dependabot[bot]
0624d1e6d7
Bump actions/dependency-review-action from 4.3.1 to 4.3.2
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 4.3.1 to 4.3.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](e58c696e52...0c155c5e85
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-01 13:38:38 +00:00
1965350bc0
Merge pull request #219 from wneessen/dependabot/github_actions/actions/dependency-review-action-4.3.1
...
Bump actions/dependency-review-action from 4.2.5 to 4.3.1
2024-04-30 17:01:49 +02:00
6ea97376d3
Merge pull request #220 from wneessen/dependabot/github_actions/golangci/golangci-lint-action-5.1.0
...
Bump golangci/golangci-lint-action from 5.0.0 to 5.1.0
2024-04-30 17:01:22 +02:00
dependabot[bot]
63d721cf6f
Bump step-security/harden-runner from 2.7.0 to 2.7.1
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.7.0 to 2.7.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](63c24ba6bd...a4aa98b93c
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-30 14:03:23 +00:00
dependabot[bot]
e528d585c5
Bump golangci/golangci-lint-action from 5.0.0 to 5.1.0
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 5.0.0 to 5.1.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](82d40c283a...9d1e0624a7
)
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-30 14:03:18 +00:00
dependabot[bot]
8553ede1cb
Bump actions/dependency-review-action from 4.2.5 to 4.3.1
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 4.2.5 to 4.3.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](5bbc3ba658...e58c696e52
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-30 14:03:14 +00:00
dependabot[bot]
ac528ba2c3
Bump github/codeql-action from 3.25.2 to 3.25.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.2 to 3.25.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8f596b4ae3...d39d31e687
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-26 13:45:44 +00:00
dependabot[bot]
c6841b9523
Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 4.0.0 to 5.0.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](3cfe3a4abb...82d40c283a
)
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-25 13:54:44 +00:00
3668a80791
Merge pull request #215 from wneessen/dependabot/github_actions/actions/upload-artifact-4.3.3
...
Bump actions/upload-artifact from 4.3.2 to 4.3.3
2024-04-23 16:16:25 +02:00
dependabot[bot]
d7ac8d8710
Bump github/codeql-action from 3.25.1 to 3.25.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.1 to 3.25.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](c7f9125735...8f596b4ae3
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-23 13:31:39 +00:00
dependabot[bot]
b00fc0dffe
Bump actions/upload-artifact from 4.3.2 to 4.3.3
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.2 to 4.3.3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](1746f4ab65...65462800fd
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-23 13:31:10 +00:00
dependabot[bot]
4ee8e3d82f
Bump actions/upload-artifact from 4.3.1 to 4.3.2
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4.3.1 to 4.3.2.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](5d5d22a312...1746f4ab65
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-19 14:06:10 +00:00
dependabot[bot]
6c47311c22
Bump github/codeql-action from 3.25.0 to 3.25.1
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.0 to 3.25.1.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](df5a14dc28...c7f9125735
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-17 13:36:49 +00:00
dependabot[bot]
8b0caa9000
Bump github/codeql-action from 3.24.10 to 3.25.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.10 to 3.25.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4355270be1...df5a14dc28
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-15 13:12:31 +00:00
dependabot[bot]
f4ed106a4b
Bump codecov/codecov-action from 4.2.0 to 4.3.0
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](7afa10ed9b...84508663e9
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-10 13:59:22 +00:00
dependabot[bot]
eeb00f034f
Bump github/codeql-action from 3.24.9 to 3.24.10
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.9 to 3.24.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1b1aada464...4355270be1
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-08 13:59:24 +00:00
ae36ab8722
Merge pull request #205 from wneessen/dependabot/github_actions/sonarsource/sonarqube-quality-gate-action-72f24ebf1f81eda168a979ce14b8203273b7c3ad
...
Bump sonarsource/sonarqube-quality-gate-action from f9fe214a5be5769c40619de2fff2726c36d2d5eb to 72f24ebf1f81eda168a979ce14b8203273b7c3ad
2024-04-04 16:30:36 +02:00
dependabot[bot]
adb90c453d
Bump codecov/codecov-action from 4.1.1 to 4.2.0
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.1.1 to 4.2.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](c16abc29c9...7afa10ed9b
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-04 13:21:24 +00:00
dependabot[bot]
294de2c5ee
Bump sonarsource/sonarqube-quality-gate-action
...
Bumps [sonarsource/sonarqube-quality-gate-action](https://github.com/sonarsource/sonarqube-quality-gate-action ) from f9fe214a5be5769c40619de2fff2726c36d2d5eb to 72f24ebf1f81eda168a979ce14b8203273b7c3ad.
- [Release notes](https://github.com/sonarsource/sonarqube-quality-gate-action/releases )
- [Commits](f9fe214a5b...72f24ebf1f
)
---
updated-dependencies:
- dependency-name: sonarsource/sonarqube-quality-gate-action
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-04 13:21:20 +00:00
dependabot[bot]
b0bda8dbc8
Bump sonarsource/sonarqube-scan-action
...
Bumps [sonarsource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action ) from 9ad16418d1dd6d28912bc0047ee387e90181ce1c to 53c3e3207fe4b8d52e2f1ac9d6eb1d2506f626c0.
- [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases )
- [Commits](9ad16418d1...53c3e3207f
)
---
updated-dependencies:
- dependency-name: sonarsource/sonarqube-scan-action
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-28 13:31:06 +00:00
dependabot[bot]
d5d377c575
Bump codecov/codecov-action from 4.1.0 to 4.1.1
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](54bcd8715e...c16abc29c9
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-27 13:55:03 +00:00
dependabot[bot]
181ce199af
Bump actions/dependency-review-action from 4.2.4 to 4.2.5
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 4.2.4 to 4.2.5.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](733dd5d4a5...5bbc3ba658
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-26 13:47:39 +00:00
3a31eb181e
Merge pull request #198 from wneessen/dependabot/github_actions/actions/upload-artifact-4.3.1
...
Bump actions/upload-artifact from 3.1.3 to 4.3.1
2024-03-25 16:13:01 +01:00
32a66f3df9
Merge pull request #199 from wneessen/dependabot/github_actions/actions/dependency-review-action-4.2.4
...
Bump actions/dependency-review-action from 4.2.3 to 4.2.4
2024-03-25 16:12:48 +01:00
9976302dd9
Merge pull request #200 from wneessen/dependabot/github_actions/fsfe/reuse-action-3.0.0
...
Bump fsfe/reuse-action from 1.3.0 to 3.0.0
2024-03-25 16:12:33 +01:00
dependabot[bot]
d28b22d05e
Bump actions/setup-go from 3.5.0 to 5.0.0
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3.5.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](6edd4406fa...0c52d547c9
)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-25 13:45:33 +00:00
dependabot[bot]
4660a9d734
Bump fsfe/reuse-action from 1.3.0 to 3.0.0
...
Bumps [fsfe/reuse-action](https://github.com/fsfe/reuse-action ) from 1.3.0 to 3.0.0.
- [Release notes](https://github.com/fsfe/reuse-action/releases )
- [Commits](28cf8f33bc...a46482ca36
)
---
updated-dependencies:
- dependency-name: fsfe/reuse-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-25 13:45:29 +00:00
dependabot[bot]
82a0ffef1a
Bump actions/dependency-review-action from 4.2.3 to 4.2.4
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](0fa40c3c10...733dd5d4a5
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-25 13:45:26 +00:00
dependabot[bot]
92bf3166c4
Bump actions/upload-artifact from 3.1.3 to 4.3.1
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.3 to 4.3.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](a8a3f3ad30...5d5d22a312
)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-25 13:45:21 +00:00
StepSecurity Bot
d87e2205d6
[StepSecurity] ci: Harden GitHub Actions
...
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
2024-03-23 18:01:31 +00:00
25ee875300
"Add Govulncheck Security Scan workflow"
...
A new GitHub Actions workflow for Govulncheck Security Scan has been added. This workflow gets activated on every push or pull request and includes runner hardening and executing 'govulncheck' to identify potential vulnerabilities.
2024-03-23 18:59:10 +01:00
c78388a2cb
Add read permissions to GitHub workflow files
...
This commit adds read permissions for 'contents' in the GitHub workflow files sonarqube.yml and reuse.yml. This allows these specific workflows to access the relevant contents they need for execution.
2024-03-23 15:49:03 +01:00
976adc5be9
Merge pull request #186 from wneessen/dependabot/github_actions/github/codeql-action-3.24.9
...
Bump github/codeql-action from 1.1.39 to 3.24.9
2024-03-22 16:13:33 +01:00
bd513b3d5a
Merge pull request #187 from wneessen/dependabot/github_actions/codecov/codecov-action-4.1.0
...
Bump codecov/codecov-action from 3.1.6 to 4.1.0
2024-03-22 16:13:20 +01:00
f82a3fc261
Merge pull request #188 from wneessen/dependabot/github_actions/golangci/golangci-lint-action-4.0.0
...
Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0
2024-03-22 16:13:08 +01:00
e789acfa75
Merge pull request #190 from wneessen/dependabot/github_actions/ossf/scorecard-action-2.3.1
...
Bump ossf/scorecard-action from 2.0.6 to 2.3.1
2024-03-22 16:12:55 +01:00
6d31b35fa2
Merge pull request #189 from wneessen/dependabot/github_actions/actions/dependency-review-action-4.2.3
...
Bump actions/dependency-review-action from 2.5.1 to 4.2.3
2024-03-22 16:12:42 +01:00
101e90f607
Add SPDX license headers to GitHub workflow files
...
This commit adds SPDX license headers to GitHub workflow files: scorecards.yml, dependency-review.yml, and dependabot.yml. This ensures that the license and copyright information is easily available for everyone to see.
2024-03-22 16:10:30 +01:00
dependabot[bot]
60578e4c00
Bump ossf/scorecard-action from 2.0.6 to 2.3.1
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.6 to 2.3.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](99c53751e0...0864cf1902
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-22 15:05:09 +00:00
dependabot[bot]
dbf19d2646
Bump actions/dependency-review-action from 2.5.1 to 4.2.3
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2.5.1 to 4.2.3.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](0efb1d1d84...0fa40c3c10
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-22 15:05:05 +00:00
dependabot[bot]
86d86beb7f
Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 3.7.0 to 4.0.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](3a91952989...3cfe3a4abb
)
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-22 15:05:02 +00:00
dependabot[bot]
6283546390
Bump codecov/codecov-action from 3.1.6 to 4.1.0
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 3.1.6 to 4.1.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](ab904c41d6...54bcd8715e
)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-22 15:04:59 +00:00
dependabot[bot]
1b6f49cd18
Bump github/codeql-action from 1.1.39 to 3.24.9
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.1.39 to 3.24.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v1.1.39...1b1aada464948af03b950897e5eb522f92603cc2 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-22 15:04:55 +00:00
StepSecurity Bot
886edbc0c9
[StepSecurity] Apply security best practices
...
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
2024-03-22 14:36:47 +00:00
f01047855f
Update Go version in GitHub workflow files
...
The Go version has been updated to '1.22' in the 'sonarqube.yml', 'golangci-lint.yml', and 'codecov.yml' GitHub action workflow files. This includes an additional modification for the Go versions matrix and condition statements in the 'codecov.yml' workflow.
2024-02-10 14:14:34 +01:00
1c39dc8cf8
Upgrade codecov-action to v3 in GitHub workflow
...
The codecov-action version used in the GitHub workflow file has been upgraded from v2 to v3. This enhances the reliability and performance by leveraging the new features and improvements available in version 3. This commit doesn't affect the functionality of the project but is more of a dependency update.
2024-01-25 14:03:19 +01:00
0bd5390e37
Update codecov.yml
2023-08-23 11:47:00 +02:00
b2e54717b3
Update Go version to 1.21 in GitHub workflows
...
This commit updates the Go version from 1.20 to 1.21 on three GitHub workflow files: golangci-lint.yml, codecov.yml, and sonarqube.yml. The change ensures we use the latest Go version which is more efficient and comes with additional features, leading to improved project performance.
2023-08-15 10:11:13 +02:00
169286e109
Update golangci-lint to Go 1.20
2023-02-02 19:10:16 +01:00
0dca1491db
Looks like golangci-lint does not support 1.20 yet
2023-02-02 10:26:11 +01:00