search

ah-ha-admin / refactored-memory

MIT License
1 stars 1 forks source link

Update sigstore/cosign-installer action to v3 #300

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Type Update Change
sigstore/cosign-installer action major v2.8.1 -> v3.0.1

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

Release Notes

sigstore/cosign-installer ### [`v3.0.1`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.0.1) [Compare Source](https://togithub.com/sigstore/cosign-installer/compare/v3.0.0...v3.0.1) #### What's Changed - make cosign v2.0.0 default version by [@​developer-guy](https://togithub.com/developer-guy) in [https://github.com/sigstore/cosign-installer/pull/109](https://togithub.com/sigstore/cosign-installer/pull/109) **Full Changelog**: https://github.com/sigstore/cosign-installer/compare/v3.0.0...v3.0.1 ### [`v3.0.0`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.0.0) [Compare Source](https://togithub.com/sigstore/cosign-installer/compare/v2.8.1...v3.0.0) ##### Breaking change Cosign v2 has some breaking changes. Please check those: https://blog.sigstore.dev/cosign-2-0-released/ ##### What's Changed - test: add logs when downloading the public keys by [@​hectorj2f](https://togithub.com/hectorj2f) in [https://github.com/sigstore/cosign-installer/pull/106](https://togithub.com/sigstore/cosign-installer/pull/106) - Add support to install v2 and any other cosign release candidate by [@​hectorj2f](https://togithub.com/hectorj2f) in [https://github.com/sigstore/cosign-installer/pull/105](https://togithub.com/sigstore/cosign-installer/pull/105) - v2.0.0 release by [@​sabre1041](https://togithub.com/sabre1041) in [https://github.com/sigstore/cosign-installer/pull/108](https://togithub.com/sigstore/cosign-installer/pull/108) ##### New Contributors - [@​hectorj2f](https://togithub.com/hectorj2f) made their first contribution in [https://github.com/sigstore/cosign-installer/pull/106](https://togithub.com/sigstore/cosign-installer/pull/106) - [@​sabre1041](https://togithub.com/sabre1041) made their first contribution in [https://github.com/sigstore/cosign-installer/pull/108](https://togithub.com/sigstore/cosign-installer/pull/108) **Full Changelog**: https://github.com/sigstore/cosign-installer/compare/v2...v3.0.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

vercel[bot] commented 1 year ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated
refactored-memory ❌ Failed (Inspect) Mar 2, 2023 at 9:16PM (UTC)
refactored-memory-pif7 ❌ Failed (Inspect) Mar 2, 2023 at 9:16PM (UTC)
commit-lint[bot] commented 1 year ago

Contributors

renovate[bot]

Commit-Lint commands
You can trigger Commit-Lint actions by commenting on this PR: - `@Commit-Lint merge patch` will merge dependabot PR on "patch" versions (X.X.Y - Y change) - `@Commit-Lint merge minor` will merge dependabot PR on "minor" versions (X.Y.Y - Y change) - `@Commit-Lint merge major` will merge dependabot PR on "major" versions (Y.Y.Y - Y change) - `@Commit-Lint merge disable` will desactivate merge dependabot PR - `@Commit-Lint review` will approve dependabot PR - `@Commit-Lint stop review` will stop approve dependabot PR
netlify[bot] commented 1 year ago

Deploy Preview for gorgeous-jalebi-1d9cf4 failed.

Name Link
Latest commit 07715385fd2f5fdd159c4140bd4e05c218220b52
Latest deploy log https://app.netlify.com/sites/gorgeous-jalebi-1d9cf4/deploys/64011233bd824e0008abfaf9
squash-labs[bot] commented 1 year ago

Manage this branch in Squash

Test this branch here: https://renovatesigstore-cosign-instal-skevq.squash.io
guardrails[bot] commented 1 year ago

:warning: We detected 19 security issues in this pull request:

Mode: paranoid | Total findings: 19 | Considered vulnerability: 19

Insecure Use of Dangerous Function (2)
Docs | Details ----- | -------- [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/ruby/insecure_use_of_dangerous_function.html?utm_source=ghpr#dangerous-exec) | Title: **Non-static OS command execution**, Severity: High
https://github.com/ah-ha-admin/refactored-memory/blob/07715385fd2f5fdd159c4140bd4e05c218220b52/.github/workflows/setup.rb#L16 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/ruby/insecure_use_of_dangerous_function.html?utm_source=ghpr#dangerous-exec) | Title: **Non-static OS command execution**, Severity: High
https://github.com/ah-ha-admin/refactored-memory/blob/07715385fd2f5fdd159c4140bd4e05c218220b52/setup.rb#L16 More info on how to fix Insecure Use of Dangerous Function in [Ruby](https://docs.guardrails.io/docs/en/vulnerabilities/ruby/insecure_use_of_dangerous_function.html?utm_source=ghpr). ---
Insecure Network Communication (2)
Docs | Details ----- | -------- [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/azureresourcemanager/insecure_network_communication.html?utm_source=ghpr#b5c851d5-00f1-43dc-a8de-3218fd6f71be) | Title: **Web App Not Using TLS Last Version**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/07715385fd2f5fdd159c4140bd4e05c218220b52/azuredeploy.json#L50 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/azureresourcemanager/insecure_network_communication.html?utm_source=ghpr#488847ff-6031-487c-bf42-98fd6ac5c9a0) | Title: **Website Not Forcing HTTPS**, Severity: Critical
https://github.com/ah-ha-admin/refactored-memory/blob/07715385fd2f5fdd159c4140bd4e05c218220b52/azuredeploy.json#L60 More info on how to fix Insecure Network Communication in [Azureresourcemanager](https://docs.guardrails.io/docs/en/vulnerabilities/azureresourcemanager/insecure_network_communication.html?utm_source=ghpr). ---
Vulnerable Libraries (5)
Severity | Details ----- | -------- N/A | [actionpack@7.0.4](https://github.com/ah-ha-admin/refactored-memory/blob/07715385fd2f5fdd159c4140bd4e05c218220b52/.github/workflows/Gemfile.lock#L5) upgrade to: *'~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'* N/A | [activerecord@7.0.4](https://github.com/ah-ha-admin/refactored-memory/blob/07715385fd2f5fdd159c4140bd4e05c218220b52/.github/workflows/Gemfile.lock#L12) upgrade to: *'~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'* N/A | [activesupport@7.0.4](https://github.com/ah-ha-admin/refactored-memory/blob/07715385fd2f5fdd159c4140bd4e05c218220b52/.github/workflows/Gemfile.lock#L6) upgrade to: *'~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'* N/A | [globalid@7.0.4](https://github.com/ah-ha-admin/refactored-memory/blob/07715385fd2f5fdd159c4140bd4e05c218220b52/.github/workflows/Gemfile.lock#L41) upgrade to: *'~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'* N/A | [rack@7.0.4](https://github.com/ah-ha-admin/refactored-memory/blob/07715385fd2f5fdd159c4140bd4e05c218220b52/.github/workflows/Gemfile.lock#L32) upgrade to: *'~> 5.2.8, >= 5.2.8.15', '~> 6.1.7, >= 6.1.7.1', '>= 7.0.4.1'* More info on how to fix Vulnerable Libraries in [Ruby](https://docs.guardrails.io/docs/en/vulnerabilities/ruby/using_vulnerable_libraries.html?utm_source=ghpr). ---
Hard-Coded Secrets (10)
Docs | Details ----- | -------- [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#HexHighEntropyString) | Title: **Hex High Entropy String**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/07715385fd2f5fdd159c4140bd4e05c218220b52/AndroidManifest.xml#L6 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#Base64HighEntropyString) | Title: **Base64 High Entropy String**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/07715385fd2f5fdd159c4140bd4e05c218220b52/nuget.config#L10 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#stackhawk-api-key) | Title: **StackHawk API Key**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/07715385fd2f5fdd159c4140bd4e05c218220b52/.github/workflows/stackhawk.yml#L1 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#stackhawk-api-key) | Title: **StackHawk API Key**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/07715385fd2f5fdd159c4140bd4e05c218220b52/.github/workflows/stackhawk.yml#L93 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#github-token-new) | Title: **New GitHub Token Format**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/07715385fd2f5fdd159c4140bd4e05c218220b52/.github/action.yml#L16 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#github-token-new) | Title: **New GitHub Token Format**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/07715385fd2f5fdd159c4140bd4e05c218220b52/.github/workflows/action.yml#L510 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#github-token-new) | Title: **New GitHub Token Format**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/07715385fd2f5fdd159c4140bd4e05c218220b52/.github/Sexflixxxvip00/nuget.config#L10 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#github-token-new) | Title: **New GitHub Token Format**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/07715385fd2f5fdd159c4140bd4e05c218220b52/.github/nuget.config#L10 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#github-token-new) | Title: **New GitHub Token Format**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/07715385fd2f5fdd159c4140bd4e05c218220b52/.github/workflows/nuget.config#L10 [:bulb:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#github-token-new) | Title: **New GitHub Token Format**, Severity: Medium
https://github.com/ah-ha-admin/refactored-memory/blob/07715385fd2f5fdd159c4140bd4e05c218220b52/.github/workflows/static.yml#L9 More info on how to fix Hard-Coded Secrets in [General](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.