dependabot[bot]
77c300d617
chore(deps): bump anchore/sbom-action from 0.16.1 to 0.17.0 ( #3044 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.16.1 to 0.17.0.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](95b086ac30...d94f46e13c
2024-07-16 06:58:07 -07:00
dependabot[bot]
37245a21cc
chore(deps): bump anchore/sbom-action from 0.16.0 to 0.16.1 ( #3023 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.16.0 to 0.16.1.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](e8d2a6937e...95b086ac30
2024-07-11 14:50:48 -04:00
dependabot[bot]
4e09908ba1
chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 ( #3027 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](cdcb360436...0a12ed9d6a
2024-07-11 10:19:48 -07:00
dependabot[bot]
7dc1b1ce27
chore(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 ( #3017 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.3 to 4.3.4.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](65462800fd...0b2256b8c0
2024-07-09 07:08:12 -07:00
dependabot[bot]
a876aaccb2
chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11 ( #3004 )
2024-07-01 19:00:35 +00:00
dependabot[bot]
e947779886
chore(deps): bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 ( #2975 )
2024-06-20 15:12:12 +00:00
Weston Steimel
246df97ae7
chore: enable dependabot to keep boostrap action updated ( #2976 )
...
Signed-off-by: Weston Steimel <commits@weston.slmail.me>
2024-06-19 20:17:11 +01:00
dependabot[bot]
784b17f66c
chore(deps): bump github/codeql-action from 3.25.9 to 3.25.10 ( #2964 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.9 to 3.25.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](530d4feaa9...23acc5c183
2024-06-14 08:18:25 -07:00
dependabot[bot]
273e31e806
chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 ( #2955 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.6 to 4.1.7.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a5ac7e51b4...692973e3d9
2024-06-13 12:28:04 -04:00
dependabot[bot]
9beaec2e97
chore(deps): bump github/codeql-action from 3.25.8 to 3.25.9 ( #2956 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.8 to 3.25.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2e230e8fe0...530d4feaa9
2024-06-13 12:27:53 -04:00
Alex Goodman
c43f4fb416
add signature verification to install.sh ( #2941 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-10 11:29:53 -04:00
Alex Goodman
6e16396d18
remove dco workflow ( #2936 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-06 14:29:55 +00:00
dependabot[bot]
2d5760145c
chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8 ( #2928 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.7 to 3.25.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f079b84933...2e230e8fe0
2024-06-05 11:58:14 -07:00
William Murphy
557ad73ee6
fix: only skip tmpfs mounts for some paths ( #2918 )
...
* fix: only skip tmpfs mounts for some paths
Signed-off-by: Will Murphy <will.murphy@anchore.com>
* refactor and add tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add regression test for archive processing
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* bump to golang 1.22
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* remove rule 1 and add more tests
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 15:21:45 -04:00
Alex Goodman
cb09dd9e19
match existing DCO GH check name
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 13:34:29 -04:00
Alex Goodman
2f39322f81
use dco tool during gh app outage ( #2926 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-06-04 17:31:29 +00:00
dependabot[bot]
b04bc0fbfe
chore(deps): bump github/codeql-action from 3.25.6 to 3.25.7 ( #2916 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.6 to 3.25.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](9fdb3e4972...f079b84933
2024-05-31 11:17:21 -04:00
dependabot[bot]
5eb1e7115f
chore(deps): bump docker/login-action from 3.1.0 to 3.2.0 ( #2909 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](e92390c5fb...0d4c9c5ea7
2024-05-28 09:57:32 -04:00
dependabot[bot]
ea50c6153d
--- ( #2889 )
...
updated-dependencies:
- dependency-name: anchore/sbom-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-23 09:26:12 -04:00
dependabot[bot]
68daa42f86
--- ( #2888 )
...
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-23 08:11:03 -04:00
dependabot[bot]
2d318cffaa
chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 ( #2879 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.5 to 4.1.6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](44c2b7a8a4...a5ac7e51b4
2024-05-20 13:46:57 -04:00
anchore-actions-token-generator[bot]
15c9fe092a
chore(deps): update tools to latest versions ( #2863 )
...
* chore(deps): update tools to latest versions
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* add tmate debug session
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* add go tooling to bootstrap on mac
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Co-authored-by: spiffcs <32073428+spiffcs@users.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-14 15:06:21 -04:00
dependabot[bot]
fae6f5d372
chore(deps): bump github/codeql-action from 3.25.4 to 3.25.5 ( #2867 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.4 to 3.25.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ccf74c9479...b7cec75265
2024-05-13 12:27:14 -04:00
Brian Ebarb
4194a2cd34
feat: add relationships to ELF package discovery ( #2715 )
...
This PR adds DependencyOf relationships when ELF packages have been discovered by the binary cataloger. The discovered file.Executable type has a []ImportedLibraries that's read from the file when discovered by syft. By mapping these imported libraries back to the package collection, syft is able to create relationships showing which packages are dependencies of other packages by just reading metadata from the ELF executable.
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
Signed-off-by: Brian Ebarb <ebarb.brian@sers.noreply.github.com>
Co-authored-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-09 13:53:59 -04:00
dependabot[bot]
5044f48cd6
chore(deps): bump github/codeql-action from 3.25.3 to 3.25.4 ( #2855 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.3 to 3.25.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](d39d31e687...ccf74c9479
2024-05-08 10:33:38 -04:00
dependabot[bot]
c0635a77a9
chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 ( #2850 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.4 to 4.1.5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](0ad4b8fada...44c2b7a8a4
2024-05-07 12:05:33 -04:00
Alex Goodman
430c55a5b0
remove homebrew update workflow ( #2846 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-06 15:38:12 -04:00
Alex Goodman
49e93646eb
Restore version file update on release ( #2844 )
...
* restore version file update on release
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* allow for shallower fetch depth
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-05-06 15:14:43 -04:00
dependabot[bot]
f51b39ca04
chore(deps): bump actions/setup-go from 5.0.0 to 5.0.1 ( #2834 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](0c52d547c9...cdcb360436
2024-05-02 10:12:10 -04:00
dependabot[bot]
02dc2dfa9b
chore(deps): bump github/codeql-action from 3.25.2 to 3.25.3 ( #2817 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.2 to 3.25.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8f596b4ae3...d39d31e687
2024-04-30 16:27:14 +00:00
dependabot[bot]
9901ea8fe9
chore(deps): bump anchore/sbom-action from 0.15.10 to 0.15.11 ( #2821 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.15.10 to 0.15.11.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Commits](ab5d7b5f48...7ccf588e3c
2024-04-29 12:40:43 -04:00
dependabot[bot]
13b06dad45
chore(deps): bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 ( #2812 )
2024-04-25 10:32:10 -04:00
dependabot[bot]
21b22555d2
chore(deps): bump actions/checkout from 4.1.3 to 4.1.4 ( #2809 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.3 to 4.1.4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1d96c772d1...0ad4b8fada
2024-04-24 15:19:03 -04:00
Gijs Calis
b90e7f9437
Fix removing labels in 'Detect schema changes' job ( #2772 )
...
* Fix error messages for add & remove label
Signed-off-by: Gijs Calis <51088038+GijsCalis@users.noreply.github.com>
* Check if label exists on PR before removing
Signed-off-by: Gijs Calis <51088038+GijsCalis@users.noreply.github.com>
---------
Signed-off-by: Gijs Calis <51088038+GijsCalis@users.noreply.github.com>
2024-04-23 14:42:57 -04:00
dependabot[bot]
27a8a1be03
chore(deps): bump github/codeql-action from 3.25.1 to 3.25.2 ( #2802 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.1 to 3.25.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c7f9125735...8f596b4ae3
2024-04-23 09:54:36 -04:00
dependabot[bot]
4ccbd17255
chore(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 ( #2803 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.2 to 4.3.3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](1746f4ab65...65462800fd
2024-04-23 09:54:28 -04:00
dependabot[bot]
cf6f92f2c8
chore(deps): bump actions/checkout from 4.1.2 to 4.1.3 ( #2799 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.2 to 4.1.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](9bb56186c3...1d96c772d1
2024-04-22 13:29:13 -04:00
dependabot[bot]
d70eb3d04b
chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 ( #2795 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.1 to 4.3.2.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](5d5d22a312...1746f4ab65
2024-04-19 15:06:32 -04:00
dependabot[bot]
f6845474bd
chore(deps): bump github/codeql-action from 3.25.0 to 3.25.1 ( #2786 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.0 to 3.25.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](df5a14dc28...c7f9125735
2024-04-17 10:46:34 -04:00
dependabot[bot]
e1cadead1d
chore(deps): bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 ( #2787 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.0.3 to 6.0.4.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](c55203cfde...9153d834b6
2024-04-17 10:46:24 -04:00
dependabot[bot]
dc7fa21980
chore(deps): bump github/codeql-action from 3.24.10 to 3.25.0 ( #2779 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.10 to 3.25.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4355270be1...df5a14dc28
2024-04-15 10:00:54 -04:00
dependabot[bot]
081ec04b3f
chore(deps): bump peter-evans/create-pull-request from 6.0.2 to 6.0.3 ( #2774 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](70a41aba78...c55203cfde
2024-04-12 15:31:36 -04:00
dependabot[bot]
c31696f131
chore(deps): bump github/codeql-action from 3.24.9 to 3.24.10 ( #2756 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.9 to 3.24.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1b1aada464...4355270be1
2024-04-08 12:19:20 -04:00
dependabot[bot]
5a865d0d90
chore(deps): bump anchore/sbom-action from 0.15.9 to 0.15.10 ( #2737 )
2024-03-27 17:52:22 +00:00
dependabot[bot]
55fff0f4a1
chore(deps): bump github/codeql-action from 3.24.8 to 3.24.9 ( #2732 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.8 to 3.24.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](05963f47d8...1b1aada464
2024-03-26 11:50:31 -04:00
Hung Nguyen
059cfd6730
update release token from readonly to write token ( #2735 )
...
Signed-off-by: Hung Nguyen <hung.tran.nguyen.585@gmail.com>
2024-03-26 09:06:55 -04:00
Alex Goodman
0d5ebed74a
dont include labels for dependabot ecosystems ( #2720 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2024-03-21 12:16:01 -04:00
dependabot[bot]
8f7305ef78
chore(deps): bump fountainhead/action-wait-for-check from 1.1.0 to 1.2.0 ( #2717 )
...
Bumps [fountainhead/action-wait-for-check](https://github.com/fountainhead/action-wait-for-check ) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/fountainhead/action-wait-for-check/releases )
- [Commits](297be350cf...5a908a2481
2024-03-21 12:15:30 -04:00
dependabot[bot]
df547020ef
chore(deps): bump github/codeql-action from 3.24.7 to 3.24.8 ( #2725 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.7 to 3.24.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3ab4101902...05963f47d8
2024-03-21 12:14:51 -04:00
dependabot[bot]
37094c9751
chore(deps): bump actions/cache from 4.0.1 to 4.0.2 ( #2728 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](ab5e6d0c87...0c45773b62
2024-03-21 12:14:43 -04:00
