search

sommerfeld-io / website

Website www.sommerfeld.io
https://www.sommerfeld.io
Other
0 stars 0 forks source link

Bump pozil/auto-assign-issue from 1 to 2 #122

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 4 months ago

Bumps pozil/auto-assign-issue from 1 to 2.

Release notes

Sourced from pozil/auto-assign-issue's releases.

v2.0.0 - Node 20 support

  • feat: switch to node@20

v1.14.0 - Random assignments with weights

  • feat: support for weights in random assignments (addresses #120)
  • build: bumped dependencies

v1.13.0 - Add team as PR reviewer

  • feat: new parameter to add a team as PR reviewer. Thanks to @​johmara
  • build: bumped dependencies (requires node 18+)

v1.12.0 - Manual issue number override

  • feat: new parameter to manually override issue number. Thanks to @​bwplotka
  • build: bumped dependencies

v1.11.0 - abortIfPreviousAssignees flag

  • feat: added an abortIfPreviousAssignees flag that aborts the action if there were assignees previously. False by default.

v1.10.1 - Bumped dependencies

No release notes provided.

v1.10.0 - Manual workflow run & build updates

  • feat: support for manual workflow_run trigger. Thanks to @​CalumY.
  • fix: allow authors to be assigned to PRs that they have created but prevent them from being assigned as a reviewer. Thanks to @​CalumY.
  • build: switched to lockfile v2
  • build: used Volta to pin versions to align with GitHub Actions environment
    • node@16.16.0
    • npm@8.11.0
  • build: bumped dependencies

v1.9.0 - Remove PR reviewers

feat: action will now remove both PR assignees and reviewers. Thanks to @​agomezmoron

v1.8.0 - Allow no assignees

feat: added an allowNoAssignees flag that prevents the action from failing when there are no assignees as suggested in pozil/auto-assign-issue#58.

v1.7.3 - Fix for PRs to private repos

v1.7.2 - Prevent PR self assignment

fix: prevent PR self assignment even if options allow it (self assigning a PR for review is forbidden by GitHub). Thanks to @​agomezmoron.

v1.7.1 - Fixed PR assign/deassign

  • Fixed the assignation and de-assignation of reviewers of a PR. Thanks to @​agomezmoron for the contrib
  • Bumped dependencies

v1.7.0 - Prevents issue self-assignment

  • Added a new flag that prevents issue self-assignment
  • Significant code refactoring
  • Improved doc examples

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
github-actions[bot] commented 4 months ago

Overview

Image reference sommerfeldio/website:latest sommerfeldio/website:rc
- digest c639c00567e0 348a7dd67280
- provenance https://github.com/sommerfeld-io/website/commit/d2e93bda89bc9c43028164f8174042ad2ff89ecd https://github.com/sommerfeld-io/website/commit/254c8e0a237fa7d4d81dae0b79d7c8a155caa95f
- vulnerabilities critical: 0 high: 2 medium: 5 low: 0 unspecified: 3 critical: 0 high: 0 medium: 1 low: 0 unspecified: 1
- platform linux/amd64 linux/amd64
- size 42 MB 34 MB (-8.7 MB)
- packages 52 39 (-13)
Base Image httpd:2-alpine
also known as:
2-alpine3.19
2.4-alpine
2.4-alpine3.19
alpine
alpine3.19		 httpd:2-alpine
also known as:
2-alpine3.19
2.4-alpine
2.4-alpine3.19
2.4.59-alpine
2.4.59-alpine3.19
alpine
alpine3.19
- vulnerabilities critical: 0 high: 2 medium: 5 low: 0 unspecified: 3 critical: 0 high: 0 medium: 1 low: 0 unspecified: 1
Environment Variables (2 changes) > * `±` 2 changed > * _3 unchanged_ ```diff HTTPD_PATCHES= HTTPD_PREFIX=/usr/local/apache2 -HTTPD_SHA256=fa16d72a078210a54c47dd5bef2f8b9b8a01d94909a51453956b3ec6442ea4c5 +HTTPD_SHA256=ec51501ec480284ff52f637258135d333230a7d229c3afa6f6c2f9040e321323 -HTTPD_VERSION=2.4.58 +HTTPD_VERSION=2.4.59 PATH=/usr/local/apache2/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ```
Labels (3 changes) > * `±` 3 changed > * _6 unchanged_ ```diff maintainer=sebastian@sommerfeld.io -org.opencontainers.image.created=2023-12-28T14:46:03.798Z +org.opencontainers.image.created=2024-05-17T08:48:10.196Z org.opencontainers.image.description=Website www.sommerfeld.io -org.opencontainers.image.licenses= +org.opencontainers.image.licenses=NOASSERTION -org.opencontainers.image.revision=d2e93bda89bc9c43028164f8174042ad2ff89ecd +org.opencontainers.image.revision=254c8e0a237fa7d4d81dae0b79d7c8a155caa95f org.opencontainers.image.source=https://github.com/sommerfeld-io/website org.opencontainers.image.title=website org.opencontainers.image.url=https://github.com/sommerfeld-io/website org.opencontainers.image.version=main ```
Packages and Vulnerabilities (22 package changes and 8 vulnerability changes) > * :heavy_minus_sign: 13 packages removed > * :infinity: 9 packages changed > * 30 packages unchanged > * :heavy_check_mark: 8 vulnerabilities removed
Changes for packages of type apk (21 changes)
Package Version
sommerfeldio/website:latest		 Version
sommerfeldio/website:rc
:infinity: .httpd-so-deps 20231213.194916 20240405.175259
:heavy_minus_sign: brotli 1.1.0-r1
:heavy_minus_sign: bzip2 1.0.8-r6
:infinity: c-ares 1.22.1-r0 1.27.0-r0
critical: 0 high: 0 medium: 1 low: 0
Removed vulnerabilities (1):
  • medium : CVE--2024--25629
:infinity: ca-certificates 20230506-r0 20240226-r0
:heavy_minus_sign: curl 8.5.0-r0
critical: 0 high: 0 medium: 1 low: 0
Removed vulnerabilities (1):
  • medium : CVE--2024--0853
:heavy_minus_sign: cyrus-sasl 2.1.28-r5
:heavy_minus_sign: expat 2.5.0-r2
critical: 0 high: 1 medium: 1 low: 0 unspecified: 1
Removed vulnerabilities (3):
  • high : CVE--2023--52425
  • medium : CVE--2023--52426
  • unspecified : CVE--2024--28757
:heavy_minus_sign: libc-dev 0.7.2-r5
:infinity: libcrypto3 3.1.4-r2 3.1.4-r5
:infinity: libexpat 2.5.0-r2 2.6.2-r0
:infinity: libssl3 3.1.4-r2 3.1.4-r5
critical: 0 high: 0 medium: 0 low: 0 unspecified: 1
Added vulnerabilities (1):
  • unspecified : CVE--2024--2511
:infinity: libxml2 2.11.6-r0 2.11.7-r0
critical: 0 high: 1 medium: 0 low: 0
Removed vulnerabilities (1):
  • high : CVE--2024--25062
:heavy_minus_sign: lua5.1 5.1.5-r13
:heavy_minus_sign: nghttp2 1.58.0-r0
:heavy_minus_sign: openldap 2.6.6-r1
:heavy_minus_sign: openssl 3.1.4-r2
critical: 0 high: 0 medium: 2 low: 0 unspecified: 2
Removed vulnerabilities (4):
  • medium : CVE--2023--6129
  • medium : CVE--2024--0727
  • unspecified : CVE--2024--2511
  • unspecified : CVE--2023--6237
:heavy_minus_sign: pax-utils 1.3.7-r2
:heavy_minus_sign: util-linux 2.39.3-r0
:heavy_minus_sign: xz 5.4.5-r0
:infinity: zlib 1.3-r2 1.3.1-r0
Changes for packages of type generic (1 changes)
Package Version
sommerfeldio/website:latest		 Version
sommerfeldio/website:rc
:infinity: httpd 2.4.58 2.4.59
github-actions[bot] commented 4 months ago

:mag: Vulnerabilities of sommerfeldio/website:rc

:package: Image Reference sommerfeldio/website:rc
digestsha256:348a7dd67280f71dcfa3ce5ff660551e02985ffc81b6c881d8f0f30cd116714e
vulnerabilitiescritical: 0 high: 0 medium: 1 low: 0 unspecified: 1
size34 MB
packages39
:package: Base Image httpd:2-alpine
also known as
  • 2-alpine3.19
  • 2.4-alpine
  • 2.4-alpine3.19
  • 2.4.59-alpine
  • 2.4.59-alpine3.19
  • alpine
  • alpine3.19
digestsha256:b48b48dcfff1407638908b8a1782480df0ad8bac7f5fc579496357864f97e60c
vulnerabilitiescritical: 0 high: 0 medium: 1 low: 0 unspecified: 1
critical: 0 high: 0 medium: 1 low: 0 libcurl 8.5.0-r0 (apk) pkg:apk/alpine/libcurl@8.5.0-r0?arch=x86_64&upstream=curl&distro=alpine-3.19.1
```dockerfile # Dockerfile (91:91) COPY --from=build-antora-site /tmp/antora/sommerfeld-io/public /usr/local/apache2/htdocs/docs ```
medium : CVE--2024--0853
Affected range<8.6.0-r0
Fixed versionNot Fixed
EPSS Score0.06%
EPSS Percentile23rd percentile
Description
critical: 0 high: 0 medium: 0 low: 0 unspecified: 1libssl3 3.1.4-r5 (apk) pkg:apk/alpine/libssl3@3.1.4-r5?arch=x86_64&upstream=openssl&distro=alpine-3.19.1
```dockerfile # Dockerfile (91:91) COPY --from=build-antora-site /tmp/antora/sommerfeld-io/public /usr/local/apache2/htdocs/docs ```
unspecified : CVE--2024--2511
Affected range<3.1.4-r6
Fixed version3.1.4-r6
EPSS Score0.04%
EPSS Percentile10th percentile
Description