Skip to content

Releases: Shopify/hansel

v0.0.14

18 Nov 15:10
67483fb
Compare
Choose a tag to compare

What's Changed

  • goreleaser: apk+deb too by @thepwagner in #260
  • build(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in #259
  • build(deps): bump alpine from 3.20.0 to 3.20.1 by @dependabot in #261
  • build(deps): bump library/golang from 1.22.4-alpine to 1.22.5-alpine by @dependabot in #265
  • build(deps): bump golang from 1.22.4 to 1.22.5 by @dependabot in #264
  • build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 by @dependabot in #267
  • build(deps): bump github.com/goreleaser/nfpm/v2 from 2.37.1 to 2.38.0 by @dependabot in #266
  • build(deps): bump alpine from 3.20.1 to 3.20.2 by @dependabot in #269
  • build(deps): bump docker/login-action from 3.2.0 to 3.3.0 by @dependabot in #268
  • build(deps): bump github.com/urfave/cli/v2 from 2.27.2 to 2.27.3 by @dependabot in #270
  • build(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by @dependabot in #271
  • build(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0 by @dependabot in #272
  • build(deps): bump golang from 1.22.5 to 1.22.6 by @dependabot in #273
  • build(deps): bump library/golang from 1.22.5-alpine to 1.22.6-alpine by @dependabot in #274
  • build(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by @dependabot in #275
  • build(deps): bump github.com/urfave/cli/v2 from 2.27.3 to 2.27.4 by @dependabot in #276
  • build(deps): bump library/golang from 1.22.6-alpine to 1.23.0-alpine by @dependabot in #278
  • build(deps): bump golang from 1.22.6 to 1.23.0 by @dependabot in #277
  • build(deps): bump github.com/goreleaser/nfpm/v2 from 2.38.0 to 2.39.0 by @dependabot in #279
  • build(deps): bump library/golang from 1.23.0-alpine to 1.23.1-alpine by @dependabot in #282
  • build(deps): bump alpine from 3.20.2 to 3.20.3 by @dependabot in #280
  • build(deps): bump golang from 1.23.0 to 1.23.1 by @dependabot in #281
  • build(deps): bump github.com/goreleaser/nfpm/v2 from 2.39.0 to 2.40.0 by @dependabot in #283
  • build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in #284
  • build(deps): bump golang from 1.23.1 to 1.23.2 by @dependabot in #285
  • build(deps): bump library/golang from 1.23.1-alpine to 1.23.2-alpine by @dependabot in #286
  • build(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by @dependabot in #288
  • build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by @dependabot in #287
  • build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot in #289
  • build(deps): bump github.com/urfave/cli/v2 from 2.27.4 to 2.27.5 by @dependabot in #290
  • build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 by @dependabot in #292
  • build(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in #291
  • build(deps): bump github.com/goreleaser/nfpm/v2 from 2.40.0 to 2.41.0 by @dependabot in #293
  • build(deps): bump golang.org/x/sync from 0.8.0 to 0.9.0 by @dependabot in #297
  • build(deps): bump library/golang from 1.23.2-alpine to 1.23.3-alpine by @dependabot in #296
  • build(deps): bump golang from 1.23.2 to 1.23.3 by @dependabot in #295
  • build(deps): bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 by @dependabot in #294
  • build(deps): bump github.com/goreleaser/nfpm/v2 from 2.41.0 to 2.41.1 by @dependabot in #299
  • build(deps): bump alpine from beefdbd to 1e42bbe by @dependabot in #298

Full Changelog: v0.0.13...v0.0.14

v0.0.13

12 Jun 13:38
2829e44
Compare
Choose a tag to compare

What's Changed

  • build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in #238
  • build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @dependabot in #239
  • build(deps): bump github.com/urfave/cli/v2 from 2.27.1 to 2.27.2 by @dependabot in #240
  • build(deps): bump golangci/golangci-lint-action from 5.0.0 to 5.1.0 by @dependabot in #241
  • build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in #242
  • build(deps): bump golangci/golangci-lint-action from 5.1.0 to 5.3.0 by @dependabot in #243
  • build(deps): bump library/golang from 1.22.2-alpine to 1.22.3-alpine by @dependabot in #247
  • build(deps): bump golang from 1.22.2 to 1.22.3 by @dependabot in #246
  • build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in #245
  • build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 by @dependabot in #248
  • build(deps): bump github.com/goreleaser/nfpm/v2 from 2.36.1 to 2.37.0 by @dependabot in #249
  • build(deps): bump github.com/goreleaser/nfpm/v2 from 2.37.0 to 2.37.1 by @dependabot in #250
  • build(deps): bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 by @dependabot in #251
  • shopify-suggested edits by @thepwagner in #252
  • build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in #253
  • build(deps): bump alpine from 3.19.1 to 3.20.0 by @dependabot in #254
  • build(deps): bump docker/login-action from 3.1.0 to 3.2.0 by @dependabot in #255
  • build(deps): bump library/golang from 1.22.3-alpine to 1.22.4-alpine by @dependabot in #257
  • build(deps): bump golang from 1.22.3 to 1.22.4 by @dependabot in #256
  • build(deps): bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by @dependabot in #258

The goreleaser bump is why I'm shipping this now: I want to verify those changes.

Full Changelog: v0.0.12...v0.0.13

v0.0.12

22 Apr 12:31
1dddcd5
Compare
Choose a tag to compare

Clears CVE-2023-45288 from your scanner.

What's Changed

  • build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #229
  • build(deps): bump docker/login-action from 3.0.0 to 3.1.0 by @dependabot in #230
  • build(deps): bump github.com/goreleaser/nfpm/v2 from 2.35.3 to 2.36.1 by @dependabot in #231
  • build(deps): bump golang from 1.22.1 to 1.22.2 by @dependabot in #233
  • build(deps): bump library/golang from 1.22.1-alpine to 1.22.2-alpine by @dependabot in #232
  • build(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 by @dependabot in #234
  • build(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #235
  • build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #237
  • build(deps): bump golang.org/x/net from 0.19.0 to 0.23.0 by @dependabot in #236

Full Changelog: v0.0.11...v0.0.12

v0.0.11

06 Mar 16:43
d61b55d
Compare
Choose a tag to compare

What's Changed

  • build(deps): bump golang.org/x/sync from 0.2.0 to 0.3.0 by @dependabot in #148
  • build(deps): bump alpine from 3.18.0 to 3.18.2 by @dependabot in #147
  • build(deps): bump github.com/goreleaser/nfpm/v2 from 2.30.1 to 2.31.0 by @dependabot in #151
  • build(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.1 by @dependabot in #152
  • build(deps): bump github.com/urfave/cli/v2 from 2.25.6 to 2.25.7 by @dependabot in #149
  • build(deps): bump library/golang from 1.20.5-alpine to 1.20.6-alpine by @dependabot in #154
  • build(deps): bump golang from 1.20.5 to 1.20.6 by @dependabot in #153
  • build(deps): bump github.com/goreleaser/nfpm/v2 from 2.31.0 to 2.32.0 by @dependabot in #155
  • scorecard workflow by @thepwagner in #156
  • cla: via shared workflow by @thepwagner in #157
  • release: shift permissions to job by @thepwagner in #161
  • README: add scorecard badge by @thepwagner in #160
  • Create CODEOWNERS by @thepwagner in #159
  • build(deps): bump github.com/rs/zerolog from 1.29.1 to 1.30.0 by @dependabot in #162
  • build(deps): bump library/golang from 1.20.6-alpine to 1.20.7-alpine by @dependabot in #164
  • build(deps): bump golang from 1.20.6 to 1.20.7 by @dependabot in #163
  • build(deps): bump alpine from 3.18.2 to 3.18.3 by @dependabot in #165
  • build(deps): bump library/golang from 1.20.7-alpine to 1.21.0-alpine by @dependabot in #168
  • build(deps): bump golang from 1.20.7 to 1.21.0 by @dependabot in #167
  • build(deps): bump actions/setup-go from 4.0.1 to 4.1.0 by @dependabot in #166
  • build(deps): bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 by @dependabot in #169
  • build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by @dependabot in #170
  • build(deps): bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in #171
  • build(deps): bump sigstore/cosign-installer from 3.1.1 to 3.1.2 by @dependabot in #172
  • build(deps): bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot in #173
  • build(deps): bump golang from 1.21.0 to 1.21.1 by @dependabot in #176
  • build(deps): bump library/golang from 1.21.0-alpine to 1.21.1-alpine by @dependabot in #175
  • build(deps): bump goreleaser/goreleaser-action from 4.4.0 to 4.6.0 by @dependabot in #174
  • build(deps): bump docker/login-action from 2.2.0 to 3.0.0 by @dependabot in #178
  • build(deps): bump goreleaser/goreleaser-action from 4.6.0 to 5.0.0 by @dependabot in #177
  • build(deps): bump actions/checkout from 4.0.0 to 4.1.0 by @dependabot in #181
  • build(deps): bump github.com/rs/zerolog from 1.30.0 to 1.31.0 by @dependabot in #182
  • build(deps): bump alpine from 3.18.3 to 3.18.4 by @dependabot in #183
  • build(deps): bump github.com/goreleaser/nfpm/v2 from 2.32.0 to 2.33.1 by @dependabot in #180
  • build(deps): bump library/golang from 1.21.1-alpine to 1.21.3-alpine by @dependabot in #188
  • build(deps): bump golang from 1.21.1 to 1.21.3 by @dependabot in #187
  • build(deps): bump golang.org/x/sync from 0.3.0 to 0.4.0 by @dependabot in #186
  • build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 by @dependabot in #189
  • build(deps): bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in #191
  • build(deps): bump github.com/go-logr/logr from 1.2.4 to 1.3.0 by @dependabot in #193
  • build(deps): bump github.com/goreleaser/nfpm/v2 from 2.33.1 to 2.34.0 by @dependabot in #192
  • build(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 by @dependabot in #194
  • build(deps): bump library/golang from 1.21.3-alpine to 1.21.4-alpine by @dependabot in #197
  • build(deps): bump golang from 1.21.3 to 1.21.4 by @dependabot in #196
  • build(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0 by @dependabot in #195
  • golang1.21 + slog by @thepwagner in #198
  • build(deps): bump alpine from 3.18.4 to 3.18.5 by @dependabot in #200
  • build(deps): bump Shopify/github-workflows from 0.0.6 to 0.1.0 by @dependabot in #199
  • Remove scorecard workflow by @thepwagner in #190
  • build(deps): bump github.com/urfave/cli/v2 from 2.25.7 to 2.26.0 by @dependabot in #201
  • build(deps): bump Shopify/github-workflows from 0.1.0 to 0.2.0 by @dependabot in #204
  • build(deps): bump golang from 1.21.4 to 1.21.5 by @dependabot in #203
  • build(deps): bump library/golang from 1.21.4-alpine to 1.21.5-alpine by @dependabot in #202
  • build(deps): bump alpine from 3.18.5 to 3.19.0 by @dependabot in #206
  • build(deps): bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot in #205
  • build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 by @dependabot in #207
  • build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #208
  • build(deps): bump github.com/urfave/cli/v2 from 2.26.0 to 2.27.1 by @dependabot in #213
  • build(deps): bump github.com/goreleaser/nfpm/v2 from 2.34.0 to 2.35.1 by @dependabot in #211
  • build(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.11.0 by @dependabot in #212
  • build(deps): bump golang.org/x/sync from 0.5.0 to 0.6.0 by @dependabot in #215
  • build(deps): bump github.com/goreleaser/nfpm/v2 from 2.35.1 to 2.35.2 by @dependabot in #214
  • build(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 by @dependabot in #216
  • build(deps): bump library/golang from 1.21.5-alpine to 1.21.6-alpine by @dependabot in #218
  • build(deps): bump golang from 1.21.5 to 1.21.6 by @dependabot in #217
  • ci: Use GITHUB_OUTPUT envvar instead of set-output command by @arunsathiya in #219
  • build(deps): bump alpine from 3.19.0 to 3.19.1 by @dependabot in #220
  • build(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @dependabot in #221
  • build(deps): bump github.com/goreleaser/nfpm/v2 from 2.35.2 to 2.35.3 by @dependabot in #222
  • build(deps): bump library/golang from 1.21.6-alpine to 1.22.0-alpine by @dependabot in #224
  • build(deps): bump golang from 1.21.6 to 1.22.0 by @dependabot in #223
  • build(deps): bump golangci/golangci-lint-action from 3.7.0 to 3.7.1 by @dependabot in #225
  • build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in #226
  • build(deps): bump golang from 1.22.0 to 1.22.1 by @dependabot in #228
  • build(deps): bump library/golang from 1.22.0-alpine to 1.22.1-alpine by @dependabot in #227

New Contributors

Full Changelog: v0.0.10...v0.0.11

v0.0.10

13 Jun 10:47
1c45c1b
Compare
Choose a tag to compare

The previous build hits for GHSA-w7jw-q4fg-qc4c .
This isn't a practical concern, but since our goal is to decorate SBOMs - we should strive to not produce additional noise.

What's Changed

  • build(deps): bump golang from 1.20.1 to 1.20.2 by @dependabot in #106
  • build(deps): bump library/golang from 1.20.1-alpine to 1.20.2-alpine by @dependabot in #105
  • build(deps): bump actions/checkout from 3.3.0 to 3.4.0 by @dependabot in #108
  • build(deps): bump actions/setup-go from 3.5.0 to 4.0.0 by @dependabot in #109
  • build(deps): bump github.com/goreleaser/nfpm/v2 from 2.26.0 to 2.27.1 by @dependabot in #110
  • build(deps): bump actions/checkout from 3.4.0 to 3.5.0 by @dependabot in #111
  • build(deps): bump github.com/urfave/cli/v2 from 2.25.0 to 2.25.1 by @dependabot in #112
  • build(deps): bump github.com/goreleaser/nfpm/v2 from 2.27.1 to 2.28.0 by @dependabot in #117
  • build(deps): bump golang from 1.20.2 to 1.20.3 by @dependabot in #116
  • build(deps): bump library/golang from 1.20.2-alpine to 1.20.3-alpine by @dependabot in #115
  • build(deps): bump alpine from 3.17.2 to 3.17.3 by @dependabot in #113
  • build(deps): bump github.com/go-logr/logr from 1.2.3 to 1.2.4 by @dependabot in #114
  • build(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.2 by @dependabot in #118
  • build(deps): bump actions/checkout from 3.5.0 to 3.5.1 by @dependabot in #119
  • build(deps): bump actions/checkout from 3.5.1 to 3.5.2 by @dependabot in #121
  • build(deps): bump github.com/rs/zerolog from 1.29.0 to 1.29.1 by @dependabot in #120
  • build(deps): bump sigstore/cosign-installer from 3.0.2 to 3.0.3 by @dependabot in #122
  • build(deps): bump github.com/urfave/cli/v2 from 2.25.1 to 2.25.2 by @dependabot in #123
  • build(deps): bump library/golang from 1.20.3-alpine to 1.20.4-alpine by @dependabot in #126
  • build(deps): bump golang from 1.20.3 to 1.20.4 by @dependabot in #125
  • build(deps): bump github.com/urfave/cli/v2 from 2.25.2 to 2.25.3 by @dependabot in #124
  • build(deps): bump alpine from 3.17.3 to 3.18.0 by @dependabot in #128
  • build(deps): bump golang.org/x/sync from 0.1.0 to 0.2.0 by @dependabot in #127
  • build(deps): bump actions/setup-go from 4.0.0 to 4.0.1 by @dependabot in #129
  • build(deps): bump sigstore/cosign-installer from 3.0.3 to 3.0.4 by @dependabot in #130
  • build(deps): bump sigstore/cosign-installer from 3.0.4 to 3.0.5 by @dependabot in #131
  • build(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 by @dependabot in #132
  • build(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 by @dependabot in #136
  • build(deps): bump library/golang from 1.20.4-alpine to 1.20.5-alpine by @dependabot in #140
  • build(deps): bump golang from 1.20.4 to 1.20.5 by @dependabot in #139
  • build(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 by @dependabot in #137
  • build(deps): bump github.com/goreleaser/nfpm/v2 from 2.28.0 to 2.30.1 by @dependabot in #141
  • build(deps): bump github.com/urfave/cli/v2 from 2.25.3 to 2.25.5 by @dependabot in #135
  • build(deps): bump docker/login-action from 2.1.0 to 2.2.0 by @dependabot in #142
  • build(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 by @dependabot in #146
  • build(deps): bump github.com/urfave/cli/v2 from 2.25.5 to 2.25.6 by @dependabot in #144
  • build(deps): bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in #143
  • build(deps): bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 by @dependabot in #145

Full Changelog: v0.0.9...v0.0.10

v0.0.9

06 Mar 13:59
f2780c6
Compare
Choose a tag to compare

What's Changed

  • dependabot: github-actions too by @thepwagner in #74
  • Bump golangci/golangci-lint-action from 3.2.0 to 3.3.1 by @dependabot in #75
  • Bump actions/checkout from 3.0.2 to 3.3.0 by @dependabot in #78
  • Bump docker/login-action from 2.0.0 to 2.1.0 by @dependabot in #76
  • Bump goreleaser/goreleaser-action from 2.9.1 to 4.1.0 by @dependabot in #79
  • Bump github.com/urfave/cli/v2 from 2.23.7 to 2.24.1 by @dependabot in #80
  • Bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 by @dependabot in #82
  • Bump goreleaser/goreleaser-action from 4.1.0 to 4.1.1 by @dependabot in #85
  • Bump github.com/rs/zerolog from 1.28.0 to 1.29.0 by @dependabot in #83
  • Bump github.com/urfave/cli/v2 from 2.24.1 to 2.24.2 by @dependabot in #84
  • Bump goreleaser/goreleaser-action from 4.1.1 to 4.2.0 by @dependabot in #86
  • Bump golang from 1.19.5 to 1.20.0 by @dependabot in #88
  • Bump github.com/go-logr/zerologr from 1.2.2 to 1.2.3 by @dependabot in #87
  • Bump github.com/urfave/cli/v2 from 2.24.2 to 2.24.3 by @dependabot in #91
  • Bump alpine from 3.17.1 to 3.17.2 by @dependabot in #93
  • Bump actions/setup-go from 3.0.0 to 3.5.0 by @dependabot in #77
  • Bump library/golang from 1.19.5-alpine to 1.20.0-alpine by @dependabot in #90
  • Bump github.com/goreleaser/nfpm/v2 from 2.23.0 to 2.26.0 by @dependabot in #94
  • build(deps): bump library/golang from 1.20.0-alpine to 1.20.1-alpine by @dependabot in #96
  • build(deps): bump golang from 1.20.0 to 1.20.1 by @dependabot in #95
  • build(deps): bump github.com/urfave/cli/v2 from 2.24.3 to 2.24.4 by @dependabot in #97
  • build(deps): bump golang.org/x/net from 0.4.0 to 0.7.0 by @dependabot in #98
  • build(deps): bump golang.org/x/sync from 0.0.0-20210220032951-036812b2e83c to 0.1.0 by @dependabot in #99
  • build(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 by @dependabot in #100
  • build(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 by @dependabot in #101
  • build(deps): bump github.com/urfave/cli/v2 from 2.24.4 to 2.25.0 by @dependabot in #102
  • sign-blob -y by @thepwagner in #103
  • cosign sign -y by @thepwagner in #104

Full Changelog: v0.0.8...v0.0.9

v0.0.8

11 Jan 13:20
f71f22c
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.0.7...v0.0.8

v0.0.7

14 Nov 13:23
a262a9c
Compare
Choose a tag to compare

What's Changed

  • Bump github.com/urfave/cli/v2 from 2.11.2 to 2.14.1 by @dependabot in #39
  • Bump library/golang from 1.19.0-alpine to 1.19.1-alpine by @dependabot in #41
  • Bump golang from 1.19.0 to 1.19.1 by @dependabot in #40
  • Bump github.com/urfave/cli/v2 from 2.14.1 to 2.16.2 by @dependabot in #42
  • Bump github.com/urfave/cli/v2 from 2.16.2 to 2.16.3 by @dependabot in #43
  • Bump github.com/goreleaser/nfpm/v2 from 2.18.1 to 2.19.1 by @dependabot in #44
  • Bump github.com/urfave/cli/v2 from 2.16.3 to 2.17.1 by @dependabot in #45
  • Bump github.com/goreleaser/nfpm/v2 from 2.19.1 to 2.19.2 by @dependabot in #46
  • Bump library/golang from 1.19.1-alpine to 1.19.2-alpine by @dependabot in #48
  • Bump golang from 1.19.1 to 1.19.2 by @dependabot in #47
  • Bump github.com/urfave/cli/v2 from 2.17.1 to 2.19.2 by @dependabot in #49
  • Bump github.com/goreleaser/nfpm/v2 from 2.19.2 to 2.20.0 by @dependabot in #51
  • Bump github.com/urfave/cli/v2 from 2.19.2 to 2.20.2 by @dependabot in #50
  • Bump github.com/urfave/cli/v2 from 2.20.2 to 2.20.3 by @dependabot in #53
  • Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 by @dependabot in #52
  • Bump github.com/urfave/cli/v2 from 2.20.3 to 2.23.0 by @dependabot in #54
  • Bump golang from 1.19.2 to 1.19.3 by @dependabot in #56
  • Bump library/golang from 1.19.2-alpine to 1.19.3-alpine by @dependabot in #55
  • Bump github.com/goreleaser/nfpm/v2 from 2.20.0 to 2.21.0 by @dependabot in #57
  • Bump github.com/urfave/cli/v2 from 2.23.0 to 2.23.2 by @dependabot in #58
  • Bump github.com/urfave/cli/v2 from 2.23.2 to 2.23.5 by @dependabot in #59
  • Bump github.com/goreleaser/nfpm/v2 from 2.21.0 to 2.22.0 by @dependabot in #62
  • Bump alpine from 3.16.2 to 3.16.3 by @dependabot in #61

Thanks Dependabot! 🤩

Full Changelog: v0.0.6...v0.0.7

v0.0.6

31 Aug 17:57
30c48cb
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v0.0.5...v0.0.6

The v0.0.5 image is getting noisy:

Pre: v0.0.5
ghcr.io/shopify/hansel:0.0.5 (alpine 3.16.1)

Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 1)

┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Installed Version │ Fixed Version │                           Title                           │
├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────────┤
│ zlib    │ CVE-2022-37434 │ CRITICAL │ 1.2.12-r1         │ 1.2.12-r2     │ zlib: a heap-based buffer over-read or buffer overflow in │
│         │                │          │                   │               │ inflate in inflate.c...                                   │
│         │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-37434                │
└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────────┘

usr/bin/hansel (gobinary)

Total: 4 (UNKNOWN: 1, LOW: 0, MEDIUM: 1, HIGH: 2, CRITICAL: 0)

┌─────────────────────┬─────────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬────────────────────────────────────────────────────────────┐
│       Library       │    Vulnerability    │ Severity │         Installed Version          │           Fixed Version           │                           Title                            │
├─────────────────────┼─────────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ golang.org/x/crypto │ CVE-2022-27191      │ HIGH     │ v0.0.0-20211215165025-cf75a172585e │ 0.0.0-20220314234659-1baeb1ce4c0b │ golang: crash in a golang.org/x/crypto/ssh server          │
│                     │                     │          │                                    │                                   │ https://avd.aquasec.com/nvd/cve-2022-27191                 │
│                     ├─────────────────────┼──────────┤                                    │                                   ├────────────────────────────────────────────────────────────┤
│                     │ GHSA-8c26-wmh5-6g9v │ UNKNOWN  │                                    │                                   │ Attackers can cause a crash in SSH servers when the server │
│                     │                     │          │                                    │                                   │ has...                                                     │
│                     │                     │          │                                    │                                   │ https://github.com/advisories/GHSA-8c26-wmh5-6g9v          │
├─────────────────────┼─────────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ golang.org/x/net    │ CVE-2021-44716      │ HIGH     │ v0.0.0-20211007125505-59d4e928ea9d │ 0.0.0-20211209124913-491a49abca63 │ golang: net/http: limit growth of header canonicalization  │
│                     │                     │          │                                    │                                   │ cache                                                      │
│                     │                     │          │                                    │                                   │ https://avd.aquasec.com/nvd/cve-2021-44716                 │
├─────────────────────┼─────────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ golang.org/x/sys    │ CVE-2022-29526      │ MEDIUM   │ v0.0.0-20211205182925-97ca703d548d │ 0.0.0-20220412211240-33da011f77ad │ golang: syscall: faccessat checks wrong group              │
│                     │                     │          │                                    │                                   │ https://avd.aquasec.com/nvd/cve-2022-29526                 │
└─────────────────────┴─────────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴────────────────────────────────────────────────────────────┘
Post: v0.0.6-rc
ghcr.io/shopify/hansel:0.0.5-SNAPSHOT-30c48cb-amd64 (alpine 3.16.2)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

v0.0.5

19 Jul 12:28
v0.0.5
81c647e
Compare
Choose a tag to compare

Changelog

  • 81c647e Bump alpine from 3.16.0 to 3.16.1 (#27)
  • 52100dd go 1.18.4 (#25)
  • c5c8ea3 Bump github.com/urfave/cli/v2 from 2.10.3 to 2.11.0 (#23)
  • 3939d60 Bump github.com/stretchr/testify from 1.7.5 to 1.8.0 (#22)