Releases: Shopify/hansel
Releases · Shopify/hansel
v0.0.14
What's Changed
- goreleaser: apk+deb too by @thepwagner in #260
- build(deps): bump actions/checkout from 4.1.6 to 4.1.7 by @dependabot in #259
- build(deps): bump alpine from 3.20.0 to 3.20.1 by @dependabot in #261
- build(deps): bump library/golang from 1.22.4-alpine to 1.22.5-alpine by @dependabot in #265
- build(deps): bump golang from 1.22.4 to 1.22.5 by @dependabot in #264
- build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 by @dependabot in #267
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.37.1 to 2.38.0 by @dependabot in #266
- build(deps): bump alpine from 3.20.1 to 3.20.2 by @dependabot in #269
- build(deps): bump docker/login-action from 3.2.0 to 3.3.0 by @dependabot in #268
- build(deps): bump github.com/urfave/cli/v2 from 2.27.2 to 2.27.3 by @dependabot in #270
- build(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 by @dependabot in #271
- build(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0 by @dependabot in #272
- build(deps): bump golang from 1.22.5 to 1.22.6 by @dependabot in #273
- build(deps): bump library/golang from 1.22.5-alpine to 1.22.6-alpine by @dependabot in #274
- build(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 by @dependabot in #275
- build(deps): bump github.com/urfave/cli/v2 from 2.27.3 to 2.27.4 by @dependabot in #276
- build(deps): bump library/golang from 1.22.6-alpine to 1.23.0-alpine by @dependabot in #278
- build(deps): bump golang from 1.22.6 to 1.23.0 by @dependabot in #277
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.38.0 to 2.39.0 by @dependabot in #279
- build(deps): bump library/golang from 1.23.0-alpine to 1.23.1-alpine by @dependabot in #282
- build(deps): bump alpine from 3.20.2 to 3.20.3 by @dependabot in #280
- build(deps): bump golang from 1.23.0 to 1.23.1 by @dependabot in #281
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.39.0 to 2.40.0 by @dependabot in #283
- build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in #284
- build(deps): bump golang from 1.23.1 to 1.23.2 by @dependabot in #285
- build(deps): bump library/golang from 1.23.1-alpine to 1.23.2-alpine by @dependabot in #286
- build(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 by @dependabot in #288
- build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 by @dependabot in #287
- build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot in #289
- build(deps): bump github.com/urfave/cli/v2 from 2.27.4 to 2.27.5 by @dependabot in #290
- build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 by @dependabot in #292
- build(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in #291
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.40.0 to 2.41.0 by @dependabot in #293
- build(deps): bump golang.org/x/sync from 0.8.0 to 0.9.0 by @dependabot in #297
- build(deps): bump library/golang from 1.23.2-alpine to 1.23.3-alpine by @dependabot in #296
- build(deps): bump golang from 1.23.2 to 1.23.3 by @dependabot in #295
- build(deps): bump goreleaser/goreleaser-action from 6.0.0 to 6.1.0 by @dependabot in #294
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.41.0 to 2.41.1 by @dependabot in #299
- build(deps): bump alpine from
beefdbd
to1e42bbe
by @dependabot in #298
Full Changelog: v0.0.13...v0.0.14
v0.0.13
What's Changed
- build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in #238
- build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @dependabot in #239
- build(deps): bump github.com/urfave/cli/v2 from 2.27.1 to 2.27.2 by @dependabot in #240
- build(deps): bump golangci/golangci-lint-action from 5.0.0 to 5.1.0 by @dependabot in #241
- build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in #242
- build(deps): bump golangci/golangci-lint-action from 5.1.0 to 5.3.0 by @dependabot in #243
- build(deps): bump library/golang from 1.22.2-alpine to 1.22.3-alpine by @dependabot in #247
- build(deps): bump golang from 1.22.2 to 1.22.3 by @dependabot in #246
- build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in #245
- build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 by @dependabot in #248
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.36.1 to 2.37.0 by @dependabot in #249
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.37.0 to 2.37.1 by @dependabot in #250
- build(deps): bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 by @dependabot in #251
- shopify-suggested edits by @thepwagner in #252
- build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in #253
- build(deps): bump alpine from 3.19.1 to 3.20.0 by @dependabot in #254
- build(deps): bump docker/login-action from 3.1.0 to 3.2.0 by @dependabot in #255
- build(deps): bump library/golang from 1.22.3-alpine to 1.22.4-alpine by @dependabot in #257
- build(deps): bump golang from 1.22.3 to 1.22.4 by @dependabot in #256
- build(deps): bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by @dependabot in #258
The goreleaser
bump is why I'm shipping this now: I want to verify those changes.
Full Changelog: v0.0.12...v0.0.13
v0.0.12
Clears CVE-2023-45288
from your scanner.
What's Changed
- build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #229
- build(deps): bump docker/login-action from 3.0.0 to 3.1.0 by @dependabot in #230
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.35.3 to 2.36.1 by @dependabot in #231
- build(deps): bump golang from 1.22.1 to 1.22.2 by @dependabot in #233
- build(deps): bump library/golang from 1.22.1-alpine to 1.22.2-alpine by @dependabot in #232
- build(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 by @dependabot in #234
- build(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #235
- build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #237
- build(deps): bump golang.org/x/net from 0.19.0 to 0.23.0 by @dependabot in #236
Full Changelog: v0.0.11...v0.0.12
v0.0.11
What's Changed
- build(deps): bump golang.org/x/sync from 0.2.0 to 0.3.0 by @dependabot in #148
- build(deps): bump alpine from 3.18.0 to 3.18.2 by @dependabot in #147
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.30.1 to 2.31.0 by @dependabot in #151
- build(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.1 by @dependabot in #152
- build(deps): bump github.com/urfave/cli/v2 from 2.25.6 to 2.25.7 by @dependabot in #149
- build(deps): bump library/golang from 1.20.5-alpine to 1.20.6-alpine by @dependabot in #154
- build(deps): bump golang from 1.20.5 to 1.20.6 by @dependabot in #153
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.31.0 to 2.32.0 by @dependabot in #155
- scorecard workflow by @thepwagner in #156
- cla: via shared workflow by @thepwagner in #157
- release: shift permissions to job by @thepwagner in #161
- README: add scorecard badge by @thepwagner in #160
- Create CODEOWNERS by @thepwagner in #159
- build(deps): bump github.com/rs/zerolog from 1.29.1 to 1.30.0 by @dependabot in #162
- build(deps): bump library/golang from 1.20.6-alpine to 1.20.7-alpine by @dependabot in #164
- build(deps): bump golang from 1.20.6 to 1.20.7 by @dependabot in #163
- build(deps): bump alpine from 3.18.2 to 3.18.3 by @dependabot in #165
- build(deps): bump library/golang from 1.20.7-alpine to 1.21.0-alpine by @dependabot in #168
- build(deps): bump golang from 1.20.7 to 1.21.0 by @dependabot in #167
- build(deps): bump actions/setup-go from 4.0.1 to 4.1.0 by @dependabot in #166
- build(deps): bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 by @dependabot in #169
- build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by @dependabot in #170
- build(deps): bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in #171
- build(deps): bump sigstore/cosign-installer from 3.1.1 to 3.1.2 by @dependabot in #172
- build(deps): bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot in #173
- build(deps): bump golang from 1.21.0 to 1.21.1 by @dependabot in #176
- build(deps): bump library/golang from 1.21.0-alpine to 1.21.1-alpine by @dependabot in #175
- build(deps): bump goreleaser/goreleaser-action from 4.4.0 to 4.6.0 by @dependabot in #174
- build(deps): bump docker/login-action from 2.2.0 to 3.0.0 by @dependabot in #178
- build(deps): bump goreleaser/goreleaser-action from 4.6.0 to 5.0.0 by @dependabot in #177
- build(deps): bump actions/checkout from 4.0.0 to 4.1.0 by @dependabot in #181
- build(deps): bump github.com/rs/zerolog from 1.30.0 to 1.31.0 by @dependabot in #182
- build(deps): bump alpine from 3.18.3 to 3.18.4 by @dependabot in #183
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.32.0 to 2.33.1 by @dependabot in #180
- build(deps): bump library/golang from 1.21.1-alpine to 1.21.3-alpine by @dependabot in #188
- build(deps): bump golang from 1.21.1 to 1.21.3 by @dependabot in #187
- build(deps): bump golang.org/x/sync from 0.3.0 to 0.4.0 by @dependabot in #186
- build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 by @dependabot in #189
- build(deps): bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in #191
- build(deps): bump github.com/go-logr/logr from 1.2.4 to 1.3.0 by @dependabot in #193
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.33.1 to 2.34.0 by @dependabot in #192
- build(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 by @dependabot in #194
- build(deps): bump library/golang from 1.21.3-alpine to 1.21.4-alpine by @dependabot in #197
- build(deps): bump golang from 1.21.3 to 1.21.4 by @dependabot in #196
- build(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0 by @dependabot in #195
- golang1.21 + slog by @thepwagner in #198
- build(deps): bump alpine from 3.18.4 to 3.18.5 by @dependabot in #200
- build(deps): bump Shopify/github-workflows from 0.0.6 to 0.1.0 by @dependabot in #199
- Remove scorecard workflow by @thepwagner in #190
- build(deps): bump github.com/urfave/cli/v2 from 2.25.7 to 2.26.0 by @dependabot in #201
- build(deps): bump Shopify/github-workflows from 0.1.0 to 0.2.0 by @dependabot in #204
- build(deps): bump golang from 1.21.4 to 1.21.5 by @dependabot in #203
- build(deps): bump library/golang from 1.21.4-alpine to 1.21.5-alpine by @dependabot in #202
- build(deps): bump alpine from 3.18.5 to 3.19.0 by @dependabot in #206
- build(deps): bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot in #205
- build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 by @dependabot in #207
- build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #208
- build(deps): bump github.com/urfave/cli/v2 from 2.26.0 to 2.27.1 by @dependabot in #213
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.34.0 to 2.35.1 by @dependabot in #211
- build(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.11.0 by @dependabot in #212
- build(deps): bump golang.org/x/sync from 0.5.0 to 0.6.0 by @dependabot in #215
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.35.1 to 2.35.2 by @dependabot in #214
- build(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 by @dependabot in #216
- build(deps): bump library/golang from 1.21.5-alpine to 1.21.6-alpine by @dependabot in #218
- build(deps): bump golang from 1.21.5 to 1.21.6 by @dependabot in #217
- ci: Use GITHUB_OUTPUT envvar instead of set-output command by @arunsathiya in #219
- build(deps): bump alpine from 3.19.0 to 3.19.1 by @dependabot in #220
- build(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @dependabot in #221
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.35.2 to 2.35.3 by @dependabot in #222
- build(deps): bump library/golang from 1.21.6-alpine to 1.22.0-alpine by @dependabot in #224
- build(deps): bump golang from 1.21.6 to 1.22.0 by @dependabot in #223
- build(deps): bump golangci/golangci-lint-action from 3.7.0 to 3.7.1 by @dependabot in #225
- build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in #226
- build(deps): bump golang from 1.22.0 to 1.22.1 by @dependabot in #228
- build(deps): bump library/golang from 1.22.0-alpine to 1.22.1-alpine by @dependabot in #227
New Contributors
- @arunsathiya made their first contribution in #219
Full Changelog: v0.0.10...v0.0.11
v0.0.10
The previous build hits for GHSA-w7jw-q4fg-qc4c .
This isn't a practical concern, but since our goal is to decorate SBOMs - we should strive to not produce additional noise.
What's Changed
- build(deps): bump golang from 1.20.1 to 1.20.2 by @dependabot in #106
- build(deps): bump library/golang from 1.20.1-alpine to 1.20.2-alpine by @dependabot in #105
- build(deps): bump actions/checkout from 3.3.0 to 3.4.0 by @dependabot in #108
- build(deps): bump actions/setup-go from 3.5.0 to 4.0.0 by @dependabot in #109
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.26.0 to 2.27.1 by @dependabot in #110
- build(deps): bump actions/checkout from 3.4.0 to 3.5.0 by @dependabot in #111
- build(deps): bump github.com/urfave/cli/v2 from 2.25.0 to 2.25.1 by @dependabot in #112
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.27.1 to 2.28.0 by @dependabot in #117
- build(deps): bump golang from 1.20.2 to 1.20.3 by @dependabot in #116
- build(deps): bump library/golang from 1.20.2-alpine to 1.20.3-alpine by @dependabot in #115
- build(deps): bump alpine from 3.17.2 to 3.17.3 by @dependabot in #113
- build(deps): bump github.com/go-logr/logr from 1.2.3 to 1.2.4 by @dependabot in #114
- build(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.2 by @dependabot in #118
- build(deps): bump actions/checkout from 3.5.0 to 3.5.1 by @dependabot in #119
- build(deps): bump actions/checkout from 3.5.1 to 3.5.2 by @dependabot in #121
- build(deps): bump github.com/rs/zerolog from 1.29.0 to 1.29.1 by @dependabot in #120
- build(deps): bump sigstore/cosign-installer from 3.0.2 to 3.0.3 by @dependabot in #122
- build(deps): bump github.com/urfave/cli/v2 from 2.25.1 to 2.25.2 by @dependabot in #123
- build(deps): bump library/golang from 1.20.3-alpine to 1.20.4-alpine by @dependabot in #126
- build(deps): bump golang from 1.20.3 to 1.20.4 by @dependabot in #125
- build(deps): bump github.com/urfave/cli/v2 from 2.25.2 to 2.25.3 by @dependabot in #124
- build(deps): bump alpine from 3.17.3 to 3.18.0 by @dependabot in #128
- build(deps): bump golang.org/x/sync from 0.1.0 to 0.2.0 by @dependabot in #127
- build(deps): bump actions/setup-go from 4.0.0 to 4.0.1 by @dependabot in #129
- build(deps): bump sigstore/cosign-installer from 3.0.3 to 3.0.4 by @dependabot in #130
- build(deps): bump sigstore/cosign-installer from 3.0.4 to 3.0.5 by @dependabot in #131
- build(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 by @dependabot in #132
- build(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 by @dependabot in #136
- build(deps): bump library/golang from 1.20.4-alpine to 1.20.5-alpine by @dependabot in #140
- build(deps): bump golang from 1.20.4 to 1.20.5 by @dependabot in #139
- build(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 by @dependabot in #137
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.28.0 to 2.30.1 by @dependabot in #141
- build(deps): bump github.com/urfave/cli/v2 from 2.25.3 to 2.25.5 by @dependabot in #135
- build(deps): bump docker/login-action from 2.1.0 to 2.2.0 by @dependabot in #142
- build(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 by @dependabot in #146
- build(deps): bump github.com/urfave/cli/v2 from 2.25.5 to 2.25.6 by @dependabot in #144
- build(deps): bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in #143
- build(deps): bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 by @dependabot in #145
Full Changelog: v0.0.9...v0.0.10
v0.0.9
What's Changed
- dependabot: github-actions too by @thepwagner in #74
- Bump golangci/golangci-lint-action from 3.2.0 to 3.3.1 by @dependabot in #75
- Bump actions/checkout from 3.0.2 to 3.3.0 by @dependabot in #78
- Bump docker/login-action from 2.0.0 to 2.1.0 by @dependabot in #76
- Bump goreleaser/goreleaser-action from 2.9.1 to 4.1.0 by @dependabot in #79
- Bump github.com/urfave/cli/v2 from 2.23.7 to 2.24.1 by @dependabot in #80
- Bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 by @dependabot in #82
- Bump goreleaser/goreleaser-action from 4.1.0 to 4.1.1 by @dependabot in #85
- Bump github.com/rs/zerolog from 1.28.0 to 1.29.0 by @dependabot in #83
- Bump github.com/urfave/cli/v2 from 2.24.1 to 2.24.2 by @dependabot in #84
- Bump goreleaser/goreleaser-action from 4.1.1 to 4.2.0 by @dependabot in #86
- Bump golang from 1.19.5 to 1.20.0 by @dependabot in #88
- Bump github.com/go-logr/zerologr from 1.2.2 to 1.2.3 by @dependabot in #87
- Bump github.com/urfave/cli/v2 from 2.24.2 to 2.24.3 by @dependabot in #91
- Bump alpine from 3.17.1 to 3.17.2 by @dependabot in #93
- Bump actions/setup-go from 3.0.0 to 3.5.0 by @dependabot in #77
- Bump library/golang from 1.19.5-alpine to 1.20.0-alpine by @dependabot in #90
- Bump github.com/goreleaser/nfpm/v2 from 2.23.0 to 2.26.0 by @dependabot in #94
- build(deps): bump library/golang from 1.20.0-alpine to 1.20.1-alpine by @dependabot in #96
- build(deps): bump golang from 1.20.0 to 1.20.1 by @dependabot in #95
- build(deps): bump github.com/urfave/cli/v2 from 2.24.3 to 2.24.4 by @dependabot in #97
- build(deps): bump golang.org/x/net from 0.4.0 to 0.7.0 by @dependabot in #98
- build(deps): bump golang.org/x/sync from 0.0.0-20210220032951-036812b2e83c to 0.1.0 by @dependabot in #99
- build(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 by @dependabot in #100
- build(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 by @dependabot in #101
- build(deps): bump github.com/urfave/cli/v2 from 2.24.4 to 2.25.0 by @dependabot in #102
- sign-blob -y by @thepwagner in #103
- cosign sign -y by @thepwagner in #104
Full Changelog: v0.0.8...v0.0.9
v0.0.8
What's Changed
- Bump github.com/goreleaser/nfpm/v2 from 2.22.0 to 2.22.1 by @dependabot in #63
- Bump alpine from 3.16.3 to 3.17.0 by @dependabot in #64
- Bump github.com/goreleaser/nfpm/v2 from 2.22.1 to 2.22.2 by @dependabot in #65
- Bump library/golang from 1.19.3-alpine to 1.19.4-alpine by @dependabot in #68
- Bump golang from 1.19.3 to 1.19.4 by @dependabot in #67
- Bump github.com/urfave/cli/v2 from 2.23.5 to 2.23.6 by @dependabot in #66
- Bump github.com/urfave/cli/v2 from 2.23.6 to 2.23.7 by @dependabot in #69
- Bump github.com/goreleaser/nfpm/v2 from 2.22.2 to 2.23.0 by @dependabot in #70
- Bump alpine from 3.17.0 to 3.17.1 by @dependabot in #71
- Bump library/golang from 1.19.4-alpine to 1.19.5-alpine by @dependabot in #73
- Bump golang from 1.19.4 to 1.19.5 by @dependabot in #72
Full Changelog: v0.0.7...v0.0.8
v0.0.7
What's Changed
- Bump github.com/urfave/cli/v2 from 2.11.2 to 2.14.1 by @dependabot in #39
- Bump library/golang from 1.19.0-alpine to 1.19.1-alpine by @dependabot in #41
- Bump golang from 1.19.0 to 1.19.1 by @dependabot in #40
- Bump github.com/urfave/cli/v2 from 2.14.1 to 2.16.2 by @dependabot in #42
- Bump github.com/urfave/cli/v2 from 2.16.2 to 2.16.3 by @dependabot in #43
- Bump github.com/goreleaser/nfpm/v2 from 2.18.1 to 2.19.1 by @dependabot in #44
- Bump github.com/urfave/cli/v2 from 2.16.3 to 2.17.1 by @dependabot in #45
- Bump github.com/goreleaser/nfpm/v2 from 2.19.1 to 2.19.2 by @dependabot in #46
- Bump library/golang from 1.19.1-alpine to 1.19.2-alpine by @dependabot in #48
- Bump golang from 1.19.1 to 1.19.2 by @dependabot in #47
- Bump github.com/urfave/cli/v2 from 2.17.1 to 2.19.2 by @dependabot in #49
- Bump github.com/goreleaser/nfpm/v2 from 2.19.2 to 2.20.0 by @dependabot in #51
- Bump github.com/urfave/cli/v2 from 2.19.2 to 2.20.2 by @dependabot in #50
- Bump github.com/urfave/cli/v2 from 2.20.2 to 2.20.3 by @dependabot in #53
- Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 by @dependabot in #52
- Bump github.com/urfave/cli/v2 from 2.20.3 to 2.23.0 by @dependabot in #54
- Bump golang from 1.19.2 to 1.19.3 by @dependabot in #56
- Bump library/golang from 1.19.2-alpine to 1.19.3-alpine by @dependabot in #55
- Bump github.com/goreleaser/nfpm/v2 from 2.20.0 to 2.21.0 by @dependabot in #57
- Bump github.com/urfave/cli/v2 from 2.23.0 to 2.23.2 by @dependabot in #58
- Bump github.com/urfave/cli/v2 from 2.23.2 to 2.23.5 by @dependabot in #59
- Bump github.com/goreleaser/nfpm/v2 from 2.21.0 to 2.22.0 by @dependabot in #62
- Bump alpine from 3.16.2 to 3.16.3 by @dependabot in #61
Thanks Dependabot! 🤩
Full Changelog: v0.0.6...v0.0.7
v0.0.6
What's Changed
- Migrate off probot-CLA to new GitHub Action by @cursedcoder in #26
- Bump github.com/urfave/cli/v2 from 2.11.0 to 2.11.1 by @dependabot in #28
- Bump github.com/goreleaser/nfpm/v2 from 2.16.0 to 2.17.0 by @dependabot in #29
- Bump golang from 1.18.4 to 1.18.5 by @dependabot in #30
- Bump library/golang from 1.18.5-alpine to 1.19.0-alpine by @dependabot in #32
- Bump golang from 1.18.5 to 1.19.0 by @dependabot in #31
- Bump alpine from 3.16.1 to 3.16.2 by @dependabot in #33
- Bump github.com/urfave/cli/v2 from 2.11.1 to 2.11.2 by @dependabot in #34
- Bump github.com/goreleaser/nfpm/v2 from 2.17.0 to 2.18.0 by @dependabot in #35
- Bump github.com/goreleaser/nfpm/v2 from 2.18.0 to 2.18.1 by @dependabot in #36
- Bump github.com/rs/zerolog from 1.27.0 to 1.28.0 by @dependabot in #37
New Contributors
- @cursedcoder made their first contribution in #26
Full Changelog: v0.0.5...v0.0.6
The v0.0.5 image is getting noisy:
Pre: v0.0.5
ghcr.io/shopify/hansel:0.0.5 (alpine 3.16.1)
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 1)
┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────────┤
│ zlib │ CVE-2022-37434 │ CRITICAL │ 1.2.12-r1 │ 1.2.12-r2 │ zlib: a heap-based buffer over-read or buffer overflow in │
│ │ │ │ │ │ inflate in inflate.c... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │
└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────────┘
usr/bin/hansel (gobinary)
Total: 4 (UNKNOWN: 1, LOW: 0, MEDIUM: 1, HIGH: 2, CRITICAL: 0)
┌─────────────────────┬─────────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├─────────────────────┼─────────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ golang.org/x/crypto │ CVE-2022-27191 │ HIGH │ v0.0.0-20211215165025-cf75a172585e │ 0.0.0-20220314234659-1baeb1ce4c0b │ golang: crash in a golang.org/x/crypto/ssh server │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │
│ ├─────────────────────┼──────────┤ │ ├────────────────────────────────────────────────────────────┤
│ │ GHSA-8c26-wmh5-6g9v │ UNKNOWN │ │ │ Attackers can cause a crash in SSH servers when the server │
│ │ │ │ │ │ has... │
│ │ │ │ │ │ https://github.com/advisories/GHSA-8c26-wmh5-6g9v │
├─────────────────────┼─────────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ golang.org/x/net │ CVE-2021-44716 │ HIGH │ v0.0.0-20211007125505-59d4e928ea9d │ 0.0.0-20211209124913-491a49abca63 │ golang: net/http: limit growth of header canonicalization │
│ │ │ │ │ │ cache │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-44716 │
├─────────────────────┼─────────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ golang.org/x/sys │ CVE-2022-29526 │ MEDIUM │ v0.0.0-20211205182925-97ca703d548d │ 0.0.0-20220412211240-33da011f77ad │ golang: syscall: faccessat checks wrong group │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29526 │
└─────────────────────┴─────────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴────────────────────────────────────────────────────────────┘
Post: v0.0.6-rc
ghcr.io/shopify/hansel:0.0.5-SNAPSHOT-30c48cb-amd64 (alpine 3.16.2)
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)