v2.2.8
Changelog
3cbe7b2 Consistent -ldflags
across go build
(#1070)
06c14a6 Minor fixes to README.md (#1066)
6b9010e changes (#1062)
2c16597 Fix GitVersion in cron job (#1065)
1d3f3e3 gpg-private-key
in goreleaser (#1064)
9df865c Regenerate docs/checks.md (#1061)
42e2b98 🌱 Bump actions/github-script from 4.1.0 to 4.1.1
0074111 Fix CodeReview bug (#1058)
fb77e42 ✨ Per-check score threshold for SARIF (#1057)
0686ed2 🐛 Fix invalid code review (#1055)
aa93ac2 Modify the text to acknowledge GitHub != universe (#1037)
5655cbb ✨ Add aggregate score to cron JSON (#1050)
b9daae1 🐛 Update message for Code-Review (#1054)
91eb41e 🌱 Check for OSV for a go.mod changes (#1053)
075cf0c 150k+ repos and num_dependents_deps.dev
metadata (#1052)
5d6a7cd ✨ Add policy file (#1002)
90332a9 🌱 Add counting of shell parsing errors (#1026)
44dd10d 📖 Olivekl patch 1 (#1039)
d4caef0 🌱 Fix GO-2020-0020 (#1047)
14dc32f Enforce non-concurrent token usage (#1048)
5fb87cb 🌱 Bump golang.org/x/tools from 0.1.5 to 0.1.6 (#1041)
39bd00c ✨ Add aggregated score (#1046)
fd6e58d 🌱 Fixes GO-2020-0017 OSV (#1045)
51e11e6 🌱 Fix GO-2021-0089 vulnerability
bc5d7a8 📖 Improve text on Packaging (#1035)
ea77ab7 fix prev PR (#1033)
45fb779 📖 Improve explanation about multiple reviewers (and their lack) (#1017)
34b97e3 ✨ Update k8's transfer releasetest-v2 (#1023)
e1a6e7d 📖 Fixed the docs for dependabot
9e81b5f 📖 Fixed the dependabot check message
30cae86 📖 Warn when checks are prone to false negatives (#1019)
1e4f723 🌱 Fixes permission for main.yml action
8b7da7c 📖 Improve rationale for Binary-Artifacts (#1016)
646b339 Explain that active maintenance isn't always needed (#1013)
6868fe6 Note that pinning is a way to mitigate dependency confusion (#1012)
6fb92a3 add version for cron (#1011)
afb01f4 Fix CII Best Practices badge info (#1010)
aa2ed45 📖 Docs: Pinned dependency doc 2 (#1004)
6178207 ✨ Update cron's JSON format (#1001)
b6cd4cf Fix CONTRIBUTING.md for doc updates 📖 (#1007)
a5a6a30 README.md: Add hyperlinks to docs/checks.md (#1008)
b0fab3f code (#1006)
4c4fb61 🌱 Bump cloud.google.com/go/pubsub from 1.16.0 to 1.17.0 (#992)
0590b03 ✨ change message to make it more easier for user (#1003)
ba53081 Tweak "pinned dependency" discussion (#999)
cc044ca 🌱 Bump go.uber.org/zap from 1.19.0 to 1.19.1 (#993)
bc37c74 Remove Owner/Repo strings from CheckRequest (#997)
e730e91 sce.Create -> sce.WithMessage for wrapcheck (#995)
1cb8c06 Bug in Makefile generate-docs (#996)
d6174db semantic version (#991)
af24ed4 🌱 Included codeql check for GitHub Actions (#988)
870db56 Cleanup documentation code (#981)
1da121d ✨ Give low importance to github-owned actions (#802) (#906)
576447a 🌱 Fix the jwt finding
924d4d5 📖 Update README.md (#976)
2b15b13 🌱 Moving tools dependencies to separate go.mod
1c7ba79 🐛 Github workflow steps run on Windows should default to pwsh as its shell (#877)
a3d63bf 🌱 Updated actions permission for codeql (#964)
942c4cf 🌱 Bump crazy-max/ghaction-import-gpg from 3.2.0 to 4 (#971)
0aa4305 🌱 Bump github.com/golangci/golangci-lint from 1.42.0 to 1.42.1 (#973)
5476b87 ✨ Removed unnecessary linters (#969)
f220924 🌱 Bump distroless/base in /cron/worker
29b7bd3 Parsing GitHub Workflows should only happen on yaml files
2ae8910 📖 Fixed the deadlink to the documentation (#963)
fda87a4 Fixed typo reepo to repo
f55b86d 🌱 Bump peter-evans/slash-command-dispatch from 2.2.1 to 2.3.0 (#955)
e30d9e5 🌱 Bump gocloud.dev from 0.23.0 to 0.24.0 (#956)
b847d54 🌱 Bump distroless/base in /cron/controller (#961)
0620758 Updated go get to go install (#953)