dependabot[bot]
8b34b585ca
chore(deps): bump tibdex/github-app-token from 1.8.2 to 2.0.0 ( #1485 )
...
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token ) from 1.8.2 to 2.0.0.
- [Release notes](https://github.com/tibdex/github-app-token/releases )
- [Commits](0d49dd7211...0914d50df7
2023-09-11 15:23:55 -04:00
Christopher Angelo Phillips
719feb0b44
chore: update grype to use Go v1.21 ( #1480 )
...
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-09-07 14:55:38 -04:00
dependabot[bot]
a04dfaac23
chore(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 ( #1481 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](0b7f8abb15...a8a3f3ad30
2023-09-07 11:51:25 -04:00
dependabot[bot]
7b3605db24
chore(deps): bump tibdex/github-app-token from 1.8.0 to 1.8.2 ( #1474 )
...
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token ) from 1.8.0 to 1.8.2.
- [Release notes](https://github.com/tibdex/github-app-token/releases )
- [Commits](b62528385c...0d49dd7211
2023-09-07 10:20:24 -04:00
Keith Zantow
a2e41a5c58
chore: update quill version ( #1465 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-08-25 17:03:25 -04:00
dependabot[bot]
fff434156c
chore(deps): bump actions/setup-go from 4.0.1 to 4.1.0 ( #1421 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 4.0.1 to 4.1.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](fac708d667...93397bea11
2023-08-08 13:29:12 -04:00
Weston Steimel
74a7a67b73
chore: use syft v0.86.1 in the quality gate tests ( #1418 )
...
* chore: use syft v0.86.1 in the quality gate tests
This ensures the CPE dict enhancements are taken into account for
future quality gate comparisons
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
* fix: bump runner to use larger disk
Signed-off-by: Christopher Phillips <cphillips918@gmail.com>
---------
Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
Signed-off-by: Christopher Phillips <cphillips918@gmail.com>
Co-authored-by: Christopher Phillips <cphillips918@gmail.com>
2023-08-04 16:48:21 -04:00
Alex Goodman
11301356cf
add oss community board auto-add workflow ( #1364 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2023-06-27 15:57:08 -04:00
dependabot[bot]
5c5fb0e665
chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 ( #1363 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.3 to 2.2.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](80e868c13c...08b4669551
2023-06-26 13:59:12 -04:00
dependabot[bot]
41d3d134d2
chore(deps): bump anchore/sbom-action from 0.14.2 to 0.14.3 ( #1357 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.14.2 to 0.14.3.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](4d571ad103...78fc58e266
2023-06-22 12:04:09 -04:00
dependabot[bot]
4e31789324
chore(deps): bump peter-evans/create-pull-request from 5.0.1 to 5.0.2 ( #1351 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](284f54f989...153407881e
2023-06-14 15:58:43 -04:00
dependabot[bot]
7be9da43e1
chore(deps): bump github/codeql-action from 2.3.6 to 2.13.4 ( #1344 )
2023-06-13 13:40:02 +00:00
dependabot[bot]
dc9bc1ee04
chore(deps): bump github/codeql-action from 2.3.5 to 2.3.6 ( #1331 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.5 to 2.3.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0225834cc5...83f0fe6c49
2023-06-01 15:41:37 -04:00
dependabot[bot]
ac67a27a87
chore(deps): bump github/codeql-action from 2.3.3 to 2.3.5 ( #1321 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.3 to 2.3.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](29b1f65c5e...0225834cc5
2023-05-26 12:35:45 -04:00
dependabot[bot]
745dca977c
chore(deps): bump actions/setup-go from 4.0.0 to 4.0.1 ( #1298 )
2023-05-17 13:24:06 +00:00
dependabot[bot]
fce29858cb
chore(deps): bump anchore/sbom-action from 0.14.1 to 0.14.2 ( #1281 )
2023-05-08 17:07:35 +00:00
dependabot[bot]
8d47fedd54
chore(deps): bump github/codeql-action from 2.3.2 to 2.3.3 ( #1272 )
2023-05-05 18:55:27 +00:00
dependabot[bot]
7861b63981
chore(deps): bump github/codeql-action from 2.3.1 to 2.3.2 ( #1261 )
2023-05-02 20:34:05 +00:00
dependabot[bot]
2e835eaebf
chore(deps): bump peter-evans/create-pull-request from 5.0.0 to 5.0.1 ( #1263 )
2023-05-02 20:33:51 +00:00
dependabot[bot]
aa52d673d0
chore(deps): bump github/codeql-action from 2.3.0 to 2.3.1 ( #1258 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b2c19fb9a2...8662eabe0e
2023-04-27 12:43:05 -04:00
dependabot[bot]
ae2fe4f063
chore(deps): bump github/codeql-action from 2.2.12 to 2.3.0 ( #1256 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.12 to 2.3.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7df0ce3489...b2c19fb9a2
2023-04-24 14:49:01 -04:00
dependabot[bot]
45d03b6df0
chore(deps): bump github/codeql-action from 2.2.11 to 2.2.12 ( #1233 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.11 to 2.2.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](d186a2a36c...7df0ce3489
2023-04-17 11:42:08 -04:00
dependabot[bot]
5f7b4f2416
chore(deps): bump 8398a7/action-slack from 3.15.0 to 3.15.1 ( #1223 )
...
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack ) from 3.15.0 to 3.15.1.
- [Release notes](https://github.com/8398a7/action-slack/releases )
- [Commits](bdc6f9de22...fbd6aa58ba
2023-04-12 10:55:31 -04:00
dependabot[bot]
4b773c583e
chore(deps): bump github/codeql-action from 2.2.9 to 2.2.11 ( #1225 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.9 to 2.2.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](04df1262e6...d186a2a36c
2023-04-12 10:54:35 -04:00
dependabot[bot]
01cbc98198
chore(deps): bump peter-evans/create-pull-request from 4.2.4 to 5.0.0 ( #1219 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 4.2.4 to 5.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](38e0b6e68b...5b4a9f6a9e
2023-04-05 19:07:58 -04:00
dependabot[bot]
537c47735c
chore(deps): bump anchore/sbom-action from 0.13.4 to 0.14.1 ( #1214 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.13.4 to 0.14.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](448520c4f1...422cb34a0f
2023-04-03 14:35:56 -04:00
Keith Zantow
b9e40306d2
chore: update syft update ( #1211 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-04-03 10:28:53 -04:00
Keith Zantow
f40b5d43ab
chore: update deprecated set-output calls ( #1210 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-04-03 09:36:18 -04:00
dependabot[bot]
e5cb58f597
chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 ( #1205 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](e38b1902ae...80e868c13c
2023-03-31 09:39:00 -04:00
dependabot[bot]
fe76eb9efc
chore(deps): bump github/codeql-action from 2.2.8 to 2.2.9 ( #1197 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.8 to 2.2.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](67a35a0858...04df1262e6
2023-03-27 12:51:20 -04:00
dependabot[bot]
4ac94147a4
chore(deps): bump github/codeql-action from 2.2.7 to 2.2.8 ( #1193 )
2023-03-24 07:49:13 -04:00
Keith Zantow
c1bc54f943
chore: tweak some workflow text ( #1190 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2023-03-21 11:09:10 -04:00
dependabot[bot]
568b504a7e
chore(deps): bump peter-evans/create-pull-request from 4.2.3 to 4.2.4 ( #1184 )
2023-03-21 09:51:27 -04:00
dependabot[bot]
e8fa509e72
chore(deps): bump anchore/sbom-action from 0.13.3 to 0.13.4 ( #1189 )
2023-03-21 09:50:56 -04:00
dependabot[bot]
96cbcad484
chore(deps): bump actions/setup-go from 3.5.0 to 4.0.0 ( #1182 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.5.0 to 4.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](6edd4406fa...4d34df0c23
2023-03-15 17:19:41 -04:00
dependabot[bot]
0cc8b9e4f6
chore(deps): bump github/codeql-action from 2.2.5 to 2.2.7 ( #1183 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.5 to 2.2.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](32dc499307...168b99b3c2
2023-03-15 17:19:12 -04:00
Christopher Angelo Phillips
5754360376
Grype Release Pipeline Update ( #1147 )
...
- Remove old apple signing flow in favor of [quill](https://github.com/anchore/quill )
- Update changelog generation to be in sync with syft's flow
- Remove old goreleaser docker workflow in favor of single file
- Remove individual bootstrap options in favor of single bootstrap action
- Update release and validation workflows to use trigger based approach seen in syft
- Update golangci.yaml to be equivalent to syft patterns
- Remove unused Dockerfile.dev
- Remove docker-compose development cycle
- Add organized test-fixture Makefile targets
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-03-03 21:17:44 +00:00
dependabot[bot]
3e04d32706
chore(deps): bump github/codeql-action from 2.2.4 to 2.2.5 ( #1145 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.4 to 2.2.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](17573ee1cc...32dc499307
2023-02-27 12:24:47 -05:00
dependabot[bot]
4d36e3706e
chore(deps): bump actions/cache from 3.2.5 to 3.2.6 ( #1143 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.5 to 3.2.6.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](6998d139dd...69d9d449ac
2023-02-24 15:10:19 -05:00
dependabot[bot]
39b9138327
chore(deps): bump github/codeql-action from 2.2.3 to 2.2.4 ( #1131 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.3 to 2.2.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8775e86802...17573ee1cc
2023-02-14 10:16:58 -05:00
dependabot[bot]
0ccd5930c4
chore(deps): bump actions/cache from 3.2.4 to 3.2.5 ( #1129 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.4 to 3.2.5.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](627f0f41f6...6998d139dd
2023-02-10 13:20:12 -05:00
dependabot[bot]
89b996b41b
chore(deps): bump github/codeql-action from 2.2.1 to 2.2.3 ( #1125 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.2.1 to 2.2.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3ebbd71c74...8775e86802
2023-02-09 11:28:48 -05:00
Christopher Angelo Phillips
788ed965ec
chore: prune cosign dependency for grype builds ( #1100 )
...
* feat: segment cosign dependency for grype builds for faster build times
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
2023-01-31 11:42:40 -05:00
dependabot[bot]
8545f2e686
chore(deps): bump actions/cache from 3.2.3 to 3.2.4 ( #1107 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.2.3 to 3.2.4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](58c146cc91...627f0f41f6
2023-01-30 11:36:45 -05:00
dependabot[bot]
e8796d5783
chore(deps): bump actions/cache from 3.0.11 to 3.2.3 ( #1096 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.11 to 3.2.3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](9b0c1fce7a...58c146cc91
2023-01-27 10:54:58 -05:00
dependabot[bot]
8ebf97cedc
chore(deps): bump github/codeql-action from 2.1.39 to 2.2.1 ( #1097 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.39 to 2.2.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a34ca99b46...3ebbd71c74
2023-01-27 10:54:34 -05:00
dependabot[bot]
3c3675f0dd
chore(deps): bump anchore/sbom-action from 0.13.2 to 0.13.3 ( #1098 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.13.2 to 0.13.3.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](54e36e45f3...07978da4bd
2023-01-27 10:51:13 -05:00
dependabot[bot]
c89fa42552
chore(deps): bump tibdex/github-app-token from 1.7.0 to 1.8.0 ( #1099 )
...
Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token ) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/tibdex/github-app-token/releases )
- [Commits](021a2405c7...b62528385c
2023-01-27 10:50:16 -05:00
dependabot[bot]
48db63a05e
chore(deps): bump actions/checkout from 3.1.0 to 3.3.0 ( #1090 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.1.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3.1.0...ac593985615ec2ede58e132d2e21d2b1cbd6127c )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-26 18:39:09 +00:00
dependabot[bot]
5ff488a250
chore(deps): bump 8398a7/action-slack from 3.14.0 to 3.15.0 ( #1088 )
...
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack ) from 3.14.0 to 3.15.0.
- [Release notes](https://github.com/8398a7/action-slack/releases )
- [Commits](a189acbf0b...bdc6f9de22
2023-01-26 13:06:47 -05:00
