Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[pull] main from anchore:main #1

Open
wants to merge 23 commits into
base: main
Choose a base branch
from
Open

[pull] main from anchore:main #1

wants to merge 23 commits into from

Commits on Jul 9, 2024

  1. fix: workaround windows install script (#477) 

    Because of a small bug the version of curl presently on GitHub windows runners,
Syft's install.sh file can fail to execute. Therefore, at least for now, fall
back to just using cache.downloadTool to get Syft.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
    @willmurphyscode
    willmurphyscode authored Jul 9, 2024
    Configuration menu
    Copy the full SHA
    95b086a View commit details
    Browse the repository at this point in the history

Commits on Jul 10, 2024

  1. chore(deps): update Syft to v1.8.0 (#473) 

    * chore(deps): update Syft to v1.8.0

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* chore: bump snapshots to reflect CycloneDX 1.6

Previous snapshots were saved with CycloneDX 1.5, but Syft's default CycloneDX
output is now version 1.6.

Signed-off-by: Will Murphy <will.murphy@anchore.com>

---------

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
Co-authored-by: Will Murphy <will.murphy@anchore.com>
    @anchore-actions-token-generator @kzantow @willmurphyscode
    3 people authored Jul 10, 2024
    Configuration menu
    Copy the full SHA
    f3253ca View commit details
    Browse the repository at this point in the history

  2. chore: serialize tests to prevent install race (#478) 

    Previously, running the npm test script in CI would sometimes result in multiple
test processes all trying to install Syft at the same time, and one would fail
with "spawn: ETXTBSY". Instead, run all tests in series.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
    @willmurphyscode
    willmurphyscode authored Jul 10, 2024
    Configuration menu
    Copy the full SHA
    f4035cd View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 ( 

    …#475)

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6.0.5 to 6.1.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](peter-evans/create-pull-request@6d6857d...c5a7806)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 10, 2024
    Configuration menu
    Copy the full SHA
    23e0b38 View commit details
    Browse the repository at this point in the history

  4. chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#474) 

    Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.6 to 4.1.7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@a5ac7e5...692973e)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jul 10, 2024
    Configuration menu
    Copy the full SHA
    ee41e6a View commit details
    Browse the repository at this point in the history

Commits on Jul 11, 2024

  1. chore(deps): update Syft to v1.9.0 (#479) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: willmurphyscode <12529630+willmurphyscode@users.noreply.github.com>
    @anchore-actions-token-generator @willmurphyscode
    anchore-actions-token-generator[bot] and willmurphyscode authored Jul 11, 2024
    Configuration menu
    Copy the full SHA
    d94f46e View commit details
    Browse the repository at this point in the history

Commits on Jul 18, 2024

  1. docs: CODE_OF_CONDUCT.md (#480) 

    This PR adds a code of conduct document to the repo, as agreed at our recent OSS team catch up.

Signed-off-by: Alan Pope <alan@popey.com>
    @popey
    popey authored Jul 18, 2024
    Configuration menu
    Copy the full SHA
    ca15f99 View commit details
    Browse the repository at this point in the history

  2. chore: Create issue template (#481) 

    Signed-off-by: Alan Pope <alan.pope@anchore.com>
    @popey
    popey authored Jul 18, 2024
    Configuration menu
    Copy the full SHA
    f2d02cb View commit details
    Browse the repository at this point in the history

Commits on Aug 12, 2024

  1. doc: Updates for the Slack to Discourse migration (#484) 

    Signed-off-by: Alan Pope <alan@popey.com>
    @popey
    popey authored Aug 12, 2024
    Configuration menu
    Copy the full SHA
    fe5e7c3 View commit details
    Browse the repository at this point in the history

Commits on Aug 13, 2024

  1. chore(deps): update Syft to v1.11.0 (#483)

    @anchore-actions-token-generator
    anchore-actions-token-generator[bot] authored Aug 13, 2024
    Configuration menu
    Copy the full SHA
    ab9d16d View commit details
    Browse the repository at this point in the history

Commits on Aug 21, 2024

  1. chore(deps): update Syft to v1.11.1 (#485)

    @anchore-actions-token-generator
    anchore-actions-token-generator[bot] authored Aug 21, 2024
    Configuration menu
    Copy the full SHA
    61119d4 View commit details
    Browse the repository at this point in the history

Commits on Sep 17, 2024

  1. chore(deps): bump micromatch from 4.0.4 to 4.0.8 (#491) 

    Bumps [micromatch](https://github.com/micromatch/micromatch) from 4.0.4 to 4.0.8.
- [Release notes](https://github.com/micromatch/micromatch/releases)
- [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/micromatch@4.0.4...4.0.8)

---
updated-dependencies:
- dependency-name: micromatch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 17, 2024
    Configuration menu
    Copy the full SHA
    9249ac2 View commit details
    Browse the repository at this point in the history

  2. chore(deps): bump path-to-regexp from 6.2.2 to 6.3.0 (#492) 

    Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) from 6.2.2 to 6.3.0.
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](pillarjs/path-to-regexp@v6.2.2...v6.3.0)

---
updated-dependencies:
- dependency-name: path-to-regexp
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Sep 17, 2024
    Configuration menu
    Copy the full SHA
    8abbe51 View commit details
    Browse the repository at this point in the history

Commits on Sep 25, 2024

  1. add awaiting response management (#494) 

    Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
    @wagoodman
    wagoodman authored Sep 25, 2024
    Configuration menu
    Copy the full SHA
    dbef896 View commit details
    Browse the repository at this point in the history

Commits on Oct 5, 2024

  1. chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#495) 

    Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@692973e...d632683)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 5, 2024
    Configuration menu
    Copy the full SHA
    5cc1a40 View commit details
    Browse the repository at this point in the history

  2. chore(deps): update Syft to v1.13.0 (#488) 

    Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
    @anchore-actions-token-generator @kzantow
    anchore-actions-token-generator[bot] and kzantow authored Oct 5, 2024
    Configuration menu
    Copy the full SHA
    87b3137 View commit details
    Browse the repository at this point in the history

  3. Update README to include bit about permissions near the top (#496) 

    Currently the info about permissions is below the fold, and I missed it when implementing the action for my own projects.

Signed-off-by: Josh Buker <git-commit@joshbuker.com>
    @joshbuker
    joshbuker authored Oct 5, 2024
    Configuration menu
    Copy the full SHA
    beb779b View commit details
    Browse the repository at this point in the history

Commits on Oct 8, 2024

  1. chore(deps): update Syft to v1.14.0 (#498) 

    * chore(deps): update Syft to v1.14.0

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* chore: fix snapshots and redaction

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>

---------

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Co-authored-by: kzantow <3009477+kzantow@users.noreply.github.com>
Co-authored-by: Will Murphy <willmurphyscode@users.noreply.github.com>
    @anchore-actions-token-generator @kzantow @willmurphyscode
    3 people authored Oct 8, 2024
    Configuration menu
    Copy the full SHA
    8cb9966 View commit details
    Browse the repository at this point in the history

Commits on Oct 9, 2024

  1. chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#497) 

    Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@d632683...eef6144)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 9, 2024
    Configuration menu
    Copy the full SHA
    4a914bc View commit details
    Browse the repository at this point in the history

Commits on Oct 11, 2024

  1. add release docs (#500) 

    Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
    @wagoodman
    wagoodman authored Oct 11, 2024
    Configuration menu
    Copy the full SHA
    2e87236 View commit details
    Browse the repository at this point in the history

  2. chore: remove snapshot tests; fix deprecation errors for outdated pac… 

    …kages (#501)

* chore: fix deprecation errors for outdated packages

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>

* test: remove snapshot tests given they cover syft's correctness and not sbom-action correctness

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>

* chore: run npm i -- u to remove old snapshot

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>

---------

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
    @spiffcs
    spiffcs authored Oct 11, 2024
    Configuration menu
    Copy the full SHA
    18f9bde View commit details
    Browse the repository at this point in the history

  3. chore: configure changelog-ignore label (#499) 

    Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
Co-authored-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
    @willmurphyscode @spiffcs
    willmurphyscode and spiffcs authored Oct 11, 2024
    Configuration menu
    Copy the full SHA
    eff08d0 View commit details
    Browse the repository at this point in the history

  4. chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.5 ( 

    …#493)

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6.1.0 to 7.0.5.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](peter-evans/create-pull-request@c5a7806...5e91468)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 11, 2024
    Configuration menu
    Copy the full SHA
    f5e124a View commit details
    Browse the repository at this point in the history