Skip to content

v0.10.1

Choose a tag to compare

View all tags
@github-actions github-actions released this 30 May 06:43
· 49 commits to main since this release
Immutable release. Only release title and notes can be modified.
v0.10.1
31db87b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

pinprick v0.10.1

Fixes

  • grant workflows:write to bump-cargo-tools token
  • flag pip git+URL refs that track a branch
  • don't flag multi-stage FROM or FROM scratch
  • surface config-parse errors instead of swallowing them
  • serialize audited-action cache through serde
  • match ignore.actions on path boundaries
  • sanitize control characters in terminal output
  • close runtime-fetch detection bypasses
  • harden the HTTP client (timeouts, body cap, secondary limits)
  • correct advisory matching and enrichment error handling
  • match advisories by package and parse GitHub range syntax
  • isolate per-file failures, handle quoted refs and CRLF
  • config case-insensitivity, safe fallback, version-token comments
  • guard cache paths and warn on malformed bundled JSON

Performance

  • skip vendored dependency dirs when scanning action source
  • fetch action source files concurrently

Documentation

  • add score/completions pages, splash landing, custom 404
  • update Claude co-author trailer to Opus 4.8
  • trim verbose comments to their kernel

Other

  • isolate per-test HOME and make clean tests deterministic
  • cover network paths with a wiremock seam

Full Changelog: v0.10.0...v0.10.1

Assets 6
Loading