dependabot[bot]
a68fbdd061
chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 ( #2113 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.6 to 3.26.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4dd16135b6...8214744c54
2024-09-13 16:13:36 +00:00
dependabot[bot]
785f04dd93
chore(deps): bump peter-evans/create-pull-request from 7.0.1 to 7.0.2 ( #2111 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.1 to 7.0.2.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](8867c4aba1...d121e62763
2024-09-13 11:31:28 -04:00
dependabot[bot]
b0da488d52
chore(deps): bump peter-evans/create-pull-request from 7.0.0 to 7.0.1 ( #2099 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](4320041ed3...8867c4aba1
2024-09-05 13:32:06 -04:00
dependabot[bot]
fe4df49d11
chore(deps): bump github/codeql-action from 3.26.4 to 3.26.6 ( #2089 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.4 to 3.26.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f0f3afee80...4dd16135b6
2024-09-03 12:24:49 -04:00
Christopher Angelo Phillips
b1a0e8ccf2
chore(sec): update Golang and runc to latest releases ( #2091 )
...
* chore(deps): update tools to latest versions (#2082 )
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
* chore: update go version and runc version
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: anchore-actions-token-generator[bot] <102182147+anchore-actions-token-generator[bot]@users.noreply.github.com>
2024-09-03 12:24:39 -04:00
dependabot[bot]
e76eaec1d1
chore(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 ( #2096 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.6 to 4.4.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](834a144ee9...50769540e7
2024-09-03 12:23:34 -04:00
dependabot[bot]
3468694c8f
chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.0 ( #2097 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.1.0 to 7.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](c5a7806660...4320041ed3
2024-09-03 12:23:26 -04:00
dependabot[bot]
76cd5af489
chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4 ( #2078 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.3 to 3.26.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](883d8588e5...f0f3afee80
2024-08-22 13:50:28 -04:00
dependabot[bot]
29f5d2a03f
chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2 ( #2079 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.1 to 0.17.2.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](ab9d16d4b4...61119d458a
2024-08-22 13:50:18 -04:00
dependabot[bot]
205ccfb6c9
chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3 ( #2070 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.2 to 3.26.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](429e197704...883d8588e5
2024-08-20 13:29:17 -04:00
dependabot[bot]
b26f3e29ee
chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1 ( #2053 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.17.0 to 0.17.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](d94f46e13c...ab9d16d4b4
2024-08-15 13:40:26 -04:00
dependabot[bot]
1fe0b74704
chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2 ( #2060 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.26.0 to 3.26.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](eb055d739a...429e197704
2024-08-15 13:39:14 -04:00
Alan Pope
4ec46b5e24
doc: Updates for the Slack to Discourse migration ( #2046 )
...
Signed-off-by: Alan Pope <alan@popey.com>
2024-08-12 11:49:43 +01:00
dependabot[bot]
a0d1c959f6
chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 ( #2045 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](59acb6260d...4959ce089c
2024-08-08 15:03:26 -04:00
dependabot[bot]
ec491ee45c
chore(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 ( #2035 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.5 to 4.3.6.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](89ef406dd8...834a144ee9
2024-08-07 14:43:47 -04:00
dependabot[bot]
904e4b406c
chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 ( #2044 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.15 to 3.26.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](afb54ba388...eb055d739a
2024-08-07 14:26:45 -04:00
dependabot[bot]
1bc1dd4dd0
chore(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 ( #2028 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.4 to 4.3.5.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](0b2256b8c0...89ef406dd8
2024-08-02 13:20:18 -04:00
Keith Zantow
86ba33d72e
chore: use the .tool/gh for release script ( #2022 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2024-07-31 20:10:58 -04:00
dependabot[bot]
0cf3939389
chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 ( #2016 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.3 to 2.4.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](dc50aa9510...62b2cac7ed
2024-07-31 11:05:32 -04:00
dependabot[bot]
133775cddf
chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15 ( #2011 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.14 to 3.25.15.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](5cf07d8b70...afb54ba388
2024-07-29 11:01:27 -04:00
dependabot[bot]
16a7e4d423
chore(deps): bump github/codeql-action from 3.25.13 to 3.25.14 ( #2010 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.13 to 3.25.14.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2d790406f5...5cf07d8b70
2024-07-25 16:09:14 +00:00
dependabot[bot]
fb16d0e4b5
chore(deps): bump docker/login-action from 3.2.0 to 3.3.0 ( #2002 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](0d4c9c5ea7...9780b0c442
2024-07-22 08:43:02 -07:00
dependabot[bot]
b68cd230b1
chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 ( #1999 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.12 to 3.25.13.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4fa2a79536...2d790406f5
2024-07-22 09:37:39 -04:00
William Murphy
96c890f92e
chore: request artifact in issue template ( #1996 )
...
* chore: request artifact in issue template
Signed-off-by: Will Murphy <will.murphy@anchore.com>
* Apply suggestions from code review
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: William Murphy <willmurphyscode@users.noreply.github.com>
* Update .github/ISSUE_TEMPLATE/bug_report.md
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: William Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: William Murphy <willmurphyscode@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-07-18 21:17:06 +00:00
dependabot[bot]
d73d5d505f
chore(deps): bump anchore/sbom-action from 0.16.1 to 0.17.0 ( #1992 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.16.1 to 0.17.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](95b086ac30...d94f46e13c
2024-07-16 20:15:48 -04:00
dependabot[bot]
c3ce991952
chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12 ( #1990 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.11 to 3.25.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b611370bb5...4fa2a79536
2024-07-15 09:08:19 -04:00
dependabot[bot]
cece530ade
chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1 ( #1981 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.16.0 to 0.16.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](e8d2a6937e...95b086ac30
2024-07-11 11:19:01 -07:00
dependabot[bot]
8fd3a21eea
chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 ( #1982 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](cdcb360436...0a12ed9d6a
2024-07-11 11:18:49 -07:00
dependabot[bot]
7acac8caba
chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 ( #1977 )
2024-07-05 12:45:07 -04:00
dependabot[bot]
1ab36b4708
chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11 ( #1968 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.10 to 3.25.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](23acc5c183...b611370bb5
2024-07-02 07:42:38 -07:00
Christopher Angelo Phillips
c7f02e03b8
chore: pin new sign installer to commit sha ( #1966 )
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-06-26 20:13:03 +00:00
Christopher Angelo Phillips
84cbf10b9c
chore: add workflow to update quality test db ( #1961 )
...
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-06-25 10:38:37 -04:00
dependabot[bot]
368fd73fc2
chore(deps): bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 ( #1954 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.0.5 to 6.1.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](6d6857d369...c5a7806660
2024-06-21 08:52:29 -07:00
Weston Steimel
b06db508b7
chore: enable dependabot to keep boostrap action updated ( #1953 )
...
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-06-19 20:16:50 +01:00
Christopher Angelo Phillips
239741f535
chore: update CI to install golang at latest version ( #1949 )
...
chore: update CI to install golang at latest version (#1949 )
---------
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2024-06-17 12:16:24 -07:00
dependabot[bot]
587a844473
chore(deps): bump github/codeql-action from 3.25.8 to 3.25.10 ( #1940 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.8 to 3.25.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2e230e8fe0...23acc5c183
2024-06-14 12:57:39 -07:00
dependabot[bot]
f994fe68b3
chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 ( #1941 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.6 to 4.1.7.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a5ac7e51b4...692973e3d9
2024-06-13 14:16:02 -07:00
dependabot[bot]
adcfc04199
chore(deps): bump actions/checkout from 4.1.1 to 4.1.6 ( #1920 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.1 to 4.1.6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4.1.1...a5ac7e51b41094c92402da3b24376905380afc29 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-07 09:56:50 -07:00
Shubham Hibare
17b104771a
feat(signature): Checksum signature verification ( #1670 )
...
* feat(signature): Checksum signature verification
Signed-off-by: Shubham Hibare <shubham@hibare.in>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* Update message
Signed-off-by: Shubham Hibare <shubham@hibare.in>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* address comments
Signed-off-by: Shubham Hibare <shubham@hibare.in>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* consider -v flag across supported releases
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add tests for install.sh signature verification
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* check that release is run from main
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* summarize install.sh flags and recommendations
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove regex use on cosign verify-blob
Co-authored-by: Dominique Martinet <asmadeus@codewreck.org>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* simplify the compare_semver install function
Co-authored-by: Dominique Martinet <asmadeus@codewreck.org>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add more tests to compare_semver
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* nit copy change for install help
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* keep original compare_semver implementation
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* update copy to include default install path
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Shubham Hibare <shubham@hibare.in>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Dominique Martinet <asmadeus@codewreck.org>
2024-06-06 21:23:04 +00:00
dependabot[bot]
cc5ca8b28c
chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8 ( #1909 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.7 to 3.25.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f079b84933...2e230e8fe0
2024-06-06 12:55:31 -04:00
Alex Goodman
2beae30864
remove dco workflow ( #1914 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-06 10:53:23 -04:00
Alex Goodman
28c40f50cd
use dco tool during gh app outage ( #1910 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 14:08:34 -04:00
dependabot[bot]
ef4d3f55c4
chore(deps): bump github/codeql-action from 3.25.6 to 3.25.7 ( #1901 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.6 to 3.25.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](9fdb3e4972...f079b84933
2024-05-31 14:12:32 -04:00
dependabot[bot]
238caa4a82
chore(deps): bump docker/login-action from 3.1.0 to 3.2.0 ( #1896 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](e92390c5fb...0d4c9c5ea7
2024-05-28 12:29:48 -04:00
dependabot[bot]
1e6811b7cb
chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 ( #1868 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.5 to 4.1.6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](44c2b7a8a4...a5ac7e51b4
2024-05-20 13:38:30 -04:00
dependabot[bot]
0117d566a9
chore(deps): bump github/codeql-action from 2.13.4 to 3.25.6 ( #1870 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.13.4 to 3.25.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](cdcdbb5797...9fdb3e4972
2024-05-20 11:59:06 -04:00
dependabot[bot]
cefc896a4f
chore(deps): bump anchore/sbom-action from 0.15.11 to 0.16.0 ( #1871 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.11 to 0.16.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](7ccf588e3c...e8d2a6937e
2024-05-20 11:58:39 -04:00
Christopher Angelo Phillips
bfac9dafed
chore: add top level permissions to new workflow ( #1860 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2024-05-13 13:35:37 -04:00
dependabot[bot]
7ccaaf6904
chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 ( #1858 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.4 to 4.1.5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4.1.4...44c2b7a8a4ea60a981eaca3cf939b5f4305c123b )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-13 12:28:42 -04:00
dependabot[bot]
38ccf16049
chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 ( #1859 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.1 to 2.3.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](0864cf1902...dc50aa9510
2024-05-13 12:28:33 -04:00
