Commit Graph

20 Commits

Author SHA1 Message Date
naveensrinivasan
5a1ab20fae 🌱 Fix containerd vulns
- Fixes the containerd vulnerability by replacing 1.58 to 1.59 which
  addresses the fix and dependabot will stop complaining about the
  issue.
2022-02-22 21:57:46 -06:00
Naveen
d94a87d974
🌱 Fix containerd Vulnerability (#1560)
Fixes the containerd vulns.

https://github.com/ossf/scorecard/issues/1537
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Stephen Augustus <foo@auggie.dev>
2022-02-23 00:41:56 +00:00
Romain Dauby
33f80c93dc Fix golangci-lint issues 2022-02-19 15:56:34 -06:00
Batuhan Apaydın
53bae3ee1a feat: upgrade to ko v0.10.0
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
2022-02-19 05:24:27 -06:00
dependabot[bot]
4ebd8aff9c 🌱 Bump github.com/onsi/ginkgo/v2 from 2.0.0 to 2.1.3 in /tools
Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.0.0 to 2.1.3.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.0.0...v2.1.3)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-02-16 07:13:41 -06:00
Azeem Shaikh
de5224bbc5
Update e2e tests (#1641)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2022-02-15 19:27:45 +00:00
dependabot[bot]
eb0730ae79
🌱 Bump github.com/goreleaser/goreleaser in /tools (#1632) 2022-02-14 11:35:10 +00:00
dependabot[bot]
15a204fe1d 🌱 Bump github.com/goreleaser/goreleaser in /tools
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.3.1 to 1.4.1.
- [Release notes](https://github.com/goreleaser/goreleaser/releases)
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.3.1...v1.4.1)

---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-27 08:51:06 +00:00
dependabot[bot]
074ba5a109
🌱 Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5 in /tools (#1541) 2022-01-27 03:20:16 +00:00
dependabot[bot]
bd2171b53a
🌱 Bump github.com/golangci/golangci-lint from 1.42.1 to 1.44.0 in /tools (#1540) 2022-01-27 02:56:56 +00:00
dependabot[bot]
10a5c1ade5 🌱 Bump github.com/goreleaser/goreleaser in /tools
Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.0.0 to 1.3.1.
- [Release notes](https://github.com/goreleaser/goreleaser/releases)
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml)
- [Commits](https://github.com/goreleaser/goreleaser/compare/v1.0.0...v1.3.1)

---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-01-27 01:30:14 +00:00
naveen
ab16cdbbc2 🌱 Fix Vulns for containerd 2022-01-21 12:44:00 -06:00
naveen
ce0802571a 🌱 Fixed the opencontainer image-spec vuln 2021-12-01 11:23:15 -06:00
Azeem Shaikh
de0cfbec9a Add a validation step for goreleaser 2021-11-23 13:08:26 -06:00
naveen
6e7e13ede4 🌱 Fix vulnerabilities in dependencies 2021-11-19 16:49:56 -06:00
Azeem Shaikh
51de6b6e5d
Check for issue activity in Maintained (#1251)
Co-authored-by: Azeem Shaikh <azeems@google.com>
2021-11-12 22:16:22 +00:00
naveen
1b885874ac 🌱 Fix CVE warning for containerd
The containerd version <1.5.7 has CVE https://github.com/advisories/GHSA-c2h3-6mxw-7mvq
Fixed it to address the issue.
2021-10-26 13:52:00 -05:00
Batuhan Apaydın
6f1a43a0b6
🌱 add google/ko support for building/pusing container image (#1127)
* feat: add google/ko support for building/pusing container image

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

* feat: updates according to reviews

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
2021-10-26 17:22:22 +00:00
Naveen
91eb41e235
🌱 Check for OSV for a go.mod changes (#1053)
At present we don't have a way to identify any new dependencies to go.mod that have osv/cve.
With this it will query the osv.dev for any vulnerabilities and report if it found any.

It also has an option to ignore any vulnerabilities if we chose to ignore.

This is ignoring 3 osv that are in our dependencies.
2021-09-22 20:41:56 +00:00
naveen
2b15b1353b 🌱 Moving tools dependencies to separate go.mod
* Moving the tools dependencies to a separate go.mod to reduce the
dependencies on scorecard.

* This is also increases the security posture by having less dependencies
on the main go.mod
2021-09-07 18:23:41 -05:00