forked from sse-secure-systems/connaisseur
-
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[pull] master from sse-secure-systems:master #12
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps the gh-actions-packages group with 4 updates: [github/codeql-action](https://github.com/github/codeql-action), [actions/dependency-review-action](https://github.com/actions/dependency-review-action), [bridgecrewio/checkov-action](https://github.com/bridgecrewio/checkov-action) and [anchore/sbom-action](https://github.com/anchore/sbom-action). Updates `github/codeql-action` from 3.22.11 to 3.23.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b374143...e5f05b8) Updates `actions/dependency-review-action` from 3.1.4 to 3.1.5 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@01bc870...c74b580) Updates `bridgecrewio/checkov-action` from 12.2621.0 to 12.2643.0 - [Release notes](https://github.com/bridgecrewio/checkov-action/releases) - [Commits](bridgecrewio/checkov-action@097919d...d728368) Updates `anchore/sbom-action` from 0.15.1 to 0.15.3 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](anchore/sbom-action@5ecf649...c7f031d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages - dependency-name: bridgecrewio/checkov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages ... Signed-off-by: dependabot[bot] <support@github.com>
Updates the requirements on [jinja2](https://github.com/pallets/jinja), [jsonschema](https://github.com/python-jsonschema/jsonschema), [nest-asyncio](https://github.com/erdewit/nest_asyncio), [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio), [setuptools](https://github.com/pypa/setuptools) and [mkdocs-material](https://github.com/squidfunk/mkdocs-material) to permit the latest version. Updates `jinja2` to 3.1.3 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.2...3.1.3) Updates `jsonschema` to 4.21.0 - [Release notes](https://github.com/python-jsonschema/jsonschema/releases) - [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst) - [Commits](python-jsonschema/jsonschema@v4.20.0...v4.21.0) Updates `nest-asyncio` to 1.5.9 - [Release notes](https://github.com/erdewit/nest_asyncio/releases) - [Commits](erdewit/nest_asyncio@v1.5.8...v1.5.9) Updates `pytest-asyncio` to 0.23.3 - [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases) - [Commits](pytest-dev/pytest-asyncio@v0.23.2...v0.23.3) Updates `setuptools` to 69.0.3 - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@v69.0.2...v69.0.3) Updates `mkdocs-material` to 9.5.4 - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](squidfunk/mkdocs-material@9.5.2...9.5.4) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production dependency-group: pip-packages - dependency-name: jsonschema dependency-type: direct:production dependency-group: pip-packages - dependency-name: nest-asyncio dependency-type: direct:production dependency-group: pip-packages - dependency-name: pytest-asyncio dependency-type: direct:development dependency-group: pip-packages - dependency-name: setuptools dependency-type: direct:development dependency-group: pip-packages - dependency-name: mkdocs-material dependency-type: direct:production dependency-group: pip-packages ... Signed-off-by: dependabot[bot] <support@github.com>
When automatic child approval is active and can't find the parent resource, even though there is one, the validation should continue, as if there were no parent resources in the first place. This prevents some deployments from failing, where the parent resource was deleted and now the child can never be validated again.
Previously, auth failures when retrieving TUF trust data were raised as exceptions, but never handled, thus leading to opaque 'unknown error' messages. This commit introduces handling for 401s, thus making the admission review clearer.
Bumps the gh-actions-packages group with 4 updates: [github/codeql-action](https://github.com/github/codeql-action), [actions/dependency-review-action](https://github.com/actions/dependency-review-action), [bridgecrewio/checkov-action](https://github.com/bridgecrewio/checkov-action) and [anchore/sbom-action](https://github.com/anchore/sbom-action). Updates `github/codeql-action` from 3.23.0 to 3.23.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@e5f05b8...0b21cf2) Updates `actions/dependency-review-action` from 3.1.5 to 4.0.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@c74b580...4901385) Updates `bridgecrewio/checkov-action` from 12.2643.0 to 12.2646.0 - [Release notes](https://github.com/bridgecrewio/checkov-action/releases) - [Commits](bridgecrewio/checkov-action@d728368...bd4e315) Updates `anchore/sbom-action` from 0.15.3 to 0.15.4 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](anchore/sbom-action@c7f031d...41f7a6c) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions-packages - dependency-name: bridgecrewio/checkov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Updates the requirements on [flask](https://github.com/pallets/flask), [jsonschema](https://github.com/python-jsonschema/jsonschema), [nest-asyncio](https://github.com/erdewit/nest_asyncio) and [safety](https://github.com/pyupio/safety) to permit the latest version. Updates `flask` to 3.0.1 - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@3.0.0...3.0.1) Updates `jsonschema` to 4.21.1 - [Release notes](https://github.com/python-jsonschema/jsonschema/releases) - [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst) - [Commits](python-jsonschema/jsonschema@v4.21.0...v4.21.1) Updates `nest-asyncio` to 1.6.0 - [Release notes](https://github.com/erdewit/nest_asyncio/releases) - [Commits](erdewit/nest_asyncio@v1.5.9...v1.6.0) Updates `safety` to 3.0.1 - [Release notes](https://github.com/pyupio/safety/releases) - [Changelog](https://github.com/pyupio/safety/blob/main/CHANGELOG.md) - [Commits](pyupio/safety@2.3.5...3.0.1) --- updated-dependencies: - dependency-name: flask dependency-type: direct:production dependency-group: pip-packages - dependency-name: jsonschema dependency-type: direct:production dependency-group: pip-packages - dependency-name: nest-asyncio dependency-type: direct:production dependency-group: pip-packages - dependency-name: safety dependency-type: direct:production dependency-group: pip-packages ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Due to confusion of a developer, the safety package was part of the Connaisseur container. This is no longer the case, the package is now installed during the CI, where it is exclusivly needed.
Because of expired signature data, new signatures needed to be created. At the same time we decided to minimize the size of our testimages.
Updates the requirements on [aiohttp](https://github.com/aio-libs/aiohttp), [flask](https://github.com/pallets/flask), [pytz](https://github.com/stub42/pytz), [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio) and [mkdocs-material](https://github.com/squidfunk/mkdocs-material) to permit the latest version. Updates `aiohttp` to 3.9.3 - [Release notes](https://github.com/aio-libs/aiohttp/releases) - [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst) - [Commits](aio-libs/aiohttp@v3.9.1...v3.9.3) Updates `flask` to 3.0.2 - [Release notes](https://github.com/pallets/flask/releases) - [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst) - [Commits](pallets/flask@3.0.1...3.0.2) Updates `pytz` to 2024.1 - [Release notes](https://github.com/stub42/pytz/releases) - [Commits](stub42/pytz@release_2023.3...release_2024.1) Updates `pytest-asyncio` to 0.23.4 - [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases) - [Commits](pytest-dev/pytest-asyncio@v0.23.3...v0.23.4) Updates `mkdocs-material` to 9.5.8 - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](squidfunk/mkdocs-material@9.5.4...9.5.8) --- updated-dependencies: - dependency-name: aiohttp dependency-type: direct:production dependency-group: pip-packages - dependency-name: flask dependency-type: direct:production dependency-group: pip-packages - dependency-name: pytz dependency-type: direct:production dependency-group: pip-packages - dependency-name: pytest-asyncio dependency-type: direct:development dependency-group: pip-packages - dependency-name: mkdocs-material dependency-type: direct:production dependency-group: pip-packages ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the gh-actions-packages group with 5 updates: | Package | From | To | | --- | --- | --- | | [github/codeql-action](https://github.com/github/codeql-action) | `3.23.1` | `3.24.5` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.0.0` | `4.1.3` | | [bridgecrewio/checkov-action](https://github.com/bridgecrewio/checkov-action) | `12.2646.0` | `12.2678.0` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.15.4` | `0.15.8` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `3.1.4` | `4.1.0` | Updates `github/codeql-action` from 3.23.1 to 3.24.5 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@0b21cf2...47b3d88) Updates `actions/dependency-review-action` from 4.0.0 to 4.1.3 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@4901385...9129d7d) Updates `bridgecrewio/checkov-action` from 12.2646.0 to 12.2678.0 - [Release notes](https://github.com/bridgecrewio/checkov-action/releases) - [Commits](bridgecrewio/checkov-action@bd4e315...dc96629) Updates `anchore/sbom-action` from 0.15.4 to 0.15.8 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](anchore/sbom-action@41f7a6c...b6a39da) Updates `codecov/codecov-action` from 3.1.4 to 4.1.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@eaaf4be...54bcd87) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: bridgecrewio/checkov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions-packages ... Signed-off-by: dependabot[bot] <support@github.com>
Updates the requirements on [pylint](https://github.com/pylint-dev/pylint), [pytest-asyncio](https://github.com/pytest-dev/pytest-asyncio), [setuptools](https://github.com/pypa/setuptools) and [mkdocs-material](https://github.com/squidfunk/mkdocs-material) to permit the latest version. Updates `pylint` to 3.1.0 - [Release notes](https://github.com/pylint-dev/pylint/releases) - [Commits](pylint-dev/pylint@v3.0.3...v3.1.0) Updates `pytest-asyncio` to 0.23.5 - [Release notes](https://github.com/pytest-dev/pytest-asyncio/releases) - [Commits](pytest-dev/pytest-asyncio@v0.23.4...v0.23.5) Updates `setuptools` to 69.1.1 - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@v69.0.3...v69.1.1) Updates `mkdocs-material` to 9.5.11 - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](squidfunk/mkdocs-material@9.5.8...9.5.11) --- updated-dependencies: - dependency-name: pylint dependency-type: direct:development dependency-group: pip-packages - dependency-name: pytest-asyncio dependency-type: direct:development dependency-group: pip-packages - dependency-name: setuptools dependency-type: direct:development dependency-group: pip-packages - dependency-name: mkdocs-material dependency-type: direct:production dependency-group: pip-packages ... Signed-off-by: dependabot[bot] <support@github.com>
Switches the project from Python to Golang. This commit includes the following changes: - validation mode - redis caching - resource validation mode - notary: support for all TUF keys - unified "*" trustRoot option - update of cosign to 2.2.3 - custom labels (adapted from @jimonthebarn)
Bumps the gh-actions-packages group with 9 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `4.1.2` | | [github/codeql-action](https://github.com/github/codeql-action) | `2.22.7` | `3.24.7` | | [docker/login-action](https://github.com/docker/login-action) | `3.0.0` | `3.1.0` | | [actions/setup-go](https://github.com/actions/setup-go) | `4.1.0` | `5.0.0` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `3.7.0` | `4.0.0` | | [securego/gosec](https://github.com/securego/gosec) | `2.18.2` | `2.19.0` | | [stackrox/kube-linter-action](https://github.com/stackrox/kube-linter-action) | `1.0.4` | `1.0.5` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.15.8` | `0.15.9` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `3.1.4` | `4.1.0` | Updates `actions/checkout` from 4.1.1 to 4.1.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@b4ffde6...9bb5618) Updates `github/codeql-action` from 2.22.7 to 3.24.7 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v2.22.7...3ab4101) Updates `docker/login-action` from 3.0.0 to 3.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@343f7c4...e92390c) Updates `actions/setup-go` from 4.1.0 to 5.0.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@93397be...0c52d54) Updates `golangci/golangci-lint-action` from 3.7.0 to 4.0.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@3a91952...3cfe3a4) Updates `securego/gosec` from 2.18.2 to 2.19.0 - [Release notes](https://github.com/securego/gosec/releases) - [Changelog](https://github.com/securego/gosec/blob/master/.goreleaser.yml) - [Commits](securego/gosec@55d7949...26e57d6) Updates `stackrox/kube-linter-action` from 1.0.4 to 1.0.5 - [Release notes](https://github.com/stackrox/kube-linter-action/releases) - [Commits](stackrox/kube-linter-action@ca0d55b...5792edc) Updates `anchore/sbom-action` from 0.15.8 to 0.15.9 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Commits](anchore/sbom-action@b6a39da...9fece9e) Updates `codecov/codecov-action` from 3.1.4 to 4.1.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@eaaf4be...54bcd87) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions-packages - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions-packages - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions-packages - dependency-name: securego/gosec dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: stackrox/kube-linter-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages - dependency-name: anchore/sbom-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions-packages ... Signed-off-by: dependabot[bot] <support@github.com>
Updates the requirements on [mkdocs-material](https://github.com/squidfunk/mkdocs-material) to permit the latest version. Updates `mkdocs-material` to 9.5.13 - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](squidfunk/mkdocs-material@9.5.11...9.5.13) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production dependency-group: pip-packages ... Signed-off-by: dependabot[bot] <support@github.com>
Fixes the publish job, the the charts are pushed into the fright dircetory.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )