Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: add SAST scanning #108

Merged
merged 5 commits into from
Oct 6, 2022
Merged

chore: add SAST scanning #108

merged 5 commits into from
Oct 6, 2022

Conversation

justinabrahms
Copy link
Member

Refs #84

Signed-off-by: Justin Abrahms [email protected]

@justinabrahms justinabrahms changed the title add SAST scanning chore: add SAST scanning Oct 3, 2022
@codecov-commenter
Copy link

codecov-commenter commented Oct 3, 2022
edited
Loading

Codecov Report

Merging #108 (71aca52) into main (715fd03) will not change coverage.
The diff coverage is n/a.

❗ Current head 71aca52 differs from pull request most recent head a1164e1. Consider uploading reports for the commit a1164e1 to get more accurate results

@@            Coverage Diff            @@
##               main     #108   +/-   ##
=========================================
  Coverage     91.84%   91.84%           
  Complexity      175      175           
=========================================
  Files            19       19           
  Lines           380      380           
  Branches         23       23           
=========================================
  Hits            349      349           
  Misses           20       20           
  Partials         11       11
Flag Coverage Δ
unittests 91.84% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

toddbaert
toddbaert reviewed Oct 3, 2022
View reviewed changes
.github/workflows/static-code-scanning.yaml Outdated
Comment on lines 10 to 20
schedule:
# ┌───────────── minute (0 - 59)
# │ ┌───────────── hour (0 - 23)
# │ │ ┌───────────── day of the month (1 - 31)
# │ │ │ ┌───────────── month (1 - 12 or JAN-DEC)
# │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
# │ │ │ │ │
# │ │ │ │ │
# │ │ │ │ │
# * * * * *
- cron: '30 1 * * 1'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

woah.

@toddbaert toddbaert self-requested a review October 3, 2022 12:27
toddbaert
toddbaert previously approved these changes Oct 3, 2022
View reviewed changes
Copy link
Member

@toddbaert toddbaert left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wanted to make sure we were OK to use this, and I found this.

CodeQL is free for research and open source.

https://codeql.github.com/

I'm not sure if there's any specific requirements we need to satisfy.

LGTM

@justinabrahms
Copy link
Member Author

I'm currently experimenting with how to get the build time for this step lower. If I can't, I'll probably kick it off on a schedule.

@justinabrahms
Copy link
Member Author

GitHub CodeQL can only be used on codebases that are released under an OSI-approved open source license, or to perform academic research, or to generate CodeQL databases for or during automated analysis, continuous integration (CI) or continuous delivery (CD) in the following cases: (1) on any Open Source Codebase hosted and maintained on GitHub.com, and (2) to test CodeQL queries you have released under an OSI-approved open source software license. It can't be used for automated analysis, continuous integration or continuous delivery, whether as part of normal software engineering processes or otherwise, except in the express cases set forth herein. For these uses, contact the sales team.

Seems like we're pretty squarely in the good here. Interesting terms tho!

@justinabrahms justinabrahms enabled auto-merge (squash) October 3, 2022 17:02
toddbaert
toddbaert previously approved these changes Oct 5, 2022
View reviewed changes
@toddbaert toddbaert self-requested a review October 6, 2022 02:06
@justinabrahms justinabrahms merged commit 3788a3b into main Oct 6, 2022
@justinabrahms justinabrahms deleted the static-scanning branch October 6, 2022 02:06
pbhandari9541 pushed a commit to pbhandari9541/java-sdk that referenced this pull request Nov 3, 2022
@justinabrahms
chore: add SAST scanning (open-feature#108)
d779757 
* add SAST scanning

Refs open-feature#84

Signed-off-by: Justin Abrahms <[email protected]>

* Java scanning only

Signed-off-by: Justin Abrahms <[email protected]>

* Try codeql on the normal build to see how much longer it is.

Signed-off-by: Justin Abrahms <[email protected]>

Signed-off-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>
justinabrahms added a commit that referenced this pull request Nov 4, 2022
@pbhandari9541 @toddbaert
@github-actions @justinabrahms @renovate @dependabot @step-security-bot @beeme1mr @rgrassian-split @snyk-bot
fix(deps): Spot bug scope change (#173)
113b5e5 
* chore: add integration tests (#77)

* chore: add integration tests

Signed-off-by: Todd Baert <[email protected]>

* improve POM spacing

Signed-off-by: Todd Baert <[email protected]>

Signed-off-by: Todd Baert <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(main): release dev.openfeature.javasdk 0.2.2 (#76)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* feat!: errorCode as enum, reason as string (#80)

* feat!: errorCode as enum, reason as string

- makes errorCode an enum
- makes reason a string
- adds errorMessage to resolution/evaluation details

Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: add CODEOWNERS (#85)

Create CODEOWNERS

refs #83

Signed-off-by: Justin Abrahms <[email protected]>

Signed-off-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: Configure Renovate (#86)

chore(deps): add renovate.json

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency com.github.spotbugs:spotbugs to v4.7.2 (#87)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency com.github.spotbugs:spotbugs-maven-plugin to v4.7.2.0 (#88)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.4.1 (#90)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.sonatype.plugins:nexus-staging-maven-plugin to v1.6.13 (#91)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* fix(deps): update junit5 monorepo (#92)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.apache.maven.plugins:maven-pmd-plugin to v3.19.0 (#97)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* fix(deps): update dependency io.cucumber:cucumber-bom to v7.8.0 (#100)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.mockito:mockito-core to v4.8.0 (#99)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update codecov/codecov-action action to v3 (#102)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.apache.maven.plugins:maven-gpg-plugin to v1.6 (#96)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.apache.maven.plugins:maven-source-plugin to v3 (#105)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.apache.maven.plugins:maven-compiler-plugin to v3.10.1 (#95)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.apache.maven.plugins:maven-gpg-plugin to v3 (#104)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.apache.maven.plugins:maven-checkstyle-plugin to v3.2.0 (#94)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update actions/cache action to v3 (#101)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency com.puppycrawl.tools:checkstyle to v8.45.1 (#93)

* chore(deps): update dependency com.puppycrawl.tools:checkstyle to v8.45.1

* scope property went away in the latest version

jshiell/checkstyle-idea#525 (comment)

Signed-off-by: Justin Abrahms <[email protected]>

* scope wasn't deleted on the other one

Signed-off-by: Justin Abrahms <[email protected]>

Signed-off-by: Justin Abrahms <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* refactor!: Change the package name. Everyone knows it's java (or it doesn't matter) (#111)

* Change the package name. Everyone knows it's java (or it doesn't matter)

Fixes #82

Signed-off-by: Justin Abrahms <[email protected]>

* Missed 2 strings

Signed-off-by: Justin Abrahms <[email protected]>

* remove broken flagd import until changes absorbed

Signed-off-by: Todd Baert <[email protected]>

Signed-off-by: Justin Abrahms <[email protected]>
Signed-off-by: Todd Baert <[email protected]>
Co-authored-by: Todd Baert <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: Write perms should be as tightly scoped as possible. (#107)

* Add a dependabot file to keep deps up to date

Signed-off-by: Justin Abrahms <[email protected]>

* Move write permissions to the specific job, rather than globally

Signed-off-by: Justin Abrahms <[email protected]>

* Run code scanning (slow auto-build) weekly

Signed-off-by: Justin Abrahms <[email protected]>

Signed-off-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: fix dependabot pr titles (#118)

Signed-off-by: Todd Baert <[email protected]>

Signed-off-by: Todd Baert <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: Bump cucumber-bom from 7.8.0 to 7.8.1 (#115)

Bump cucumber-bom from 7.8.0 to 7.8.1

Bumps [cucumber-bom](https://github.com/cucumber/cucumber-jvm) from 7.8.0 to 7.8.1.
- [Release notes](https://github.com/cucumber/cucumber-jvm/releases)
- [Changelog](https://github.com/cucumber/cucumber-jvm/blob/main/CHANGELOG.md)
- [Commits](cucumber/cucumber-jvm@v7.8.0...v7.8.1)

---
updated-dependencies:
- dependency-name: io.cucumber:cucumber-bom
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: add SAST scanning (#108)

* add SAST scanning

Refs #84

Signed-off-by: Justin Abrahms <[email protected]>

* Java scanning only

Signed-off-by: Justin Abrahms <[email protected]>

* Try codeql on the normal build to see how much longer it is.

Signed-off-by: Justin Abrahms <[email protected]>

Signed-off-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* feat!: use evaluation context interface (#112)

* POC - use evaluation context interface

Signed-off-by: Todd Baert <[email protected]>

* make .merge non-static

Signed-off-by: Todd Baert <[email protected]>

* improve naming

Signed-off-by: Todd Baert <[email protected]>

* add @OverRide

Signed-off-by: Todd Baert <[email protected]>

* Update src/main/java/dev/openfeature/sdk/EvaluationContext.java

Co-authored-by: Justin Abrahms <[email protected]>
Signed-off-by: Todd Baert <[email protected]>

* Update src/main/java/dev/openfeature/sdk/MutableContext.java

Co-authored-by: Justin Abrahms <[email protected]>
Signed-off-by: Todd Baert <[email protected]>

* address PR feedback

Signed-off-by: Todd Baert <[email protected]>

Signed-off-by: Todd Baert <[email protected]>
Co-authored-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* feat: Support for generating CycloneDX sboms (#119)

Signed-off-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: [StepSecurity] ci: Harden GitHub Actions (#120)

* [StepSecurity] ci: Harden GitHub Actions in release.yml

* [StepSecurity] ci: Harden GitHub Actions in static-code-scanning.yaml

* [StepSecurity] ci: Harden GitHub Actions in lint-pr.yml

* [StepSecurity] ci: Harden GitHub Actions in merge.yml

* [StepSecurity] ci: Harden GitHub Actions in pullrequest.yml

Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: I don't think we use that permission? (#123)

I don't think we use that permission?

Signed-off-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: Document where to find our SBOMs (#124)

Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update actions/cache digest to a3f5edc (#121)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update actions/setup-java digest to e150063 (#125)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: Remove more perms (#130)

Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.cyclonedx:cyclonedx-maven-plugin to v2.7.1 (#128)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update github/codeql-action digest to 3d39294 (#127)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update codecov/codecov-action digest to e0fbd59 (#126)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: Bump actions/checkout from 3.0.2 to 3.1.0 (#139)

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.2 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@2541b12...93ea575)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: Bump actions/setup-java from e150063ee446b60ce2e35b040e81846da9001576 to a82e6d00200608b0b4c131bc9a89f7349786bd33 (#140)

chore: Bump actions/setup-java

Bumps [actions/setup-java](https://github.com/actions/setup-java) from e150063ee446b60ce2e35b040e81846da9001576 to a82e6d00200608b0b4c131bc9a89f7349786bd33.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@e150063...a82e6d0)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: bump spotbugs-maven-plugin from 4.7.2.0 to 4.7.2.1 (#136)

Bumps [spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) from 4.7.2.0 to 4.7.2.1.
- [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases)
- [Commits](spotbugs/spotbugs-maven-plugin@spotbugs-maven-plugin-4.7.2.0...spotbugs-maven-plugin-4.7.2.1)

---
updated-dependencies:
- dependency-name: com.github.spotbugs:spotbugs-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: exclude component in git tag (#143)

Signed-off-by: Michael Beemer <[email protected]>

Signed-off-by: Michael Beemer <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update dependency org.cyclonedx:cyclonedx-maven-plugin to v2.7.2 (#141)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* feat!: add rw locks to client/api, hook accessor name (#131)

* fix: add read/write locks to client/api

Signed-off-by: Todd Baert <[email protected]>

* dont lock entire evaluation

Signed-off-by: Todd Baert <[email protected]>

* add tests

Signed-off-by: Todd Baert <[email protected]>

* fixup comment

Signed-off-by: Todd Baert <[email protected]>

* fixup pom comment

Signed-off-by: Todd Baert <[email protected]>

* increase lock granularity, imporove tests

Signed-off-by: Todd Baert <[email protected]>

* fix spotbugs

Signed-off-by: Todd Baert <[email protected]>

* remove commented test

Signed-off-by: Todd Baert <[email protected]>

Signed-off-by: Todd Baert <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update actions/setup-java digest to 3617c43 (#132)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update amannn/action-semantic-pull-request digest to b314c1b (#135)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: Remove dependabot. I like renovate better (#142)

Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update amannn/action-semantic-pull-request digest to 7c194c2 (#144)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update github/codeql-action digest to 44edb7c (#133)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update actions/checkout digest to 8230315 (#122)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(main): release 0.3.0 (#114)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: re-enable integration tests (#146)

Update test harness and re-enable integration test profile

Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update actions/cache digest to 9b0c1fc (#145)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* fix: merge eval context (#149)

fix merge eval context

Signed-off-by: Robert Grassian <[email protected]>

Signed-off-by: Robert Grassian <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(main): release 0.3.1 (#150)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update github/codeql-action digest to 297ec80 (#147)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: update test/spec association numbers, badge (#156)

* chore: update test/spec association numbers

Signed-off-by: Todd Baert <[email protected]>

* chore: update spec tag

Signed-off-by: Todd Baert <[email protected]>

Signed-off-by: Todd Baert <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update actions/cache digest to 2b04a41 (#158)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(security): [Snyk] Security upgrade com.github.spotbugs:spotbugs from 4.7.2 to 4.7.3 (#157)

fix: pom.xml to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JAVA-ORGAPACHECOMMONS-3043138

Co-authored-by: snyk-bot <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: Add docs link (#165)

Signed-off-by: Todd Baert <[email protected]>

Signed-off-by: Todd Baert <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore: Mark project as active. (#167)

Mark project as active.

Signed-off-by: Justin Abrahms <[email protected]>

Signed-off-by: Justin Abrahms <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(main): release 1.0.0 (#168)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* chore(deps): update actions/cache digest to 8bec1e4 (#159)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

* changes spotbug scope to provided.

Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>

Signed-off-by: Todd Baert <[email protected]>
Signed-off-by: Bhandari, Pramesh(AWF) <[email protected]>
Signed-off-by: Justin Abrahms <[email protected]>
Signed-off-by: Justin Abrahms <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Michael Beemer <[email protected]>
Signed-off-by: Robert Grassian <[email protected]>
Signed-off-by: Pramesh <[email protected]>
Co-authored-by: Todd Baert <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Justin Abrahms <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Step Security Bot <[email protected]>
Co-authored-by: Michael Beemer <[email protected]>
Co-authored-by: Robert Grassian <[email protected]>
Co-authored-by: snyk-bot <[email protected]>
Co-authored-by: Bhandari, Pramesh(AWF) <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@toddbaert toddbaert toddbaert approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@justinabrahms @codecov-commenter @toddbaert