dependabot[bot]
31a77e0290
Bump step-security/harden-runner from 2.9.1 to 2.10.1
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.9.1 to 2.10.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](5c7944e73c...91182cccc0
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-09-11 09:00:59 +00:00
dependabot[bot]
c8a1bd5589
Bump step-security/harden-runner from 2.9.0 to 2.9.1
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.9.0 to 2.9.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](0d381219dd...5c7944e73c
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-08-06 08:33:05 +00:00
dependabot[bot]
f318845a64
Bump step-security/harden-runner from 2.8.1 to 2.9.0
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.8.1 to 2.9.0.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](17d0e2bd7d...0d381219dd
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-07-19 08:10:54 +00:00
dependabot[bot]
270f606919
Bump actions/dependency-review-action from 4.3.3 to 4.3.4
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 4.3.3 to 4.3.4.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](72eb03d02c...5a2ce3f5b9
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-07-12 08:51:25 +00:00
dependabot[bot]
d86e3a5443
Bump actions/checkout from 4.1.6 to 4.1.7
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.6 to 4.1.7.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a5ac7e51b4...692973e3d9
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-06-13 08:13:29 +00:00
dependabot[bot]
f328e6b367
Bump step-security/harden-runner from 2.8.0 to 2.8.1
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.8.0 to 2.8.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](f086349bfa...17d0e2bd7d
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-06-10 08:58:30 +00:00
dependabot[bot]
3e2d19aa75
Bump actions/dependency-review-action from 4.3.2 to 4.3.3
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 4.3.2 to 4.3.3.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](0c155c5e85...72eb03d02c
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-06-06 08:54:03 +00:00
dependabot[bot]
cd649364d4
---
...
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-22 08:16:34 +00:00
dependabot[bot]
95d16edfff
Bump actions/checkout from 4.1.5 to 4.1.6
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.5 to 4.1.6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](44c2b7a8a4...a5ac7e51b4
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-17 08:58:40 +00:00
dependabot[bot]
21617455f2
Bump actions/checkout from 4.1.4 to 4.1.5
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.4 to 4.1.5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](0ad4b8fada...44c2b7a8a4
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-07 08:52:28 +00:00
dependabot[bot]
7ebec9aa02
Bump actions/dependency-review-action from 4.3.1 to 4.3.2
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 4.3.1 to 4.3.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](e58c696e52...0c155c5e85
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-01 08:37:57 +00:00
6736ea0439
Merge pull request #29 from wneessen/dependabot/github_actions/step-security/harden-runner-2.7.1
...
Bump step-security/harden-runner from 2.7.0 to 2.7.1
2024-04-30 11:49:27 +02:00
dependabot[bot]
4c4d53cdfa
Bump actions/dependency-review-action from 4.2.5 to 4.3.1
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 4.2.5 to 4.3.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](5bbc3ba658...e58c696e52
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-30 08:34:30 +00:00
dependabot[bot]
e42a66bdd6
Bump step-security/harden-runner from 2.7.0 to 2.7.1
...
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner ) from 2.7.0 to 2.7.1.
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](63c24ba6bd...a4aa98b93c
)
---
updated-dependencies:
- dependency-name: step-security/harden-runner
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-30 08:34:21 +00:00
dependabot[bot]
7d6aae2ece
Bump actions/checkout from 4.1.2 to 4.1.4
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.2 to 4.1.4.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](9bb56186c3...0ad4b8fada
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-25 08:59:45 +00:00
dependabot[bot]
1919eabc08
Bump actions/dependency-review-action from 4.2.4 to 4.2.5
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 4.2.4 to 4.2.5.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](733dd5d4a5...5bbc3ba658
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-26 08:57:51 +00:00
dependabot[bot]
615b3eb5a4
Bump actions/dependency-review-action from 4.2.3 to 4.2.4
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 4.2.3 to 4.2.4.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](0fa40c3c10...733dd5d4a5
)
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-03-25 08:19:50 +00:00
f0e0b94307
Add SPDX license headers to workflows and Dependabot config
...
Added SPDX license headers to the GitHub workflows and the Dependabot configuration file, specifying the license as MIT. Also, minor formatting changes have been made to the dependency review workflow file.
2024-03-21 16:35:03 +01:00
ddc62a9a04
Add CC0-1.0 license and update workflow files
...
A new file, LICENSES/CC0-1.0.txt, has been created to provide the Creative Commons Zero v1.0 Universal license for the project. Additionally, SPDX headers specifying the MIT license and copyright details have been added to each of the GitHub workflow files, enhancing the clarity and compliance of the project's license utilization.
2024-03-21 16:02:13 +01:00
42e89bc2bb
Implement security improvements and workflow updates
...
Added SECURITY.md with details for vulnerability reporting and encryption. Introduced new workflows for dependency review, Scorecard supply-chain security, and CodeQL analysis. Made amendments to docker-publish.yml for better Docker build and publishing process. These enhancements are aimed towards improving the security stance and the efficiency of CI/CD workflows.
2024-03-21 15:47:46 +01:00