Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
✨ add support for Nuget ad-hoc commands (add/install) in Pinned Depen…
…dency checks (#2779) * add nuget pinned dependency checks Signed-off-by: Avishay <[email protected]> * checks.yaml Signed-off-by: Avishay <[email protected]> * ✨ GitLab: Security Policy check (#2754) * Add tarballHandler for GitLab, enabling repo download Signed-off-by: Raghav Kaul <[email protected]> * Abstract OrgSecurityPolicy details to RepoClient instead of checker Signed-off-by: Raghav Kaul <[email protected]> * Remove Org() from RepoClient Signed-off-by: Raghav Kaul <[email protected]> * Rename Signed-off-by: Raghav Kaul <[email protected]> * Don't run as part of CI tests that depend on external sites Signed-off-by: Raghav Kaul <[email protected]> --------- Signed-off-by: Raghav Kaul <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump gocloud.dev from 0.26.0 to 0.29.0 (#2722) * 🌱 Bump gocloud.dev from 0.26.0 to 0.29.0 Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.26.0 to 0.29.0. - [Release notes](https://github.com/google/go-cloud/releases) - [Commits](google/go-cloud@v0.26.0...v0.29.0) --- updated-dependencies: - dependency-name: gocloud.dev dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Switch pubsubpb import path. See https://github.com/googleapis/google-cloud-go/blob/cf7063dc4d81c2c33e31724db518c24d8a344f6e/migration.md for more details. Signed-off-by: Spencer Schrock <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Spencer Schrock <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Schrock <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github/codeql-action from 2.2.6 to 2.2.7 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.6 to 2.2.7. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@16964e9...168b99b) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Avishay <[email protected]> * Remove unused code from changeset creation (#2776) Signed-off-by: Azeem Shaikh <[email protected]> Signed-off-by: Avishay <[email protected]> * 🐛 Pass proper commit depth to github checkrun handler. (#2777) Signed-off-by: Spencer Schrock <[email protected]> Signed-off-by: Avishay <[email protected]> * pr fixes Signed-off-by: Avishay <[email protected]> * ✨ Support for GitHub's internal integration (#2773) * update Signed-off-by: laurentsimon <[email protected]> * update Signed-off-by: laurentsimon <[email protected]> * update Signed-off-by: laurentsimon <[email protected]> * update Signed-off-by: laurentsimon <[email protected]> * update Signed-off-by: laurentsimon <[email protected]> * update Signed-off-by: laurentsimon <[email protected]> --------- Signed-off-by: laurentsimon <[email protected]> Signed-off-by: Avishay <[email protected]> * 🐛 Add tie breaker when sorting changesets by RevisionID in tests. (#2781) * Remove duplicate RevisionID collision from changeset tests. The map iteration order isn't deterministic and sorting the slices isn't good enough when the revision IDs are equal. Signed-off-by: Spencer Schrock <[email protected]> * remove any potential sha collisions Signed-off-by: Spencer Schrock <[email protected]> * Revert deduplications. Signed-off-by: Spencer Schrock <[email protected]> * Use ReviewPlatform as tie breaker. Signed-off-by: Spencer Schrock <[email protected]> --------- Signed-off-by: Spencer Schrock <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 enable fuzzing check in cron. (#2780) Signed-off-by: Spencer Schrock <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump tj-actions/changed-files from 35.7.0 to 35.7.6 (#2782) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.7.0 to 35.7.6. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@bd376fb...07f86bc) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump actions/checkout from 3.3.0 to 3.4.0 (#2767) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@ac59398...24cb908) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump golangci-lint and fix configuration file. (#2783) * Bump golangci-lint to v1.52.1 Signed-off-by: Spencer Schrock <[email protected]> * Remove deprecated linters. Signed-off-by: Spencer Schrock <[email protected]> * Configure errorlint to ignore wrapping multiple errors. We don't use golang 1.20 yet. Signed-off-by: Spencer Schrock <[email protected]> * extra go mod tidy to hide linter. Signed-off-by: Spencer Schrock <[email protected]> --------- Signed-off-by: Spencer Schrock <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.0 to 2.9.2 in /tools (#2787) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.0 to 2.9.2. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](onsi/ginkgo@v2.9.0...v2.9.2) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github/codeql-action from 2.2.7 to 2.2.8 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.7 to 2.2.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@168b99b...67a35a0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump actions/dependency-review-action from 3.0.3 to 3.0.4 (#2785) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.3 to 3.0.4. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@c090f4e...f46c48e) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🐛 Restore upload of existing raw result Big Query data (#2795) Signed-off-by: Spencer Schrock <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump tj-actions/changed-files from 35.7.6 to 35.7.7 (#2797) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.7.6 to 35.7.7. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@07f86bc...db5dd7c) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Restore API quota metrics for the weekly cron job. (#2799) Signed-off-by: Spencer Schrock <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/golangci/golangci-lint in /tools (#2794) Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.52.1 to 1.52.2. - [Release notes](https://github.com/golangci/golangci-lint/releases) - [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md) - [Commits](golangci/golangci-lint@v1.52.1...v1.52.2) --- updated-dependencies: - dependency-name: github.com/golangci/golangci-lint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump google.golang.org/protobuf in /tools (#2759) Signed-off-by: Avishay <[email protected]> * 🌱 Bump golang.org/x/tools from 0.6.0 to 0.7.0 (#2769) Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.81.0 (#2737) * 🌱 Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.81.0 Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.78.0 to 0.81.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](xanzy/go-gitlab@v0.78.0...v0.81.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump google.golang.org/protobuf to v1.30.0 to satisfy dependency analysis. Signed-off-by: Spencer Schrock <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Spencer Schrock <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Schrock <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump actions/stale from 6.0.1 to 8.0.0 (#2793) Bumps [actions/stale](https://github.com/actions/stale) from 6.0.1 to 8.0.0. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@5ebf00e...1160a22) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump actions/setup-go from 3.5.0 to 4.0.0 (#2757) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.5.0 to 4.0.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@6edd440...4d34df0) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump goreleaser/goreleaser-action from 4.1.0 to 4.2.0 (#2628) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@8f67e59...f82d6c1) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/google/osv-scanner (#2803) Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.2.1-0.20230302232134-592acbc2539b to 1.3.0. - [Release notes](https://github.com/google/osv-scanner/releases) - [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md) - [Commits](https://github.com/google/osv-scanner/commits/v1.3.0) --- updated-dependencies: - dependency-name: github.com/google/osv-scanner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 (#2805) Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.1.0 to 2.2.0. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](bradleyfalzon/ghinstallation@v2.1.0...v2.2.0) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump cloud.google.com/go/pubsub from 1.28.0 to 1.30.0 (#2804) Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.28.0 to 1.30.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](googleapis/google-cloud-go@pubsub/v1.28.0...pubsub/v1.30.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/pubsub dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/goreleaser/goreleaser in /tools (#2770) Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.14.1 to 1.16.2. - [Release notes](https://github.com/goreleaser/goreleaser/releases) - [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml) - [Commits](goreleaser/goreleaser@v1.14.1...v1.16.2) --- updated-dependencies: - dependency-name: github.com/goreleaser/goreleaser dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump actions/checkout from 3.4.0 to 3.5.0 (#2800) Signed-off-by: Avishay <[email protected]> * 🌱 Bump github/codeql-action from 2.2.8 to 2.2.9 (#2802) Signed-off-by: Avishay <[email protected]> * 🌱 Bump tj-actions/changed-files from 35.7.7 to 35.7.8 (#2801) Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/moby/buildkit from 0.11.4 to 0.11.5 (#2809) Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.11.4 to 0.11.5. - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](moby/buildkit@v0.11.4...v0.11.5) --- updated-dependencies: - dependency-name: github.com/moby/buildkit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#2806) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.1.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@e38b190...80e868c) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/google/osv-scanner from 1.3.0 to 1.3.1 (#2810) Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/google/osv-scanner/releases) - [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md) - [Commits](google/osv-scanner@v1.3.0...v1.3.1) --- updated-dependencies: - dependency-name: github.com/google/osv-scanner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/onsi/gomega from 1.27.0 to 1.27.6 (#2807) Signed-off-by: Avishay <[email protected]> * 🌱 Bump cloud.google.com/go/bigquery from 1.48.0 to 1.49.0 Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.48.0 to 1.49.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](googleapis/google-cloud-go@bigquery/v1.48.0...bigquery/v1.49.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/go-logr/logr from 1.2.3 to 1.2.4 (#2813) Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/go-logr/logr/releases) - [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md) - [Commits](go-logr/logr@v1.2.3...v1.2.4) --- updated-dependencies: - dependency-name: github.com/go-logr/logr dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump cloud.google.com/go/bigquery from 1.49.0 to 1.50.0 (#2818) Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.49.0 to 1.50.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](googleapis/google-cloud-go@bigquery/v1.49.0...bigquery/v1.50.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump step-security/harden-runner from 2.2.1 to 2.3.0 (#2823) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.2.1 to 2.3.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@1f99358...03bee39) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/docker/docker in /tools (#2825) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.1+incompatible to 23.0.3+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v23.0.1...v23.0.3) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github/codeql-action from 2.2.9 to 2.2.11 (#2836) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.9 to 2.2.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@04df126...d186a2a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump tj-actions/changed-files from 35.7.8 to 35.7.12 Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.7.8 to 35.7.12. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@e9b5807...b109d83) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump sigstore/cosign-installer from 3.0.1 to 3.0.2 (#2842) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.1 to 3.0.2. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@c3667d9...9e9de22) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/xeipuuv/gojsonschema Bumps [github.com/xeipuuv/gojsonschema](https://github.com/xeipuuv/gojsonschema) from 0.0.0-20180618132009-1d523034197f to 1.2.0. - [Release notes](https://github.com/xeipuuv/gojsonschema/releases) - [Commits](https://github.com/xeipuuv/gojsonschema/commits/v1.2.0) --- updated-dependencies: - dependency-name: github.com/xeipuuv/gojsonschema dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Unit tests for checker result and request (#2844) Included tests for checker result and request Signed-off-by: naveensrinivasan <[email protected]> Signed-off-by: Avishay <[email protected]> * ✨ Consider haskell-actions/hlint-scan a code scanning action (#2846) * Add haskell-actions/hlint-scan as one of know GitHub actions which upload SARIF. Signed-off-by: Yoo Chung <[email protected]> * Test security-events permissions with actions known to upload SARIF. Signed-off-by: Yoo Chung <[email protected]> --------- Signed-off-by: Yoo Chung <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 (#2847) Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](bradleyfalzon/ghinstallation@v2.2.0...v2.3.0) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/otiai10/copy from 1.9.0 to 1.10.0 Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/otiai10/copy/releases) - [Commits](otiai10/copy@v1.9.0...v1.10.0) --- updated-dependencies: - dependency-name: github.com/otiai10/copy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/goreleaser/goreleaser in /tools Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.16.2 to 1.17.0. - [Release notes](https://github.com/goreleaser/goreleaser/releases) - [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml) - [Commits](goreleaser/goreleaser@v1.16.2...v1.17.0) --- updated-dependencies: - dependency-name: github.com/goreleaser/goreleaser dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Add instructions to test cron controller + worker locally (#2817) * Add GitLab test repos. Signed-off-by: Spencer Schrock <[email protected]> * Add test GitLab projects to release controller. Signed-off-by: Spencer Schrock <[email protected]> * worker gitlab WIP Signed-off-by: Spencer Schrock <[email protected]> * Read config in worker. Signed-off-by: Spencer Schrock <[email protected]> * Use UTC time for shards. This avoids issues when the controller and worker timezones differ. Signed-off-by: Spencer Schrock <[email protected]> * update directions for gcs fake Signed-off-by: Spencer Schrock <[email protected]> * update readme Signed-off-by: Spencer Schrock <[email protected]> * Undo gitlab parts, which will be its own PR. Signed-off-by: Spencer Schrock <[email protected]> * Clarify project and config files are placeholders. Signed-off-by: Spencer Schrock <[email protected]> * remove accidentally added whitespace Signed-off-by: Spencer Schrock <[email protected]> * clarify code change with comment. Signed-off-by: Spencer Schrock <[email protected]> * Minor edits. Signed-off-by: Spencer Schrock <[email protected]> --------- Signed-off-by: Spencer Schrock <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump golang.org/x/tools from 0.7.0 to 0.8.0 (#2855) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.7.0 to 0.8.0. - [Release notes](https://github.com/golang/tools/releases) - [Commits](golang/tools@v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump codecov/codecov-action from 3.1.0 to 3.1.2 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.0 to 3.1.2. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@81cd2dc...40a12dc) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Avishay <[email protected]> * 📖 Fix broken links. (#2858) Signed-off-by: Yoo Chung <[email protected]> Signed-off-by: Avishay <[email protected]> * ✨ Detect fuzzing in Haskell by the presence of property tests. (#2843) * Add Haskell as a language. Signed-off-by: Yoo Chung <[email protected]> * Detect fuzzing in Haskell using presence of property-based testing. Signed-off-by: Yoo Chung <[email protected]> * Mention fuzzing detection for Haskell in documentation. Signed-off-by: Yoo Chung <[email protected]> * Fix pattern and test. Add test case. Signed-off-by: Yoo Chung <[email protected]> --------- Signed-off-by: Yoo Chung <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Unit tests for attestor policy (#2857) - Add tests for `GetRequiredChecksForPolicy` and `EvaluateResults` - Add checks for binary artifacts, vulnerabilities, unpinned dependencies, and code review [attestor/policy/attestation_policy_test.go] - Add `github.com/google/go-cmp/cmp` to imports - Add a test for `GetRequiredChecksForPolicy` - Add a test for `EvaluateResults` Signed-off-by: naveensrinivasan <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/xanzy/go-gitlab from 0.81.0 to 0.82.0 Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.81.0 to 0.82.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](xanzy/go-gitlab@v0.81.0...v0.82.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Avishay <[email protected]> * ✨ Use local files instead of search for SAST CodeQL check (#2839) * Look for codeQL action use with local files instead of search. Signed-off-by: Spencer Schrock <[email protected]> * Switch SAST mocks to using local file contents. Signed-off-by: Spencer Schrock <[email protected]> * Update e2e test Signed-off-by: Spencer Schrock <[email protected]> * Remove unneeded code. The tests deleted here were merged with another test in an earlier commit. Signed-off-by: Spencer Schrock <[email protected]> * update Signed-off-by: Spencer Schrock <[email protected]> * Add tests to get code coverage up. Signed-off-by: Spencer Schrock <[email protected]> --------- Signed-off-by: Spencer Schrock <[email protected]> Signed-off-by: Avishay <[email protected]> * .exe Signed-off-by: Avishay <[email protected]> * lint Signed-off-by: Avishay <[email protected]> * pr comments Signed-off-by: Avishay <[email protected]> --------- Signed-off-by: Avishay <[email protected]> Signed-off-by: Raghav Kaul <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Spencer Schrock <[email protected]> Signed-off-by: Azeem Shaikh <[email protected]> Signed-off-by: laurentsimon <[email protected]> Signed-off-by: naveensrinivasan <[email protected]> Signed-off-by: Yoo Chung <[email protected]> Signed-off-by: Avishay Balter <[email protected]> Co-authored-by: raghavkaul <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Schrock <[email protected]> Co-authored-by: Azeem Shaikh <[email protected]> Co-authored-by: laurentsimon <[email protected]> Co-authored-by: Naveen <[email protected]> Co-authored-by: Yoo Chung <[email protected]> Co-authored-by: Yoo Chung <[email protected]>
- Loading branch information