dependabot[bot]
6f31d2da0b
🌱 Bump the github-actions group with 1 update ( #3775 )
...
Bumps the github-actions group with 1 update: [actions/dependency-review-action](https://github.com/actions/dependency-review-action ).
Updates `actions/dependency-review-action` from 3.1.4 to 3.1.5
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](01bc87099b...c74b580d73
2024-01-08 06:51:19 -06:00
dependabot[bot]
c90e0bb4d3
🌱 Bump the github-actions group with 4 updates ( #3747 )
...
Bumps the github-actions group with 4 updates: [tj-actions/changed-files](https://github.com/tj-actions/changed-files ), [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `tj-actions/changed-files` from 40.2.2 to 41.0.1
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](9454999946...716b1e1304https://github.com/sigstore/cosign-installer/releases )
- [Commits](1fc5bd396d...9614fae9e5https://github.com/actions/upload-artifact/releases )
- [Commits](a8a3f3ad30...c7d193f32ehttps://github.com/actions/download-artifact/releases )
- [Commits](9bc31d5ccc...f44cd7b40b
2023-12-28 19:26:38 +00:00
dependabot[bot]
6a226ce06b
🌱 Bump actions/setup-go from 4.1.0 to 5.0.0 ( #3726 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.1.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](93397bea11...0c52d547c9
2023-12-28 02:06:04 +00:00
dependabot[bot]
39d1b33a19
🌱 Bump the github-actions group with 2 updates ( #3725 )
...
Bumps the github-actions group with 2 updates: [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) and [actions/stale](https://github.com/actions/stale ).
Updates `tj-actions/changed-files` from 40.2.1 to 40.2.2
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](1c938490c8...9454999946https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](1160a22402...28ca103628
2023-12-13 21:35:02 +00:00
Pedro Kaj Kjellerup Nacht
663e1a9bad
🌱 Use backlog and "help wanted" labels on issues/PRs to keep stale-bot away ( #3690 )
...
* Use "never stale" tag on issues/PRs to keep stale-bot away
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Replace 'never stale' with 'icebox', 'help wanted'
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Replace "icebox,help needed" with "backlog,help wanted"
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
---------
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
2023-12-12 19:01:00 +00:00
dependabot[bot]
320ce05868
🌱 Bump the github-actions group with 3 updates ( #3715 )
...
Bumps the github-actions group with 3 updates: [actions/dependency-review-action](https://github.com/actions/dependency-review-action ), [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) and [kubernetes-sigs/kubebuilder-release-tools](https://github.com/kubernetes-sigs/kubebuilder-release-tools ).
Updates `actions/dependency-review-action` from 3.1.3 to 3.1.4
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](7bbfa034e7...01bc87099bhttps://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](25ef3926d1...1c938490c8https://github.com/kubernetes-sigs/kubebuilder-release-tools/releases )
- [Changelog](https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/RELEASE.md )
- [Commits](3c3411345e...012269a88f
2023-12-05 22:25:19 +00:00
Spencer Schrock
84bd607ae8
🌱 fix script injection ( #3695 )
...
Thanks to @AdnaneKhan for the report.
* start with reporter patch
* use env variable for bash step too
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-11-27 23:10:51 +00:00
dependabot[bot]
76878e5b4d
🌱 Bump the github-actions group with 2 updates ( #3686 )
...
Bumps the github-actions group with 2 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner ) and [actions/github-script](https://github.com/actions/github-script ).
Updates `step-security/harden-runner` from 2.6.0 to 2.6.1
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](1b05615854...eb238b55efhttps://github.com/actions/github-script/releases )
- [Commits](d7906e4ad0...60a0d83039
2023-11-20 12:16:39 -05:00
Spencer Schrock
82692a802e
🌱 allow contributors to call scdiff workflow ( #3683 )
...
also removes the edited trigger. codecov posts 3 times on each PR,
which causes this action to trigger 3x. It is skipped though, so not a huge deal.
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-11-17 18:24:04 +00:00
Spencer Schrock
288319ad12
🌱 scdiff: Add workflow to run scdiff against PRs on demand ( #3640 )
...
* wip
Signed-off-by: Spencer Schrock <sschrock@google.com>
* try to use jq without quotes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* try to make file another way.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* try using homedir
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add github token to env
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add link to workflow run
Signed-off-by: Spencer Schrock <sschrock@google.com>
* make comment its own job
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix typo in job context
Signed-off-by: Spencer Schrock <sschrock@google.com>
* typo part 2
Signed-off-by: Spencer Schrock <sschrock@google.com>
* use github-script to get PR SHAs.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* need to go through one more type to get to API response.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* temporarily use monitor action to see the required permissions
Signed-off-by: Spencer Schrock <sschrock@google.com>
* spacing is hard
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove monitor and apply minimal permissions
the read-all at the top might be too broad, but the monitor doesnt support graphql so best we can do for now.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* try to set the checks
Signed-off-by: Spencer Schrock <sschrock@google.com>
* read the comment body
Signed-off-by: Spencer Schrock <sschrock@google.com>
* try to get around regex syntax error?
Signed-off-by: Spencer Schrock <sschrock@google.com>
* quote comment body
Signed-off-by: Spencer Schrock <sschrock@google.com>
* we want to pass an empty string to the args
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix the regex string
Signed-off-by: Spencer Schrock <sschrock@google.com>
* rest of repo has upgraded
Signed-off-by: Spencer Schrock <sschrock@google.com>
* seed 15 repos to analyze to start with
Signed-off-by: Spencer Schrock <sschrock@google.com>
* support gitlab repos in scdiff
Signed-off-by: Spencer Schrock <sschrock@google.com>
* rename pr step to config
we also need the checks to run, so update the name to reflect that
Signed-off-by: Spencer Schrock <sschrock@google.com>
* switch from default token to a PAT
By default, the GitHub Action token gets 1000 req/hour.
If running all checks, the before/after each take about 1100 of core quota
A PAT grants 5000/hr so the 2200 required should be fine if used infrequently.
Ideally, the caller will always pass the check they care about into the command
Signed-off-by: Spencer Schrock <sschrock@google.com>
* escape comment body with bash
Signed-off-by: Spencer Schrock <sschrock@google.com>
* setup go manually
Signed-off-by: Spencer Schrock <sschrock@google.com>
* don't need to run on comment delete
Signed-off-by: Spencer Schrock <sschrock@google.com>
* limit scdiff to individuals with repo access
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-11-15 19:01:53 +00:00
dependabot[bot]
6dffe65000
🌱 Bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1 in /tools ( #3660 )
...
* 🌱 Bump github.com/sigstore/cosign/v2 in /tools
Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign ) from 2.1.1 to 2.2.1.
- [Release notes](https://github.com/sigstore/cosign/releases )
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
* bump actions/dependency-review-action to v3.1.3
This PR is incompatible with v3.1.2 due to some of the modules being updated.
See https://www.github.com/actions/dependency-review-action/issues/613
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
2023-11-13 10:58:51 -08:00
Spencer Schrock
934f17049c
🌱 configure dependabot to group (most) GitHub actions weekly ( #3655 )
...
actions which influence the build/release process are excluded.
dependabot will send individual updates for those.
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-11-10 01:22:29 +00:00
dependabot[bot]
694d563fe3
🌱 Bump slsa-framework/slsa-verifier from 2.4.0 to 2.4.1 ( #3652 )
...
Bumps [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier ) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/slsa-framework/slsa-verifier/releases )
- [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md )
- [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.4.0...v2.4.1 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-verifier
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-09 01:34:39 +00:00
dependabot[bot]
5bfe68dbc6
🌱 Bump sigstore/cosign-installer from 3.1.2 to 3.2.0 ( #3651 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.1.2 to 3.2.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](11086d2504...1fc5bd396d
2023-11-08 17:11:15 -08:00
dependabot[bot]
e123f4c4dc
🌱 Bump tj-actions/changed-files from 39.2.3 to 40.1.1 ( #3657 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 39.2.3 to 40.1.1.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](95690f9ece...25ef3926d1
2023-11-09 00:35:13 +00:00
dependabot[bot]
6de7eba753
🌱 Bump kubernetes-sigs/kubebuilder-release-tools ( #3637 )
...
Bumps [kubernetes-sigs/kubebuilder-release-tools](https://github.com/kubernetes-sigs/kubebuilder-release-tools ) from 0.4.0 to 0.4.2.
- [Release notes](https://github.com/kubernetes-sigs/kubebuilder-release-tools/releases )
- [Changelog](https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/RELEASE.md )
- [Commits](d8367c29de...3c3411345e
2023-11-08 15:46:20 -08:00
dependabot[bot]
e12e5376a6
🌱 Bump actions/dependency-review-action from 3.1.0 to 3.1.2 ( #3653 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.1.0 to 3.1.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](6c5ccdad46...fde92acd08
2023-11-08 21:52:02 +00:00
afmarcum
c52a1702de
🌱 Update stale workflow to exempt Structured Results milestone ( #3634 )
...
* 🌱 Update stale workflow to exempt Structured Results milestone
* Removed duplicate line, updated stale-pr-message, and removed custom stale labels
2023-11-01 10:02:20 -07:00
dependabot[bot]
50d246696e
🌱 Bump ossf/scorecard-action from 2.3.0 to 2.3.1 ( #3599 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](483ef80eb9...0864cf1902
2023-10-27 23:44:15 +00:00
Stephen Augustus
b15b47aec3
CODEOWNERS: Support distribution of code reviews via team assignments ( #3620 )
...
Individual maintainer assignments within CODEOWNERS mean that we
cannot take advantage of GitHub code review distribution schemes
for team review assignments.
In this commit, we switch to team assignments within CODEOWNERS.
A common complaint with this approach is that unless you are a part
of the GitHub organization, you will not be able to view a team's
membership/understand who the maintainers of a project are.
To provide visibility into the maintainer list, we've added a
MAINTAINERS.md here as well.
Signed-off-by: Stephen Augustus <foo@auggie.dev>
2023-10-27 13:41:58 -07:00
dependabot[bot]
4b8066a3c7
🌱 Bump actions/checkout from 4.1.0 to 4.1.1 ( #3580 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4
2023-10-19 22:28:54 +00:00
dependabot[bot]
159c6c8723
🌱 Bump tj-actions/changed-files from 39.2.1 to 39.2.3 ( #3577 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 39.2.1 to 39.2.3.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](db153baf73...95690f9ece
2023-10-19 21:16:50 +00:00
dependabot[bot]
16ace558ad
🌱 Bump kubernetes-sigs/kubebuilder-release-tools ( #3553 )
...
Bumps [kubernetes-sigs/kubebuilder-release-tools](https://github.com/kubernetes-sigs/kubebuilder-release-tools ) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/kubernetes-sigs/kubebuilder-release-tools/releases )
- [Changelog](https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/RELEASE.md )
- [Commits](4f3d1085b4...d8367c29de
2023-10-12 06:23:36 +00:00
dependabot[bot]
51870877a5
🌱 Bump ossf/scorecard-action from 2.2.0 to 2.3.0 ( #3544 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](08b4669551...483ef80eb9
2023-10-09 10:19:38 -07:00
dependabot[bot]
7a1c8fe25b
🌱 Bump nick-invision/retry from 2.8.3 to 2.9.0 ( #3519 )
...
Bumps [nick-invision/retry](https://github.com/nick-invision/retry ) from 2.8.3 to 2.9.0.
- [Release notes](https://github.com/nick-invision/retry/releases )
- [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js )
- [Commits](943e742917...14672906e6
2023-10-03 18:46:27 -07:00
dependabot[bot]
2c25c46ef1
🌱 Bump tj-actions/changed-files from 39.1.2 to 39.2.1 ( #3531 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 39.1.2 to 39.2.1.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](4196030939...db153baf73
2023-10-03 21:33:01 +00:00
dependabot[bot]
7161ec1d58
🌱 Bump step-security/harden-runner from 2.5.1 to 2.6.0 ( #3532 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.5.1 to 2.6.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](8ca2b8b2ec...1b05615854
2023-10-03 21:17:51 +00:00
Spencer Schrock
6aa3bcc7f5
🌱 Don't close stale issues explicitly ( #3513 )
...
Issues are still getting closed after https://github.com/ossf/scorecard/pull/3493 .
I assume there's a default value being used somewhere.
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-09-25 16:21:30 +00:00
dependabot[bot]
fa31d56694
🌱 Bump actions/checkout from 4.0.0 to 4.1.0 ( #3511 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](3df4ab11eb...8ade135a41
2023-09-25 09:47:00 -04:00
dependabot[bot]
5a5a6561d6
🌱 Bump tj-actions/changed-files from 39.1.0 to 39.1.2 ( #3504 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 39.1.0 to 39.1.2.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](8e79ba7ab9...4196030939
2023-09-21 13:31:55 -04:00
afmarcum
893a472548
🌱 workflows/stale: Remove issue auto-close ( #3493 )
2023-09-19 12:32:37 -07:00
dependabot[bot]
ac13ac7c01
🌱 Bump tj-actions/changed-files from 39.0.2 to 39.1.0 ( #3488 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 39.0.2 to 39.1.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](6ee9cdc581...8e79ba7ab9
2023-09-19 01:54:57 +00:00
dependabot[bot]
84b53a9f65
🌱 Bump goreleaser/goreleaser-action from 4.6.0 to 5.0.0 ( #3478 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 4.6.0 to 5.0.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](5fdedb94ab...7ec5c2b0c6
2023-09-18 23:06:45 +00:00
afmarcum
4a0e3fffff
🌱 workflows/stale: Update workflow to increase operations-per-run to process more issues ( #3483 )
...
* Update workflow to increase operations per run to process more issues
* 🌱 workflows/stale: Increased operations-per-run from default and reduced days to close stale issues
2023-09-16 01:08:46 +00:00
dependabot[bot]
0fcf4d9ee1
🌱 Bump tj-actions/changed-files from 39.0.0 to 39.0.2 ( #3470 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 39.0.0 to 39.0.2.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](48566bbcc2...6ee9cdc581
2023-09-13 02:23:21 +00:00
dependabot[bot]
8a5467249e
🌱 Bump actions/dependency-review-action from 3.0.8 to 3.1.0 ( #3461 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.8 to 3.1.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](f6fff72a32...6c5ccdad46
2023-09-13 02:09:36 +00:00
dependabot[bot]
1bd5b42bb3
🌱 Bump actions/upload-artifact from 3.1.2 to 3.1.3 ( #3459 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](0b7f8abb15...a8a3f3ad30
2023-09-13 01:57:54 +00:00
dependabot[bot]
d03ca5c9f1
🌱 Bump actions/cache from 3.3.1 to 3.3.2 ( #3463 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](88522ab9f3...704facf57e
2023-09-12 18:49:06 -07:00
afmarcum
ac6ea1101c
🌱 workflows/stale: Update workflow to include issue close action ( #3474 )
...
* Update workflow to include issue close action
* Added message about closing stale issue
2023-09-12 15:22:38 -07:00
dependabot[bot]
11c48cdce0
🌱 Bump goreleaser/goreleaser-action from 4.4.0 to 4.6.0 ( #3457 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 4.4.0 to 4.6.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](3fa32b8bb5...5fdedb94ab
2023-09-06 09:15:28 -07:00
afmarcum
418a5e57c3
Removed exempt labels ( #3455 )
...
Co-authored-by: Stephen Augustus <justaugustus@users.noreply.github.com>
2023-09-05 19:19:14 +00:00
dependabot[bot]
afce7626d5
🌱 Bump actions/checkout from 3.6.0 to 4.0.0 ( #3453 )
...
* 🌱 Bump actions/checkout from 3.6.0 to 4.0.0
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.6.0 to 4.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](f43a0e5ff2...3df4ab11eb
2023-09-05 09:54:22 -07:00
dependabot[bot]
a2495ea865
🌱 Bump tj-actions/changed-files from 38.1.3 to 39.0.0 ( #3452 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 38.1.3 to 39.0.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](c860b5c47f...48566bbcc2
2023-09-05 03:00:57 +00:00
dependabot[bot]
4186f161d0
🌱 Bump sigstore/cosign-installer from 3.1.1 to 3.1.2 ( #3446 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](6e04d228eb...11086d2504
2023-09-04 18:27:45 -07:00
dependabot[bot]
b68ef18c96
🌱 Bump tj-actions/changed-files from 38.0.0 to 38.1.3 ( #3432 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 38.0.0 to 38.1.3.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](17f3fec1ed...c860b5c47f
2023-08-30 10:50:07 -07:00
dependabot[bot]
df077fdba0
🌱 Bump slsa-framework/slsa-verifier from 2.3.0 to 2.4.0 ( #3431 )
...
Bumps [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier ) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/slsa-framework/slsa-verifier/releases )
- [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md )
- [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.3.0...v2.4.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-verifier
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-08-28 18:46:37 -07:00
dependabot[bot]
730d649ec4
🌱 Bump actions/checkout from 3.5.3 to 3.6.0 ( #3425 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](c85c95e3d7...f43a0e5ff2
2023-08-25 09:31:09 -05:00
dependabot[bot]
d6ed8105df
🌱 Bump slsa-framework/slsa-github-generator from 1.8.0 to 1.9.0
...
Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator ) from 1.8.0 to 1.9.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases )
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md )
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.8.0...v1.9.0 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-08-23 19:21:12 +00:00
dependabot[bot]
7c97e6445d
🌱 Bump tj-actions/changed-files from 37.6.1 to 38.0.0 ( #3416 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 37.6.1 to 38.0.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](a0585ff990...17f3fec1ed
2023-08-23 12:11:55 -07:00
dependabot[bot]
73d4eedc20
🌱 Bump tj-actions/changed-files from 37.6.0 to 37.6.1
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 37.6.0 to 37.6.1.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](87697c0dca...a0585ff990
2023-08-17 13:01:28 +00:00
