Lauri Ojansivu
924c579680
Merge pull request #4971 from wekan/dependabot/github_actions/docker/build-push-action-4.1.1
...
Bump docker/build-push-action from 4.1.0 to 4.1.1
2023-06-19 17:15:58 -04:00
dependabot[bot]
b579dc598b
Bump docker/build-push-action from 4.1.0 to 4.1.1
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](44ea916f6c...2eb1c1961a
2023-06-19 20:58:45 +00:00
dependabot[bot]
04c5f60287
Bump docker/metadata-action from 4.5.0 to 4.6.0
...
Bumps [docker/metadata-action](https://github.com/docker/metadata-action ) from 4.5.0 to 4.6.0.
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Commits](2c0bd771b4...818d4b7b91
2023-06-19 20:58:41 +00:00
Lauri Ojansivu
a1ddf8e6d2
Merge pull request #4961 from wekan/dependabot/github_actions/docker/login-action-2.2.0
...
Bump docker/login-action from 2.1.0 to 2.2.0
2023-06-13 00:24:50 +03:00
Lauri Ojansivu
102b39cd29
Merge pull request #4963 from wekan/dependabot/github_actions/docker/build-push-action-4.1.0
...
Bump docker/build-push-action from 4.0.0 to 4.1.0
2023-06-13 00:24:32 +03:00
dependabot[bot]
fb0b762293
Bump docker/build-push-action from 4.0.0 to 4.1.0
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](3b5e8027fc...44ea916f6c
2023-06-12 20:58:03 +00:00
dependabot[bot]
5b799b4536
Bump docker/metadata-action from 4.4.0 to 4.5.0
...
Bumps [docker/metadata-action](https://github.com/docker/metadata-action ) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Commits](c4ee3adeed...2c0bd771b4
2023-06-12 20:58:00 +00:00
dependabot[bot]
8050d7353d
Bump docker/login-action from 2.1.0 to 2.2.0
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](f4ef78c080...465a07811f
2023-06-12 20:57:57 +00:00
dependabot[bot]
1d0da28d9e
Bump docker/metadata-action from 4.3.0 to 4.4.0
...
Bumps [docker/metadata-action](https://github.com/docker/metadata-action ) from 4.3.0 to 4.4.0.
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Commits](507c2f2dc5...c4ee3adeed
2023-04-24 20:59:06 +00:00
dependabot[bot]
b4963d872b
Bump docker/build-push-action from 3.3.0 to 4.0.0
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 3.3.0 to 4.0.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](37abcedcc1...3b5e8027fc
2023-01-30 20:10:05 +00:00
Lauri Ojansivu
bd0b539183
Merge pull request #4809 from wekan/dependabot/github_actions/docker/metadata-action-4.3.0
...
Bump docker/metadata-action from 4.1.1 to 4.3.0
2023-01-16 22:07:29 +02:00
dependabot[bot]
e0aad13fef
Bump docker/metadata-action from 4.1.1 to 4.3.0
...
Bumps [docker/metadata-action](https://github.com/docker/metadata-action ) from 4.1.1 to 4.3.0.
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Commits](57396166ad...507c2f2dc5
2023-01-16 20:05:52 +00:00
dependabot[bot]
05139ed553
Bump docker/build-push-action from 3.2.0 to 3.3.0
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](c56af95754...37abcedcc1
2023-01-16 20:05:48 +00:00
dependabot[bot]
5379541733
Bump helm/chart-releaser-action from 1.4.1 to 1.5.0
...
Bumps [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action ) from 1.4.1 to 1.5.0.
- [Release notes](https://github.com/helm/chart-releaser-action/releases )
- [Commits](https://github.com/helm/chart-releaser-action/compare/v1.4.1...v1.5.0 )
---
updated-dependencies:
- dependency-name: helm/chart-releaser-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-09 20:07:28 +00:00
dependabot[bot]
5507db8950
Bump VeryGoodOpenSource/very_good_coverage from 2.0.0 to 2.1.0
...
Bumps [VeryGoodOpenSource/very_good_coverage](https://github.com/VeryGoodOpenSource/very_good_coverage ) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/VeryGoodOpenSource/very_good_coverage/releases )
- [Changelog](https://github.com/VeryGoodOpenSource/very_good_coverage/blob/main/CHANGELOG.md )
- [Commits](https://github.com/VeryGoodOpenSource/very_good_coverage/compare/v2.0.0...v2.1.0 )
---
updated-dependencies:
- dependency-name: VeryGoodOpenSource/very_good_coverage
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-28 20:04:34 +00:00
dependabot[bot]
c9466c688b
Bump actions/dependency-review-action from 2 to 3
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 2 to 3.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](https://github.com/actions/dependency-review-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-11-14 20:04:55 +00:00
Lauri Ojansivu
e06390362b
Merge pull request #4720 from wekan/dependabot/github_actions/docker/build-push-action-3.2.0
...
Bump docker/build-push-action from 3.1.1 to 3.2.0
2022-10-17 23:37:43 +03:00
Lauri Ojansivu
88cb35e75c
Merge pull request #4719 from wekan/dependabot/github_actions/docker/metadata-action-4.1.1
...
Bump docker/metadata-action from 4.0.1 to 4.1.1
2022-10-17 23:36:51 +03:00
dependabot[bot]
4543fd73df
Bump docker/build-push-action from 3.1.1 to 3.2.0
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 3.1.1 to 3.2.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](c84f382811...c56af95754
2022-10-17 20:21:41 +00:00
dependabot[bot]
4d47f6b80b
Bump docker/metadata-action from 4.0.1 to 4.1.1
...
Bumps [docker/metadata-action](https://github.com/docker/metadata-action ) from 4.0.1 to 4.1.1.
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Commits](69f6fc9d46...57396166ad
2022-10-17 20:21:35 +00:00
dependabot[bot]
5f8f5f2892
Bump docker/login-action from 2.0.0 to 2.1.0
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](49ed152c8e...f4ef78c080
2022-10-17 20:21:32 +00:00
dependabot[bot]
d1dfffb4b2
Bump VeryGoodOpenSource/very_good_coverage from 1.2.1 to 2.0.0
...
Bumps [VeryGoodOpenSource/very_good_coverage](https://github.com/VeryGoodOpenSource/very_good_coverage ) from 1.2.1 to 2.0.0.
- [Release notes](https://github.com/VeryGoodOpenSource/very_good_coverage/releases )
- [Changelog](https://github.com/VeryGoodOpenSource/very_good_coverage/blob/main/CHANGELOG.md )
- [Commits](https://github.com/VeryGoodOpenSource/very_good_coverage/compare/v1.2.1...v2.0.0 )
---
updated-dependencies:
- dependency-name: VeryGoodOpenSource/very_good_coverage
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-10 20:32:20 +00:00
dependabot[bot]
1155cb8d68
Bump helm/chart-releaser-action from 1.4.0 to 1.4.1
...
Bumps [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action ) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/helm/chart-releaser-action/releases )
- [Commits](https://github.com/helm/chart-releaser-action/compare/v1.4.0...v1.4.1 )
---
updated-dependencies:
- dependency-name: helm/chart-releaser-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-03 20:28:35 +00:00
Alex
81e847a153
build: harden GitHub Workflow permissions
...
Signed-off-by: Alex Low <aleksandrosansan@gmail.com>
2022-09-19 17:02:31 +02:00
Alex
834408c740
a new commit message
2022-09-19 17:00:13 +02:00
dependabot[bot]
3762768ed3
Bump docker/build-push-action from 3.1.0 to 3.1.1
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](1cb9d22b93...c84f382811
2022-08-08 20:25:06 +00:00
dependabot[bot]
72c44e703f
Bump docker/build-push-action from 3.0.0 to 3.1.0
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](e551b19e49...1cb9d22b93
2022-07-25 20:54:30 +00:00
dependabot[bot]
b4c74b8d4c
Bump actions/dependency-review-action from 1 to 2
...
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) from 1 to 2.
- [Release notes](https://github.com/actions/dependency-review-action/releases )
- [Commits](https://github.com/actions/dependency-review-action/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: actions/dependency-review-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-20 20:34:39 +00:00
Lauri Ojansivu
947692693c
Merge pull request #4552 from wekan/dependabot/github_actions/VeryGoodOpenSource/very_good_coverage-1.2.1
...
Bump VeryGoodOpenSource/very_good_coverage from 1.1.1 to 1.2.1
2022-06-07 00:37:24 +03:00
Lauri Ojansivu
0c8e812991
Merge pull request #4555 from wekan/dependabot/github_actions/helm/chart-releaser-action-1.4.0
...
Bump helm/chart-releaser-action from 1.1.0 to 1.4.0
2022-06-07 00:35:01 +03:00
Lauri Ojansivu
fb1742b149
Merge pull request #4554 from wekan/dependabot/github_actions/docker/build-push-action-3
...
Bump docker/build-push-action from 2.5.0 to 3
2022-06-07 00:34:37 +03:00
Lauri Ojansivu
054915031e
Merge pull request #4553 from wekan/dependabot/github_actions/actions/download-artifact-3
...
Bump actions/download-artifact from 2 to 3
2022-06-07 00:34:19 +03:00
dependabot[bot]
63e0597c68
Bump actions/upload-artifact from 2 to 3
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 20:20:26 +00:00
dependabot[bot]
c71cedf9f4
Bump helm/chart-releaser-action from 1.1.0 to 1.4.0
...
Bumps [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action ) from 1.1.0 to 1.4.0.
- [Release notes](https://github.com/helm/chart-releaser-action/releases )
- [Commits](https://github.com/helm/chart-releaser-action/compare/v1.1.0...v1.4.0 )
---
updated-dependencies:
- dependency-name: helm/chart-releaser-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 20:20:23 +00:00
dependabot[bot]
f6ee321d0f
Bump docker/build-push-action from 2.5.0 to 3
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 2.5.0 to 3.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](ad44023a93...e551b19e49
2022-06-06 20:20:19 +00:00
dependabot[bot]
2a24720fad
Bump actions/download-artifact from 2 to 3
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 2 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](https://github.com/actions/download-artifact/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 20:20:14 +00:00
dependabot[bot]
a7fd512124
Bump VeryGoodOpenSource/very_good_coverage from 1.1.1 to 1.2.1
...
Bumps [VeryGoodOpenSource/very_good_coverage](https://github.com/VeryGoodOpenSource/very_good_coverage ) from 1.1.1 to 1.2.1.
- [Release notes](https://github.com/VeryGoodOpenSource/very_good_coverage/releases )
- [Changelog](https://github.com/VeryGoodOpenSource/very_good_coverage/blob/main/CHANGELOG.md )
- [Commits](https://github.com/VeryGoodOpenSource/very_good_coverage/compare/v1.1.1...v1.2.1 )
---
updated-dependencies:
- dependency-name: VeryGoodOpenSource/very_good_coverage
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-06-06 20:20:09 +00:00
Lauri Ojansivu
0d7d38b358
Merge pull request #4543 from turrisxyz/Dependency-GitHub
2022-06-02 05:51:49 +03:00
naveen
680770a7df
chore(deps): Included dependency review
...
> Dependency Review GitHub Action in your repository to enforce dependency
> reviews on your pull requests.
> The action scans for vulnerable versions of dependencies introduced by package version
> changes in pull requests,
> and warns you about the associated security vulnerabilities.
> This gives you better visibility of what's changing in a pull request,
> and helps prevent vulnerabilities being added to your repository.
https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-06-01 23:35:00 +00:00
Lauri Ojansivu
14c3432896
Merge pull request #4539 from wekan/dependabot/github_actions/github/codeql-action-2
...
Bump github/codeql-action from 1 to 2
2022-05-31 05:17:43 +03:00
dependabot[bot]
1ed2c3b45a
Bump docker/login-action from 1.9.0 to 2
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 1.9.0 to 2.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](28218f9b04...49ed152c8e
2022-05-31 02:16:56 +00:00
Lauri Ojansivu
81f74f4db6
Merge pull request #4536 from wekan/dependabot/github_actions/docker/metadata-action-4.0.1
...
Bump docker/metadata-action from 3.3.0 to 4.0.1
2022-05-31 05:16:33 +03:00
Lauri Ojansivu
b5bc07d2e7
Merge pull request #4535 from wekan/dependabot/github_actions/actions/checkout-3
...
Bump actions/checkout from 2 to 3
2022-05-31 05:15:57 +03:00
dependabot[bot]
d5247daf8a
Bump github/codeql-action from 1 to 2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-31 02:12:27 +00:00
dependabot[bot]
9ff87d189f
Bump actions/cache from 2 to 3
...
Bumps [actions/cache](https://github.com/actions/cache ) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](https://github.com/actions/cache/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-31 02:12:24 +00:00
dependabot[bot]
2d36116823
Bump docker/metadata-action from 3.3.0 to 4.0.1
...
Bumps [docker/metadata-action](https://github.com/docker/metadata-action ) from 3.3.0 to 4.0.1.
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md )
- [Commits](98669ae865...69f6fc9d46
2022-05-31 02:12:17 +00:00
dependabot[bot]
9f0b9b29a5
Bump actions/checkout from 2 to 3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-05-31 02:12:13 +00:00
Lauri Ojansivu
1d7e08390c
Merge pull request #4534 from turrisxyz/Dependabot-GitHub-Actions
...
chore: Included githubactions in the dependabot config
2022-05-31 05:11:48 +03:00
naveen
bbffa2eb6b
chore: Included githubactions in the dependabot config
...
This should help with keeping the GitHub actions updated on new releases. This will also help with keeping it secure.
Dependabot helps in keeping the supply chain secure https://docs.github.com/en/code-security/dependabot
GitHub actions up to date https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-05-31 01:40:38 +00:00
neilnaveen
355b358fe2
chore: Set permissions for GitHub actions
...
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ )
Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
2022-05-30 01:09:08 +00:00
