scorecard

mirror of https://github.com/ossf/scorecard.git synced 2024-11-05 05:17:00 +03:00

Author	SHA1	Message	Date
dependabot[bot]	f2a132a430	🌱 Bump github.com/spf13/cobra from 1.3.0 to 1.4.0 Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.3.0 to 1.4.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md) - [Commits](https://github.com/spf13/cobra/compare/v1.3.0...v1.4.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-03-11 09:29:05 -06:00
dependabot[bot]	eb258163ea	🌱 Bump cloud.google.com/go/pubsub from 1.18.0 to 1.19.0 Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.18.0 to 1.19.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.18.0...pubsub/v1.19.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/pubsub dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-03-08 06:02:44 -05:00
dependabot[bot]	57b4664c71	🌱 Bump cloud.google.com/go/bigquery from 1.28.0 to 1.29.0 Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.28.0 to 1.29.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.28.0...spanner/v1.29.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-03-03 07:10:50 -06:00
Stephen Augustus (he/him)	84cdc8cbec	✨ cmd: Refactor to make importable (#1696 ) * cmd: Refactor to make importable * options: Add support for parsing via environment variables * options: Support setting feature flags via option * cmd: Replace `version` with sigs.k8s.io/release-utils/version * cmd: Move option validation into pre-run function Signed-off-by: Stephen Augustus <foo@auggie.dev>	2022-03-01 21:18:44 -08:00
dependabot[bot]	4c82c29552	🌱 Bump github.com/rhysd/actionlint from 1.6.8 to 1.6.9 Bumps [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint) from 1.6.8 to 1.6.9. - [Release notes](https://github.com/rhysd/actionlint/releases) - [Changelog](https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md) - [Commits](https://github.com/rhysd/actionlint/compare/v1.6.8...v1.6.9) --- updated-dependencies: - dependency-name: github.com/rhysd/actionlint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-02-25 08:25:57 -06:00
Naveen	faeae4121e	🌱 Fixes the vulnerability GHSA-qq97-vm5h-rrhg (#1672 ) - Fixed the vulnerability GHSA-qq97-vm5h-rrhg by using replace directives.	2022-02-23 07:41:05 -08:00
dependabot[bot]	e5b62b524e	🌱 Bump mvdan.cc/sh/v3 from 3.4.2 to 3.4.3 (#1665 ) Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh) from 3.4.2 to 3.4.3. - [Release notes](https://github.com/mvdan/sh/releases) - [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md) - [Commits](https://github.com/mvdan/sh/compare/v3.4.2...v3.4.3) --- updated-dependencies: - dependency-name: mvdan.cc/sh/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-02-21 04:24:58 -05:00
dependabot[bot]	e6f6c56d34	🌱 Bump github.com/onsi/ginkgo/v2 from 2.0.0 to 2.1.3 Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.0.0 to 2.1.3. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.0.0...v2.1.3) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-02-16 08:36:38 -06:00
Azeem Shaikh	de5224bbc5	Update e2e tests (#1641 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2022-02-15 19:27:45 +00:00
dependabot[bot]	e3637c9e17	🌱 Bump cloud.google.com/go/bigquery from 1.27.0 to 1.28.0 Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.27.0 to 1.28.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.27.0...spanner/v1.28.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-02-15 06:21:45 -06:00
dependabot[bot]	368c105abe	🌱 Bump cloud.google.com/go/pubsub from 1.17.0 to 1.18.0 (#1616 )	2022-02-09 09:34:53 +00:00
dependabot[bot]	b4eec8ed94	🌱 Bump github.com/onsi/gomega from 1.18.0 to 1.18.1 Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.18.0 to 1.18.1. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.18.0...v1.18.1) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-28 08:42:09 +00:00
dependabot[bot]	d2d9ff4b9d	🌱 Bump golang.org/x/tools from 0.1.8 to 0.1.9 Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.1.8 to 0.1.9. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.1.8...v0.1.9) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-27 01:06:45 +00:00
Stephen Augustus (he/him)	41adfe7f34	⚠️ log: Initial `logr`/`logrusr` implementation (#1516 ) * log: Initial logr/logrusr implementation Signed-off-by: Stephen Augustus <foo@auggie.dev> * log: Update references to `log.Logger` Signed-off-by: Stephen Augustus <foo@auggie.dev> * go.mod: Minor reorganization of `replace`s ...to prevent automatic updates from getting added to the smaller section. Signed-off-by: Stephen Augustus <foo@auggie.dev>	2022-01-25 11:17:46 -06:00
dependabot[bot]	da116d3b25	🌱 Bump cloud.google.com/go/bigquery from 1.26.0 to 1.27.0 Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.26.0 to 1.27.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.26.0...spanner/v1.27.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-25 10:11:08 -06:00
dependabot[bot]	5b9857650f	🌱 Bump github.com/onsi/gomega from 1.17.0 to 1.18.0 Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.17.0 to 1.18.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.17.0...v1.18.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-24 07:03:31 -06:00
Stephen Augustus (he/him)	0d76deace2	go.mod: Update github.com/google/go-containerregistry to v0.8.0 (#1506 ) Signed-off-by: Stephen Augustus <foo@auggie.dev>	2022-01-20 19:44:13 -08:00
dependabot[bot]	5777826e57	🌱 Bump github.com/google/go-cmp from 0.5.6 to 0.5.7 Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.6 to 0.5.7. - [Release notes](https://github.com/google/go-cmp/releases) - [Commits](https://github.com/google/go-cmp/compare/v0.5.6...v0.5.7) --- updated-dependencies: - dependency-name: github.com/google/go-cmp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-20 11:18:48 -06:00
dependabot[bot]	b1fec4d1fd	🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.0.3 to 2.0.4. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.0.3...v2.0.4) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-13 19:15:52 -06:00
dependabot[bot]	cf063194bc	🌱 Bump mvdan.cc/sh/v3 from 3.4.0 to 3.4.2 Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh) from 3.4.0 to 3.4.2. - [Release notes](https://github.com/mvdan/sh/releases) - [Changelog](https://github.com/mvdan/sh/blob/v3.4.2/CHANGELOG.md) - [Commits](https://github.com/mvdan/sh/compare/v3.4.0...v3.4.2) --- updated-dependencies: - dependency-name: mvdan.cc/sh/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-11 16:19:11 -06:00
dependabot[bot]	a72accca81	🌱 Bump github.com/h2non/filetype from 1.1.1 to 1.1.3 Bumps [github.com/h2non/filetype](https://github.com/h2non/filetype) from 1.1.1 to 1.1.3. - [Release notes](https://github.com/h2non/filetype/releases) - [Changelog](https://github.com/h2non/filetype/blob/master/History.md) - [Commits](https://github.com/h2non/filetype/compare/v1.1.1...v1.1.3) --- updated-dependencies: - dependency-name: github.com/h2non/filetype dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-11 12:48:03 -06:00
dependabot[bot]	bdeb8e7b5f	🌱 Bump github.com/spf13/cobra from 1.2.1 to 1.3.0 Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.2.1 to 1.3.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md) - [Commits](https://github.com/spf13/cobra/compare/v1.2.1...v1.3.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-11 12:21:09 -06:00
dependabot[bot]	17e1541e77	🌱 Bump go.uber.org/zap from 1.19.1 to 1.20.0 (#1464 ) Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.19.1 to 1.20.0. - [Release notes](https://github.com/uber-go/zap/releases) - [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md) - [Commits](https://github.com/uber-go/zap/compare/v1.19.1...v1.20.0) --- updated-dependencies: - dependency-name: go.uber.org/zap dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2022-01-11 17:55:48 +00:00
dependabot[bot]	98e5aad777	🌱 Bump cloud.google.com/go/bigquery from 1.24.0 to 1.26.0 (#1459 ) Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.24.0 to 1.26.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.24.0...spanner/v1.26.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-01-11 09:24:40 -08:00
dependabot[bot]	b3bca5ccb8	🌱 Bump golang.org/x/tools from 0.1.7 to 0.1.8 Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.1.7 to 0.1.8. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.1.7...v0.1.8) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-11 10:30:09 -06:00
dependabot[bot]	167f2cfbcc	🌱 Bump github.com/jszwec/csvutil from 1.5.1 to 1.6.0 Bumps [github.com/jszwec/csvutil](https://github.com/jszwec/csvutil) from 1.5.1 to 1.6.0. - [Release notes](https://github.com/jszwec/csvutil/releases) - [Commits](https://github.com/jszwec/csvutil/compare/v1.5.1...v1.6.0) --- updated-dependencies: - dependency-name: github.com/jszwec/csvutil dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-01-11 09:35:56 -06:00
dependabot[bot]	f9daa4e3cc	🌱 Bump github.com/rhysd/actionlint from 1.6.7 to 1.6.8 (#1267 ) Bumps [github.com/rhysd/actionlint](https://github.com/rhysd/actionlint) from 1.6.7 to 1.6.8. - [Release notes](https://github.com/rhysd/actionlint/releases) - [Changelog](https://github.com/rhysd/actionlint/blob/main/CHANGELOG.md) - [Commits](https://github.com/rhysd/actionlint/compare/v1.6.7...v1.6.8) --- updated-dependencies: - dependency-name: github.com/rhysd/actionlint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-12-17 17:24:32 +00:00
dependabot[bot]	870a850cc3	🌱 Bump github.com/onsi/gomega from 1.16.0 to 1.17.0 (#1225 ) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.16.0 to 1.17.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.16.0...v1.17.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-12-12 15:25:44 +00:00
naveen	6e7e13ede4	🌱 Fix vulnerabilities in dependencies	2021-11-19 16:49:56 -06:00
Chris McGehee	3dc507b9e1	Using library to parse github workflows	2021-11-08 17:00:40 -06:00
dependabot[bot]	3233e4f5be	🌱 Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5 Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.16.4 to 1.16.5. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v1.16.4...v1.16.5) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2021-10-12 07:56:57 -04:00
dependabot[bot]	97ae47564a	🌱 Bump mvdan.cc/sh/v3 from 3.3.1 to 3.4.0 (#1098 ) Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh) from 3.3.1 to 3.4.0. - [Release notes](https://github.com/mvdan/sh/releases) - [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md) - [Commits](https://github.com/mvdan/sh/compare/v3.3.1...v3.4.0) --- updated-dependencies: - dependency-name: mvdan.cc/sh/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-10-04 23:58:03 +00:00
naveen	6190be23d8	🌱Upgrad xz library to FIX CVE-2021-29482 This fixes the https://github.com/advisories/GHSA-25xm-hr59-7c27	2021-10-04 14:38:38 -05:00
Naveen	589ceac382	🌱 Update the uuid library to avoid CVE (#1102 ) Fixes OSV GO-2020-0018 https://github.com/satori/go.uuid/issues/73	2021-10-04 18:15:41 +00:00
naveen	f78bc44b94	🌱 Updates the DNS library for CVE Updated the DNS library version to address the CVE	2021-10-04 12:41:15 -05:00
dependabot[bot]	16b0c1c62d	🌱 Bump cloud.google.com/go/bigquery from 1.22.0 to 1.24.0 (#1087 ) Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.22.0 to 1.24.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.22.0...spanner/v1.24.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2021-09-30 19:16:23 +00:00
dependabot[bot]	e8ec351cba	🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 (#1068 ) Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.0.2 to 2.0.3. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.0.2...v2.0.3) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-09-30 18:07:28 +00:00
dependabot[bot]	dde2e935d2	🌱 Bump golang.org/x/tools from 0.1.6 to 0.1.7 Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.1.6 to 0.1.7. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.1.6...v0.1.7) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2021-09-29 16:06:43 -05:00
Naveen	d4caef0f4b	🌱 Fix GO-2020-0020 (#1047 ) Fixes the reference to version of library that has the fix for GO-2020-0020 https://go.googlesource.com/vulndb/+/refs/heads/master/reports/GO-2020-0020.yaml Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2021-09-22 02:01:01 +00:00
dependabot[bot]	5fb87cb0de	🌱 Bump golang.org/x/tools from 0.1.5 to 0.1.6 (#1041 ) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.1.5 to 0.1.6. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.1.5...v0.1.6) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-09-21 22:43:56 +00:00
Naveen	fd6e58d615	🌱 Fixes GO-2020-0017 OSV (#1045 ) Fixes the issue https://deps.dev/advisory/OSV/GO-2020-0017?from=%2Fgo%2Fk8s.io%252Fclient-go%2Fv0.0.0-20200207030105-473926661c44	2021-09-21 14:31:16 -07:00
naveen	51e11e6637	🌱 Fix GO-2021-0089 vulnerability The github.com/buger/jsonparser has this vulnerability. "vulns": [ { "id": "GO-2021-0089", "package": { "name": "github.com/buger/jsonparser", "ecosystem": "Go" }, "details": "Parsing malformed JSON which contain opening brackets, but not closing brackes,\nleads to an infinite loop. If operating on untrusted user input this can be\nused as a denial of service vector.\n", "affects": { "ranges": [ { "type": "SEMVER", "fixed": "0.0.0-20200321185410-91ac96899e49" } ] }, "aliases": [ "CVE-2020-10675" ], "modified": "2021-04-14T12:00:00Z", "published": "2021-04-14T12:00:00Z", "ecosystem_specific": { "symbols": [ "findKeyStart" ] }, "database_specific": { "source": "https://storage.googleapis.com/go-vulndb/github.com/buger/jsonparser.json", "url": "https://go.googlesource.com/vulndb/+/refs/heads/master/reports/GO-2021-0089.yaml" }, "references": [ { "type": "FIX", "url": "https://github.com/buger/jsonparser/pull/192" }, { "type": "FIX", "url": "`91ac96899e`" }, { "type": "WEB", "url": "https://github.com/buger/jsonparser/issues/188" } ], "affected": [ { "package": { "name": "github.com/buger/jsonparser", "ecosystem": "Go" }, "ranges": [ { "type": "SEMVER", "events": [ { "introduced": "0" }, { "fixed": "0.0.0-20200321185410-91ac96899e49" } ] } ], "ecosystem_specific": { "symbols": [ "findKeyStart" ] }, "database_specific": { "source": "https://storage.googleapis.com/go-vulndb/github.com/buger/jsonparser.json", "url": "https://go.googlesource.com/vulndb/+/refs/heads/master/reports/GO-2021-0089.yaml" } } ] }, { "id": "GO-2021-0057", "package": { "name": "github.com/buger/jsonparser", "ecosystem": "Go" }, "details": "Due to improper bounds checking, maliciously crafted JSON objects\ncan cause an out-of-bounds panic. If parsing user input, this may\nbe used as a denial of service vector.\n", "affects": { "ranges": [ { "type": "SEMVER", "fixed": "1.1.1" } ] }, "aliases": [ "CVE-2020-35381" ], "modified": "2021-04-14T12:00:00Z", "published": "2021-04-14T12:00:00Z", "ecosystem_specific": { "symbols": [ "searchKeys" ] }, "database_specific": { "source": "https://storage.googleapis.com/go-vulndb/github.com/buger/jsonparser.json", "url": "https://go.googlesource.com/vulndb/+/refs/heads/master/reports/GO-2021-0057.yaml" }, "references": [ { "type": "FIX", "url": "https://github.com/buger/jsonparser/pull/221" }, { "type": "FIX", "url": "`df3ea76ece`" }, { "type": "WEB", "url": "https://github.com/buger/jsonparser/issues/219" } ], "affected": [ { "package": { "name": "github.com/buger/jsonparser", "ecosystem": "Go" }, "ranges": [ { "type": "SEMVER", "events": [ { "introduced": "0" }, { "fixed": "1.1.1" } ] } ], "ecosystem_specific": { "symbols": [ "searchKeys" ] }, "database_specific": { "url": "https://go.googlesource.com/vulndb/+/refs/heads/master/reports/GO-2021-0057.yaml", "source": "https://storage.googleapis.com/go-vulndb/github.com/buger/jsonparser.json" } } ] } ] }	2021-09-21 13:04:08 -05:00
dependabot[bot]	4c4fb61d51	🌱 Bump cloud.google.com/go/pubsub from 1.16.0 to 1.17.0 (#992 ) Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.16.0 to 1.17.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.16.0...pubsub/v1.17.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/pubsub dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2021-09-13 14:57:32 +00:00
dependabot[bot]	cc044ca05f	🌱 Bump go.uber.org/zap from 1.19.0 to 1.19.1 (#993 ) Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.19.0 to 1.19.1. - [Release notes](https://github.com/uber-go/zap/releases) - [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md) - [Commits](https://github.com/uber-go/zap/compare/v1.19.0...v1.19.1) --- updated-dependencies: - dependency-name: go.uber.org/zap dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-09-12 16:14:20 -04:00
naveen	576447a45b	🌱 Fix the jwt finding * This fixes the JWT finding CVE-2020-26160	2021-09-08 11:17:40 -05:00
naveen	2b15b1353b	🌱 Moving tools dependencies to separate go.mod * Moving the tools dependencies to a separate go.mod to reduce the dependencies on scorecard. * This is also increases the security posture by having less dependencies on the main go.mod	2021-09-07 18:23:41 -05:00
dependabot[bot]	0aa4305c61	🌱 Bump github.com/golangci/golangci-lint from 1.42.0 to 1.42.1 (#973 ) Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.42.0 to 1.42.1. - [Release notes](https://github.com/golangci/golangci-lint/releases) - [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md) - [Commits](https://github.com/golangci/golangci-lint/compare/v1.42.0...v1.42.1) --- updated-dependencies: - dependency-name: github.com/golangci/golangci-lint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-09-07 14:59:22 +00:00
dependabot[bot]	e30d9e5bbc	🌱 Bump gocloud.dev from 0.23.0 to 0.24.0 (#956 ) Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.23.0 to 0.24.0. - [Release notes](https://github.com/google/go-cloud/releases) - [Commits](https://github.com/google/go-cloud/compare/v0.23.0...v0.24.0) --- updated-dependencies: - dependency-name: gocloud.dev dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-09-03 15:46:28 +00:00
dependabot[bot]	dcbf7528a7	🌱 Bump cloud.google.com/go/bigquery from 1.21.0 to 1.22.0 (#939 ) Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.21.0 to 1.22.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/master/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/spanner/v1.21.0...spanner/v1.22.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com> Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2021-09-01 16:14:12 +00:00
dependabot[bot]	001ba670bb	🌱 Bump github.com/jszwec/csvutil from 1.5.0 to 1.5.1 Bumps [github.com/jszwec/csvutil](https://github.com/jszwec/csvutil) from 1.5.0 to 1.5.1. - [Release notes](https://github.com/jszwec/csvutil/releases) - [Commits](https://github.com/jszwec/csvutil/compare/v1.5.0...v1.5.1) --- updated-dependencies: - dependency-name: github.com/jszwec/csvutil dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2021-08-31 08:06:06 -04:00

1 2 3

131 Commits