Releases: Shopify/hansel
Releases · Shopify/hansel
v0.0.13
What's Changed
- build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in #238
- build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @dependabot in #239
- build(deps): bump github.com/urfave/cli/v2 from 2.27.1 to 2.27.2 by @dependabot in #240
- build(deps): bump golangci/golangci-lint-action from 5.0.0 to 5.1.0 by @dependabot in #241
- build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in #242
- build(deps): bump golangci/golangci-lint-action from 5.1.0 to 5.3.0 by @dependabot in #243
- build(deps): bump library/golang from 1.22.2-alpine to 1.22.3-alpine by @dependabot in #247
- build(deps): bump golang from 1.22.2 to 1.22.3 by @dependabot in #246
- build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in #245
- build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 by @dependabot in #248
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.36.1 to 2.37.0 by @dependabot in #249
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.37.0 to 2.37.1 by @dependabot in #250
- build(deps): bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 by @dependabot in #251
- shopify-suggested edits by @thepwagner in #252
- build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @dependabot in #253
- build(deps): bump alpine from 3.19.1 to 3.20.0 by @dependabot in #254
- build(deps): bump docker/login-action from 3.1.0 to 3.2.0 by @dependabot in #255
- build(deps): bump library/golang from 1.22.3-alpine to 1.22.4-alpine by @dependabot in #257
- build(deps): bump golang from 1.22.3 to 1.22.4 by @dependabot in #256
- build(deps): bump goreleaser/goreleaser-action from 5.1.0 to 6.0.0 by @dependabot in #258
The goreleaser bump is why I'm shipping this now: I want to verify those changes.
Full Changelog: v0.0.12...v0.0.13
Contributors
thepwagner and dependabot
Assets 15
- 398 Bytes
2024-06-12T13:40:59Z - 3.06 KB
2024-06-12T13:40:59Z - 96 Bytes
2024-06-12T13:41:01Z - 4.99 MB
2024-06-12T13:40:56Z - 3.06 KB
2024-06-12T13:41:00Z - 96 Bytes
2024-06-12T13:41:02Z - 4.69 MB
2024-06-12T13:40:56Z - 3.06 KB
2024-06-12T13:41:00Z - 96 Bytes
2024-06-12T13:41:02Z - 4.89 MB
2024-06-12T13:40:57Z -
2024-06-12T13:37:25Z -
2024-06-12T13:37:25Z - Loading
v0.0.12
Clears CVE-2023-45288 from your scanner.
What's Changed
- build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #229
- build(deps): bump docker/login-action from 3.0.0 to 3.1.0 by @dependabot in #230
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.35.3 to 2.36.1 by @dependabot in #231
- build(deps): bump golang from 1.22.1 to 1.22.2 by @dependabot in #233
- build(deps): bump library/golang from 1.22.1-alpine to 1.22.2-alpine by @dependabot in #232
- build(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 by @dependabot in #234
- build(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #235
- build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #237
- build(deps): bump golang.org/x/net from 0.19.0 to 0.23.0 by @dependabot in #236
Full Changelog: v0.0.11...v0.0.12
Contributors
dependabot
Assets 15
v0.0.11
What's Changed
- build(deps): bump golang.org/x/sync from 0.2.0 to 0.3.0 by @dependabot in #148
- build(deps): bump alpine from 3.18.0 to 3.18.2 by @dependabot in #147
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.30.1 to 2.31.0 by @dependabot in #151
- build(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.1 by @dependabot in #152
- build(deps): bump github.com/urfave/cli/v2 from 2.25.6 to 2.25.7 by @dependabot in #149
- build(deps): bump library/golang from 1.20.5-alpine to 1.20.6-alpine by @dependabot in #154
- build(deps): bump golang from 1.20.5 to 1.20.6 by @dependabot in #153
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.31.0 to 2.32.0 by @dependabot in #155
- scorecard workflow by @thepwagner in #156
- cla: via shared workflow by @thepwagner in #157
- release: shift permissions to job by @thepwagner in #161
- README: add scorecard badge by @thepwagner in #160
- Create CODEOWNERS by @thepwagner in #159
- build(deps): bump github.com/rs/zerolog from 1.29.1 to 1.30.0 by @dependabot in #162
- build(deps): bump library/golang from 1.20.6-alpine to 1.20.7-alpine by @dependabot in #164
- build(deps): bump golang from 1.20.6 to 1.20.7 by @dependabot in #163
- build(deps): bump alpine from 3.18.2 to 3.18.3 by @dependabot in #165
- build(deps): bump library/golang from 1.20.7-alpine to 1.21.0-alpine by @dependabot in #168
- build(deps): bump golang from 1.20.7 to 1.21.0 by @dependabot in #167
- build(deps): bump actions/setup-go from 4.0.1 to 4.1.0 by @dependabot in #166
- build(deps): bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 by @dependabot in #169
- build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by @dependabot in #170
- build(deps): bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in #171
- build(deps): bump sigstore/cosign-installer from 3.1.1 to 3.1.2 by @dependabot in #172
- build(deps): bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot in #173
- build(deps): bump golang from 1.21.0 to 1.21.1 by @dependabot in #176
- build(deps): bump library/golang from 1.21.0-alpine to 1.21.1-alpine by @dependabot in #175
- build(deps): bump goreleaser/goreleaser-action from 4.4.0 to 4.6.0 by @dependabot in #174
- build(deps): bump docker/login-action from 2.2.0 to 3.0.0 by @dependabot in #178
- build(deps): bump goreleaser/goreleaser-action from 4.6.0 to 5.0.0 by @dependabot in #177
- build(deps): bump actions/checkout from 4.0.0 to 4.1.0 by @dependabot in #181
- build(deps): bump github.com/rs/zerolog from 1.30.0 to 1.31.0 by @dependabot in #182
- build(deps): bump alpine from 3.18.3 to 3.18.4 by @dependabot in #183
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.32.0 to 2.33.1 by @dependabot in #180
- build(deps): bump library/golang from 1.21.1-alpine to 1.21.3-alpine by @dependabot in #188
- build(deps): bump golang from 1.21.1 to 1.21.3 by @dependabot in #187
- build(deps): bump golang.org/x/sync from 0.3.0 to 0.4.0 by @dependabot in #186
- build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 by @dependabot in #189
- build(deps): bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in #191
- build(deps): bump github.com/go-logr/logr from 1.2.4 to 1.3.0 by @dependabot in #193
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.33.1 to 2.34.0 by @dependabot in #192
- build(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 by @dependabot in #194
- build(deps): bump library/golang from 1.21.3-alpine to 1.21.4-alpine by @dependabot in #197
- build(deps): bump golang from 1.21.3 to 1.21.4 by @dependabot in #196
- build(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0 by @dependabot in #195
- golang1.21 + slog by @thepwagner in #198
- build(deps): bump alpine from 3.18.4 to 3.18.5 by @dependabot in #200
- build(deps): bump Shopify/github-workflows from 0.0.6 to 0.1.0 by @dependabot in #199
- Remove scorecard workflow by @thepwagner in #190
- build(deps): bump github.com/urfave/cli/v2 from 2.25.7 to 2.26.0 by @dependabot in #201
- build(deps): bump Shopify/github-workflows from 0.1.0 to 0.2.0 by @dependabot in #204
- build(deps): bump golang from 1.21.4 to 1.21.5 by @dependabot in #203
- build(deps): bump library/golang from 1.21.4-alpine to 1.21.5-alpine by @dependabot in #202
- build(deps): bump alpine from 3.18.5 to 3.19.0 by @dependabot in #206
- build(deps): bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot in #205
- build(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 by @dependabot in #207
- build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #208
- build(deps): bump github.com/urfave/cli/v2 from 2.26.0 to 2.27.1 by @dependabot in #213
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.34.0 to 2.35.1 by @dependabot in #211
- build(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.11.0 by @dependabot in #212
- build(deps): bump golang.org/x/sync from 0.5.0 to 0.6.0 by @dependabot in #215
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.35.1 to 2.35.2 by @dependabot in #214
- build(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 by @dependabot in #216
- build(deps): bump library/golang from 1.21.5-alpine to 1.21.6-alpine by @dependabot in #218
- build(deps): bump golang from 1.21.5 to 1.21.6 by @dependabot in #217
- ci: Use GITHUB_OUTPUT envvar instead of set-output command by @arunsathiya in #219
- build(deps): bump alpine from 3.19.0 to 3.19.1 by @dependabot in #220
- build(deps): bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @dependabot in #221
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.35.2 to 2.35.3 by @dependabot in #222
- build(deps): bump library/golang from 1.21.6-alpine to 1.22.0-alpine by @dependabot in #224
- build(deps): bump golang from 1.21.6 to 1.22.0 by @dependabot in #223
- build(deps): bump golangci/golangci-lint-action from 3.7.0 to 3.7.1 by @dependabot in #225
- build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in #226
- build(deps): bump golang from 1.22.0 to 1.22.1 by @dependabot in #228
- build(deps): bump library/golang from 1.22.0-alpine to 1.22.1-alpine by @dependabot in #227
New Contributors
- @arunsathiya made their first contribution in #219
Full Changelog: v0.0.10...v0.0.11
Contributors
thepwagner, arunsathiya, and dependabot
Assets 15
v0.0.10
The previous build hits for GHSA-w7jw-q4fg-qc4c .
This isn't a practical concern, but since our goal is to decorate SBOMs - we should strive to not produce additional noise.
What's Changed
- build(deps): bump golang from 1.20.1 to 1.20.2 by @dependabot in #106
- build(deps): bump library/golang from 1.20.1-alpine to 1.20.2-alpine by @dependabot in #105
- build(deps): bump actions/checkout from 3.3.0 to 3.4.0 by @dependabot in #108
- build(deps): bump actions/setup-go from 3.5.0 to 4.0.0 by @dependabot in #109
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.26.0 to 2.27.1 by @dependabot in #110
- build(deps): bump actions/checkout from 3.4.0 to 3.5.0 by @dependabot in #111
- build(deps): bump github.com/urfave/cli/v2 from 2.25.0 to 2.25.1 by @dependabot in #112
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.27.1 to 2.28.0 by @dependabot in #117
- build(deps): bump golang from 1.20.2 to 1.20.3 by @dependabot in #116
- build(deps): bump library/golang from 1.20.2-alpine to 1.20.3-alpine by @dependabot in #115
- build(deps): bump alpine from 3.17.2 to 3.17.3 by @dependabot in #113
- build(deps): bump github.com/go-logr/logr from 1.2.3 to 1.2.4 by @dependabot in #114
- build(deps): bump sigstore/cosign-installer from 3.0.1 to 3.0.2 by @dependabot in #118
- build(deps): bump actions/checkout from 3.5.0 to 3.5.1 by @dependabot in #119
- build(deps): bump actions/checkout from 3.5.1 to 3.5.2 by @dependabot in #121
- build(deps): bump github.com/rs/zerolog from 1.29.0 to 1.29.1 by @dependabot in #120
- build(deps): bump sigstore/cosign-installer from 3.0.2 to 3.0.3 by @dependabot in #122
- build(deps): bump github.com/urfave/cli/v2 from 2.25.1 to 2.25.2 by @dependabot in #123
- build(deps): bump library/golang from 1.20.3-alpine to 1.20.4-alpine by @dependabot in #126
- build(deps): bump golang from 1.20.3 to 1.20.4 by @dependabot in #125
- build(deps): bump github.com/urfave/cli/v2 from 2.25.2 to 2.25.3 by @dependabot in #124
- build(deps): bump alpine from 3.17.3 to 3.18.0 by @dependabot in #128
- build(deps): bump golang.org/x/sync from 0.1.0 to 0.2.0 by @dependabot in #127
- build(deps): bump actions/setup-go from 4.0.0 to 4.0.1 by @dependabot in #129
- build(deps): bump sigstore/cosign-installer from 3.0.3 to 3.0.4 by @dependabot in #130
- build(deps): bump sigstore/cosign-installer from 3.0.4 to 3.0.5 by @dependabot in #131
- build(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 by @dependabot in #132
- build(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 by @dependabot in #136
- build(deps): bump library/golang from 1.20.4-alpine to 1.20.5-alpine by @dependabot in #140
- build(deps): bump golang from 1.20.4 to 1.20.5 by @dependabot in #139
- build(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 by @dependabot in #137
- build(deps): bump github.com/goreleaser/nfpm/v2 from 2.28.0 to 2.30.1 by @dependabot in #141
- build(deps): bump github.com/urfave/cli/v2 from 2.25.3 to 2.25.5 by @dependabot in #135
- build(deps): bump docker/login-action from 2.1.0 to 2.2.0 by @dependabot in #142
- build(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 by @dependabot in #146
- build(deps): bump github.com/urfave/cli/v2 from 2.25.5 to 2.25.6 by @dependabot in #144
- build(deps): bump actions/checkout from 3.5.2 to 3.5.3 by @dependabot in #143
- build(deps): bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 by @dependabot in #145
Full Changelog: v0.0.9...v0.0.10
Contributors
dependabot
Assets 15
v0.0.9
What's Changed
- dependabot: github-actions too by @thepwagner in #74
- Bump golangci/golangci-lint-action from 3.2.0 to 3.3.1 by @dependabot in #75
- Bump actions/checkout from 3.0.2 to 3.3.0 by @dependabot in #78
- Bump docker/login-action from 2.0.0 to 2.1.0 by @dependabot in #76
- Bump goreleaser/goreleaser-action from 2.9.1 to 4.1.0 by @dependabot in #79
- Bump github.com/urfave/cli/v2 from 2.23.7 to 2.24.1 by @dependabot in #80
- Bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 by @dependabot in #82
- Bump goreleaser/goreleaser-action from 4.1.0 to 4.1.1 by @dependabot in #85
- Bump github.com/rs/zerolog from 1.28.0 to 1.29.0 by @dependabot in #83
- Bump github.com/urfave/cli/v2 from 2.24.1 to 2.24.2 by @dependabot in #84
- Bump goreleaser/goreleaser-action from 4.1.1 to 4.2.0 by @dependabot in #86
- Bump golang from 1.19.5 to 1.20.0 by @dependabot in #88
- Bump github.com/go-logr/zerologr from 1.2.2 to 1.2.3 by @dependabot in #87
- Bump github.com/urfave/cli/v2 from 2.24.2 to 2.24.3 by @dependabot in #91
- Bump alpine from 3.17.1 to 3.17.2 by @dependabot in #93
- Bump actions/setup-go from 3.0.0 to 3.5.0 by @dependabot in #77
- Bump library/golang from 1.19.5-alpine to 1.20.0-alpine by @dependabot in #90
- Bump github.com/goreleaser/nfpm/v2 from 2.23.0 to 2.26.0 by @dependabot in #94
- build(deps): bump library/golang from 1.20.0-alpine to 1.20.1-alpine by @dependabot in #96
- build(deps): bump golang from 1.20.0 to 1.20.1 by @dependabot in #95
- build(deps): bump github.com/urfave/cli/v2 from 2.24.3 to 2.24.4 by @dependabot in #97
- build(deps): bump golang.org/x/net from 0.4.0 to 0.7.0 by @dependabot in #98
- build(deps): bump golang.org/x/sync from 0.0.0-20210220032951-036812b2e83c to 0.1.0 by @dependabot in #99
- build(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 by @dependabot in #100
- build(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 by @dependabot in #101
- build(deps): bump github.com/urfave/cli/v2 from 2.24.4 to 2.25.0 by @dependabot in #102
- sign-blob -y by @thepwagner in #103
- cosign sign -y by @thepwagner in #104
Full Changelog: v0.0.8...v0.0.9
Contributors
thepwagner and dependabot
Assets 15
v0.0.8
What's Changed
- Bump github.com/goreleaser/nfpm/v2 from 2.22.0 to 2.22.1 by @dependabot in #63
- Bump alpine from 3.16.3 to 3.17.0 by @dependabot in #64
- Bump github.com/goreleaser/nfpm/v2 from 2.22.1 to 2.22.2 by @dependabot in #65
- Bump library/golang from 1.19.3-alpine to 1.19.4-alpine by @dependabot in #68
- Bump golang from 1.19.3 to 1.19.4 by @dependabot in #67
- Bump github.com/urfave/cli/v2 from 2.23.5 to 2.23.6 by @dependabot in #66
- Bump github.com/urfave/cli/v2 from 2.23.6 to 2.23.7 by @dependabot in #69
- Bump github.com/goreleaser/nfpm/v2 from 2.22.2 to 2.23.0 by @dependabot in #70
- Bump alpine from 3.17.0 to 3.17.1 by @dependabot in #71
- Bump library/golang from 1.19.4-alpine to 1.19.5-alpine by @dependabot in #73
- Bump golang from 1.19.4 to 1.19.5 by @dependabot in #72
Full Changelog: v0.0.7...v0.0.8
Contributors
dependabot
Assets 15
v0.0.7
What's Changed
- Bump github.com/urfave/cli/v2 from 2.11.2 to 2.14.1 by @dependabot in #39
- Bump library/golang from 1.19.0-alpine to 1.19.1-alpine by @dependabot in #41
- Bump golang from 1.19.0 to 1.19.1 by @dependabot in #40
- Bump github.com/urfave/cli/v2 from 2.14.1 to 2.16.2 by @dependabot in #42
- Bump github.com/urfave/cli/v2 from 2.16.2 to 2.16.3 by @dependabot in #43
- Bump github.com/goreleaser/nfpm/v2 from 2.18.1 to 2.19.1 by @dependabot in #44
- Bump github.com/urfave/cli/v2 from 2.16.3 to 2.17.1 by @dependabot in #45
- Bump github.com/goreleaser/nfpm/v2 from 2.19.1 to 2.19.2 by @dependabot in #46
- Bump library/golang from 1.19.1-alpine to 1.19.2-alpine by @dependabot in #48
- Bump golang from 1.19.1 to 1.19.2 by @dependabot in #47
- Bump github.com/urfave/cli/v2 from 2.17.1 to 2.19.2 by @dependabot in #49
- Bump github.com/goreleaser/nfpm/v2 from 2.19.2 to 2.20.0 by @dependabot in #51
- Bump github.com/urfave/cli/v2 from 2.19.2 to 2.20.2 by @dependabot in #50
- Bump github.com/urfave/cli/v2 from 2.20.2 to 2.20.3 by @dependabot in #53
- Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 by @dependabot in #52
- Bump github.com/urfave/cli/v2 from 2.20.3 to 2.23.0 by @dependabot in #54
- Bump golang from 1.19.2 to 1.19.3 by @dependabot in #56
- Bump library/golang from 1.19.2-alpine to 1.19.3-alpine by @dependabot in #55
- Bump github.com/goreleaser/nfpm/v2 from 2.20.0 to 2.21.0 by @dependabot in #57
- Bump github.com/urfave/cli/v2 from 2.23.0 to 2.23.2 by @dependabot in #58
- Bump github.com/urfave/cli/v2 from 2.23.2 to 2.23.5 by @dependabot in #59
- Bump github.com/goreleaser/nfpm/v2 from 2.21.0 to 2.22.0 by @dependabot in #62
- Bump alpine from 3.16.2 to 3.16.3 by @dependabot in #61
Thanks Dependabot! 🤩
Full Changelog: v0.0.6...v0.0.7
Contributors
dependabot
Assets 2
v0.0.6
What's Changed
- Migrate off probot-CLA to new GitHub Action by @cursedcoder in #26
- Bump github.com/urfave/cli/v2 from 2.11.0 to 2.11.1 by @dependabot in #28
- Bump github.com/goreleaser/nfpm/v2 from 2.16.0 to 2.17.0 by @dependabot in #29
- Bump golang from 1.18.4 to 1.18.5 by @dependabot in #30
- Bump library/golang from 1.18.5-alpine to 1.19.0-alpine by @dependabot in #32
- Bump golang from 1.18.5 to 1.19.0 by @dependabot in #31
- Bump alpine from 3.16.1 to 3.16.2 by @dependabot in #33
- Bump github.com/urfave/cli/v2 from 2.11.1 to 2.11.2 by @dependabot in #34
- Bump github.com/goreleaser/nfpm/v2 from 2.17.0 to 2.18.0 by @dependabot in #35
- Bump github.com/goreleaser/nfpm/v2 from 2.18.0 to 2.18.1 by @dependabot in #36
- Bump github.com/rs/zerolog from 1.27.0 to 1.28.0 by @dependabot in #37
New Contributors
- @cursedcoder made their first contribution in #26
Full Changelog: v0.0.5...v0.0.6
The v0.0.5 image is getting noisy:
Pre: v0.0.5
ghcr.io/shopify/hansel:0.0.5 (alpine 3.16.1)
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 1)
┌─────────┬────────────────┬──────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├─────────┼────────────────┼──────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────────┤
│ zlib │ CVE-2022-37434 │ CRITICAL │ 1.2.12-r1 │ 1.2.12-r2 │ zlib: a heap-based buffer over-read or buffer overflow in │
│ │ │ │ │ │ inflate in inflate.c... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-37434 │
└─────────┴────────────────┴──────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────────┘
usr/bin/hansel (gobinary)
Total: 4 (UNKNOWN: 1, LOW: 0, MEDIUM: 1, HIGH: 2, CRITICAL: 0)
┌─────────────────────┬─────────────────────┬──────────┬────────────────────────────────────┬───────────────────────────────────┬────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├─────────────────────┼─────────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ golang.org/x/crypto │ CVE-2022-27191 │ HIGH │ v0.0.0-20211215165025-cf75a172585e │ 0.0.0-20220314234659-1baeb1ce4c0b │ golang: crash in a golang.org/x/crypto/ssh server │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │
│ ├─────────────────────┼──────────┤ │ ├────────────────────────────────────────────────────────────┤
│ │ GHSA-8c26-wmh5-6g9v │ UNKNOWN │ │ │ Attackers can cause a crash in SSH servers when the server │
│ │ │ │ │ │ has... │
│ │ │ │ │ │ https://github.com/advisories/GHSA-8c26-wmh5-6g9v │
├─────────────────────┼─────────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ golang.org/x/net │ CVE-2021-44716 │ HIGH │ v0.0.0-20211007125505-59d4e928ea9d │ 0.0.0-20211209124913-491a49abca63 │ golang: net/http: limit growth of header canonicalization │
│ │ │ │ │ │ cache │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-44716 │
├─────────────────────┼─────────────────────┼──────────┼────────────────────────────────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────┤
│ golang.org/x/sys │ CVE-2022-29526 │ MEDIUM │ v0.0.0-20211205182925-97ca703d548d │ 0.0.0-20220412211240-33da011f77ad │ golang: syscall: faccessat checks wrong group │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29526 │
└─────────────────────┴─────────────────────┴──────────┴────────────────────────────────────┴───────────────────────────────────┴────────────────────────────────────────────────────────────┘
Post: v0.0.6-rc
ghcr.io/shopify/hansel:0.0.5-SNAPSHOT-30c48cb-amd64 (alpine 3.16.2)
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
Contributors
cursedcoder and dependabot
Assets 15
v0.0.5
v0.0.5
This tag was signed with the committer’s verified signature.
thepwagner
Pete Wagner
v0.0.4
v0.0.4
This tag was signed with the committer’s verified signature.
thepwagner
Pete Wagner
Changelog
- ae381e0 Cosign container and binaries (#20)
- 355b325 Merge pull request #21 from Shopify/dependabot/go_modules/github.com/urfave/cli/v2-2.10.3
- a1a70f1 Bump github.com/urfave/cli/v2 from 2.10.2 to 2.10.3
- 483b495 Merge pull request #19 from Shopify/dependabot/go_modules/github.com/stretchr/testify-1.7.5
- cc62fd7 Bump github.com/stretchr/testify from 1.7.4 to 1.7.5
- 4a010be Merge pull request #17 from Shopify/dependabot/go_modules/github.com/urfave/cli/v2-2.10.2
- 60468a5 Bump github.com/urfave/cli/v2 from 2.10.1 to 2.10.2
- e31298d Merge pull request #18 from Shopify/dependabot/go_modules/github.com/stretchr/testify-1.7.4
- ed875d4 Bump github.com/stretchr/testify from 1.7.2 to 1.7.4
- d509da0 Merge pull request #16 from Shopify/dependabot/go_modules/github.com/urfave/cli/v2-2.10.1
- 171bde1 Bump github.com/urfave/cli/v2 from 2.8.1 to 2.10.1
- 2321e56 Merge pull request #15 from Shopify/dependabot/go_modules/github.com/go-logr/zerologr-1.2.2
- 6197c6f Bump github.com/go-logr/zerologr from 1.2.1 to 1.2.2
- 8a4e8c2 Merge pull request #14 from Shopify/dependabot/go_modules/github.com/goreleaser/nfpm/v2-2.16.0
- 901817d Bump github.com/goreleaser/nfpm/v2 from 2.15.1 to 2.16.0
- 72ba3f1 Merge pull request #13 from Shopify/dependabot/go_modules/github.com/rs/zerolog-1.27.0
- 21d5ac0 Bump github.com/rs/zerolog from 1.26.1 to 1.27.0
- 18aed63 Merge pull request #12 from Shopify/dependabot/go_modules/github.com/stretchr/testify-1.7.2
- abd801d Bump github.com/stretchr/testify from 1.7.1 to 1.7.2