dependabot[bot]
a39c600913
chore(deps): bump github/codeql-action from 4.31.8 to 4.31.9 ( #4481 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.8 to 4.31.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1b168cd394...5d4e8d1aca
2025-12-17 10:20:52 -05:00
dependabot[bot]
2c97ff1b24
chore(deps): bump actions/cache from 5.0.0 to 5.0.1 ( #4476 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](a783357455...9255dc7a25
2025-12-16 08:28:51 -05:00
VictorHuu
c8982b887d
chore:cancel in-progress workflows for new commits on same PR ( #4465 )
...
Signed-off-by: VictorHuu <victorhu493@gmail.com>
2025-12-12 10:20:20 -05:00
dependabot[bot]
052e4ca9a3
chore(deps): bump github/codeql-action from 4.31.7 to 4.31.8 ( #4468 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.7 to 4.31.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](cf1bb45a27...1b168cd394
2025-12-12 08:48:36 -05:00
dependabot[bot]
41e133e2cf
chore(deps): bump actions/cache from 4.3.0 to 5.0.0 ( #4469 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.3.0 to 5.0.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0057852bfa...a783357455
2025-12-12 08:48:32 -05:00
dependabot[bot]
ab5fa0a664
chore(deps): bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 ( #4459 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.11 to 8.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](22a9089034...98357b18bf
2025-12-10 13:32:51 -05:00
dependabot[bot]
07ad8a5573
chore(deps): bump anchore/sbom-action from 0.20.10 to 0.20.11 ( #4458 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.10 to 0.20.11.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](fbfd9c6c18...43a17d6e7a
2025-12-10 13:32:47 -05:00
dependabot[bot]
09b24bdb47
chore(deps): bump peter-evans/create-pull-request from 7.0.8 to 7.0.11 ( #4447 )
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 7.0.8 to 7.0.11.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](271a8d0340...22a9089034
2025-12-09 09:59:32 -05:00
dependabot[bot]
ae1fa09e02
chore(deps): bump actions/create-github-app-token from 2.1.4 to 2.2.1 ( #4445 )
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 2.1.4 to 2.2.1.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](6701853927...29824e69f5
2025-12-09 09:57:48 -05:00
dependabot[bot]
6d56087289
chore(deps): bump github/codeql-action from 4.31.6 to 4.31.7 ( #4446 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.6 to 4.31.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](fe4161a26a...cf1bb45a27
2025-12-09 09:47:52 -05:00
dependabot[bot]
a80679beba
chore(deps): bump actions/checkout from 6.0.0 to 6.0.1 ( #4431 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1af3b93b68...8e8c483db8
2025-12-03 20:18:45 -05:00
dependabot[bot]
d1a523fef5
chore(deps): bump github/codeql-action from 4.31.4 to 4.31.6 ( #4424 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.4 to 4.31.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e12f017898...fe4161a26a
2025-12-01 16:34:03 -05:00
dependabot[bot]
6c666383e7
chore(deps): bump anchore/sbom-action from 0.20.9 to 0.20.10 ( #4381 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.9 to 0.20.10.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](8e94d75ddd...fbfd9c6c18
2025-11-25 23:05:05 -05:00
dependabot[bot]
023a14f869
chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 ( #4396 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](08c6903cd8...1af3b93b68
2025-11-25 23:03:02 -05:00
dependabot[bot]
f12788da78
chore(deps): bump github/codeql-action from 4.31.3 to 4.31.4 ( #4386 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.3 to 4.31.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](014f16e7ab...e12f017898
2025-11-20 12:40:21 -05:00
dependabot[bot]
af167ba0c1
chore(deps): bump actions/setup-go from 6.0.0 to 6.1.0 ( #4392 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 6.0.0 to 6.1.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](4469467582...4dc6199c7b
2025-11-20 12:00:56 -05:00
Keith Zantow
7014cb023f
chore: options to run release-install-script without release ( #4377 )
...
Signed-off-by: Keith Zantow <kzantow@gmail.com>
2025-11-17 22:12:04 +00:00
Will Murphy
1c22325385
ci: output oras path ( #4373 )
...
* ci: output oras path
Some workflows expect bootstrap to output the oras path. This seems like
a reasonable thing for it to do.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
* ci: use path to oras from binny
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---------
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-11-17 15:36:45 +00:00
dependabot[bot]
6480c8a425
chore(deps): bump github/codeql-action from 4.31.2 to 4.31.3 ( #4366 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.2 to 4.31.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0499de31b9...014f16e7ab
2025-11-14 09:25:08 -05:00
Alex Goodman
e5711e9b42
Update CPE processing to use NVD API ( #4332 )
...
* update NVD CPE dictionary processor to use API
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* pass linting with exceptions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-06 16:02:26 -05:00
Alex Goodman
7c154e7c37
use official action for token generation ( #4331 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-03 13:08:42 -05:00
dependabot[bot]
793b0a346f
chore(deps): bump github/codeql-action from 4.31.1 to 4.31.2 ( #4325 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.1 to 4.31.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](5fe9434cd2...0499de31b9
2025-11-03 09:11:20 -05:00
dependabot[bot]
774b1e97b9
chore(deps): bump github/codeql-action from 4.31.0 to 4.31.1 ( #4321 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.0 to 4.31.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4e94bd11f7...5fe9434cd2
2025-10-30 13:19:57 -04:00
Alex Goodman
5db3a9bf55
add workflow to create PR for spdx license list updates ( #4319 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-30 12:14:13 -04:00
Will Murphy
728feea620
ci: use apple creds before pushing tags ( #4313 )
...
We have had a few releases fail because the Apple credentials needed
some sort of fix. These release were operationally more interesting
because they failed after pushing a git tag (which effectively releases
the golagn package). Therefore, try to use these creds early, before
there's a tag pushed.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-10-29 10:07:47 -04:00
dependabot[bot]
bee78c0b16
chore(deps): bump github/codeql-action from 4.30.9 to 4.31.0 ( #4310 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.30.9 to 4.31.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](16140ae1a1...4e94bd11f7
2025-10-27 10:43:04 -04:00
dependabot[bot]
88bbcbe9c6
chore(deps): bump anchore/sbom-action from 0.20.8 to 0.20.9 ( #4305 )
2025-10-27 02:03:09 -04:00
dependabot[bot]
675075e882
chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 ( #4299 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.30.8 to 4.30.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f443b600d9...16140ae1a1
2025-10-20 10:08:39 -04:00
dependabot[bot]
07029ead8a
chore(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 ( #4296 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.10.0 to 4.0.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](d7543c93d8...faadad0cce
2025-10-17 10:22:20 -04:00
dependabot[bot]
f4de1e863c
chore(deps): bump anchore/sbom-action from 0.20.7 to 0.20.8 ( #4297 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.7 to 0.20.8.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](d8a2c01300...aa0e114b2e
2025-10-17 10:22:10 -04:00
dependabot[bot]
6627c5214c
chore(deps): bump anchore/sbom-action from 0.20.6 to 0.20.7 ( #4293 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.6 to 0.20.7.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](f8bdd1d8ac...d8a2c01300
2025-10-16 13:57:17 -04:00
dependabot[bot]
5056c7f861
chore(deps): bump github/codeql-action from 4.30.7 to 4.30.8 ( #4277 )
2025-10-13 10:47:50 -04:00
dependabot[bot]
3b82a3724a
chore(deps): bump github/codeql-action from 3.30.6 to 4.30.7 ( #4262 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.6 to 4.30.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](64d10c1313...e296a93559
2025-10-08 16:44:21 -04:00
dependabot[bot]
b96d3d20af
chore(deps): bump github/codeql-action from 3.30.5 to 3.30.6 ( #4253 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.5 to 3.30.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3599b3baa1...64d10c1313
2025-10-03 12:07:20 -04:00
dependabot[bot]
605a275dd3
chore(deps): bump github/codeql-action from 3.30.4 to 3.30.5 ( #4246 )
2025-09-30 17:06:10 -04:00
dependabot[bot]
f0998de717
chore(deps): bump github/codeql-action from 3.30.3 to 3.30.4 ( #4239 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.3 to 3.30.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](192325c861...303c0aef88
2025-09-25 12:06:49 -04:00
dependabot[bot]
261ab7c1fd
chore(deps): bump actions/cache from 4.2.4 to 4.3.0 ( #4240 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.4 to 4.3.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0400d5f644...0057852bfa
2025-09-25 12:02:41 -04:00
dependabot[bot]
3abbd940e3
chore(deps): bump anchore/sbom-action from 0.20.5 to 0.20.6 ( #4222 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.5 to 0.20.6.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](da167eac91...f8bdd1d8ac
2025-09-18 10:58:53 -04:00
dependabot[bot]
333b951be3
chore(deps): bump zizmorcore/zizmor-action from 0.1.2 to 0.2.0 ( #4216 )
...
Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action ) from 0.1.2 to 0.2.0.
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases )
- [Commits](5ca5fc7a47...e673c3917a
2025-09-15 14:30:16 -04:00
dependabot[bot]
90c733d24d
chore(deps): bump 8398a7/action-slack from 3.18.0 to 3.19.0 ( #4217 )
...
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack ) from 3.18.0 to 3.19.0.
- [Release notes](https://github.com/8398a7/action-slack/releases )
- [Commits](1750b5085f...77eaa4f1c6
2025-09-15 14:30:03 -04:00
dependabot[bot]
dacc2f61f9
chore(deps): bump sigstore/cosign-installer from 3.9.2 to 3.10.0 ( #4218 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.9.2 to 3.10.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](d58896d6a1...d7543c93d8
2025-09-15 14:29:53 -04:00
dependabot[bot]
1fcdb67698
chore(deps): bump github/codeql-action from 3.30.1 to 3.30.3 ( #4210 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.1 to 3.30.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f1f6e5f6af...192325c861
2025-09-11 12:50:41 -04:00
dependabot[bot]
8e78fd57b8
chore(deps): bump actions/setup-go from 5.5.0 to 6.0.0 ( #4188 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.5.0 to 6.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](d35c59abb0...4469467582
2025-09-08 02:35:22 -04:00
dependabot[bot]
2b8f4bc028
chore(deps): bump github/codeql-action from 3.30.0 to 3.30.1 ( #4191 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.0 to 3.30.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2d92b76c45...f1f6e5f6af
2025-09-08 02:05:35 -04:00
dependabot[bot]
98c97e24a2
chore(deps): bump actions/github-script from 7 to 8 ( #4192 )
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 7 to 8.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](https://github.com/actions/github-script/compare/v7...v8 )
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-version: '8'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-08 02:05:27 -04:00
dependabot[bot]
7e4bf7f8c2
chore(deps): bump github/codeql-action from 3.29.11 to 3.30.0 ( #4181 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.11 to 3.30.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3c3833e0f8...2d92b76c45
2025-09-02 00:26:33 -04:00
dependabot[bot]
26792fc12d
chore(deps): bump github/codeql-action from 3.29.10 to 3.29.11 ( #4149 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.10 to 3.29.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](96f518a34f...3c3833e0f8
2025-08-21 10:43:25 -04:00
dependabot[bot]
8e51e8d995
chore(deps): bump github/codeql-action from 3.29.9 to 3.29.10 ( #4145 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.9 to 3.29.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](df559355d5...96f518a34f
2025-08-18 15:29:36 -04:00
dependabot[bot]
0e669faecd
chore(deps): bump anchore/sbom-action from 0.20.4 to 0.20.5 ( #4141 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.4 to 0.20.5.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](7b36ad622f...da167eac91
2025-08-15 10:22:24 -04:00
dependabot[bot]
ab9db0024e
chore(deps): bump zizmorcore/zizmor-action from 0.1.1 to 0.1.2 ( #4135 )
...
Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action ) from 0.1.1 to 0.1.2.
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases )
- [Commits](f52a838cfa...5ca5fc7a47
2025-08-13 10:07:03 -04:00
