Releases: woodruffw/zizmor
Releases Β· woodruffw/zizmor
v0.9.1
What's Changed
Bug Fixes π
- fix: dont crash when an expression does not expand a matrix by @ubiratansoares in #284
Full Changelog: v0.9.0...v0.9.1
Contributors
ubiratansoares
Assets 2
v0.9.0
What's Changed
New Features π
- refactor: experiment with tracing by @woodruffw in #232
- feat: remove --no-progress by @woodruffw in #248
Bug Fixes π
- fix: handle non-static env: in job steps by @woodruffw in #246
- fix: template-injection: ignore another safe context by @woodruffw in #254
- fix: download both .yml and .yaml from repos by @woodruffw in #265
- fix: bump annotate-snippets to fix crash by @woodruffw in #264
- fix: move artipacked pendantic finding to auditor by @woodruffw in #272
- fix: template-injection: ignore runner.temp by @woodruffw in #277
Performance Improvements π
- feat: evaluates a matrix expansion only once by @ubiratansoares in #274
Documentation Improvements π
- docs: document installing with PyPI by @woodruffw in #242
- docs: add a trophy case by @woodruffw in #243
- docs: update pre-commit docs to point to new repo by @woodruffw in #247
- docs: switch GHA example to uvx by @woodruffw in #255
- docs: add template-injection tips by @woodruffw in #259
- docs: audits: add another env hacking reference by @woodruffw in #266
- docs: Rename "unsecure" to insecure by @szepeviktor in #270
- docs: more trophies by @woodruffw in #276
- docs: make the trophy case prettier by @woodruffw in #279
New Contributors
- @szepeviktor made their first contribution in #270
Full Changelog: v0.8.0...v0.9.0
Contributors
ubiratansoares, szepeviktor, and woodruffw
Assets 2
v0.8.0
What's Changed
New Features π
- feat: remote auditing by @woodruffw in #230
Bug Fixes π
- fix: template-injection: ignore issue/PR numbers by @woodruffw in #238
Documentation Improvements π
New Contributors
Full Changelog: v0.7.0...v0.8.0
Contributors
lazka and woodruffw
Assets 2
v0.7.0
What's Changed
New Features π
- Split unpinned-uses into two separate checks by @funnelfiasco in #205
- feat: even more precision for bash steps in github-env by @ubiratansoares in #208
- feat: add Step::default_shell by @woodruffw in #213
- feat: handle
shell: shin github-env by @woodruffw in #216 - feat: primitive Windows batch handling in github-env by @woodruffw in #217
- feat: unpinned-uses: make unhashed check pedantic for now by @woodruffw in #219
- feat: add personas by @woodruffw in #226
Bug Fixes π
- fix: bump github-actions-models by @woodruffw in #211
Documentation Improvements π
- docs: tweak installation layout by @woodruffw in #223
Full Changelog: v0.6.0...v0.7.0
Contributors
funnelfiasco, ubiratansoares, and woodruffw
Assets 2
v0.6.0
What's Changed
This is one of zizmor's bigger recent releases! Key enhancements include:
- A new
github-envaudit that detects dangerousGITHUB_ENVwrites,
courtesy of @ubiratansoares - The
--min-severityand--min-confidenceflags for filtering results,
courtest (in part) of @Ninja3047 - Support for
# zizmor: ignore[rule]comments, courtesy of @ubiratansoares
New Features π
- feat: adds support to inlined ignores by @ubiratansoares in #187
- feat: add
--min-severityby @woodruffw in #193 - feat: add
--min-confidenceby @Ninja3047 in #196 - feat: adds new github-env audit by @ubiratansoares in #192
- feat: improve precision for github-env by @woodruffw in #199
- feat: generalized ignore comments by @woodruffw in #200
Documentation Improvements π
- docs: document ignore comments by @woodruffw in #190
- docs: usage: add note about support for ignore comments by @woodruffw in #191
- docs: add page descriptions by @woodruffw in #194
- docs: add more useful 3p references by @woodruffw in #198
New Contributors
- @Ninja3047 made their first contribution in #196
Full Changelog: v0.5.0...v0.6.0
Contributors
ubiratansoares, Ninja3047, and woodruffw
Assets 2
v0.5.0
What's Changed
New Features π
- feat: improve workflow registry error by @woodruffw in #172
- feat: unsecure-commands-allowed audit by @ubiratansoares in #176
Documentation Improvements π
- docs: rewrite audit docs by @woodruffw in #167
- docs: enable social card generation by @miketheman in #175
- docs: more badges by @woodruffw in #180
- docs: adds recommentations on how to add or change audits by @ubiratansoares in #182
New Contributors
- @chenrui333 made their first contribution in #90
Full Changelog: v0.4.0...v0.5.0
Contributors
ubiratansoares, miketheman, and 2 other contributors
Assets 2
v0.4.0
What's Changed
New Features π
- Fix singular and plural for 'findings' by @hugovk in #162
- feat: unpinned-uses audit by @woodruffw in #161
Bug Fixes π
Full Changelog: v0.3.2...v0.4.0
Contributors
hugovk and woodruffw
Assets 2
v0.3.2
What's Changed
- fix(cli): remove '0 ignored' from another place by @woodruffw in #157
- perf: speed up impostor-commit's fast path by @woodruffw in #158
- fix(cli): fixup error printing by @woodruffw in #159
Full Changelog: v0.3.1...v0.3.2
Contributors
woodruffw
Assets 2
v0.3.1
What's Changed
- feat(cli): don't render "0 ignored" by @woodruffw in #148
- feat: --no-exit-codes + sarif tweaks by @woodruffw in #154
New Contributors
- @baggiponte made their first contribution in #150
Full Changelog: v0.3.0...v0.3.1
Contributors
woodruffw and baggiponte
Assets 2
v0.3.0
What's Changed
- feat: exit code support by @woodruffw in #133
- fix: github.event.merge_group.base_sha is a safe context by @woodruffw in #137
- fix: exclude information about the repo and owner by @funnelfiasco in #136
- feat: add
--no-configby @woodruffw in #142
Full Changelog: v0.2.1...v0.3.0
Contributors
funnelfiasco and woodruffw