naveensrinivasan
5a1ab20fae
🌱 Fix containerd vulns
...
- Fixes the containerd vulnerability by replacing 1.58 to 1.59 which
addresses the fix and dependabot will stop complaining about the
issue.
2022-02-22 21:57:46 -06:00
Naveen
d94a87d974
🌱 Fix containerd Vulnerability ( #1560 )
...
Fixes the containerd vulns.
https://github.com/ossf/scorecard/issues/1537
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Stephen Augustus <foo@auggie.dev>
2022-02-23 00:41:56 +00:00
Romain Dauby
33f80c93dc
Fix golangci-lint issues
2022-02-19 15:56:34 -06:00
Batuhan Apaydın
53bae3ee1a
feat: upgrade to ko v0.10.0
...
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
2022-02-19 05:24:27 -06:00
dependabot[bot]
4ebd8aff9c
🌱 Bump github.com/onsi/ginkgo/v2 from 2.0.0 to 2.1.3 in /tools
...
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo ) from 2.0.0 to 2.1.3.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v2.0.0...v2.1.3 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-02-16 07:13:41 -06:00
Azeem Shaikh
de5224bbc5
Update e2e tests ( #1641 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-15 19:27:45 +00:00
dependabot[bot]
eb0730ae79
🌱 Bump github.com/goreleaser/goreleaser in /tools ( #1632 )
2022-02-14 11:35:10 +00:00
dependabot[bot]
15a204fe1d
🌱 Bump github.com/goreleaser/goreleaser in /tools
...
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser ) from 1.3.1 to 1.4.1.
- [Release notes](https://github.com/goreleaser/goreleaser/releases )
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.3.1...v1.4.1 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-27 08:51:06 +00:00
dependabot[bot]
074ba5a109
🌱 Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5 in /tools ( #1541 )
2022-01-27 03:20:16 +00:00
dependabot[bot]
bd2171b53a
🌱 Bump github.com/golangci/golangci-lint from 1.42.1 to 1.44.0 in /tools ( #1540 )
2022-01-27 02:56:56 +00:00
dependabot[bot]
10a5c1ade5
🌱 Bump github.com/goreleaser/goreleaser in /tools
...
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser ) from 1.0.0 to 1.3.1.
- [Release notes](https://github.com/goreleaser/goreleaser/releases )
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml )
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.0.0...v1.3.1 )
---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-01-27 01:30:14 +00:00
naveen
ab16cdbbc2
🌱 Fix Vulns for containerd
2022-01-21 12:44:00 -06:00
naveen
ce0802571a
🌱 Fixed the opencontainer image-spec vuln
2021-12-01 11:23:15 -06:00
Azeem Shaikh
de0cfbec9a
Add a validation step for goreleaser
2021-11-23 13:08:26 -06:00
naveen
6e7e13ede4
🌱 Fix vulnerabilities in dependencies
2021-11-19 16:49:56 -06:00
Azeem Shaikh
51de6b6e5d
Check for issue activity in Maintained ( #1251 )
...
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-11-12 22:16:22 +00:00
naveen
1b885874ac
🌱 Fix CVE warning for containerd
...
The containerd version <1.5.7 has CVE https://github.com/advisories/GHSA-c2h3-6mxw-7mvq
Fixed it to address the issue.
2021-10-26 13:52:00 -05:00
Batuhan Apaydın
6f1a43a0b6
🌱 add google/ko support for building/pusing container image ( #1127 )
...
* feat: add google/ko support for building/pusing container image
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
* feat: updates according to reviews
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
2021-10-26 17:22:22 +00:00
Naveen
91eb41e235
🌱 Check for OSV for a go.mod changes ( #1053 )
...
At present we don't have a way to identify any new dependencies to go.mod that have osv/cve.
With this it will query the osv.dev for any vulnerabilities and report if it found any.
It also has an option to ignore any vulnerabilities if we chose to ignore.
This is ignoring 3 osv that are in our dependencies.
2021-09-22 20:41:56 +00:00
naveen
2b15b1353b
🌱 Moving tools dependencies to separate go.mod
...
* Moving the tools dependencies to a separate go.mod to reduce the
dependencies on scorecard.
* This is also increases the security posture by having less dependencies
on the main go.mod
2021-09-07 18:23:41 -05:00