Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: anchore/scan-action
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v3.3.8
Choose a base ref
...
head repository: anchore/scan-action
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v3.6.4
Choose a head ref
  • 20 commits
  • 12 files changed
  • 8 contributors

Commits on Dec 5, 2023

  1. Add support for the --vex flag (#254) 

    Signed-off-by: Feroz Salam <feroz.salam@isovalent.com>
    @ferozsalam
    ferozsalam authored Dec 5, 2023
    Configuration menu
    Copy the full SHA
    cb19d81 View commit details
    Browse the repository at this point in the history

Commits on Dec 11, 2023

  1. chore: auotmatically merge dependabot PRs (#255) 

    If a dependabot PR bumps a patch or minor version, and tests are green, just
merge it. This reduces toil for maintainers.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
    @willmurphyscode
    willmurphyscode authored Dec 11, 2023
    Configuration menu
    Copy the full SHA
    951d915 View commit details
    Browse the repository at this point in the history

  2. Revert "chore: auotmatically merge dependabot PRs (#255)" (#256) 

    Dependabot PRs can't automatically be merged in this repo because there is built
javascript that is committed directly to the repo, and dependabot doesn't handle
that correctly right now.

This reverts commit 951d915.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
    @willmurphyscode
    willmurphyscode authored Dec 11, 2023
    Configuration menu
    Copy the full SHA
    96294a5 View commit details
    Browse the repository at this point in the history

Commits on Dec 20, 2023

  1. chore: enable dependabot (#257) 

    Signed-off-by: Keith Zantow <kzantow@gmail.com>
    @kzantow
    kzantow authored Dec 20, 2023
    Configuration menu
    Copy the full SHA
    52d017b View commit details
    Browse the repository at this point in the history

Commits on Dec 22, 2023

  1. chore(deps): update Grype to v0.73.5 (#264) 

    * chore(deps): update Grype to v0.73.5

Signed-off-by: GitHub <noreply@github.com>

* chore: maxConcurrency set to 1

There seems to be a data race installing grype during the test run, so run only
one test at a time, since the test suite is very fast regardless, and fixing the
data race would take longer.

Signed-off-by: Will Murphy <will.murphy@anchore.com>

---------

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
Co-authored-by: Will Murphy <will.murphy@anchore.com>
    @anchore-actions-token-generator @kzantow @willmurphyscode
    3 people authored Dec 22, 2023
    Configuration menu
    Copy the full SHA
    d458919 View commit details
    Browse the repository at this point in the history

  2. chore(deps-dev): bump @vercel/ncc from 0.36.1 to 0.38.1 (#261) 

    Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.36.1 to 0.38.1.
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](vercel/ncc@0.36.1...0.38.1)

---
updated-dependencies:
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Dec 22, 2023
    Configuration menu
    Copy the full SHA
    c8bd818 View commit details
    Browse the repository at this point in the history

  3. chore(deps-dev): bump tslib from 2.5.0 to 2.6.2 (#258) 

    Bumps [tslib](https://github.com/Microsoft/tslib) from 2.5.0 to 2.6.2.
- [Release notes](https://github.com/Microsoft/tslib/releases)
- [Commits](microsoft/tslib@2.5.0...v2.6.2)

---
updated-dependencies:
- dependency-name: tslib
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Dec 22, 2023
    Configuration menu
    Copy the full SHA
    6516126 View commit details
    Browse the repository at this point in the history

Commits on Jan 3, 2024

  1. chore(deps-dev): bump jest from 29.6.1 to 29.7.0 (#260) 

    Bumps [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) from 29.6.1 to 29.7.0.
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v29.7.0/packages/jest)

---
updated-dependencies:
- dependency-name: jest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jan 3, 2024
    Configuration menu
    Copy the full SHA
    b7af5e2 View commit details
    Browse the repository at this point in the history

  2. chore(deps-dev): bump eslint from 8.37.0 to 8.56.0 (#259) 

    Bumps [eslint](https://github.com/eslint/eslint) from 8.37.0 to 8.56.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](eslint/eslint@v8.37.0...v8.56.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jan 3, 2024
    Configuration menu
    Copy the full SHA
    23767a6 View commit details
    Browse the repository at this point in the history

  3. chore(deps): bump @actions/core from 1.10.0 to 1.10.1 (#262) 

    * chore(deps): bump @actions/core from 1.10.0 to 1.10.1

Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.10.0 to 1.10.1.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* commit changed build artifact

Signed-off-by: Will Murphy <will.murphy@anchore.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Will Murphy <will.murphy@anchore.com>
    @dependabot @willmurphyscode
    dependabot[bot] and willmurphyscode authored Jan 3, 2024
    Configuration menu
    Copy the full SHA
    06b4c7a View commit details
    Browse the repository at this point in the history

  4. chore(deps-dev): bump prettier from 2.8.7 to 3.1.1 (#263) 

    Bumps [prettier](https://github.com/prettier/prettier) from 2.8.7 to 3.1.1.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@2.8.7...3.1.1)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jan 3, 2024
    Configuration menu
    Copy the full SHA
    7e33e3c View commit details
    Browse the repository at this point in the history

Commits on Jan 8, 2024

  1. chore: switch from pretty-quick to lint-staged (#266) 

    pretty-quick was broken by version 3 of prettier in July, but has had no update.
Switch to using lint-staged as the runner to lint staged changes based on the
docs at https://prettier.io/docs/en/precommit.html.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
    @willmurphyscode
    willmurphyscode authored Jan 8, 2024
    Configuration menu
    Copy the full SHA
    b24ddc2 View commit details
    Browse the repository at this point in the history

  2. chore(deps): update Grype to v0.74.0 (#267) 

    Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: willmurphyscode <willmurphyscode@users.noreply.github.com>
    @anchore-actions-token-generator @willmurphyscode
    anchore-actions-token-generator[bot] and willmurphyscode authored Jan 8, 2024
    Configuration menu
    Copy the full SHA
    1d59d90 View commit details
    Browse the repository at this point in the history

Commits on Jan 16, 2024

  1. chore(deps-dev): bump prettier from 3.1.1 to 3.2.2 (#268) 

    Bumps [prettier](https://github.com/prettier/prettier) from 3.1.1 to 3.2.2.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.1.1...3.2.2)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Jan 16, 2024
    Configuration menu
    Copy the full SHA
    7522552 View commit details
    Browse the repository at this point in the history

Commits on Jan 18, 2024

  1. chore(deps): update Grype to v0.74.1 (#271) 

    Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
    @anchore-actions-token-generator @kzantow
    anchore-actions-token-generator[bot] and kzantow authored Jan 18, 2024
    Configuration menu
    Copy the full SHA
    0550541 View commit details
    Browse the repository at this point in the history

Commits on Jan 19, 2024

  1. chore(deps-dev): bump prettier from 3.2.2 to 3.2.4 (#270) 

    * chore(deps-dev): bump prettier from 3.2.2 to 3.2.4

Bumps [prettier](https://github.com/prettier/prettier) from 3.2.2 to 3.2.4.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.2.2...3.2.4)

---
updated-dependencies:
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: run prettier

Signed-off-by: Will Murphy <will.murphy@anchore.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Will Murphy <will.murphy@anchore.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Will Murphy <will.murphy@anchore.com>
    @dependabot @willmurphyscode
    dependabot[bot] and willmurphyscode authored Jan 19, 2024
    Configuration menu
    Copy the full SHA
    8ef293b View commit details
    Browse the repository at this point in the history

Commits on Jan 21, 2024

  1. chore(deps): update Grype to v0.74.2 (#272) 

    Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
    @anchore-actions-token-generator @kzantow
    anchore-actions-token-generator[bot] and kzantow authored Jan 21, 2024
    Configuration menu
    Copy the full SHA
    c35e932 View commit details
    Browse the repository at this point in the history

Commits on Jan 27, 2024

  1. chore(deps): update Grype to v0.74.3 (#275) 

    Signed-off-by: GitHub <noreply@github.com>
Co-authored-by: kzantow <kzantow@users.noreply.github.com>
    @anchore-actions-token-generator @kzantow
    anchore-actions-token-generator[bot] and kzantow authored Jan 27, 2024
    Configuration menu
    Copy the full SHA
    a9603d0 View commit details
    Browse the repository at this point in the history

Commits on Jan 30, 2024

  1. chore: migrate action to use node v20.11.0 (Iron) FROM node v16.x.x (#… 

    …278)

* chore: update action.yml; 16 deprecated 20 supported
* chore: add package json section for engines compatibility
---------
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
    @spiffcs
    spiffcs authored Jan 30, 2024
    Configuration menu
    Copy the full SHA
    1c57367 View commit details
    Browse the repository at this point in the history

Commits on Jan 31, 2024

  1. chore(deps): update Grype to v0.74.4 (#279)

    @anchore-actions-token-generator
    anchore-actions-token-generator[bot] authored Jan 31, 2024
    Configuration menu
    Copy the full SHA
    3343887 View commit details
    Browse the repository at this point in the history
Loading