scorecard

mirror of https://github.com/ossf/scorecard.git synced 2024-09-11 08:55:27 +03:00

Author	SHA1	Message	Date
Naveen	c7821b633c	✨ move to cgr base image (#4113 ) - Move the static cgr.dev base image as it has less foot print and zero vuln. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>	2024-06-14 16:09:44 +00:00
dependabot[bot]	91532e12d1	🌱 Bump golang from 1.22.3 to 1.22.4 (#4160 ) * 🌱 Bump golang from 1.22.3 to 1.22.4 Bumps golang from 1.22.3 to 1.22.4. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * bump the other dockerfiles Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Spencer Schrock <sschrock@google.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Schrock <sschrock@google.com>	2024-06-10 17:08:56 +00:00
dependabot[bot]	c11d89bfe6	🌱 Bump distroless/base from `29da700` to `e238d40` (#4064 )	2024-05-10 19:42:53 +00:00
dependabot[bot]	9e9de6ac06	🌱 Bump golang from 1.22.2 to 1.22.3 (#4098 ) * 🌱 Bump golang from 1.22.2 to 1.22.3 Bumps golang from 1.22.2 to 1.22.3. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * bump the other 7 dockerfiles Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Spencer Schrock <sschrock@google.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Schrock <sschrock@google.com>	2024-05-10 18:08:39 +00:00
dependabot[bot]	d61c9aa11f	🌱 Bump golang from 1.22.1 to 1.22.2 (#4012 )	2024-04-08 15:54:36 +00:00
Spencer Schrock	bfc8f37fef	🌱 Bump golang from 1.22.0 to 1.22.1 (#3941 ) Signed-off-by: Spencer Schrock <sschrock@google.com>	2024-03-12 03:44:15 +00:00
Spencer Schrock	64d330790d	🌱 Update Go toolchain to 1.22 (#3859 ) * update workflows to use go 1.22 Signed-off-by: Spencer Schrock <sschrock@google.com> * update tools go.mod to 1.22. no one imports this, so we can bump it now and avoid issues in the future where we need to upgrade. Signed-off-by: Spencer Schrock <sschrock@google.com> * bump docker files Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>	2024-02-07 11:36:37 -08:00
dependabot[bot]	6f816c80bc	🌱 Bump github.com/google/osv-scanner from 1.6.1 to 1.6.2 (#3834 ) * 🌱 Bump github.com/google/osv-scanner from 1.6.1 to 1.6.2 Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.6.1 to 1.6.2. - [Release notes](https://github.com/google/osv-scanner/releases) - [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md) - [Commits](https://github.com/google/osv-scanner/compare/v1.6.1...v1.6.2) --- updated-dependencies: - dependency-name: github.com/google/osv-scanner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * specify go patch version go mod tidy requires this. I was able to delete the toolchain directive, and it wasn't added back. Signed-off-by: Spencer Schrock <sschrock@google.com> * bump dockerfiles to 1.21.6 so the build works Signed-off-by: Spencer Schrock <sschrock@google.com> * bump go version used in codeql workflow github runners currently use Go 1.20 by default, which doesn't understand 1.21.x format. Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Spencer Schrock <sschrock@google.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Schrock <sschrock@google.com>	2024-01-31 18:54:06 +00:00
Spencer Schrock	03060f208f	🌱 Bump distroless/base from `27647a6` to `29da700` and golang from `ec457a2` to `e9ebfe9` (#3548 ) * bump distroless. Signed-off-by: Spencer Schrock <sschrock@google.com> * bump golang 1.21 Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>	2023-10-09 12:09:25 -07:00
dependabot[bot]	3af46eb8a2	🌱 Bump distroless/base from `c623859` to `27647a6` in /clients/githubrepo/roundtripper/tokens/server (#3443 ) * 🌱 Bump distroless/base Bumps distroless/base from `c623859` to `27647a6`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * bump other distroless/base images too Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Spencer Schrock <sschrock@google.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Schrock <sschrock@google.com>	2023-09-04 23:14:02 -07:00
Spencer Schrock	5ec66fa906	🌱 Migrate to go 1.21 (#3387 ) * Bump dockerfiles to 1.21 * Go minimum version should match our go.mod * Bump GitHub action go version to 1.21 and ensure all workflows use env variable. --------- Signed-off-by: Spencer Schrock <sschrock@google.com>	2023-08-14 14:32:42 -04:00
Spencer Schrock	a50bc07b4f	🌱 Bump docker images (#3196 ) Signed-off-by: Spencer Schrock <sschrock@google.com>	2023-06-20 12:41:51 -07:00
dependabot[bot]	5640cfe418	🌱 Bump golang from `690e413` to `4b1fc02` Bumps golang from `690e413` to `4b1fc02`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2023-06-13 09:39:08 +00:00
dependabot[bot]	f8e193f28b	🌱 Bump golang from `685a22e` to `690e413` (#3080 ) Bumps golang from `685a22e` to `690e413`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-29 17:48:54 -05:00
dependabot[bot]	7ccd900c27	🌱 Bump golang from `31a8f92` to `685a22e` Bumps golang from `31a8f92` to `685a22e`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2023-05-15 14:52:01 +00:00
dependabot[bot]	1bbc87fbb2	🌱 Bump golang from `403f486` to `31a8f92` (#2965 ) Bumps golang from `403f486` to `31a8f92`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-08 05:28:47 -05:00
dependabot[bot]	8183a9f96f	🌱 Bump golang from `25de7b6` to `403f486` Bumps golang from `25de7b6` to `403f486`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2023-04-17 17:45:23 +00:00
Arnaud J Le Hors	2169bc44c7	Use new project name in Copyright notices (#2505 ) Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com> Signed-off-by: Arnaud J Le Hors <lehors@us.ibm.com>	2022-12-01 15:08:48 -08:00
Spencer Schrock	93f3d93749	🌱 Manual bump every docker distroless:base to `99133cb` (#2392 ) * Reduce docker updates to weekly Signed-off-by: Spencer Schrock <sschrock@google.com> * Bump all dockers to 99133cb Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: Spencer Schrock <sschrock@google.com>	2022-10-24 18:43:46 +00:00
Spencer Schrock	412de9c51a	🌱 Add soft mem limit to controller k8s spec (#2362 ) * Bump golang docker to 1.19 Signed-off-by: Spencer Schrock <sschrock@google.com> * Add soft memory limit for controller to address OOMKilled. Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: Spencer Schrock <sschrock@google.com>	2022-10-17 19:14:39 -05:00
dependabot[bot]	a4d2c01c22	🌱 Bump distroless/base from `49d2923` to `533c15e` (#2185 ) Bumps distroless/base from `49d2923` to `533c15e`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-08-22 07:35:08 -05:00
Naveen	10b6052acf	🌱 Upgrade to go 1.18 (#2143 ) * 🌱 Upgrade to go 1.18 - Upgrade to go 1.18 - Updated the deps to avoid critical CVE's Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Updated dockerfile. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed the linter issues. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed the CVE dependencies Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Rmoved the cache which is changing between 1.17 and 1.18 Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Rmoved the cache which is changing between 1.17 and 1.18 Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Updated ko to latest Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed linter issue. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> * Fixed linter issue. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>	2022-08-16 20:55:48 -05:00
dependabot[bot]	7c9bb1c4da	🌱 Bump distroless/base from `d65ac1a` to `e672eb7` (#1994 ) Bumps distroless/base from `d65ac1a` to `e672eb7`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-07-15 23:12:40 +00:00
dependabot[bot]	399d9974e4	🌱 Bump distroless/base from `764b74b` to `d65ac1a` Bumps distroless/base from `764b74b` to `d65ac1a`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2022-05-20 01:41:04 +00:00
dependabot[bot]	10d46d5be0	🌱 Bump distroless/base from `792dfe7` to `764b74b` Bumps distroless/base from `792dfe7` to `764b74b`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2022-03-28 19:11:47 +00:00
dependabot[bot]	d5893c226f	🌱 Bump distroless/base from `02f6671` to `792dfe7` Bumps distroless/base from `02f6671` to `792dfe7`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2022-03-18 09:59:25 -05:00
dependabot[bot]	2ac1d738ac	🌱 Bump distroless/base from `46d4514` to `02f6671` Bumps distroless/base from `46d4514` to `02f6671`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2021-12-31 14:03:36 -06:00
dependabot[bot]	92dff665a4	🌱 Bump distroless/base from `56d73a6` to `46d4514` (#1176 ) Bumps distroless/base from `56d73a6` to `46d4514`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com> Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2021-10-29 05:06:21 +00:00
dependabot[bot]	701a65e60c	🌱 Bump distroless/base from `3e771f1` to `56d73a6` Bumps distroless/base from `3e771f1` to `56d73a6`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2021-09-30 06:50:25 -05:00
dependabot[bot]	1322234ba6	🌱 Bump distroless/base from `a74f307` to `3e771f1` Bumps distroless/base from `a74f307` to `3e771f1`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2021-09-28 09:57:00 -05:00
dependabot[bot]	b5e4c7797b	🌱 Bump distroless/base from `19d927c` to `a74f307` (#945 ) Bumps distroless/base from `19d927c` to `a74f307`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2021-09-01 10:15:03 -07:00
dependabot[bot]	b93f385e7e	🌱 Bump distroless/base from `ccbc79c` to `19d927c` Bumps distroless/base from `ccbc79c` to `19d927c`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2021-08-26 08:08:12 -05:00
Azeem Shaikh	7790d70119	Use consistent golang image across Dockerfiles (#847 ) Co-authored-by: Azeem Shaikh <azeems@google.com> Co-authored-by: Abhishek Arya <inferno@chromium.org>	2021-08-12 16:54:32 +00:00
dependabot[bot]	a10baab917	🌱 Bump golang from `5cdc91c` to `3c4de86` (#846 ) Bumps golang from `5cdc91c` to `3c4de86`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-08-12 11:10:42 -04:00
dependabot[bot]	0e6559a1ce	🌱 Bump golang from 1.16.6 to 1.16.7 Bumps golang from 1.16.6 to 1.16.7. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2021-08-06 17:26:49 -05:00
dependabot[bot]	d6cf4b36bf	🌱 Bump distroless/base from `38778ff` to `ccbc79c` (#722 ) Bumps distroless/base from `38778ff` to `ccbc79c`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-07-26 12:00:10 -05:00
dependabot[bot]	b86718a96b	🌱 Bump golang from `773f15a` to `4544ae5` (#747 ) Bumps golang from `773f15a` to `4544ae5`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-07-26 11:37:14 -05:00
dependabot[bot]	7671752527	🌱 Bump golang from 1.16.5 to 1.16.6 (#690 ) Bumps golang from 1.16.5 to 1.16.6. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-07-14 13:36:35 +00:00
dependabot[bot]	8d9f199d51	🌱 Bump golang from `91b3c54` to `3ba0777` Bumps golang from `91b3c54` to `3ba0777`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2021-07-12 12:35:17 -05:00
dependabot[bot]	6a3337d885	🌱 Bump distroless/base from `bc84925` to `38778ff` (#602 ) Bumps distroless/base from `bc84925` to `38778ff`. --- updated-dependencies: - dependency-name: distroless/base dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-06-29 17:06:55 +00:00
dependabot[bot]	c900290630	🌱 Bump golang from `cc34100` to `91b3c54` (#621 ) Bumps golang from `cc34100` to `91b3c54`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-06-28 17:37:23 -04:00
dependabot[bot]	9f074cef5a	🌱 Bump golang from `360bc82` to `74681bd` (#601 ) Bumps golang from `360bc82` to `74681bd`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-06-25 11:01:16 -04:00
dependabot[bot]	020b892241	🌱 Bump golang from `6ff0e09` to `360bc82` (#550 ) Bumps golang from `6ff0e09` to `360bc82`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-06-21 12:30:03 -04:00
dependabot[bot]	15937a6fb7	🌱 Bump golang from 1.16.4 to 1.16.5 (#541 ) Bumps golang from 1.16.4 to 1.16.5. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-06-04 14:59:33 +00:00
dependabot[bot]	934c741b8d	🌱 Bump golang from `6f0b0a3` to `8a106c4` (#519 ) Bumps golang from `6f0b0a3` to `8a106c4`. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>	2021-05-28 12:11:23 -04:00
laurentsimon	3b1c9b8496	❇️ Pin our docker dependencies by hash (#468 ) * check pinning in docker files * Pin our docker dependencies * Revert "check pinning in docker files" This reverts commit `c05a5007b1`. * comments * typo * fix hashes	2021-05-18 18:05:13 +00:00
Azeem Shaikh	ba3b5c5979	Refactor Makefile and add proto compile support. (#458 ) Co-authored-by: Azeem Shaikh <azeems@google.com>	2021-05-15 13:58:01 -07:00
dependabot[bot]	d84cefac36	🌱 Bump golang from 1.16.3 to 1.16.4 Bumps golang from 1.16.3 to 1.16.4. Signed-off-by: dependabot[bot] <support@github.com>	2021-05-07 14:50:02 -05:00
Naveen	a440bf6294	🌱 Removed the dockerbuild experimental features (#409 ) * Removed the docker build experimental feature so that cloudbuild can build.	2021-05-07 07:49:30 -05:00
dependabot[bot]	3f70d82ce0	Bump golang from 1.16.2 to 1.16.3 Bumps golang from 1.16.2 to 1.16.3. Signed-off-by: dependabot[bot] <support@github.com>	2021-04-02 12:03:43 -05:00

1 2

59 Commits