dependabot[bot]
6f816c80bc
🌱 Bump github.com/google/osv-scanner from 1.6.1 to 1.6.2 ( #3834 )
...
* 🌱 Bump github.com/google/osv-scanner from 1.6.1 to 1.6.2
Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner ) from 1.6.1 to 1.6.2.
- [Release notes](https://github.com/google/osv-scanner/releases )
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md )
- [Commits](https://github.com/google/osv-scanner/compare/v1.6.1...v1.6.2 )
---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* specify go patch version
go mod tidy requires this. I was able to delete the toolchain directive,
and it wasn't added back.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* bump dockerfiles to 1.21.6 so the build works
Signed-off-by: Spencer Schrock <sschrock@google.com>
* bump go version used in codeql workflow
github runners currently use Go 1.20 by default,
which doesn't understand 1.21.x format.
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
2024-01-31 18:54:06 +00:00
dependabot[bot]
a25f108f4b
🌱 Bump the github-actions group with 3 updates ( #3825 )
...
Bumps the github-actions group with 3 updates: [tj-actions/changed-files](https://github.com/tj-actions/changed-files ), [codecov/codecov-action](https://github.com/codecov/codecov-action ) and [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `tj-actions/changed-files` from 42.0.0 to 42.0.2
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](ae82ed4ae0...90a06d6ba9https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](eaaf4bedf3...4fe8c5f003https://github.com/actions/upload-artifact/releases )
- [Commits](694cdabd8b...26f96dfa69
2024-01-29 11:07:53 -08:00
Josh Soref
3b948257fc
📖 Fix spelling ( #3804 )
...
* spelling: accurate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: administrator
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: analyze
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: andtwenty
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: ascii
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: association
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: at least
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: attestor
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: barbaric
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: bucket
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: by
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: can
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: case-insensitive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: case-sensitive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: checking
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: command-line
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: commit
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: committed
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: conclusion
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: corresponding
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: created
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dataset
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: default
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: defines
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dependabot
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: dependency
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: depending
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: desired
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: different
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: disclose
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: download
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: each
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: enforce
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: every time
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: exist
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: existing
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: fields
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: files
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: for
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: force-push
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: github
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: gitlab
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: ignoreed
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: implementation
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: implements
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: increase
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: indicates
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: initialized
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: instructions
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: invalid
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: marshal
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: match
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: name
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: nonexistent
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: organization
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: package
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: provenance
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: query
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: readers
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: receive
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: registered
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: remediate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: representation
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: requests
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: requires
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: return
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: scorecard
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: separator
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: serialization
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: sign up
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: specifications
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: specified
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: success
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: successfully
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: the
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: their
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: twenty
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unexpected
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unused
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: unverified
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: validate
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vendor
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vulnerabilities
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: vulns
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: will
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: without
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: workflow
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
* spelling: workflows
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
---------
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2024-01-26 23:08:26 +00:00
dependabot[bot]
e41a3febdb
🌱 Bump the github-actions group with 4 updates ( #3815 )
...
Bumps the github-actions group with 4 updates: [actions/dependency-review-action](https://github.com/actions/dependency-review-action ), [tj-actions/changed-files](https://github.com/tj-actions/changed-files ), [actions/cache](https://github.com/actions/cache ) and [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/dependency-review-action` from 3.1.5 to 4.0.0
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](c74b580d73...4901385134https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](62f4729b5d...ae82ed4ae0https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](e12d46a63a...13aacd865chttps://github.com/actions/upload-artifact/releases )
- [Commits](1eb3cb2b3e...694cdabd8b
2024-01-22 08:43:02 -06:00
Spencer Schrock
ee4e83a318
🌱 Enforce make add-projects for GitHub and GitLab repos ( #3780 )
...
* fail if add-projects not run
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add gitlab file to add-projects
Signed-off-by: Spencer Schrock <sschrock@google.com>
* order gitlab projects with make add-projects
Signed-off-by: Spencer Schrock <sschrock@google.com>
* simplify workflow job
this binary doesn't need the build protos
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2024-01-19 14:11:19 -08:00
dependabot[bot]
8ac9ca15a3
🌱 Bump the github-actions group with 4 updates ( #3794 )
...
Bumps the github-actions group with 4 updates: [tj-actions/changed-files](https://github.com/tj-actions/changed-files ), [actions/cache](https://github.com/actions/cache ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `tj-actions/changed-files` from 41.0.1 to 41.1.1
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](716b1e1304...62f4729b5dhttps://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](704facf57e...e12d46a63ahttps://github.com/actions/upload-artifact/releases )
- [Commits](c7d193f32e...1eb3cb2b3ehttps://github.com/actions/download-artifact/releases )
- [Commits](f44cd7b40b...6b208ae046
2024-01-15 08:49:23 -06:00
dependabot[bot]
6f31d2da0b
🌱 Bump the github-actions group with 1 update ( #3775 )
...
Bumps the github-actions group with 1 update: [actions/dependency-review-action](https://github.com/actions/dependency-review-action ).
Updates `actions/dependency-review-action` from 3.1.4 to 3.1.5
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](01bc87099b...c74b580d73
2024-01-08 06:51:19 -06:00
dependabot[bot]
c90e0bb4d3
🌱 Bump the github-actions group with 4 updates ( #3747 )
...
Bumps the github-actions group with 4 updates: [tj-actions/changed-files](https://github.com/tj-actions/changed-files ), [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `tj-actions/changed-files` from 40.2.2 to 41.0.1
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](9454999946...716b1e1304https://github.com/sigstore/cosign-installer/releases )
- [Commits](1fc5bd396d...9614fae9e5https://github.com/actions/upload-artifact/releases )
- [Commits](a8a3f3ad30...c7d193f32ehttps://github.com/actions/download-artifact/releases )
- [Commits](9bc31d5ccc...f44cd7b40b
2023-12-28 19:26:38 +00:00
dependabot[bot]
6a226ce06b
🌱 Bump actions/setup-go from 4.1.0 to 5.0.0 ( #3726 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.1.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](93397bea11...0c52d547c9
2023-12-28 02:06:04 +00:00
dependabot[bot]
39d1b33a19
🌱 Bump the github-actions group with 2 updates ( #3725 )
...
Bumps the github-actions group with 2 updates: [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) and [actions/stale](https://github.com/actions/stale ).
Updates `tj-actions/changed-files` from 40.2.1 to 40.2.2
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](1c938490c8...9454999946https://github.com/actions/stale/releases )
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md )
- [Commits](1160a22402...28ca103628
2023-12-13 21:35:02 +00:00
Pedro Kaj Kjellerup Nacht
663e1a9bad
🌱 Use backlog and "help wanted" labels on issues/PRs to keep stale-bot away ( #3690 )
...
* Use "never stale" tag on issues/PRs to keep stale-bot away
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Replace 'never stale' with 'icebox', 'help wanted'
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
* Replace "icebox,help needed" with "backlog,help wanted"
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
---------
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
2023-12-12 19:01:00 +00:00
dependabot[bot]
320ce05868
🌱 Bump the github-actions group with 3 updates ( #3715 )
...
Bumps the github-actions group with 3 updates: [actions/dependency-review-action](https://github.com/actions/dependency-review-action ), [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) and [kubernetes-sigs/kubebuilder-release-tools](https://github.com/kubernetes-sigs/kubebuilder-release-tools ).
Updates `actions/dependency-review-action` from 3.1.3 to 3.1.4
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](7bbfa034e7...01bc87099bhttps://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](25ef3926d1...1c938490c8https://github.com/kubernetes-sigs/kubebuilder-release-tools/releases )
- [Changelog](https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/RELEASE.md )
- [Commits](3c3411345e...012269a88f
2023-12-05 22:25:19 +00:00
Spencer Schrock
84bd607ae8
🌱 fix script injection ( #3695 )
...
Thanks to @AdnaneKhan for the report.
* start with reporter patch
* use env variable for bash step too
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-11-27 23:10:51 +00:00
dependabot[bot]
76878e5b4d
🌱 Bump the github-actions group with 2 updates ( #3686 )
...
Bumps the github-actions group with 2 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner ) and [actions/github-script](https://github.com/actions/github-script ).
Updates `step-security/harden-runner` from 2.6.0 to 2.6.1
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](1b05615854...eb238b55efhttps://github.com/actions/github-script/releases )
- [Commits](d7906e4ad0...60a0d83039
2023-11-20 12:16:39 -05:00
Spencer Schrock
82692a802e
🌱 allow contributors to call scdiff workflow ( #3683 )
...
also removes the edited trigger. codecov posts 3 times on each PR,
which causes this action to trigger 3x. It is skipped though, so not a huge deal.
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-11-17 18:24:04 +00:00
Spencer Schrock
288319ad12
🌱 scdiff: Add workflow to run scdiff against PRs on demand ( #3640 )
...
* wip
Signed-off-by: Spencer Schrock <sschrock@google.com>
* try to use jq without quotes
Signed-off-by: Spencer Schrock <sschrock@google.com>
* try to make file another way.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* try using homedir
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add github token to env
Signed-off-by: Spencer Schrock <sschrock@google.com>
* add link to workflow run
Signed-off-by: Spencer Schrock <sschrock@google.com>
* make comment its own job
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix typo in job context
Signed-off-by: Spencer Schrock <sschrock@google.com>
* typo part 2
Signed-off-by: Spencer Schrock <sschrock@google.com>
* use github-script to get PR SHAs.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* need to go through one more type to get to API response.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* temporarily use monitor action to see the required permissions
Signed-off-by: Spencer Schrock <sschrock@google.com>
* spacing is hard
Signed-off-by: Spencer Schrock <sschrock@google.com>
* remove monitor and apply minimal permissions
the read-all at the top might be too broad, but the monitor doesnt support graphql so best we can do for now.
Signed-off-by: Spencer Schrock <sschrock@google.com>
* try to set the checks
Signed-off-by: Spencer Schrock <sschrock@google.com>
* read the comment body
Signed-off-by: Spencer Schrock <sschrock@google.com>
* try to get around regex syntax error?
Signed-off-by: Spencer Schrock <sschrock@google.com>
* quote comment body
Signed-off-by: Spencer Schrock <sschrock@google.com>
* we want to pass an empty string to the args
Signed-off-by: Spencer Schrock <sschrock@google.com>
* fix the regex string
Signed-off-by: Spencer Schrock <sschrock@google.com>
* rest of repo has upgraded
Signed-off-by: Spencer Schrock <sschrock@google.com>
* seed 15 repos to analyze to start with
Signed-off-by: Spencer Schrock <sschrock@google.com>
* support gitlab repos in scdiff
Signed-off-by: Spencer Schrock <sschrock@google.com>
* rename pr step to config
we also need the checks to run, so update the name to reflect that
Signed-off-by: Spencer Schrock <sschrock@google.com>
* switch from default token to a PAT
By default, the GitHub Action token gets 1000 req/hour.
If running all checks, the before/after each take about 1100 of core quota
A PAT grants 5000/hr so the 2200 required should be fine if used infrequently.
Ideally, the caller will always pass the check they care about into the command
Signed-off-by: Spencer Schrock <sschrock@google.com>
* escape comment body with bash
Signed-off-by: Spencer Schrock <sschrock@google.com>
* setup go manually
Signed-off-by: Spencer Schrock <sschrock@google.com>
* don't need to run on comment delete
Signed-off-by: Spencer Schrock <sschrock@google.com>
* limit scdiff to individuals with repo access
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-11-15 19:01:53 +00:00
dependabot[bot]
6dffe65000
🌱 Bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1 in /tools ( #3660 )
...
* 🌱 Bump github.com/sigstore/cosign/v2 in /tools
Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign ) from 2.1.1 to 2.2.1.
- [Release notes](https://github.com/sigstore/cosign/releases )
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1 )
---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
* bump actions/dependency-review-action to v3.1.3
This PR is incompatible with v3.1.2 due to some of the modules being updated.
See https://www.github.com/actions/dependency-review-action/issues/613
Signed-off-by: Spencer Schrock <sschrock@google.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
2023-11-13 10:58:51 -08:00
Spencer Schrock
934f17049c
🌱 configure dependabot to group (most) GitHub actions weekly ( #3655 )
...
actions which influence the build/release process are excluded.
dependabot will send individual updates for those.
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-11-10 01:22:29 +00:00
dependabot[bot]
694d563fe3
🌱 Bump slsa-framework/slsa-verifier from 2.4.0 to 2.4.1 ( #3652 )
...
Bumps [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier ) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/slsa-framework/slsa-verifier/releases )
- [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md )
- [Commits](https://github.com/slsa-framework/slsa-verifier/compare/v2.4.0...v2.4.1 )
---
updated-dependencies:
- dependency-name: slsa-framework/slsa-verifier
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-09 01:34:39 +00:00
dependabot[bot]
5bfe68dbc6
🌱 Bump sigstore/cosign-installer from 3.1.2 to 3.2.0 ( #3651 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.1.2 to 3.2.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](11086d2504...1fc5bd396d
2023-11-08 17:11:15 -08:00
dependabot[bot]
e123f4c4dc
🌱 Bump tj-actions/changed-files from 39.2.3 to 40.1.1 ( #3657 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 39.2.3 to 40.1.1.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](95690f9ece...25ef3926d1
2023-11-09 00:35:13 +00:00
dependabot[bot]
6de7eba753
🌱 Bump kubernetes-sigs/kubebuilder-release-tools ( #3637 )
...
Bumps [kubernetes-sigs/kubebuilder-release-tools](https://github.com/kubernetes-sigs/kubebuilder-release-tools ) from 0.4.0 to 0.4.2.
- [Release notes](https://github.com/kubernetes-sigs/kubebuilder-release-tools/releases )
- [Changelog](https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/RELEASE.md )
- [Commits](d8367c29de...3c3411345e
2023-11-08 15:46:20 -08:00
dependabot[bot]
e12e5376a6
🌱 Bump actions/dependency-review-action from 3.1.0 to 3.1.2 ( #3653 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.1.0 to 3.1.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](6c5ccdad46...fde92acd08
2023-11-08 21:52:02 +00:00
afmarcum
c52a1702de
🌱 Update stale workflow to exempt Structured Results milestone ( #3634 )
...
* 🌱 Update stale workflow to exempt Structured Results milestone
* Removed duplicate line, updated stale-pr-message, and removed custom stale labels
2023-11-01 10:02:20 -07:00
dependabot[bot]
50d246696e
🌱 Bump ossf/scorecard-action from 2.3.0 to 2.3.1 ( #3599 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](483ef80eb9...0864cf1902
2023-10-27 23:44:15 +00:00
Stephen Augustus
b15b47aec3
CODEOWNERS: Support distribution of code reviews via team assignments ( #3620 )
...
Individual maintainer assignments within CODEOWNERS mean that we
cannot take advantage of GitHub code review distribution schemes
for team review assignments.
In this commit, we switch to team assignments within CODEOWNERS.
A common complaint with this approach is that unless you are a part
of the GitHub organization, you will not be able to view a team's
membership/understand who the maintainers of a project are.
To provide visibility into the maintainer list, we've added a
MAINTAINERS.md here as well.
Signed-off-by: Stephen Augustus <foo@auggie.dev>
2023-10-27 13:41:58 -07:00
dependabot[bot]
4b8066a3c7
🌱 Bump actions/checkout from 4.1.0 to 4.1.1 ( #3580 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4
2023-10-19 22:28:54 +00:00
dependabot[bot]
159c6c8723
🌱 Bump tj-actions/changed-files from 39.2.1 to 39.2.3 ( #3577 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 39.2.1 to 39.2.3.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](db153baf73...95690f9ece
2023-10-19 21:16:50 +00:00
dependabot[bot]
16ace558ad
🌱 Bump kubernetes-sigs/kubebuilder-release-tools ( #3553 )
...
Bumps [kubernetes-sigs/kubebuilder-release-tools](https://github.com/kubernetes-sigs/kubebuilder-release-tools ) from 0.3.0 to 0.4.0.
- [Release notes](https://github.com/kubernetes-sigs/kubebuilder-release-tools/releases )
- [Changelog](https://github.com/kubernetes-sigs/kubebuilder-release-tools/blob/master/RELEASE.md )
- [Commits](4f3d1085b4...d8367c29de
2023-10-12 06:23:36 +00:00
dependabot[bot]
51870877a5
🌱 Bump ossf/scorecard-action from 2.2.0 to 2.3.0 ( #3544 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](08b4669551...483ef80eb9
2023-10-09 10:19:38 -07:00
dependabot[bot]
7a1c8fe25b
🌱 Bump nick-invision/retry from 2.8.3 to 2.9.0 ( #3519 )
...
Bumps [nick-invision/retry](https://github.com/nick-invision/retry ) from 2.8.3 to 2.9.0.
- [Release notes](https://github.com/nick-invision/retry/releases )
- [Changelog](https://github.com/nick-fields/retry/blob/master/.releaserc.js )
- [Commits](943e742917...14672906e6
2023-10-03 18:46:27 -07:00
dependabot[bot]
2c25c46ef1
🌱 Bump tj-actions/changed-files from 39.1.2 to 39.2.1 ( #3531 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 39.1.2 to 39.2.1.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](4196030939...db153baf73
2023-10-03 21:33:01 +00:00
dependabot[bot]
7161ec1d58
🌱 Bump step-security/harden-runner from 2.5.1 to 2.6.0 ( #3532 )
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.5.1 to 2.6.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](8ca2b8b2ec...1b05615854
2023-10-03 21:17:51 +00:00
Spencer Schrock
6aa3bcc7f5
🌱 Don't close stale issues explicitly ( #3513 )
...
Issues are still getting closed after https://github.com/ossf/scorecard/pull/3493 .
I assume there's a default value being used somewhere.
Signed-off-by: Spencer Schrock <sschrock@google.com>
2023-09-25 16:21:30 +00:00
dependabot[bot]
fa31d56694
🌱 Bump actions/checkout from 4.0.0 to 4.1.0 ( #3511 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](3df4ab11eb...8ade135a41
2023-09-25 09:47:00 -04:00
dependabot[bot]
5a5a6561d6
🌱 Bump tj-actions/changed-files from 39.1.0 to 39.1.2 ( #3504 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 39.1.0 to 39.1.2.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](8e79ba7ab9...4196030939
2023-09-21 13:31:55 -04:00
afmarcum
893a472548
🌱 workflows/stale: Remove issue auto-close ( #3493 )
2023-09-19 12:32:37 -07:00
dependabot[bot]
ac13ac7c01
🌱 Bump tj-actions/changed-files from 39.0.2 to 39.1.0 ( #3488 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 39.0.2 to 39.1.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](6ee9cdc581...8e79ba7ab9
2023-09-19 01:54:57 +00:00
dependabot[bot]
84b53a9f65
🌱 Bump goreleaser/goreleaser-action from 4.6.0 to 5.0.0 ( #3478 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 4.6.0 to 5.0.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](5fdedb94ab...7ec5c2b0c6
2023-09-18 23:06:45 +00:00
afmarcum
4a0e3fffff
🌱 workflows/stale: Update workflow to increase operations-per-run to process more issues ( #3483 )
...
* Update workflow to increase operations per run to process more issues
* 🌱 workflows/stale: Increased operations-per-run from default and reduced days to close stale issues
2023-09-16 01:08:46 +00:00
dependabot[bot]
0fcf4d9ee1
🌱 Bump tj-actions/changed-files from 39.0.0 to 39.0.2 ( #3470 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 39.0.0 to 39.0.2.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](48566bbcc2...6ee9cdc581
2023-09-13 02:23:21 +00:00
dependabot[bot]
8a5467249e
🌱 Bump actions/dependency-review-action from 3.0.8 to 3.1.0 ( #3461 )
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 3.0.8 to 3.1.0.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](f6fff72a32...6c5ccdad46
2023-09-13 02:09:36 +00:00
dependabot[bot]
1bd5b42bb3
🌱 Bump actions/upload-artifact from 3.1.2 to 3.1.3 ( #3459 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](0b7f8abb15...a8a3f3ad30
2023-09-13 01:57:54 +00:00
dependabot[bot]
d03ca5c9f1
🌱 Bump actions/cache from 3.3.1 to 3.3.2 ( #3463 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](88522ab9f3...704facf57e
2023-09-12 18:49:06 -07:00
afmarcum
ac6ea1101c
🌱 workflows/stale: Update workflow to include issue close action ( #3474 )
...
* Update workflow to include issue close action
* Added message about closing stale issue
2023-09-12 15:22:38 -07:00
dependabot[bot]
11c48cdce0
🌱 Bump goreleaser/goreleaser-action from 4.4.0 to 4.6.0 ( #3457 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 4.4.0 to 4.6.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](3fa32b8bb5...5fdedb94ab
2023-09-06 09:15:28 -07:00
afmarcum
418a5e57c3
Removed exempt labels ( #3455 )
...
Co-authored-by: Stephen Augustus <justaugustus@users.noreply.github.com>
2023-09-05 19:19:14 +00:00
dependabot[bot]
afce7626d5
🌱 Bump actions/checkout from 3.6.0 to 4.0.0 ( #3453 )
...
* 🌱 Bump actions/checkout from 3.6.0 to 4.0.0
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.6.0 to 4.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](f43a0e5ff2...3df4ab11eb
2023-09-05 09:54:22 -07:00
dependabot[bot]
a2495ea865
🌱 Bump tj-actions/changed-files from 38.1.3 to 39.0.0 ( #3452 )
...
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files ) from 38.1.3 to 39.0.0.
- [Release notes](https://github.com/tj-actions/changed-files/releases )
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md )
- [Commits](c860b5c47f...48566bbcc2
2023-09-05 03:00:57 +00:00
dependabot[bot]
4186f161d0
🌱 Bump sigstore/cosign-installer from 3.1.1 to 3.1.2 ( #3446 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](6e04d228eb...11086d2504
2023-09-04 18:27:45 -07:00
