scorecard

mirror of https://github.com/ossf/scorecard.git synced 2024-09-20 05:27:12 +03:00

Author	SHA1	Message	Date
dependabot[bot]	dbd6894296	🌱 Bump cloud.google.com/go/pubsub from 1.30.0 to 1.30.1 Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.30.0 to 1.30.1. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.30.0...pubsub/v1.30.1) --- updated-dependencies: - dependency-name: cloud.google.com/go/pubsub dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-05-04 11:31:46 +00:00
dependabot[bot]	dafae1592e	🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.3 to 2.9.4 Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.3 to 2.9.4. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.3...v2.9.4) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-05-04 11:18:26 +00:00
dependabot[bot]	d4624f7fa4	🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.2 to 2.9.3 (#2937 ) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.2 to 2.9.3. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.9.2...v2.9.3) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-03 14:14:35 +00:00
dependabot[bot]	3d0c5e0c14	🌱 Bump github.com/google/osv-scanner (#2914 ) Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.2-0.20230418234519-2c101c1b0e63 to 1.3.2. - [Release notes](https://github.com/google/osv-scanner/releases) - [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md) - [Commits](https://github.com/google/osv-scanner/commits/v1.3.2) --- updated-dependencies: - dependency-name: github.com/google/osv-scanner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-26 21:19:16 +00:00
dependabot[bot]	c9140decab	🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.3.0 to 2.4.0. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.3.0...v2.4.0) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-04-26 11:54:55 +00:00
Spencer Schrock	a4e72a8696	🐛 Give inconclusive Vulnerabilities score when osv-scanner panics (#2896 ) * Recover from osv-scanner panics. This allows us to give an inconclusive score instead of crashing. Signed-off-by: Spencer Schrock <sschrock@google.com> * Bump osv-scanner to include performance increase. https://github.com/google/osv-scanner/pull/346 Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: Spencer Schrock <sschrock@google.com>	2023-04-24 17:26:20 +00:00
dependabot[bot]	99751c0241	🌱 Bump github.com/moby/buildkit from 0.11.5 to 0.11.6 Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.11.5 to 0.11.6. - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](https://github.com/moby/buildkit/compare/v0.11.5...v0.11.6) --- updated-dependencies: - dependency-name: github.com/moby/buildkit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-04-21 11:48:25 +00:00
dependabot[bot]	953e68c822	🌱 Bump github.com/otiai10/copy from 1.10.0 to 1.11.0 (#2890 ) Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy) from 1.10.0 to 1.11.0. - [Release notes](https://github.com/otiai10/copy/releases) - [Commits](https://github.com/otiai10/copy/compare/v1.10.0...v1.11.0) --- updated-dependencies: - dependency-name: github.com/otiai10/copy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-20 08:21:00 -05:00
dependabot[bot]	6506930fa1	🌱 Bump cloud.google.com/go/bigquery from 1.50.0 to 1.51.0 Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.50.0 to 1.51.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.50.0...bigquery/v1.51.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-04-18 16:06:46 +00:00
dependabot[bot]	81e6c21132	🌱 Bump github.com/xanzy/go-gitlab from 0.82.0 to 0.83.0 Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.82.0 to 0.83.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.82.0...v0.83.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-04-18 15:49:29 +00:00
dependabot[bot]	f3c480f214	🌱 Bump github.com/Masterminds/semver/v3 from 3.2.0 to 3.2.1 Bumps [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) from 3.2.0 to 3.2.1. - [Release notes](https://github.com/Masterminds/semver/releases) - [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md) - [Commits](https://github.com/Masterminds/semver/compare/v3.2.0...v3.2.1) --- updated-dependencies: - dependency-name: github.com/Masterminds/semver/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-04-13 17:11:29 +00:00
dependabot[bot]	21e1950fdb	🌱 Bump github.com/spf13/cobra from 1.6.1 to 1.7.0 Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.1 to 1.7.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-04-13 16:56:51 +00:00
dependabot[bot]	4809b20cbf	🌱 Bump github.com/xanzy/go-gitlab from 0.81.0 to 0.82.0 Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.81.0 to 0.82.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.81.0...v0.82.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-04-12 19:32:39 +00:00
dependabot[bot]	192d704d49	🌱 Bump golang.org/x/tools from 0.7.0 to 0.8.0 (#2855 ) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.7.0 to 0.8.0. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-12 06:36:50 -05:00
dependabot[bot]	4898b5c474	🌱 Bump github.com/otiai10/copy from 1.9.0 to 1.10.0 Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/otiai10/copy/releases) - [Commits](https://github.com/otiai10/copy/compare/v1.9.0...v1.10.0) --- updated-dependencies: - dependency-name: github.com/otiai10/copy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-04-11 15:31:14 +00:00
dependabot[bot]	b17f83a71e	🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 (#2847 ) Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.2.0...v2.3.0) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-11 10:12:31 -05:00
dependabot[bot]	2f0e8d971f	🌱 Bump github.com/xeipuuv/gojsonschema Bumps [github.com/xeipuuv/gojsonschema](https://github.com/xeipuuv/gojsonschema) from 0.0.0-20180618132009-1d523034197f to 1.2.0. - [Release notes](https://github.com/xeipuuv/gojsonschema/releases) - [Commits](https://github.com/xeipuuv/gojsonschema/commits/v1.2.0) --- updated-dependencies: - dependency-name: github.com/xeipuuv/gojsonschema dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2023-04-10 15:33:53 +00:00
dependabot[bot]	b81a70e0ea	🌱 Bump cloud.google.com/go/bigquery from 1.49.0 to 1.50.0 (#2818 ) Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.49.0 to 1.50.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.49.0...bigquery/v1.50.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-04 13:59:10 -05:00
dependabot[bot]	b6362b14ee	🌱 Bump github.com/go-logr/logr from 1.2.3 to 1.2.4 (#2813 ) Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/go-logr/logr/releases) - [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md) - [Commits](https://github.com/go-logr/logr/compare/v1.2.3...v1.2.4) --- updated-dependencies: - dependency-name: github.com/go-logr/logr dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-03 10:28:25 -05:00
dependabot[bot]	6c65ffbb19	🌱 Bump cloud.google.com/go/bigquery from 1.48.0 to 1.49.0 Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.48.0 to 1.49.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.48.0...bigquery/v1.49.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2023-04-02 17:56:39 +00:00
dependabot[bot]	cba58b32b2	🌱 Bump github.com/onsi/gomega from 1.27.0 to 1.27.6 (#2807 )	2023-03-31 23:03:52 +00:00
dependabot[bot]	ce916313b4	🌱 Bump github.com/google/osv-scanner from 1.3.0 to 1.3.1 (#2810 ) Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/google/osv-scanner/releases) - [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md) - [Commits](https://github.com/google/osv-scanner/compare/v1.3.0...v1.3.1) --- updated-dependencies: - dependency-name: github.com/google/osv-scanner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-31 09:02:56 -05:00
dependabot[bot]	727d7e8d27	🌱 Bump github.com/moby/buildkit from 0.11.4 to 0.11.5 (#2809 ) Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.11.4 to 0.11.5. - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](https://github.com/moby/buildkit/compare/v0.11.4...v0.11.5) --- updated-dependencies: - dependency-name: github.com/moby/buildkit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-30 16:47:31 -07:00
dependabot[bot]	ef16fd8ae0	🌱 Bump cloud.google.com/go/pubsub from 1.28.0 to 1.30.0 (#2804 ) Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.28.0 to 1.30.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.28.0...pubsub/v1.30.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/pubsub dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-29 19:15:39 -07:00
dependabot[bot]	4626c278de	🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 (#2805 ) Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.1.0 to 2.2.0. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](https://github.com/bradleyfalzon/ghinstallation/compare/v2.1.0...v2.2.0) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-29 18:37:45 -07:00
dependabot[bot]	92a07f5513	🌱 Bump github.com/google/osv-scanner (#2803 ) Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.2.1-0.20230302232134-592acbc2539b to 1.3.0. - [Release notes](https://github.com/google/osv-scanner/releases) - [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md) - [Commits](https://github.com/google/osv-scanner/commits/v1.3.0) --- updated-dependencies: - dependency-name: github.com/google/osv-scanner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-29 11:41:56 -07:00
dependabot[bot]	d2a3caa3d8	🌱 Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.81.0 (#2737 ) * 🌱 Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.81.0 Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.78.0 to 0.81.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.78.0...v0.81.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump google.golang.org/protobuf to v1.30.0 to satisfy dependency analysis. Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Spencer Schrock <sschrock@google.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Schrock <sschrock@google.com>	2023-03-28 19:41:09 -07:00
dependabot[bot]	dd86ce8df8	🌱 Bump golang.org/x/tools from 0.6.0 to 0.7.0 (#2769 )	2023-03-29 00:22:33 +00:00
dependabot[bot]	1f3f9ef318	🌱 Bump gocloud.dev from 0.26.0 to 0.29.0 (#2722 ) * 🌱 Bump gocloud.dev from 0.26.0 to 0.29.0 Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.26.0 to 0.29.0. - [Release notes](https://github.com/google/go-cloud/releases) - [Commits](https://github.com/google/go-cloud/compare/v0.26.0...v0.29.0) --- updated-dependencies: - dependency-name: gocloud.dev dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Switch pubsubpb import path. See `cf7063dc4d/migration.md` for more details. Signed-off-by: Spencer Schrock <sschrock@google.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Spencer Schrock <sschrock@google.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Schrock <sschrock@google.com>	2023-03-17 10:16:29 -07:00
Azeem Shaikh	8966abdceb	Initial implementation of go-git client (#2720 ) Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>	2023-03-15 21:28:09 +00:00
dependabot[bot]	2e6347f133	🌱 Bump github.com/moby/buildkit from 0.10.3 to 0.11.4 (#2735 ) Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.10.3 to 0.11.4. - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](https://github.com/moby/buildkit/compare/v0.10.3...v0.11.4) --- updated-dependencies: - dependency-name: github.com/moby/buildkit dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-08 19:03:26 -06:00
Rex P	170af75618	🐛 Updates osv-scanner dependency to 1.2.0. (#2704 ) * Updates osv-scanner dependency to 1.2.0. The 1.0 release changed the return value for osv-scanner to output an error when vulnerabilities are found, modified to handle this error correctly. Signed-off-by: Rex Pan <rexpan@google.com> * Add some additional comments Signed-off-by: Rex Pan <rexpan@google.com> * Update osv-scanner to include SBOM and logging fixes Signed-off-by: Rex Pan <rexpan@google.com> --------- Signed-off-by: Rex Pan <rexpan@google.com>	2023-03-09 00:04:11 +00:00
dependabot[bot]	0bed3da7f1	🌱 Bump github.com/jszwec/csvutil from 1.7.1 to 1.8.0 (#2698 ) Bumps [github.com/jszwec/csvutil](https://github.com/jszwec/csvutil) from 1.7.1 to 1.8.0. - [Release notes](https://github.com/jszwec/csvutil/releases) - [Commits](https://github.com/jszwec/csvutil/compare/v1.7.1...v1.8.0) --- updated-dependencies: - dependency-name: github.com/jszwec/csvutil dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-06 12:48:08 -06:00
dependabot[bot]	034add12c1	🌱 Bump k8s.io/client-go from 0.18.8 to 0.20.0 Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.18.8 to 0.20.0. - [Release notes](https://github.com/kubernetes/client-go/releases) - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.18.8...v0.20.0) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2023-02-23 19:11:51 +00:00
dependabot[bot]	24b779f7e2	🌱 Bump mvdan.cc/sh/v3 from 3.5.1 to 3.6.0 (#2615 ) Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh) from 3.5.1 to 3.6.0. - [Release notes](https://github.com/mvdan/sh/releases) - [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md) - [Commits](https://github.com/mvdan/sh/compare/v3.5.1...v3.6.0) --- updated-dependencies: - dependency-name: mvdan.cc/sh/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-22 10:35:24 -06:00
dependabot[bot]	48813a3c38	🌱 Bump golang.org/x/net from 0.5.0 to 0.7.0 (#2680 ) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.5.0 to 0.7.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/compare/v0.5.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-20 07:55:55 -06:00
Naveen	5e6a5212f4	🌱 Update deps for fixing GHSA-r48q-9g5r-8q2h (#2675 ) - Update dependencies `github.com/emicklei/go-restful` to fix this https://osv.dev/vulnerability/GHSA-r48q-9g5r-8q2h Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>	2023-02-16 15:38:44 -08:00
dependabot[bot]	1c6ab16e45	🌱 Bump github.com/go-git/go-git/v5 from 5.4.2 to 5.5.2 (#2600 ) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.4.2 to 5.5.2. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](https://github.com/go-git/go-git/compare/v5.4.2...v5.5.2) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-25 18:00:44 +00:00
dependabot[bot]	2704fc5de9	🌱 Bump github.com/xanzy/go-gitlab from 0.77.0 to 0.78.0 (#2591 ) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.77.0 to 0.78.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.77.0...v0.78.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-15 14:15:09 -06:00
dependabot[bot]	b30bc79e80	🌱 Bump golang.org/x/tools from 0.4.0 to 0.5.0 (#2592 ) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-11 09:44:04 -08:00
dependabot[bot]	75adffeb6d	🌱 Bump github.com/onsi/gomega from 1.24.1 to 1.24.2 (#2562 ) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.24.1 to 1.24.2. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.24.1...v1.24.2) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-10 22:47:58 -08:00
dependabot[bot]	63ffde8505	🌱 Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.7.0 (#2590 ) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.5.1 to 2.7.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.5.1...v2.7.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-11 05:54:06 +00:00
dependabot[bot]	c6d76807b7	🌱 Bump github.com/xanzy/go-gitlab from 0.76.0 to 0.77.0 (#2563 ) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.76.0 to 0.77.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.76.0...v0.77.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-22 08:31:50 -08:00
dependabot[bot]	7e64b3654e	🌱 Bump golang.org/x/tools from 0.3.0 to 0.4.0 (#2525 ) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.3.0 to 0.4.0. - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.3.0...v0.4.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-21 22:50:11 -08:00
Rex P	f983480ba2	⚠️ OSV scanner integration (#2509 ) * Improve OSV scanning integration (squashed) Signed-off-by: Rex P <rexpan@google.com> * Add support for grouping vulnerabilities and aliases Signed-off-by: Rex P <rexpan@google.com> * Updated documentation, spit vulnerability output to multiple warnings Signed-off-by: Rex P <rexpan@google.com> * Updated documentation, spit vulnerability output to multiple warnings Signed-off-by: Rex P <rexpan@google.com> * Add its own codebase into docs Signed-off-by: Rex P <rexpan@google.com> * Update scorecard test to not prevent known vulns Signed-off-by: Rex P <rexpan@google.com> Signed-off-by: Rex P <rexpan@google.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2022-12-12 16:46:43 -08:00
dependabot[bot]	d11772da53	🌱 Bump cloud.google.com/go/bigquery from 1.43.0 to 1.44.0 (#2504 ) Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.43.0 to 1.44.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/bigquery/v1.43.0...bigquery/v1.44.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-01 12:29:44 -08:00
dependabot[bot]	6fe248c97b	🌱 Bump cloud.google.com/go/pubsub from 1.26.0 to 1.27.0 (#2503 ) Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.26.0 to 1.27.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](https://github.com/googleapis/google-cloud-go/compare/pubsub/v1.26.0...pubsub/v1.27.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/pubsub dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-01 11:37:37 -08:00
dependabot[bot]	c61f6bc297	🌱 Bump github.com/Masterminds/semver/v3 from 3.1.1 to 3.2.0 (#2498 ) Bumps [github.com/Masterminds/semver/v3](https://github.com/Masterminds/semver) from 3.1.1 to 3.2.0. - [Release notes](https://github.com/Masterminds/semver/releases) - [Changelog](https://github.com/Masterminds/semver/blob/master/CHANGELOG.md) - [Commits](https://github.com/Masterminds/semver/compare/v3.1.1...v3.2.0) --- updated-dependencies: - dependency-name: github.com/Masterminds/semver/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-11-30 10:54:05 -08:00
raghavkaul	4c7066e3b6	🌱 attestor: module -> subpackage (#2464 ) * Enable cilint checking on attestor and fix cilint errors Signed-off-by: Raghav Kaul <raghavkaul@google.com> * Make attestor a subpackage of scorecard * Move e2e test * Use scorecard logger Signed-off-by: Raghav Kaul <raghavkaul@google.com> Signed-off-by: Raghav Kaul <raghavkaul@google.com>	2022-11-30 10:22:00 -08:00
dependabot[bot]	4926241f69	🌱 Bump github.com/xanzy/go-gitlab from 0.74.0 to 0.76.0 Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.74.0 to 0.76.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](https://github.com/xanzy/go-gitlab/compare/v0.74.0...v0.76.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2022-11-21 16:34:39 +00:00

1 2 3 4 5 ...

259 Commits