Juri Burakov
cd659de085
Create xanitizer-analysis.yml
2021-10-14 21:20:09 +03:00
Juri Burakov
251abf5fab
Create stackhawk-analysis.yml
2021-10-14 21:19:54 +03:00
Juri Burakov
c1c7b2ed58
Create snyk-infrastructure-analysis.yml
2021-10-14 21:19:42 +03:00
Juri Burakov
3030ae4be1
Create semgrep-analysis.yml
2021-10-14 21:19:25 +03:00
Juri Burakov
c662837de4
Create shiftleft-analysis.yml
2021-10-14 21:19:07 +03:00
Juri Burakov
14dd14c754
Create prisma-analysis.yml
2021-10-14 21:18:52 +03:00
Juri Burakov
57ad1f5336
Create njsscan-analysis.yml
2021-10-14 21:18:41 +03:00
Juri Burakov
3ec239d13c
Create mayhem-for-api-analysis.yml
2021-10-14 21:18:29 +03:00
Juri Burakov
f1f79c1aac
Create kubesec-analysis.yml
2021-10-14 21:18:17 +03:00
Juri Burakov
8bcb066cb6
Create fortify-analysis.yml
2021-10-14 21:18:06 +03:00
Juri Burakov
0490f71d31
Create devskim-analysis.yml
2021-10-14 21:17:54 +03:00
Juri Burakov
44259cb567
Create codacy-analysis.yml
2021-10-14 21:17:25 +03:00
Juri Burakov
eaa5023480
Create crunch42-analysis.yml
2021-10-14 21:17:07 +03:00
Juri Burakov
fdd983477e
Set theme jekyll-theme-cayman
2021-10-14 21:15:29 +03:00
Juri Burakov
63b7da8ed2
Create FUNDING.yml
2021-10-14 21:12:57 +03:00
Juri Burakov
e002fe0e17
Update issue templates
2021-10-14 21:12:20 +03:00
Juri Burakov
8ae77a142b
Create SECURITY.md
2021-10-14 21:11:11 +03:00
Brian Cristante
b1985abdea
Create check-dist.yml ( #108 )
...
* Add check-dist.yml
* Fix triggers in licensed.yml
2021-08-10 13:59:02 -04:00
Brian Cristante
3be87be14a
Ingest v0.5.2 of @actions/artifact ( #100 )
...
* npm install --update @actions/artifact
* Update .licenses file
* npm run release
2021-06-16 16:19:05 -04:00
Brian Cristante
8bef1ad834
Merge pull request #97 from actions/dependabot/npm_and_yarn/glob-parent-5.1.2
...
Bump glob-parent from 5.1.1 to 5.1.2
2021-06-16 16:06:52 -04:00
Brian Cristante
2940e0d2ad
Merge pull request #92 from actions/dependabot/npm_and_yarn/hosted-git-info-2.8.9
...
Bump hosted-git-info from 2.8.5 to 2.8.9
2021-06-16 16:06:23 -04:00
Brian Cristante
bd90b34638
Merge pull request #91 from actions/dependabot/npm_and_yarn/lodash-4.17.21
...
Bump lodash from 4.17.19 to 4.17.21
2021-06-16 16:06:06 -04:00
Brian Cristante
3b6d0aba35
Merge pull request #99 from actions/brcrista/dependabot-push
...
Don't trigger CodeQL on Dependabot push
2021-06-16 16:05:29 -04:00
Brian Cristante
46a6d6f216
Don't trigger CodeQL on Dependabot push
2021-06-16 16:01:04 -04:00
dependabot[bot]
246a0f4716
Bump glob-parent from 5.1.1 to 5.1.2
...
Bumps [glob-parent](https://github.com/gulpjs/glob-parent ) from 5.1.1 to 5.1.2.
- [Release notes](https://github.com/gulpjs/glob-parent/releases )
- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md )
- [Commits](https://github.com/gulpjs/glob-parent/compare/v5.1.1...v5.1.2 )
---
updated-dependencies:
- dependency-name: glob-parent
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-06-11 13:14:19 +00:00
Robert Cannon
df388c92ce
Clarified the v1
and v2
differences ( #96 )
...
The original text implies by supplying no inputs all files are placed in the root directory without added directories by focusing only on the `path` input. In practice, supplying no inputs results in the backwards compatible `v1` behavior of creating an extra parameter. This may be obvious in some scenarios and stated somewhat later in the document, but is less obvious when the "name" matches a filename for a single file artifact.
2021-05-21 21:20:10 +02:00
dependabot[bot]
87f717a35d
Bump hosted-git-info from 2.8.5 to 2.8.9
...
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info ) from 2.8.5 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases )
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md )
- [Commits](https://github.com/npm/hosted-git-info/compare/v2.8.5...v2.8.9 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-11 17:16:23 +00:00
dependabot[bot]
ae445150c2
Bump lodash from 4.17.19 to 4.17.21
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.19 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.19...4.17.21 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-05-11 12:10:53 +00:00
Konrad Pabjan
158ca71f7c
Bump @actions/artifact to version 0.5.1 ( #85 )
2021-04-06 16:50:27 -04:00
dependabot[bot]
65bdb44741
Bump y18n from 4.0.0 to 4.0.1 ( #84 )
...
Bumps [y18n](https://github.com/yargs/y18n ) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases )
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md )
- [Commits](https://github.com/yargs/y18n/commits )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-06 15:23:44 -04:00
Josh Gross
782e5ae9ea
Merge pull request #81 from rneatherway/codeql-add-pull-request-trigger
...
Add on: pull_request trigger to CodeQL workflow
2021-01-14 18:42:16 -05:00
Robin Neatherway
a6ff13d56d
Add on: pull_request trigger to CodeQL workflow
...
From February 2021, in order to provide feedback on pull requests, Code Scanning workflows must be configured with both `push` and `pull_request` triggers. This is because Code Scanning compares the results from a pull request against the results for the base branch to tell you only what has changed between the two.
Early in the beta period we supported displaying results on pull requests for workflows with only `push` triggers, but have discontinued support as this proved to be less robust.
See https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#scanning-pull-requests for more information on how best to configure your Code Scanning workflows.
2021-01-13 11:19:52 +00:00
Konrad Pabjan
4a7a711286
Add retries to all HTTP calls + fix dependabot alerts ( #80 )
...
* Update @actions/artifact package to version 0.5.0
* bump eslint-plugin-github to version 4.1.1
* Update artifact.dep.yml
2021-01-04 15:47:26 +01:00
Konrad Pabjan
f144d3c391
Update @actions/artifact from 0.3.5 to 0.4.2 ( #73 )
...
* Update @actions/artifact from 0.3.5 to 0.4.2
* Update package versions in .licenses
2020-12-15 10:55:26 -05:00
Josh Gross
987de047e8
Merge pull request #71 from actions/joshmgross/fix-codeowners
...
Fix CODEOWNERS team name
2020-12-07 15:50:08 -05:00
Josh Gross
89cfa805e3
Fix CODEOWNERS team name
2020-12-07 13:35:10 -05:00
Yang Cao
37439a4b3c
Merge pull request #69 from brcrista/patch-1
...
Add CODEOWNERS file
2020-11-25 15:24:36 -05:00
Brian Cristante
d84bbb4c0a
Create CODEOWNERS
2020-11-25 15:18:14 -05:00
Konrad Pabjan
f8e41fbffe
Bump @actions/core to v1.2.6 ( #64 )
...
* Bump @actions/core to v1.2.6
* Update version in license for @actions/core
* Fix typo
2020-11-13 14:53:33 -05:00
Yang Cao
f60857ee28
Merge pull request #56 from thboop/main
...
Add `Licensed` To Help Verify Prod Licenses
2020-09-23 17:18:58 -04:00
Thomas Boop
6da19888bb
Add contributing.md information
2020-09-23 17:02:34 -04:00
Thomas Boop
38343be9e7
Ignore Generated Files in Git PR's
2020-08-26 11:21:58 -04:00
Justin Weissig
910a9eff4a
Fixed minor spelling mistake ( #59 )
...
Made two minor changes to fix spelling mistakes.
2020-08-24 23:02:33 +02:00
Thomas Boop
66ed71e3c8
Manually Review licenses
2020-08-11 20:23:22 -04:00
Thomas Boop
fbf2bddea0
Add licensed workflow and files
2020-08-11 20:20:07 -04:00
Thomas Boop
c3f5d00c87
Add Third Party License Information to Dist Files ( #54 )
...
* Add Third Party License Information
* Update licenses for @actions npm modules
2020-08-10 18:21:40 +02:00
Konrad Pabjan
b3cedea9be
Bump @actions/artifact to 0.3.5 ( #52 )
2020-08-04 17:55:46 +02:00
Konrad Pabjan
80d2d4023c
Document Artifact Limitations + Bump actions/artifact package version ( #51 )
...
* Document Artifact Limitations
* README Updates
* Restructure README
2020-07-31 17:16:59 +02:00
Konrad Pabjan
381af06b42
Add support for tilde expansion ( #50 )
...
* Add support for tilde expansion
* Print resolved path with debug
* Update README
* README
* Only replace tilde in certain scenarios
* Fix
2020-07-30 12:01:38 +02:00
dependabot[bot]
83fcc74d04
Bump lodash from 4.17.15 to 4.17.19 ( #46 )
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.15 to 4.17.19.
- [Release notes](https://github.com/lodash/lodash/releases )
- [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-07-22 13:26:09 +02:00