dependabot[bot]
2f24b512d3
build(deps): bump github/codeql-action from 2.1.26 to 2.1.27 ( #5678 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.26 to 2.1.27.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e0e5ded33c...807578363asupport@github.com >
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-10 10:02:48 -04:00
dependabot[bot]
8d7ce0c155
build(deps): bump actions/checkout from 3 to 3.1.0 ( #5677 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3...93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-10 10:02:36 -04:00
dependabot[bot]
9cead5dee2
build(deps): bump ossf/scorecard-action from 2.0.3 to 2.0.4 ( #5667 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.0.3 to 2.0.4.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](865b409285...e363bfca00support@github.com >
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-03 10:41:55 -04:00
dependabot[bot]
bd77f5f4ea
build(deps): bump github/codeql-action from 2.1.25 to 2.1.26 ( #5668 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.25 to 2.1.26.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](86f3159a69...e0e5ded33csupport@github.com >
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-03 10:39:12 -04:00
dependabot[bot]
cbe8125afa
build(deps): bump github/codeql-action from 2.1.24 to 2.1.25 ( #5654 )
2022-09-26 16:49:59 +01:00
Chris O'Haver
ba6ebbd37d
add id-token: write ( #5637 )
...
Signed-off-by: Chris O'Haver <cohaver@infoblox.com >
Signed-off-by: Chris O'Haver <cohaver@infoblox.com >
2022-09-19 08:32:31 -07:00
dependabot[bot]
d7ca760dca
build(deps): bump ossf/scorecard-action from 1.1.2 to 2.0.3 ( #5633 )
2022-09-19 06:40:40 -07:00
dependabot[bot]
3a0d5f63de
build(deps): bump github/codeql-action from 2.1.22 to 2.1.24 ( #5634 )
2022-09-19 06:40:32 -07:00
Chris O'Haver
7beb76c045
Revert "build(deps): bump ossf/scorecard-action from 1.1.2 to 2.0.2 ( #5613 )" ( #5621 )
...
This reverts commit 78fffd3b44
2022-09-15 10:05:03 -04:00
dependabot[bot]
78fffd3b44
build(deps): bump ossf/scorecard-action from 1.1.2 to 2.0.2 ( #5613 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.1.2 to 2.0.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](ce330fde6b...68bf5b3327support@github.com >
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-12 10:05:26 -04:00
dependabot[bot]
b4d320cd79
build(deps): bump github/codeql-action from 2.1.21 to 2.1.22 ( #5596 )
2022-09-05 11:36:25 -07:00
dependabot[bot]
d80d10c1c0
build(deps): bump github/codeql-action from 2.1.20 to 2.1.21 ( #5590 )
2022-08-29 06:44:39 -07:00
dependabot[bot]
b38f0c7fbd
build(deps): bump github/codeql-action from 2.1.18 to 2.1.20 ( #5581 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-22 16:06:07 +02:00
dependabot[bot]
72a6249b65
build(deps): bump github/codeql-action from 2.1.17 to 2.1.18 ( #5562 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.17 to 2.1.18.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](0c670bbf04...2ca79b6fa8support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-08 07:44:08 -07:00
dependabot[bot]
7e579a1d54
build(deps): bump github/codeql-action from 2.1.16 to 2.1.17 ( #5554 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.16 to 2.1.17.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3e7e3b32d0...0c670bbf04support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-01 07:24:10 -07:00
dependabot[bot]
c0287e5ce2
build(deps): bump github/codeql-action from 2.1.15 to 2.1.16 ( #5521 )
2022-07-18 06:33:52 -07:00
dependabot[bot]
caed456189
build(deps): bump github/codeql-action from 2.1.14 to 2.1.15 ( #5487 )
2022-07-04 08:29:22 -07:00
dependabot[bot]
88aae894ef
build(deps): bump ossf/scorecard-action from 1.1.1 to 1.1.2 ( #5488 )
2022-07-04 08:28:12 -07:00
dependabot[bot]
64885950cc
build(deps): bump github/codeql-action from 2.1.12 to 2.1.14 ( #5470 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.12 to 2.1.14.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](27ea8f8fe5...41a4ada31bsupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-27 07:07:49 -07:00
dependabot[bot]
e24b42afdb
build(deps): bump github/codeql-action from 2.1.11 to 2.1.12 ( #5430 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.11 to 2.1.12.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](a3a6c128d7...27ea8f8fe5support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-06 09:31:46 -04:00
dependabot[bot]
50900bac9c
build(deps): bump ossf/scorecard-action from 1.1.0 to 1.1.1 ( #5429 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](5c8bc69dc8...3e15ea8318support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-06 09:30:43 -04:00
dependabot[bot]
13e4a0ccc6
build(deps): bump ossf/scorecard-action from 1.0.4 to 1.1.0 ( #5421 )
2022-05-30 07:29:58 -07:00
dependabot[bot]
f2b7003d57
build(deps): bump github/codeql-action from 2.1.10 to 2.1.11 ( #5395 )
2022-05-23 15:31:22 +02:00
dependabot[bot]
90d4a39c71
build(deps): bump actions/upload-artifact from 3.0.0 to 3.1.0 ( #5397 )
2022-05-23 15:30:59 +02:00
dependabot[bot]
8200bed5b7
build(deps): bump github/codeql-action from 2.1.9 to 2.1.10 ( #5385 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.9 to 2.1.10.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](7502d6e991...2f58583a1bsupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-16 09:37:52 -04:00
dependabot[bot]
900167881d
build(deps): bump github/codeql-action from 2.1.8 to 2.1.9 ( #5360 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 2.1.8 to 2.1.9.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](1ed1437484...7502d6e991support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-02 07:29:18 -07:00
dependabot[bot]
107ad75c02
build(deps): bump actions/checkout from 3.0.1 to 3.0.2 ( #5340 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](dcd71f6466...2541b1294dsupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-25 07:41:40 -07:00
dependabot[bot]
11f5bc2e64
build(deps): bump actions/checkout from 3.0.0 to 3.0.1 ( #5324 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a12a3943b4...dcd71f6466support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-18 06:36:06 -07:00
dependabot[bot]
83021637b3
build(deps): bump github/codeql-action from 2.1.6 to 2.1.8 ( #5316 )
2022-04-11 06:34:10 -07:00
dependabot[bot]
5b87abb6f0
build(deps): bump github/codeql-action from 1.1.5 to 2.1.6 ( #5303 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.1.5 to 2.1.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8834766498...28eead2408support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-04-05 08:48:08 -04:00
dependabot[bot]
24643ca94c
build(deps): bump github/codeql-action from 1.1.4 to 1.1.5 ( #5280 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.1.4 to 1.1.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f5d822707e...8834766498support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-21 06:40:14 -07:00
dependabot[bot]
4da9439e3a
build(deps): bump github/codeql-action from 1.1.3 to 1.1.4 ( #5259 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 1.1.3 to 1.1.4.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/github/codeql-action/compare/v1.1.3...f5d822707ee6e8fb81b04a5c0040b736da22e587 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-14 07:59:57 -07:00
dependabot[bot]
267ce8a820
build(deps): bump actions/checkout from 2.4.0 to 3 ( #5238 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 2.4.0 to 3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](ec3a7ce113...a12a3943b4support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-07 07:05:33 -08:00
Yong Tang
4b864a97d1
Removed decoupled version comments in github actions ( #5240 )
...
The dependenabot is correctly updating the version of
the github actions with commit hash. However,
the version comments that was placed initially
is not updated. As such the version has been decoupled.
For example, the checkout action
ec3a7ce113134d7a93b817d10a8272cb61118579
is actually on v3.0 yet the comment is still on v2.4.0.
This PR removes the decoupled version comments to avoid
confusion.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2022-03-07 06:49:39 -08:00
dependabot[bot]
8730862bf3
build(deps): bump actions/upload-artifact from 2.3.1 to 3 ( #5237 )
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 2.3.1 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](82c141cc51...6673cd052csupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-07 05:38:14 -08:00
dependabot[bot]
acc5ffcf36
build(deps): bump ossf/scorecard-action from 1.0.2 to 1.0.4 ( #5235 )
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.2 to 1.0.4.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Commits](c8416b0b2b...c1aec4ac82support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-07 05:37:26 -08:00
Yong Tang
402c08fea0
Add OSSF Security Scoreboard Scan ( #5208 )
...
* Add OSSF Security Scoreboard Scan
This PR adds OSSF's Security Scoreboard Scan, to help tighten CoreDNS's security practice.
OSSF Scoreboard is recommended by GitHub. The result will show up in project's "Code Scanning Alerts" (together with existing CodeQL scan we already have).
Signed-off-by: Yong Tang <yong.tang.github@outlook.com >
2022-02-28 12:02:03 -05:00
