raghavkaul
2b8ced3941
🌱 Fixup: list GitHub check runs of MergeRequest.HeadSHA instead of Commit.SHA ( #2333 )
...
* Only ListCheckRuns and ListStatuses on PR HeadSHA
Unsquashed commits are unlikely to have CheckRuns on Github. This change
reduces the overall number of API queries for raw results
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* gofumpt
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2022-10-07 18:34:19 +00:00
Naveen
53e9246681
🌱 Migrate to go 1.19 ( #2332 )
...
- Migrate to go 1.19
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-10-06 21:09:38 -04:00
dependabot[bot]
4e85d070b0
🌱 Bump github.com/goreleaser/goreleaser in /tools
...
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser ) from 1.10.3 to 1.11.5.
- [Release notes](https://github.com/goreleaser/goreleaser/releases )
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.10.3...v1.11.5 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-06 20:19:22 +00:00
Spencer Schrock
799236851b
Remove line continuations in all run steps. ( #2335 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2022-10-06 15:08:12 -04:00
Joyce
4b99a3a509
📖 Create the Frequently Asked Questions Document ( #2327 )
...
* docs: create faq.md file
Signed-off-by: Joyce Brum <joycebrumu.u@gmail.com>
* docs: update README to refer FAQ
Signed-off-by: Joyce Brum <joycebrumu.u@gmail.com>
* docs: minor fixes in the faq text
Signed-off-by: Joyce Brum <joycebrumu.u@gmail.com>
Signed-off-by: Joyce Brum <joycebrumu.u@gmail.com>
2022-10-05 18:31:25 +00:00
dependabot[bot]
ae75d43df1
🌱 Bump github.com/golangci/golangci-lint in /tools ( #2331 )
...
Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint ) from 1.48.0 to 1.50.0.
- [Release notes](https://github.com/golangci/golangci-lint/releases )
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md )
- [Commits](https://github.com/golangci/golangci-lint/compare/v1.48.0...v1.50.0 )
---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-05 08:57:46 -05:00
dependabot[bot]
b4d97f9598
🌱 Bump actions/checkout from 3.0.2 to 3.1.0 ( #2324 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.2 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3.0.2...93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-04 16:29:22 -05:00
dependabot[bot]
2c16c8ff48
🌱 Bump actions/cache from 3.0.8 to 3.0.10 ( #2322 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.8 to 3.0.10.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](fd5de65bc8...56461b9eb0
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-04 07:48:40 -05:00
dependabot[bot]
b491f40d44
🌱 Bump github/codeql-action from 2.1.24 to 2.1.26
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.24 to 2.1.26.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](904260d7d9...e0e5ded33c
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-30 14:00:23 +00:00
dependabot[bot]
9b4a675f77
🌱 Bump step-security/harden-runner from 1.4.5 to 1.5.0 ( #2316 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 1.4.5 to 1.5.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](dd2c410b08...2e205a28d0
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-30 06:39:48 -05:00
raghavkaul
29893aebc4
🌱 Split CI-Tests check into a raw and evaluation section ( #2291 )
...
* Split CI tests into a raw and evaluation section
* Restructure data by grouping commits by Pull Request
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Fix linter & license
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2022-09-29 15:03:40 +00:00
Spencer Schrock
347c2a81fe
Add tests for getBucketSummary. ( #2310 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2022-09-28 19:30:44 -04:00
Spencer Schrock
ac55bf4cf0
🐛 Prevent partial cron transfers caused by controller failures ( #2308 )
...
* Prevent transfer of bq data when .shard_metadata file is missing.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Nack requests whose jobs dont have a shard metadata file.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add isCompleted tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2022-09-28 19:40:21 +00:00
raghavkaul
01b69d2aef
Fix scoring issue with Code Review check ( #2292 )
...
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2022-09-27 21:37:01 +00:00
dependabot[bot]
469374748e
🌱 Bump sigstore/cosign-installer from 2.6.0 to 2.7.0 ( #2300 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 2.6.0 to 2.7.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](f3c664df7a...ced07f21fb
)
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-27 19:20:15 +00:00
dependabot[bot]
37d873d512
🌱 Bump actions/dependency-review-action from 2.2.0 to 2.4.0
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.2.0 to 2.4.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](2b96ea7f03...375c537008
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-27 15:26:35 +00:00
Naveen
d4b44e52eb
🌱 Remove check-osv ( #2303 )
...
- Remove Check OSV as it is integrated into GitHub now.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-09-27 14:18:16 +00:00
Spencer Schrock
c3a7921f71
fix arg typo ( #2304 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2022-09-26 19:02:01 -05:00
Spencer Schrock
a694cc90d8
Fix k8s yaml errors and document how to prevent them. ( #2298 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2022-09-26 19:10:10 +00:00
Azeem Shaikh
7cd6406aef
Reduce build target radius ( #2293 )
...
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2022-09-24 19:58:50 +00:00
Spencer Schrock
a7a503ae54
🌱 cron: pass config as an argument to binaries (4/n) ( #2279 )
...
* Explicitly read config file instead of embedding it.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add CLI config arg and ReadConfig() to existing cron binaries.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Volume mount config
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Ignore CLI flag args when reading local filenames in controller.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Hide --config in the config package.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add config param to k8s files.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Fix test
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Allow fallback to embedded config if no config is passed as arg. Intended to be temporary to help with GKE rollout.
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2022-09-23 13:42:56 -07:00
Naveen
97df43bebe
🌱 Reduce the number of PR's opened by dependabot ( #2297 )
...
- Reduce the number of PR's opened by dependabot
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-09-22 23:23:03 +00:00
Azeem Shaikh
88e5ff7f11
Improve API limiting and cache ( #2294 )
...
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2022-09-22 16:25:54 -04:00
Spencer Schrock
f017e2e77b
Fix typo which was causing index out of range panics ( #2284 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2022-09-22 17:15:19 +00:00
Azeem Shaikh
08c2ee5f42
Modify tool installation ( #2288 )
...
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2022-09-22 10:58:10 -05:00
Nathaniel Wert
0f87094997
✨ Gitlab support ( #2265 )
...
* updated readme to reflect gitlab usage
* bugfixes after a good deal of testing
* removed unnecessary files from branch
* cleaning up my mess
* requested changes + unit tests
* style fixes
* updated readme to reflect gitlab usage
* bugfixes after a good deal of testing
* removed unnecessary files from branch
* cleaning up my mess
* requested changes + unit tests
* style fixes
* merge main into gitlab_support
* check-linter fixes
Signed-off-by: Nathaniel Wert <N8.Wert.B@gmail.com>
Co-authored-by: nathaniel.wert <nathaniel.wert@kudelskisecurity.com>
2022-09-21 16:20:20 -04:00
Azeem Shaikh
a6983edf6e
Fix failing linters ( #2281 )
...
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2022-09-21 18:14:58 +00:00
Naveen
7c2493460f
🌱 Fix cosign vulnerability ( #2283 )
...
- Fixed the cosign vulnerability
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-09-21 10:51:09 -05:00
dependabot[bot]
a29813284f
🌱 Bump actions/dependency-review-action from 2.1.0 to 2.2.0 ( #2282 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](23d1ffffb6...2b96ea7f03
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-21 07:40:40 -05:00
jatin
9a9a1cbbb7
🐛 Add fix for issue2277 ( #2278 )
...
* added fix for issue2277
Signed-off-by: h0x0er <jatink843@protonmail.com>
* minor change
Signed-off-by: h0x0er <jatink843@protonmail.com>
Signed-off-by: h0x0er <jatink843@protonmail.com>
2022-09-20 22:25:47 +00:00
raghavkaul
d75dea8a58
🌱 Feature: Group commits into changesets ( #2260 )
...
* Group raw commits into changesets
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Add tests, fix golint
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Fix lint
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Fix test failures, remove unneeded fields from raw results
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Fix lint
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Fix tests
* Handle randomized order
* e2e
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Accept code reviews on any commit, not just HEAD
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2022-09-20 17:53:11 +00:00
dependabot[bot]
3629fd8d11
🌱 Bump github/codeql-action from 2.1.22 to 2.1.24
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.22 to 2.1.24.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b398f525a5...904260d7d9
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-09-19 17:22:31 +00:00
Naveen
9f67c4ead1
🌱 Invite @spencerschrock as maintainer ( #2269 )
...
- Invite @spencerschrock as a contributor to Scorecard
- Spencer has been participating and actively contributing https://github.com/ossf/allstar/issues/238
- Spencer has contributed 17 commits
https://github.com/ossf/scorecard/commits?author=spencerschrock and
some are significant changes.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-09-19 16:10:04 +00:00
raghavkaul
482a59ec9b
🌱 Tests: Fix data race failures ( #2262 )
...
* Fix data race failures in tests
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Keep coverprofiles for the attestor separate
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2022-09-19 11:26:13 -04:00
Spencer Schrock
2231d1f722
🌱 cron: make CSV header optional (3/n) ( #2261 )
...
* Make CSV header optional.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Appease linter.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Address PR feedback.
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2022-09-13 21:57:31 -04:00
Spencer Schrock
bde0ae166a
🌱 cron: generalize config and create optional values for scorecard and criticality (2/n) ( #2254 )
...
* Add map logic to yaml config.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add scorecard yaml test
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Separate general config values from scorecard specific values.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add criticality values to config.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add test to confirm empty string behavior.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Combine scorecard and criticality values under AdditionalParams.
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
2022-09-12 23:25:29 +00:00
raghavkaul
9e269b8e3c
🌱 Feature: Add scorecard attestation policy module ( #2240 )
...
* Add ability to parse policy.yaml
Temporary commit
Temporary commit
Temporary commit
Temporary commit
Temporary commit
Temporary commit
* Remove hidden options
* Fix cilint problems
* Add tests
* Add tests
* Address PR comments
* Refactor to standalone module
* Don't depend on evaluation package
* Remove everything but the Binary-Artifact
* Fix test failures
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
* Address PR comments
* Use glob for binary artifact ignores
* Makefile
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
2022-09-12 16:33:52 -04:00
Spencer Schrock
d6bef98844
Wrap check errors with distinct error for scorecard-action to ignore. ( #2250 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2022-09-12 16:38:56 +00:00
dependabot[bot]
856d2ddfd6
🌱 Bump sigstore/cosign-installer from 2.5.1 to 2.6.0 ( #2253 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 2.5.1 to 2.6.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](b3413d484c...f3c664df7a
)
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-12 07:41:56 -05:00
Seth Michael Larson
d76ff0d57a
✨ setup-python not required by pypa/gh-action-pypi-publish ( #2206 )
...
* setup-python not required by pypa/gh-action-pypi-publish
Signed-off-by: Seth Michael Larson <sethmichaellarson@gmail.com>
* Move TestIsPackagingWorkflow to fileparser. Add minimal test for pypa/gh-action-pypi-publish.
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Seth Michael Larson <sethmichaellarson@gmail.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
2022-09-08 16:04:06 -07:00
David A. Wheeler
11657e48ac
📖 Remove trailing whitespace ( #2241 )
...
Remove trailing whitespace in README.md and checks.yaml.
Trailing whitespace creates long-term hidden problems, because
in most editors they aren't visible, yet changing them creates
what appear to be spurious changes. They can also create
surprising merge conflicts. Removing them removes the problem
long term.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2022-09-08 18:12:35 +00:00
David A. Wheeler
da785a2dc8
Rename CII->OpenSSF Best Practices badge ( #2239 )
...
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2022-09-08 12:07:15 -05:00
Spencer Schrock
c665f271ce
🌱 cron: allow controller to read CSVs from cloud storage (1/n) ( #2235 )
...
* Add input bucket config values
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Allow controller to read input files from buckets.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add nested iterator tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* Add blob tests.
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2022-09-08 07:32:52 -04:00
dependabot[bot]
7c66ae860f
🌱 Bump imjasonh/setup-ko from 0.5 to 0.6 ( #2231 )
...
Bumps [imjasonh/setup-ko](https://github.com/imjasonh/setup-ko ) from 0.5 to 0.6.
- [Release notes](https://github.com/imjasonh/setup-ko/releases )
- [Commits](78eea08f10...ace48d7935
)
---
updated-dependencies:
- dependency-name: imjasonh/setup-ko
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-07 05:04:19 -05:00
dependabot[bot]
ec15af5ec4
🌱 Bump github/codeql-action from 2.1.21 to 2.1.22 ( #2227 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.21 to 2.1.22.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c7f292ea4f...b398f525a5
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-02 14:36:21 +00:00
dependabot[bot]
dac68a4773
🌱 Bump github.com/onsi/gomega from 1.20.1 to 1.20.2 ( #2225 )
...
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega ) from 1.20.1 to 1.20.2.
- [Release notes](https://github.com/onsi/gomega/releases )
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/gomega/compare/v1.20.1...v1.20.2 )
---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-02 09:01:02 -05:00
Spencer Schrock
bc5a1d6c3d
Enable SAST check in cron by default ( #2223 )
...
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
2022-09-01 17:25:29 +00:00
Jeremy Katz
f34580774e
Detect pyup as an automated dependency update tool ( #2226 )
...
Signed-off-by: Jeremy Katz <jeremy@tidelift.com>
Signed-off-by: Jeremy Katz <jeremy@tidelift.com>
2022-09-01 12:30:13 -04:00
Azeem Shaikh
d13ba3f335
📖 Update instructions and other fixes in README ( #2212 )
...
* Updated instructions and some fixes to README
* Add Scorecard users
* Fix `Using Package Manager`
2022-08-31 18:24:31 +00:00
dependabot[bot]
7a2c403312
🌱 Bump github.com/onsi/ginkgo/v2 from 2.1.4 to 2.1.6 ( #2220 )
...
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.1.4 to 2.1.6.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.1.4...v2.1.6 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-31 12:08:21 +00:00