dependabot[bot]
6480c8a425
chore(deps): bump github/codeql-action from 4.31.2 to 4.31.3 ( #4366 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.2 to 4.31.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0499de31b9...014f16e7ab
2025-11-14 09:25:08 -05:00
Alex Goodman
e5711e9b42
Update CPE processing to use NVD API ( #4332 )
...
* update NVD CPE dictionary processor to use API
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
* pass linting with exceptions
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
---------
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-06 16:02:26 -05:00
Alex Goodman
7c154e7c37
use official action for token generation ( #4331 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-11-03 13:08:42 -05:00
dependabot[bot]
793b0a346f
chore(deps): bump github/codeql-action from 4.31.1 to 4.31.2 ( #4325 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.1 to 4.31.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](5fe9434cd2...0499de31b9
2025-11-03 09:11:20 -05:00
dependabot[bot]
774b1e97b9
chore(deps): bump github/codeql-action from 4.31.0 to 4.31.1 ( #4321 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.0 to 4.31.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4e94bd11f7...5fe9434cd2
2025-10-30 13:19:57 -04:00
Alex Goodman
5db3a9bf55
add workflow to create PR for spdx license list updates ( #4319 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-10-30 12:14:13 -04:00
Will Murphy
728feea620
ci: use apple creds before pushing tags ( #4313 )
...
We have had a few releases fail because the Apple credentials needed
some sort of fix. These release were operationally more interesting
because they failed after pushing a git tag (which effectively releases
the golagn package). Therefore, try to use these creds early, before
there's a tag pushed.
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-10-29 10:07:47 -04:00
dependabot[bot]
bee78c0b16
chore(deps): bump github/codeql-action from 4.30.9 to 4.31.0 ( #4310 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.30.9 to 4.31.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](16140ae1a1...4e94bd11f7
2025-10-27 10:43:04 -04:00
dependabot[bot]
88bbcbe9c6
chore(deps): bump anchore/sbom-action from 0.20.8 to 0.20.9 ( #4305 )
2025-10-27 02:03:09 -04:00
dependabot[bot]
675075e882
chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 ( #4299 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.30.8 to 4.30.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f443b600d9...16140ae1a1
2025-10-20 10:08:39 -04:00
dependabot[bot]
07029ead8a
chore(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 ( #4296 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.10.0 to 4.0.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](d7543c93d8...faadad0cce
2025-10-17 10:22:20 -04:00
dependabot[bot]
f4de1e863c
chore(deps): bump anchore/sbom-action from 0.20.7 to 0.20.8 ( #4297 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.7 to 0.20.8.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](d8a2c01300...aa0e114b2e
2025-10-17 10:22:10 -04:00
dependabot[bot]
6627c5214c
chore(deps): bump anchore/sbom-action from 0.20.6 to 0.20.7 ( #4293 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.6 to 0.20.7.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](f8bdd1d8ac...d8a2c01300
2025-10-16 13:57:17 -04:00
dependabot[bot]
5056c7f861
chore(deps): bump github/codeql-action from 4.30.7 to 4.30.8 ( #4277 )
2025-10-13 10:47:50 -04:00
dependabot[bot]
3b82a3724a
chore(deps): bump github/codeql-action from 3.30.6 to 4.30.7 ( #4262 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.6 to 4.30.7.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](64d10c1313...e296a93559
2025-10-08 16:44:21 -04:00
dependabot[bot]
b96d3d20af
chore(deps): bump github/codeql-action from 3.30.5 to 3.30.6 ( #4253 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.5 to 3.30.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3599b3baa1...64d10c1313
2025-10-03 12:07:20 -04:00
dependabot[bot]
605a275dd3
chore(deps): bump github/codeql-action from 3.30.4 to 3.30.5 ( #4246 )
2025-09-30 17:06:10 -04:00
dependabot[bot]
f0998de717
chore(deps): bump github/codeql-action from 3.30.3 to 3.30.4 ( #4239 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.3 to 3.30.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](192325c861...303c0aef88
2025-09-25 12:06:49 -04:00
dependabot[bot]
261ab7c1fd
chore(deps): bump actions/cache from 4.2.4 to 4.3.0 ( #4240 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.4 to 4.3.0.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0400d5f644...0057852bfa
2025-09-25 12:02:41 -04:00
dependabot[bot]
3abbd940e3
chore(deps): bump anchore/sbom-action from 0.20.5 to 0.20.6 ( #4222 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.5 to 0.20.6.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](da167eac91...f8bdd1d8ac
2025-09-18 10:58:53 -04:00
dependabot[bot]
333b951be3
chore(deps): bump zizmorcore/zizmor-action from 0.1.2 to 0.2.0 ( #4216 )
...
Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action ) from 0.1.2 to 0.2.0.
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases )
- [Commits](5ca5fc7a47...e673c3917a
2025-09-15 14:30:16 -04:00
dependabot[bot]
90c733d24d
chore(deps): bump 8398a7/action-slack from 3.18.0 to 3.19.0 ( #4217 )
...
Bumps [8398a7/action-slack](https://github.com/8398a7/action-slack ) from 3.18.0 to 3.19.0.
- [Release notes](https://github.com/8398a7/action-slack/releases )
- [Commits](1750b5085f...77eaa4f1c6
2025-09-15 14:30:03 -04:00
dependabot[bot]
dacc2f61f9
chore(deps): bump sigstore/cosign-installer from 3.9.2 to 3.10.0 ( #4218 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.9.2 to 3.10.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](d58896d6a1...d7543c93d8
2025-09-15 14:29:53 -04:00
dependabot[bot]
1fcdb67698
chore(deps): bump github/codeql-action from 3.30.1 to 3.30.3 ( #4210 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.1 to 3.30.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f1f6e5f6af...192325c861
2025-09-11 12:50:41 -04:00
dependabot[bot]
8e78fd57b8
chore(deps): bump actions/setup-go from 5.5.0 to 6.0.0 ( #4188 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 5.5.0 to 6.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](d35c59abb0...4469467582
2025-09-08 02:35:22 -04:00
dependabot[bot]
2b8f4bc028
chore(deps): bump github/codeql-action from 3.30.0 to 3.30.1 ( #4191 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.0 to 3.30.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2d92b76c45...f1f6e5f6af
2025-09-08 02:05:35 -04:00
dependabot[bot]
98c97e24a2
chore(deps): bump actions/github-script from 7 to 8 ( #4192 )
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 7 to 8.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](https://github.com/actions/github-script/compare/v7...v8 )
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-version: '8'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-08 02:05:27 -04:00
dependabot[bot]
7e4bf7f8c2
chore(deps): bump github/codeql-action from 3.29.11 to 3.30.0 ( #4181 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.11 to 3.30.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3c3833e0f8...2d92b76c45
2025-09-02 00:26:33 -04:00
dependabot[bot]
26792fc12d
chore(deps): bump github/codeql-action from 3.29.10 to 3.29.11 ( #4149 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.10 to 3.29.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](96f518a34f...3c3833e0f8
2025-08-21 10:43:25 -04:00
dependabot[bot]
8e51e8d995
chore(deps): bump github/codeql-action from 3.29.9 to 3.29.10 ( #4145 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.9 to 3.29.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](df559355d5...96f518a34f
2025-08-18 15:29:36 -04:00
dependabot[bot]
0e669faecd
chore(deps): bump anchore/sbom-action from 0.20.4 to 0.20.5 ( #4141 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.4 to 0.20.5.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](7b36ad622f...da167eac91
2025-08-15 10:22:24 -04:00
dependabot[bot]
ab9db0024e
chore(deps): bump zizmorcore/zizmor-action from 0.1.1 to 0.1.2 ( #4135 )
...
Bumps [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action ) from 0.1.1 to 0.1.2.
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases )
- [Commits](f52a838cfa...5ca5fc7a47
2025-08-13 10:07:03 -04:00
dependabot[bot]
104df88143
chore(deps): bump github/codeql-action from 3.29.8 to 3.29.9 ( #4134 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.8 to 3.29.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](76621b61de...df559355d5
2025-08-12 18:23:39 +00:00
dependabot[bot]
6452a19009
chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 ( #4130 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.2.2 to 5.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](11bd71901b...08c6903cd8
2025-08-11 16:54:59 -04:00
dependabot[bot]
7b92913a00
chore(deps): bump github/codeql-action from 3.29.7 to 3.29.8 ( #4124 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.7 to 3.29.8.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](51f77329af...76621b61de
2025-08-08 13:35:35 -04:00
dependabot[bot]
d4d311155f
chore(deps): bump docker/login-action from 3.4.0 to 3.5.0 ( #4115 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](74a5d14239...184bdaa072
2025-08-07 10:48:53 -04:00
dependabot[bot]
118f564cf3
chore(deps): bump actions/cache from 4.2.3 to 4.2.4 ( #4119 )
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](5a3ec84eff...0400d5f644
2025-08-07 10:47:40 -04:00
dependabot[bot]
801b21bb37
chore(deps): bump github/codeql-action from 3.29.4 to 3.29.5 ( #4096 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.4 to 3.29.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4e828ff8d4...51f77329af
2025-07-30 14:29:07 -04:00
Alex Goodman
8a7302c5cf
migrate to get.anchore.io ( #4095 )
...
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2025-07-30 10:54:22 -04:00
dependabot[bot]
8b2c4a134e
chore(deps): bump github/codeql-action from 3.29.3 to 3.29.4 ( #4080 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.3 to 3.29.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](d6bbdef45e...4e828ff8d4
2025-07-24 15:17:49 -04:00
dependabot[bot]
a192787d44
chore(deps): bump github/codeql-action from 3.29.2 to 3.29.3 ( #4074 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.2 to 3.29.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](181d5eefc2...d6bbdef45e
2025-07-22 09:49:43 -04:00
dependabot[bot]
d5a562c368
chore(deps): bump anchore/sbom-action from 0.20.2 to 0.20.4 ( #4073 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.2 to 0.20.4.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](cee1b8e05a...7b36ad622f
2025-07-22 09:49:40 -04:00
Christopher Angelo Phillips
6f36b586ba
chore: update release workflow to persist credentials for git tag step ( #4069 )
...
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
2025-07-21 19:23:14 +00:00
dependabot[bot]
af787d685c
chore(deps): bump sigstore/cosign-installer from 3.9.1 to 3.9.2 ( #4066 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.9.1 to 3.9.2.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](398d4b0eee...d58896d6a1
2025-07-21 13:06:59 -04:00
dependabot[bot]
0e5db45aad
chore(deps): bump marocchino/sticky-pull-request-comment ( #4063 )
...
Bumps [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment ) from 2.9.3 to 2.9.4.
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases )
- [Commits](d2ad0de260...773744901b
2025-07-17 09:27:02 -04:00
Will Murphy
9cda2de2ad
chore: lint gh actions with zizmor ( #4062 )
...
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
2025-07-16 17:12:38 -04:00
dependabot[bot]
9cbd52bdd7
chore(deps): bump anchore/sbom-action from 0.20.1 to 0.20.2 ( #4048 )
...
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action ) from 0.20.1 to 0.20.2.
- [Release notes](https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](9246b90769...cee1b8e05a
2025-07-03 15:00:51 -04:00
dependabot[bot]
b0b10acb40
chore(deps): bump marocchino/sticky-pull-request-comment ( #4019 )
...
Bumps [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment ) from 2.9.2 to 2.9.3.
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases )
- [Commits](67d0dec7b0...d2ad0de260
2025-06-30 17:58:32 -04:00
dependabot[bot]
b90028bd1f
chore(deps): bump sigstore/cosign-installer from 3.9.0 to 3.9.1 ( #4022 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.9.0 to 3.9.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](https://github.com/sigstore/cosign-installer/compare/v3.9.0...v3.9.1 )
---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
dependency-version: 3.9.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-30 17:58:23 -04:00
dependabot[bot]
ba59f57bfe
chore(deps): bump github/codeql-action from 3.29.0 to 3.29.2 ( #4039 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.29.0 to 3.29.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ce28f5bb42...181d5eefc2
2025-06-30 17:17:20 -04:00
