test all fileMatchPatterns per client
Signed-off-by: David Korczynski <david@adalogics.com>
* fix test logging counts
Signed-off-by: David Korczynski <david@adalogics.com>
* nit
Signed-off-by: David Korczynski <david@adalogics.com>
---------
Signed-off-by: David Korczynski <david@adalogics.com>
2023-10-09 22:41:58 +00:00
AdamKorcz
034e6b2ebc
🌱 Add OutcomeNotApplicable ( #3539 )
...
Signed-off-by: AdamKorcz <adam@adalogics.com>
2023-10-09 22:16:12 +00:00
dependabot[bot]
74c57cd1bc
🌱 Bump cloud.google.com/go/bigquery from 1.55.0 to 1.56.0 ( #3538 )
...
Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go ) from 1.55.0 to 1.56.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases )
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md )
- [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.55.0...bigquery/v1.56.0 )
---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-09 19:24:55 +00:00
Spencer Schrock
03060f208f
🌱 Bump distroless/base from 27647a6 to 29da700 and golang from ec457a2 to e9ebfe9 ( #3548 )
...
* bump distroless.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* bump golang 1.21
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-09 12:09:25 -07:00
dependabot[bot]
c2cf090276
🌱 Bump github.com/xanzy/go-gitlab from 0.93.0 to 0.93.1 ( #3546 )
...
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.93.0 to 0.93.1.
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.93.0...v0.93.1 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-09 11:10:34 -07:00
dependabot[bot]
9619d4eddf
🌱 Bump golang.org/x/oauth2 from 0.12.0 to 0.13.0 ( #3545 )
...
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2 ) from 0.12.0 to 0.13.0.
- [Commits](https://github.com/golang/oauth2/compare/v0.12.0...v0.13.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-09 10:45:46 -07:00
dependabot[bot]
51870877a5
🌱 Bump ossf/scorecard-action from 2.2.0 to 2.3.0 ( #3544 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](08b4669551...483ef80eb9
2023-10-09 10:19:38 -07:00
AdamKorcz
971f3e85ea
🌱 Sort fields of raw results alphabetically ( #3540 )
...
Signed-off-by: AdamKorcz <adam@adalogics.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
2023-10-06 18:01:21 +00:00
AdamKorcz
1c8f6a8e62
🌱 Add probe test utility ( #3541 )
...
Signed-off-by: AdamKorcz <adam@adalogics.com>
2023-10-06 10:51:41 -07:00
Spencer Schrock
e1d3abc7fd
✨ scdiff: Limit generating results to specific checks ( #3535 )
...
* accept checks arg when generating golden.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* dont shadow import
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-10-05 18:58:53 +00:00
dependabot[bot]
64c491baf1
🌱 Bump github.com/xanzy/go-gitlab from 0.92.3 to 0.93.0 ( #3537 )
...
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.92.3 to 0.93.0.
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.92.3...v0.93.0 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-05 11:03:45 -07:00
dependabot[bot]
5e05661ec5
🌱 Bump github.com/google/osv-scanner from 1.4.0 to 1.4.1 ( #3536 )
...
Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner ) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/google/osv-scanner/releases )
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md )
- [Commits](https://github.com/google/osv-scanner/compare/v1.4.0...v1.4.1 )
---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-05 09:50:11 -07:00
dependabot[bot]
71078d82b9
🌱 Bump github.com/otiai10/copy from 1.12.0 to 1.14.0 ( #3527 )
...
Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy ) from 1.12.0 to 1.14.0.
- [Release notes](https://github.com/otiai10/copy/releases )
- [Commits](https://github.com/otiai10/copy/compare/v1.12.0...v1.14.0 )
---
updated-dependencies:
- dependency-name: github.com/otiai10/copy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-04 09:16:59 -07:00
dependabot[bot]
3c275977cc
🌱 Bump github.com/xanzy/go-gitlab from 0.92.1 to 0.92.3 ( #3528 )
...
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab ) from 0.92.1 to 0.92.3.
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go )
- [Commits](https://github.com/xanzy/go-gitlab/compare/v0.92.1...v0.92.3 )
---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-04 02:01:49 +00:00
dependabot[bot]
7a1c8fe25b
🌱 Bump nick-invision/retry from 2.8.3 to 2.9.0 ( #3519 )
...
Bumps [nick-invision/retry](https://github.com/nick-invision/retry ) from 2.8.3 to 2.9.0.
- [Release notes](https://github.com/nick-invision/retry/releases )
- [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js )
- [Commits](943e742917...14672906e6
2023-10-03 18:46:27 -07:00
Sebastian Poxhofer
a9e25051dd
✨ broaden job matcher for semantic release ( #3506 )
...
* feat: broaden job matcher for semantic release
Signed-off-by: secustor <sebastian@poxhofer.at>
* tests(checks/permissions): add tests for semantic release if using pnpm and yarn
Signed-off-by: secustor <sebastian@poxhofer.at>
---------
Signed-off-by: secustor <sebastian@poxhofer.at>
2023-10-03 18:27:26 -07:00
omahs
3785f9cc44
📖 Fix documentation typos ( #3505 )
...
* fix typo
Signed-off-by: omahs <73983677+omahs@users.noreply.github.com>
* fix typos
Signed-off-by: omahs <73983677+omahs@users.noreply.github.com>
* fix typo
Signed-off-by: omahs <73983677+omahs@users.noreply.github.com>
* fix typo
Co-authored-by: Raghav Kaul <8695110+raghavkaul@users.noreply.github.com>
Signed-off-by: omahs <73983677+omahs@users.noreply.github.com>
* fix typos
Signed-off-by: omahs <73983677+omahs@users.noreply.github.com>
---------
Signed-off-by: omahs <73983677+omahs@users.noreply.github.com>
2023-10-03 17:53:55 -07:00
