Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add dependabot, trivy, update deps, and fix vulns in deps #64

Merged
merged 11 commits into from
Aug 23, 2022
Merged

add dependabot, trivy, update deps, and fix vulns in deps #64

merged 11 commits into from
Aug 23, 2022

Conversation

vroldanbet
Copy link
Contributor

@vroldanbet vroldanbet commented Aug 21, 2022
edited

  • adds dependabot so we get dependencies updated regularly
  • adds trivy as vulnerability scanning tool in CI
  • addresses all reported vulnerabilities by updating dependencies
  • updates all dependencies to latest version
  • regenerated protos to 1.28.1
  • add CODEOWNERS
  • updates GitHub Actions jobs to be aligned with authzed/spicedb: yamlint, codeql, CLA update

note: there are some diffs created by the proto generator locally that do not show up in CI and cause a diff. I had to manually remove those changes (they where a space in a comment)

@vroldanbet vroldanbet changed the title adds dependabot for dependency updates add dependabot, trivy, and address security updates Aug 21, 2022
@vroldanbet vroldanbet changed the title add dependabot, trivy, and address security updates add dependabot, trivy, update deps, and fix vulns in deps Aug 22, 2022
@vroldanbet vroldanbet marked this pull request as ready for review August 22, 2022 00:20
@vroldanbet vroldanbet self-assigned this Aug 22, 2022
@vroldanbet
add CODEOWNERS
771701c
@vroldanbet
update CLA to use centralized action
67e2af6 
so we address with CLA asking bots to sign
@vroldanbet vroldanbet force-pushed the add-dependabot branch 4 times, most recently from e99638d to 106c0b3 Compare August 22, 2022 00:41
@vroldanbet
align lint.yaml CI jobs with spicedb
17bb861 
- adds codeql
- adds extra-lint for YAML
@jzelinskie jzelinskie merged commit ce7e476 into main Aug 23, 2022
@jzelinskie jzelinskie deleted the add-dependabot branch August 23, 2022 14:09
@github-actions github-actions bot locked and limited conversation to collaborators Aug 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jzelinskie jzelinskie jzelinskie approved these changes

@josephschorr josephschorr Awaiting requested review from josephschorr

Assignees

@vroldanbet vroldanbet

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@vroldanbet @jzelinskie