anchore-actions-token-generator[bot]
1543248822
chore(deps): update Syft to v0.95.0 ( #1591 )
2023-11-07 15:42:43 -05:00
Alex Goodman
4b06a160e1
chore: account for syft package metadata changes ( #1423 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Co-authored-by: Keith Zantow <kzantow@gmail.com>
2023-11-07 15:17:36 -05:00
William Murphy
7984e0a84f
fix: bump fangs to enable setting golang CPE config using env var ( #1585 )
...
* fix: bump fangs
Bump fangs to pull in https://github.com/anchore/fangs/pull/27 , which
fixes an issue where env vars couldn't be used to set fields on embedded
structs in the config struct.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
* fix: bump fangs to pull in panic fix
The previous fangs fix panicked when summarizing configs with embedded
structs. Bump fangs to pull in https://github.com/anchore/fangs/pull/29
which fixes this panic.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
* commit mod tidy
Signed-off-by: Will Murphy <will.murphy@anchore.com>
* Pull in dependency bumps from main to resolve conflicts
Signed-off-by: Will Murphy <will.murphy@anchore.com>
---------
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-11-07 10:59:13 -05:00
anchore-actions-token-generator[bot]
92920ffde0
chore(deps): update bootstrap tools to latest versions ( #1588 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
2023-11-07 06:44:58 -08:00
dependabot[bot]
2ef5d23844
chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 ( #1586 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-06 21:55:53 -05:00
Christopher Angelo Phillips
b90c881ab4
chore: bootstrap action cleanup ( #1587 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-11-06 21:55:37 -05:00
anchore-actions-token-generator[bot]
5ca34efef8
chore(deps): update bootstrap tools to latest versions ( #1584 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
2023-11-06 13:16:22 -05:00
Alex Goodman
21958a43b5
Incorporate format API changes from syft ( #1582 )
...
* incorporate changes from anchore/syft#2228
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* fix testing utils to use syft SBOM
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-11-02 15:25:48 -04:00
dependabot[bot]
3712c1c5c7
chore(deps): bump github.com/docker/docker ( #1579 )
...
Bumps [github.com/docker/docker](https://github.com/docker/docker ) from 24.0.6+incompatible to 24.0.7+incompatible.
- [Release notes](https://github.com/docker/docker/releases )
- [Commits](https://github.com/docker/docker/compare/v24.0.6...v24.0.7 )
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-31 13:48:52 -04:00
Mateusz Urbanek
0d870faea6
feat(config): added reason field ( #1532 )
...
* feat(config): added reason field
Signed-off-by: Mateusz Urbanek <mateusz.urbanek.98@gmail.com>
* add CLI test for ignore reason field
Signed-off-by: Will Murphy <will.murphy@anchore.com>
---------
Signed-off-by: Mateusz Urbanek <mateusz.urbanek.98@gmail.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: Will Murphy <will.murphy@anchore.com>
2023-10-30 15:31:42 -04:00
dependabot[bot]
fc7713b763
chore(deps): bump github.com/glebarez/sqlite from 1.9.0 to 1.10.0 ( #1583 )
...
Bumps [github.com/glebarez/sqlite](https://github.com/glebarez/sqlite ) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/glebarez/sqlite/releases )
- [Commits](https://github.com/glebarez/sqlite/compare/v1.9.0...v1.10.0 )
---
updated-dependencies:
- dependency-name: github.com/glebarez/sqlite
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-30 13:39:54 -04:00
Shane Dell
81edd50e1e
Colorize severity in table output ( #1284 )
...
* Colorize severity in table output
- Create flag "--no-color" to allow disabling the color. By default its enabled.
- When "--no-color" not specified highlight severity in its color:
- Critical -> Bold Red
- High -> Red
- Medium -> Yellow
- Low -> Green
- Negligible -> Blue
- Note: Golang doesn't have all colors available. Also, doesn't seem to be able use hex codes properly.
- Add termenv to check if the terminal color profile supports colored output. If it doesn't default to noColor
Closes #225
Signed-off-by: Shane Dell <shanedell100@gmail.com>
* fix: adopt EnvColorProfile to support NO_COLOR
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
* fix linting and update snapshots
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Shane Dell <shanedell100@gmail.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-30 13:57:46 +00:00
Christopher Angelo Phillips
401d67cd96
feat: add custom maven comparator ( #1571 )
...
This PR takes the recommendation from #1526 and adapts the go-mvn-version to be used as a custom comparator for matching against packages that have the JavaPkg type. Packages of type JavaPkg will no longer use the stock matcher.
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-27 14:24:56 -04:00
William Murphy
1ab051bac9
chore: fix path to quality tests ( #1578 )
...
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-10-27 11:23:19 -04:00
Alex Goodman
a276bf120b
capture quality gate state on failures ( #1576 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-26 14:31:30 -04:00
dependabot[bot]
a2fdccdfc6
chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 ( #1575 )
...
Bumps [github.com/google/uuid](https://github.com/google/uuid ) from 1.3.1 to 1.4.0.
- [Release notes](https://github.com/google/uuid/releases )
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md )
- [Commits](https://github.com/google/uuid/compare/v1.3.1...v1.4.0 )
---
updated-dependencies:
- dependency-name: github.com/google/uuid
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-26 13:30:37 -04:00
anchore-actions-token-generator[bot]
47f08a82f2
chore(deps): update bootstrap tools to latest versions ( #1574 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
2023-10-26 11:13:07 -04:00
dependabot[bot]
66a47594f1
chore(deps): bump google.golang.org/grpc from 1.56.0 to 1.56.3 ( #1573 )
...
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go ) from 1.56.0 to 1.56.3.
- [Release notes](https://github.com/grpc/grpc-go/releases )
- [Commits](https://github.com/grpc/grpc-go/compare/v1.56.0...v1.56.3 )
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-25 21:45:45 -04:00
Christopher Angelo Phillips
6b4978f633
docs: add cbl-mariner to supported distro ( #1569 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-10-24 12:11:55 -04:00
dependabot[bot]
dd823d19f6
chore(deps): bump ossf/scorecard-action from 2.3.0 to 2.3.1 ( #1570 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](483ef80eb9...0864cf1902
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-24 11:50:13 -04:00
anchore-actions-token-generator[bot]
562f228301
chore(deps): update bootstrap tools to latest versions ( #1567 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
2023-10-23 10:48:35 -04:00
anchore-actions-token-generator[bot]
04df28051b
chore(deps): update Syft to v0.94.0 ( #1566 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2023-10-20 17:57:36 +00:00
Alex Goodman
156c081d3e
Incorporate Syft java detection improvements ( #1555 )
...
* incorporate anchore/syft#2220
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* incorporate .net core improvements
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-20 13:34:36 -04:00
Alex Goodman
9750ef2452
add exception for go stdlib search by CPE ( #1565 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-20 13:02:38 -04:00
dependabot[bot]
4c3ff476fa
chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 ( #1564 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8ade135a41...b4ffde65f4
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-18 13:50:51 -04:00
James Hebden
30f05c3759
Add --ignore-states flag for ignoring findings with specific fix states ( #1473 )
...
* Add --ignore-states flag for ignoring findings with by fix state
Signed-off-by: James Hebden <jhebden@gitlab.com>
* ignore options checked before scan, fail on invalid ignore states, ignore states comma-separated
Signed-off-by: James Hebden <jhebden@gitlab.com>
* Add CLI tests for new --ignore-states flag
Signed-off-by: Will Murphy <will.murphy@anchore.com>
---------
Signed-off-by: James Hebden <jhebden@gitlab.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: Will Murphy <will.murphy@anchore.com>
2023-10-17 14:07:34 -04:00
Christopher Angelo Phillips
72390f87e9
feat: update go-sarif library to use latest release ( #1563 )
...
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-10-17 11:18:22 -04:00
Alex Goodman
7d039cde2d
bump clio to get stderr reporting fix ( #1561 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-10-16 11:58:02 -04:00
dependabot[bot]
96f3b2c68a
chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.2 to 1.4.3 ( #1558 )
...
Bumps [github.com/gabriel-vasile/mimetype](https://github.com/gabriel-vasile/mimetype ) from 1.4.2 to 1.4.3.
- [Release notes](https://github.com/gabriel-vasile/mimetype/releases )
- [Commits](https://github.com/gabriel-vasile/mimetype/compare/v1.4.2...v1.4.3 )
---
updated-dependencies:
- dependency-name: github.com/gabriel-vasile/mimetype
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-12 15:39:09 -04:00
dependabot[bot]
9c9c2fbc02
chore(deps): bump github.com/charmbracelet/lipgloss from 0.9.0 to 0.9.1 ( #1557 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.9.0 to 0.9.1.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.9.0...v0.9.1 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-12 15:39:00 -04:00
Shubham Hibare
e0e8b355f0
Add checksum signing ( #1535 )
...
* Add checksum signing
Signed-off-by: Shubham Hibare <shubham@hibare.in>
* Add artifact signature verification steps
Signed-off-by: Shubham Hibare <shubham@hibare.in>
---------
Signed-off-by: Shubham Hibare <shubham@hibare.in>
2023-10-12 15:38:30 -04:00
dependabot[bot]
3d582fd851
chore(deps): bump golang.org/x/net from 0.16.0 to 0.17.0 ( #1554 )
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.16.0 to 0.17.0.
- [Commits](https://github.com/golang/net/compare/v0.16.0...v0.17.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-12 09:08:51 -04:00
Weston Steimel
25762b7e3b
feat: disable CPE-based matching for GHSA ecosystems by default ( #1412 )
...
* feat: disable CPE-based matching for GHSA ecosystems by default
Disables CPE-based matching for ecosystems which are covered by GitHub
Security Advisories. Also adds a separate rust matcher and related
configuration to allow configuring CPE-based matching off for it while
still leaving it on for the stock matcher.
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* chore: use --by-cve with quality gate comparison
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* chore: add rust auditable binary match integration test
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
---------
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
2023-10-12 09:07:33 -04:00
dependabot[bot]
bcbc7e4bdc
chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 ( #1552 )
...
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp ) from 0.5.9 to 0.6.0.
- [Release notes](https://github.com/google/go-cmp/releases )
- [Commits](https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0 )
---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-11 13:51:20 -04:00
anchore-actions-token-generator[bot]
7e5df38029
chore(deps): update Syft to v0.93.0 ( #1550 )
...
* chore(deps): update Syft to v0.93.0
Signed-off-by: GitHub <noreply@github.com>
* fix test to account for go pkg stdlib
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: wagoodman <wagoodman@users.noreply.github.com>
2023-10-10 18:26:34 +00:00
dependabot[bot]
07677b1d9a
chore(deps): bump gorm.io/gorm from 1.25.4 to 1.25.5 ( #1547 )
...
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm ) from 1.25.4 to 1.25.5.
- [Release notes](https://github.com/go-gorm/gorm/releases )
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.4...v1.25.5 )
---
updated-dependencies:
- dependency-name: gorm.io/gorm
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-10 13:33:26 -04:00
dependabot[bot]
32a2083896
chore(deps): bump github.com/charmbracelet/lipgloss from 0.8.0 to 0.9.0 ( #1548 )
...
Bumps [github.com/charmbracelet/lipgloss](https://github.com/charmbracelet/lipgloss ) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/charmbracelet/lipgloss/releases )
- [Commits](https://github.com/charmbracelet/lipgloss/compare/v0.8.0...v0.9.0 )
---
updated-dependencies:
- dependency-name: github.com/charmbracelet/lipgloss
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-10 13:33:06 -04:00
dependabot[bot]
afa1b896c4
chore(deps): bump github.com/hashicorp/go-getter from 1.7.2 to 1.7.3 ( #1549 )
...
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter ) from 1.7.2 to 1.7.3.
- [Release notes](https://github.com/hashicorp/go-getter/releases )
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml )
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.2...v1.7.3 )
---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-10 13:32:48 -04:00
dependabot[bot]
88906fb60c
chore(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.0 ( #1544 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](08b4669551...483ef80eb9
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-09 13:05:06 -04:00
Keith Zantow
8ebf2955e8
fix: empty descriptor name and version ( #1542 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-10-06 10:43:11 -04:00
chavacava
548da9e7cb
chore: removes unnecessary conditional ( #1539 )
...
Signed-off-by: chavacava <salvadorcavadini+github@gmail.com>
2023-10-04 18:08:34 +00:00
dependabot[bot]
4531528099
chore(deps): bump github.com/gkampitakis/go-snaps from 0.4.10 to 0.4.11 ( #1533 )
...
Bumps [github.com/gkampitakis/go-snaps](https://github.com/gkampitakis/go-snaps ) from 0.4.10 to 0.4.11.
- [Release notes](https://github.com/gkampitakis/go-snaps/releases )
- [Commits](https://github.com/gkampitakis/go-snaps/compare/v0.4.10...v0.4.11 )
---
updated-dependencies:
- dependency-name: github.com/gkampitakis/go-snaps
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-10-02 12:35:31 -04:00
anchore-actions-token-generator[bot]
dec563669d
chore(deps): update Syft to v0.92.0 ( #1527 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: willmurphyscode <willmurphyscode@users.noreply.github.com>
2023-09-27 12:27:32 -04:00
anchore-actions-token-generator[bot]
7242323551
chore(deps): update bootstrap tools to latest versions ( #1524 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
2023-09-27 11:07:48 -04:00
Christopher Angelo Phillips
6da8be94ac
chore: add OpenSSF Best Practices badge ( #1523 )
...
* chore: add OpenSSF Best Practices badge
--------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-27 11:06:35 -04:00
Alex Goodman
13ed926f78
bump labels to latest ( #1525 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-09-27 14:47:45 +00:00
dependabot[bot]
cc522decdb
chore(deps): bump actions/checkout from 4.0.0 to 4.1.0 ( #1519 )
...
* chore(deps): bump actions/checkout from 4.0.0 to 4.1.0
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](3df4ab11eb...8ade135a41
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore: add version comment
Signed-off-by: Will Murphy <will.murphy@anchore.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Will Murphy <will.murphy@anchore.com>
2023-09-26 13:16:42 -04:00
anchore-actions-token-generator[bot]
4ae7a11579
chore(deps): update bootstrap tools to latest versions ( #1520 )
...
Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: westonsteimel <westonsteimel@users.noreply.github.com>
2023-09-26 13:16:11 -04:00
William Murphy
377ea3e0c6
chore: explicitly test go pseudoversion ( #1522 )
...
The logic in the fuzzy version constraint works for go pseudoversions,
because they happen be in string sort order. Add unit tests to ensure
this coincidental behavior is not lost.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-09-26 09:22:08 -04:00
William Murphy
0085ddb550
chore: remove outdated comment about fuzzy matching python versions ( #1521 )
...
Now that we're using a real PEP440 library, there's no need for this
comment.
Signed-off-by: Will Murphy <will.murphy@anchore.com>
2023-09-26 09:21:36 -04:00