Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🌱 Bump google.golang.org/protobuf from 1.29.0 to 1.30.0 in /tools #2759

Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 16, 2023

Bumps google.golang.org/protobuf from 1.29.0 to 1.30.0.

Release notes

Sourced from google.golang.org/protobuf's releases.

v1.30.0

Announcement In the previous two releases, v1.29.0 and v1.29.1, we associated the tags with the wrong commits and thus the tags do not reference any commit in this repository. This tag, v1.30.0, refers to an existing commit again. Sorry for the inconvenience.

Notable changes

New Features

  • CL/449576: protoadapt: helper functions to convert v1 or v2 message to either v1 or v2 message.

v1.29.1

Notable changes

Bug fixes

  • CL/475995: internal/encoding/text: fix parsing of incomplete numbers
Commits
  • f221882 all: release v1.30.0
  • e344383 protoadapt: helper functions to convert v1 or v2 message to either v1 or v2 m...
  • 32efccd all: start v1.29.1-devel
  • 771d8c7 all: release v1.29.1
  • edaf511 internal/encoding/text: fix parsing of incomplete numbers
  • fe5bc54 all: start v1.29.0-devel
  • d3c9826 all: release v1.29.0
  • See full diff in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @spencerschrock.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 16, 2023
@dependabot dependabot bot had a problem deploying to integration-test March 16, 2023 09:02 Failure
@dependabot dependabot bot force-pushed the dependabot/go_modules/tools/google.golang.org/protobuf-1.30.0 branch from b69d82e to e1a00d9 Compare March 20, 2023 09:16
@dependabot dependabot bot had a problem deploying to integration-test March 20, 2023 09:16 Failure
@codecov
Copy link

codecov bot commented Mar 20, 2023

Codecov Report

Merging #2759 (fe83154) into main (45048c5) will not change coverage.
The diff coverage is n/a.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #2759   +/-   ##
=======================================
  Coverage   49.21%   49.21%           
=======================================
  Files         158      158           
  Lines       11967    11967           
=======================================
  Hits         5889     5889           
  Misses       5709     5709           
  Partials      369      369           

@dependabot dependabot bot force-pushed the dependabot/go_modules/tools/google.golang.org/protobuf-1.30.0 branch from e1a00d9 to 4fdf106 Compare March 22, 2023 09:04
@dependabot dependabot bot temporarily deployed to integration-test March 22, 2023 09:04 Inactive
@dependabot dependabot bot force-pushed the dependabot/go_modules/tools/google.golang.org/protobuf-1.30.0 branch from 4fdf106 to ea2b941 Compare March 24, 2023 09:02
@dependabot dependabot bot had a problem deploying to integration-test March 24, 2023 09:03 Failure
@dependabot dependabot bot force-pushed the dependabot/go_modules/tools/google.golang.org/protobuf-1.30.0 branch from ea2b941 to fa7a5dc Compare March 27, 2023 09:17
@dependabot dependabot bot temporarily deployed to integration-test March 27, 2023 09:17 Inactive
@dependabot dependabot bot force-pushed the dependabot/go_modules/tools/google.golang.org/protobuf-1.30.0 branch from fa7a5dc to c172753 Compare March 28, 2023 09:04
@dependabot dependabot bot temporarily deployed to integration-test March 28, 2023 09:04 Inactive
@spencerschrock
Copy link
Member

@dependabot rebase

Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.29.0 to 1.30.0.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash)
- [Commits](protocolbuffers/protobuf-go@v1.29.0...v1.30.0)

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/go_modules/tools/google.golang.org/protobuf-1.30.0 branch from c172753 to fe83154 Compare March 28, 2023 23:41
@dependabot dependabot bot temporarily deployed to integration-test March 28, 2023 23:41 Inactive
@spencerschrock
Copy link
Member

@dependabot squash and merge

@dependabot dependabot bot merged commit 355174a into main Mar 28, 2023
@dependabot dependabot bot deleted the dependabot/go_modules/tools/google.golang.org/protobuf-1.30.0 branch March 28, 2023 23:56
balteravishay pushed a commit to balteravishay/scorecard that referenced this pull request Apr 13, 2023
balteravishay pushed a commit to balteravishay/scorecard that referenced this pull request Apr 14, 2023
laurentsimon added a commit that referenced this pull request Apr 17, 2023
…dency checks (#2779)

* add nuget pinned dependency checks

Signed-off-by: Avishay <[email protected]>

* checks.yaml

Signed-off-by: Avishay <[email protected]>

* ✨ GitLab: Security Policy check (#2754)

* Add tarballHandler for GitLab, enabling repo download

Signed-off-by: Raghav Kaul <[email protected]>

* Abstract OrgSecurityPolicy details to RepoClient instead of checker

Signed-off-by: Raghav Kaul <[email protected]>

* Remove Org() from RepoClient

Signed-off-by: Raghav Kaul <[email protected]>

* Rename

Signed-off-by: Raghav Kaul <[email protected]>

* Don't run as part of CI tests that depend on external sites

Signed-off-by: Raghav Kaul <[email protected]>

---------

Signed-off-by: Raghav Kaul <[email protected]>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump gocloud.dev from 0.26.0 to 0.29.0 (#2722)

* 🌱 Bump gocloud.dev from 0.26.0 to 0.29.0

Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.26.0 to 0.29.0.
- [Release notes](https://github.com/google/go-cloud/releases)
- [Commits](google/go-cloud@v0.26.0...v0.29.0)

---
updated-dependencies:
- dependency-name: gocloud.dev
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Switch pubsubpb import path.

See https://github.com/googleapis/google-cloud-go/blob/cf7063dc4d81c2c33e31724db518c24d8a344f6e/migration.md for more details.

Signed-off-by: Spencer Schrock <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Spencer Schrock <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <[email protected]>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump github/codeql-action from 2.2.6 to 2.2.7

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.6 to 2.2.7.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@16964e9...168b99b)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Avishay <[email protected]>

* Remove unused code from changeset creation (#2776)

Signed-off-by: Azeem Shaikh <[email protected]>
Signed-off-by: Avishay <[email protected]>

* 🐛 Pass proper commit depth to github checkrun handler. (#2777)

Signed-off-by: Spencer Schrock <[email protected]>
Signed-off-by: Avishay <[email protected]>

* pr fixes

Signed-off-by: Avishay <[email protected]>

* ✨ Support for GitHub's internal integration (#2773)

* update

Signed-off-by: laurentsimon <[email protected]>

* update

Signed-off-by: laurentsimon <[email protected]>

* update

Signed-off-by: laurentsimon <[email protected]>

* update

Signed-off-by: laurentsimon <[email protected]>

* update

Signed-off-by: laurentsimon <[email protected]>

* update

Signed-off-by: laurentsimon <[email protected]>

---------

Signed-off-by: laurentsimon <[email protected]>
Signed-off-by: Avishay <[email protected]>

* 🐛 Add tie breaker when sorting changesets by RevisionID in tests. (#2781)

* Remove duplicate RevisionID collision from changeset tests.

The map iteration order isn't deterministic and sorting the slices isn't good enough when the revision IDs are equal.

Signed-off-by: Spencer Schrock <[email protected]>

* remove any potential sha collisions

Signed-off-by: Spencer Schrock <[email protected]>

* Revert deduplications.

Signed-off-by: Spencer Schrock <[email protected]>

* Use ReviewPlatform as tie breaker.

Signed-off-by: Spencer Schrock <[email protected]>

---------

Signed-off-by: Spencer Schrock <[email protected]>
Signed-off-by: Avishay <[email protected]>

* 🌱 enable fuzzing check in cron. (#2780)

Signed-off-by: Spencer Schrock <[email protected]>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump tj-actions/changed-files from 35.7.0 to 35.7.6 (#2782)

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.7.0 to 35.7.6.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@bd376fb...07f86bc)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump actions/checkout from 3.3.0 to 3.4.0 (#2767)

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@ac59398...24cb908)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump golangci-lint and fix configuration file. (#2783)

* Bump golangci-lint to v1.52.1

Signed-off-by: Spencer Schrock <[email protected]>

* Remove deprecated linters.

Signed-off-by: Spencer Schrock <[email protected]>

* Configure errorlint to ignore wrapping multiple errors.

We don't use golang 1.20 yet.

Signed-off-by: Spencer Schrock <[email protected]>

* extra go mod tidy to hide linter.

Signed-off-by: Spencer Schrock <[email protected]>

---------

Signed-off-by: Spencer Schrock <[email protected]>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.0 to 2.9.2 in /tools (#2787)

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.0 to 2.9.2.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](onsi/ginkgo@v2.9.0...v2.9.2)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump github/codeql-action from 2.2.7 to 2.2.8

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.7 to 2.2.8.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@168b99b...67a35a0)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump actions/dependency-review-action from 3.0.3 to 3.0.4 (#2785)

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@c090f4e...f46c48e)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🐛 Restore upload of existing raw result Big Query data (#2795)

Signed-off-by: Spencer Schrock <[email protected]>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump tj-actions/changed-files from 35.7.6 to 35.7.7 (#2797)

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.7.6 to 35.7.7.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@07f86bc...db5dd7c)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Restore API quota metrics for the weekly cron job. (#2799)

Signed-off-by: Spencer Schrock <[email protected]>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump github.com/golangci/golangci-lint in /tools (#2794)

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.52.1 to 1.52.2.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](golangci/golangci-lint@v1.52.1...v1.52.2)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump google.golang.org/protobuf in /tools (#2759)

Signed-off-by: Avishay <[email protected]>

* 🌱 Bump golang.org/x/tools from 0.6.0 to 0.7.0 (#2769)

Signed-off-by: Avishay <[email protected]>

* 🌱 Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.81.0 (#2737)

* 🌱 Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.81.0

Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.78.0 to 0.81.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases)
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go)
- [Commits](xanzy/go-gitlab@v0.78.0...v0.81.0)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump google.golang.org/protobuf to v1.30.0 to satisfy dependency analysis.

Signed-off-by: Spencer Schrock <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Spencer Schrock <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <[email protected]>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump actions/stale from 6.0.1 to 8.0.0 (#2793)

Bumps [actions/stale](https://github.com/actions/stale) from 6.0.1 to 8.0.0.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@5ebf00e...1160a22)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump actions/setup-go from 3.5.0 to 4.0.0 (#2757)

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.5.0 to 4.0.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@6edd440...4d34df0)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump goreleaser/goreleaser-action from 4.1.0 to 4.2.0 (#2628)

Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](goreleaser/goreleaser-action@8f67e59...f82d6c1)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump github.com/google/osv-scanner (#2803)

Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.2.1-0.20230302232134-592acbc2539b to 1.3.0.
- [Release notes](https://github.com/google/osv-scanner/releases)
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/osv-scanner/commits/v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 (#2805)

Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases)
- [Commits](bradleyfalzon/ghinstallation@v2.1.0...v2.2.0)

---
updated-dependencies:
- dependency-name: github.com/bradleyfalzon/ghinstallation/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump cloud.google.com/go/pubsub from 1.28.0 to 1.30.0 (#2804)

Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.28.0 to 1.30.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@pubsub/v1.28.0...pubsub/v1.30.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump github.com/goreleaser/goreleaser in /tools (#2770)

Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.14.1 to 1.16.2.
- [Release notes](https://github.com/goreleaser/goreleaser/releases)
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml)
- [Commits](goreleaser/goreleaser@v1.14.1...v1.16.2)

---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump actions/checkout from 3.4.0 to 3.5.0 (#2800)

Signed-off-by: Avishay <[email protected]>

* 🌱 Bump github/codeql-action from 2.2.8 to 2.2.9 (#2802)

Signed-off-by: Avishay <[email protected]>

* 🌱 Bump tj-actions/changed-files from 35.7.7 to 35.7.8 (#2801)

Signed-off-by: Avishay <[email protected]>

* 🌱 Bump github.com/moby/buildkit from 0.11.4 to 0.11.5 (#2809)

Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.11.4 to 0.11.5.
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](moby/buildkit@v0.11.4...v0.11.5)

---
updated-dependencies:
- dependency-name: github.com/moby/buildkit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#2806)

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@e38b190...80e868c)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump github.com/google/osv-scanner from 1.3.0 to 1.3.1 (#2810)

Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/google/osv-scanner/releases)
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md)
- [Commits](google/osv-scanner@v1.3.0...v1.3.1)

---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump github.com/onsi/gomega from 1.27.0 to 1.27.6 (#2807)

Signed-off-by: Avishay <[email protected]>

* 🌱 Bump cloud.google.com/go/bigquery from 1.48.0 to 1.49.0

Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.48.0 to 1.49.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@bigquery/v1.48.0...bigquery/v1.49.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump github.com/go-logr/logr from 1.2.3 to 1.2.4 (#2813)

Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 1.2.3 to 1.2.4.
- [Release notes](https://github.com/go-logr/logr/releases)
- [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md)
- [Commits](go-logr/logr@v1.2.3...v1.2.4)

---
updated-dependencies:
- dependency-name: github.com/go-logr/logr
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump cloud.google.com/go/bigquery from 1.49.0 to 1.50.0 (#2818)

Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.49.0 to 1.50.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@bigquery/v1.49.0...bigquery/v1.50.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump step-security/harden-runner from 2.2.1 to 2.3.0 (#2823)

Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.2.1 to 2.3.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@1f99358...03bee39)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump github.com/docker/docker in /tools (#2825)

Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.1+incompatible to 23.0.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v23.0.1...v23.0.3)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump github/codeql-action from 2.2.9 to 2.2.11 (#2836)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.9 to 2.2.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@04df126...d186a2a)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump tj-actions/changed-files from 35.7.8 to 35.7.12

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.7.8 to 35.7.12.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@e9b5807...b109d83)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump sigstore/cosign-installer from 3.0.1 to 3.0.2 (#2842)

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@c3667d9...9e9de22)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump github.com/xeipuuv/gojsonschema

Bumps [github.com/xeipuuv/gojsonschema](https://github.com/xeipuuv/gojsonschema) from 0.0.0-20180618132009-1d523034197f to 1.2.0.
- [Release notes](https://github.com/xeipuuv/gojsonschema/releases)
- [Commits](https://github.com/xeipuuv/gojsonschema/commits/v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/xeipuuv/gojsonschema
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Avishay <[email protected]>

* 🌱 Unit tests for checker result and request (#2844)

Included tests for checker result and request

Signed-off-by: naveensrinivasan <[email protected]>
Signed-off-by: Avishay <[email protected]>

* ✨ Consider haskell-actions/hlint-scan a code scanning action (#2846)

* Add haskell-actions/hlint-scan as one of know GitHub actions which upload SARIF.

Signed-off-by: Yoo Chung <[email protected]>

* Test security-events permissions with actions known to upload SARIF.

Signed-off-by: Yoo Chung <[email protected]>

---------

Signed-off-by: Yoo Chung <[email protected]>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 (#2847)

Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases)
- [Commits](bradleyfalzon/ghinstallation@v2.2.0...v2.3.0)

---
updated-dependencies:
- dependency-name: github.com/bradleyfalzon/ghinstallation/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump github.com/otiai10/copy from 1.9.0 to 1.10.0

Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/otiai10/copy/releases)
- [Commits](otiai10/copy@v1.9.0...v1.10.0)

---
updated-dependencies:
- dependency-name: github.com/otiai10/copy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump github.com/goreleaser/goreleaser in /tools

Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.16.2 to 1.17.0.
- [Release notes](https://github.com/goreleaser/goreleaser/releases)
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml)
- [Commits](goreleaser/goreleaser@v1.16.2...v1.17.0)

---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Avishay <[email protected]>

* 🌱 Add instructions to test cron controller + worker locally (#2817)

* Add GitLab test repos.

Signed-off-by: Spencer Schrock <[email protected]>

* Add test GitLab projects to release controller.

Signed-off-by: Spencer Schrock <[email protected]>

* worker gitlab WIP

Signed-off-by: Spencer Schrock <[email protected]>

* Read config in worker.

Signed-off-by: Spencer Schrock <[email protected]>

* Use UTC time for shards.

This avoids issues when the controller and worker timezones differ.

Signed-off-by: Spencer Schrock <[email protected]>

* update directions for gcs fake

Signed-off-by: Spencer Schrock <[email protected]>

* update readme

Signed-off-by: Spencer Schrock <[email protected]>

* Undo gitlab parts, which will be its own PR.

Signed-off-by: Spencer Schrock <[email protected]>

* Clarify project and config files are placeholders.

Signed-off-by: Spencer Schrock <[email protected]>

* remove accidentally added whitespace

Signed-off-by: Spencer Schrock <[email protected]>

* clarify code change with comment.

Signed-off-by: Spencer Schrock <[email protected]>

* Minor edits.

Signed-off-by: Spencer Schrock <[email protected]>

---------

Signed-off-by: Spencer Schrock <[email protected]>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump golang.org/x/tools from 0.7.0 to 0.8.0 (#2855)

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.7.0 to 0.8.0.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](golang/tools@v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump codecov/codecov-action from 3.1.0 to 3.1.2

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.0 to 3.1.2.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@81cd2dc...40a12dc)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Avishay <[email protected]>

* 📖 Fix broken links. (#2858)

Signed-off-by: Yoo Chung <[email protected]>
Signed-off-by: Avishay <[email protected]>

* ✨ Detect fuzzing in Haskell by the presence of property tests. (#2843)

* Add Haskell as a language.

Signed-off-by: Yoo Chung <[email protected]>

* Detect fuzzing in Haskell using presence of property-based testing.

Signed-off-by: Yoo Chung <[email protected]>

* Mention fuzzing detection for Haskell in documentation.

Signed-off-by: Yoo Chung <[email protected]>

* Fix pattern and test.  Add test case.

Signed-off-by: Yoo Chung <[email protected]>

---------

Signed-off-by: Yoo Chung <[email protected]>
Signed-off-by: Avishay <[email protected]>

* 🌱 Unit tests for attestor policy (#2857)

- Add tests for `GetRequiredChecksForPolicy` and `EvaluateResults`
- Add checks for binary artifacts, vulnerabilities, unpinned dependencies, and code review

[attestor/policy/attestation_policy_test.go]
- Add `github.com/google/go-cmp/cmp` to imports
- Add a test for `GetRequiredChecksForPolicy`
- Add a test for `EvaluateResults`

Signed-off-by: naveensrinivasan <[email protected]>
Signed-off-by: Avishay <[email protected]>

* 🌱 Bump github.com/xanzy/go-gitlab from 0.81.0 to 0.82.0

Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.81.0 to 0.82.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases)
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go)
- [Commits](xanzy/go-gitlab@v0.81.0...v0.82.0)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Avishay <[email protected]>

* ✨ Use local files instead of search for SAST CodeQL check (#2839)

* Look for codeQL action use with local files instead of search.

Signed-off-by: Spencer Schrock <[email protected]>

* Switch SAST mocks to using local file contents.

Signed-off-by: Spencer Schrock <[email protected]>

* Update e2e test

Signed-off-by: Spencer Schrock <[email protected]>

* Remove unneeded code.

The tests deleted here were merged with another test in an earlier commit.

Signed-off-by: Spencer Schrock <[email protected]>

* update

Signed-off-by: Spencer Schrock <[email protected]>

* Add tests to get code coverage up.

Signed-off-by: Spencer Schrock <[email protected]>

---------

Signed-off-by: Spencer Schrock <[email protected]>
Signed-off-by: Avishay <[email protected]>

* .exe

Signed-off-by: Avishay <[email protected]>

* lint

Signed-off-by: Avishay <[email protected]>

* pr comments

Signed-off-by: Avishay <[email protected]>

---------

Signed-off-by: Avishay <[email protected]>
Signed-off-by: Raghav Kaul <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Spencer Schrock <[email protected]>
Signed-off-by: Azeem Shaikh <[email protected]>
Signed-off-by: laurentsimon <[email protected]>
Signed-off-by: naveensrinivasan <[email protected]>
Signed-off-by: Yoo Chung <[email protected]>
Signed-off-by: Avishay Balter <[email protected]>
Co-authored-by: raghavkaul <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <[email protected]>
Co-authored-by: Azeem Shaikh <[email protected]>
Co-authored-by: laurentsimon <[email protected]>
Co-authored-by: Naveen <[email protected]>
Co-authored-by: Yoo Chung <[email protected]>
Co-authored-by: Yoo Chung <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant