Commit Graph

109 Commits

Author SHA1 Message Date
Juri Burakov
8e09aabe01
Create semgrep-analysis.yml 2021-10-05 18:51:33 +03:00
Juri Burakov
e4f8eacb93
Create ossar-analysis.yml 2021-10-05 18:51:23 +03:00
Juri Burakov
3a8a3c6992
Create njsscan-analysis.yml 2021-10-05 18:50:53 +03:00
Juri Burakov
c1786275f7
Create mayhem-for-api-analysis.yml 2021-10-05 18:50:44 +03:00
Juri Burakov
3f78c19f63
Create kubesec-analysis.yml 2021-10-05 18:50:34 +03:00
Juri Burakov
4201ddca39
Create fortify-analysis.yml 2021-10-05 18:50:25 +03:00
Juri Burakov
70b500fa76
Create devskim-analysis.yml 2021-10-05 18:50:12 +03:00
Juri Burakov
c780d1c47d
Create checkmarx-analysis.yml 2021-10-05 18:49:51 +03:00
Juri Burakov
4c80ed3dc1
Create codescan-analysis.yml 2021-10-05 18:49:42 +03:00
Juri Burakov
2bf9babf87
Create codacy-analysis.yml 2021-10-05 18:49:32 +03:00
Juri Burakov
5a06639c05
Create crunch42-analysis.yml 2021-10-05 18:49:22 +03:00
Juri Burakov
e82308b244 Set theme jekyll-theme-cayman 2021-10-05 18:36:43 +03:00
Juri Burakov
7d8cc4ccdd Update issue templates 2021-10-05 18:34:41 +03:00
Juri Burakov
77fdb3833b
Create SECURITY.md 2021-10-05 18:32:47 +03:00
Brian Cristante
11e311c8b5
Remove path filters (#229) 2021-06-25 13:39:56 -04:00
Brian Cristante
317b58f0d1
Fix YAML types in licensed.yml (#228)
* fix YAML types in licensed.yml

* Update .github/workflows/licensed.yml

Co-authored-by: Josh Gross <joshmgross@github.com>

* formatting

Co-authored-by: Josh Gross <joshmgross@github.com>
2021-06-24 11:52:33 -04:00
Brian Cristante
8d06e6c094
Create check-dist.yml (#227)
* Create check-dist.yml

* steps.if still needs ${{ }} when the expr has operators

* single quotes?

* npm install

* mess with index.js

* add if failure()

* Copy the correct version back in from the artifact

* Update .github/workflows/check-dist.yml

Co-authored-by: Konrad Pabjan <konradpabjan@github.com>

* formatting & language

* npm ci

Co-authored-by: Konrad Pabjan <konradpabjan@github.com>
2021-06-24 11:38:43 -04:00
Brian Cristante
27121b0bdf
Ingest v0.5.2 of @actions/artifact (#224)
* npm install --update @actions/artifact

* update .license file

* npm run release
2021-06-16 11:09:14 -04:00
dependabot[bot]
4537e112f4
Bump ws from 7.2.3 to 7.5.0 (#221)
Bumps [ws](https://github.com/websockets/ws) from 7.2.3 to 7.5.0.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/7.2.3...7.5.0)

---
updated-dependencies:
- dependency-name: ws
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian Cristante <33549821+brcrista@users.noreply.github.com>
2021-06-16 10:34:57 -04:00
Brian Cristante
2368feccd5
Avoid triggering push for Dependabot branches (again) (#223) 2021-06-16 10:31:46 -04:00
dependabot[bot]
52a3c6b975
Bump glob-parent from 5.1.1 to 5.1.2 (#219)
Bumps [glob-parent](https://github.com/gulpjs/glob-parent) from 5.1.1 to 5.1.2.
- [Release notes](https://github.com/gulpjs/glob-parent/releases)
- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md)
- [Commits](https://github.com/gulpjs/glob-parent/compare/v5.1.1...v5.1.2)

---
updated-dependencies:
- dependency-name: glob-parent
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian Cristante <33549821+brcrista@users.noreply.github.com>
2021-06-16 10:19:08 -04:00
dependabot[bot]
76f4433885
Bump hosted-git-info from 2.8.5 to 2.8.9 (#203)
* Bump hosted-git-info from 2.8.5 to 2.8.9

Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.5 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases)
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md)
- [Commits](https://github.com/npm/hosted-git-info/compare/v2.8.5...v2.8.9)

Signed-off-by: dependabot[bot] <support@github.com>

* Empty commit

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian Cristante <33549821+brcrista@users.noreply.github.com>
2021-06-16 10:15:16 -04:00
Brian Cristante
46426468d3
Merge pull request #222 from actions/brcrista/dependabot-push
Avoid triggering push for Dependabot branches
2021-06-16 10:08:56 -04:00
Brian Cristante
8507687653
avoid triggering push for Dependabot branches 2021-06-16 10:05:05 -04:00
Brian Cristante
0482dbbe7a
Merge pull request #202 from actions/dependabot/npm_and_yarn/lodash-4.17.21
Bump lodash from 4.17.19 to 4.17.21
2021-06-16 10:01:31 -04:00
Brian Cristante
58518184d2
Merge pull request #211 from JasonGross/patch-1
Fix the grammar in a warning message
2021-06-16 09:59:04 -04:00
Jason Gross
4db8255e70
Fix the grammar in a warning message 2021-05-23 08:33:18 -04:00
Robert Cannon
9243a41f97
Re-order example descriptions (#209)
Given the way that the two descriptions were written it was confusing about which example was being discussed (see specifically "In the above example in the previous version).
2021-05-21 19:28:43 +02:00
Remy Kabel
9dc0ee81a2
Fix spelling error (#204)
effect -> affect
2021-05-14 15:13:55 +02:00
dependabot[bot]
2e3d6da508
Bump lodash from 4.17.19 to 4.17.21
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.19 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.19...4.17.21)

Signed-off-by: dependabot[bot] <support@github.com>
2021-05-11 12:10:04 +00:00
Konrad Pabjan
ee69f02b3d
Bump @actions/artifact to version 0.5.1 (#189)
* Bump @actions/artifact to version 0.5.1

* Update license versions
2021-04-06 16:47:26 -04:00
dependabot[bot]
bcd44ad93d
Bump y18n from 4.0.0 to 4.0.1 (#186)
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-04-06 14:57:20 -04:00
Yang Cao
ea3d524381
Merge pull request #173 from yacaovsnc/main
Display a warning if user tries to upload over 10000 files
2021-02-08 15:48:10 -05:00
Yang Cao
e95d1b9c8d update index.js 2021-02-08 15:41:35 -05:00
Yang Cao
0fbc4b771a Display a warning if user tries to upload over 10000 files 2021-02-08 15:09:20 -05:00
Robin Neatherway
a1af2e8f43
Add on: pull_request trigger to CodeQL workflow (#165)
From February 2021, in order to provide feedback on pull requests, Code Scanning workflows must be configured with both `push` and `pull_request` triggers. This is because Code Scanning compares the results from a pull request against the results for the base branch to tell you only what has changed between the two.

Early in the beta period we supported displaying results on pull requests for workflows with only `push` triggers, but have discontinued support as this proved to be less robust.

See https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#scanning-pull-requests for more information on how best to configure your Code Scanning workflows.
2021-01-15 12:19:21 +01:00
Konrad Pabjan
a4f98af3fa
Update README.md 2021-01-07 18:56:21 +01:00
Konrad Pabjan
16b8b2b2e7
Update where does the upload go section (#162) 2021-01-05 16:00:51 +01:00
Konrad Pabjan
e448a9b857
Add retries to all HTTP calls + resolve dependabot alerts (#160)
* Bump @actions/artifact to version 0.5.0

* Resolve dependabot alert for node-notifier

* Resolve dependabot alert for node-fetch

* Bump artifact.dep.yml

* Update http-client.dep.yml
2021-01-04 15:48:10 +01:00
Hugo van Kemenade
e6bd6b7749
Replace "file(s)" with "file" or "files" (#159) 2021-01-04 11:24:12 +01:00
Josh Gross
1fd4c858f9
Merge pull request #152 from actions/joshmgross/fix-codeowners
Fix CODEOWNERS team name
2020-12-07 14:24:45 -05:00
Josh Gross
a2af908e3a
Fix CODEOWNERS team name 2020-12-07 13:36:14 -05:00
Brian Cristante
928d1a16d9
Create CODEOWNERS (#149) 2020-11-25 15:24:41 -05:00
Konrad Pabjan
e4a7ffadfc
Update README with more retention documentation 2020-11-17 12:57:17 -05:00
Brian Westphal
726a6dcd01
Adding example of retention-days option. (#131) 2020-11-13 12:25:13 -05:00
Josh Gross
3db166e2ea
Merge pull request #145 from actions/joshmgross/update-actions-core
Update @actions/core to 1.2.6
2020-11-13 10:52:34 -05:00
Josh Gross
d86048c66c
Update @actions/core license 2020-11-12 16:46:49 -05:00
Josh Gross
328d69042a
Update @actions/core to 1.2.6 2020-11-12 16:32:13 -05:00
Yang Cao
27bce4eee7
Merge pull request #112 from thboop/main
Add `Licensed` To Help Verify Prod Licenses
2020-09-23 17:18:48 -04:00
Thomas Boop
f8b42f7ab4 update licensed files 2020-09-23 17:09:42 -04:00