Skip to content

v0.3.4: Dependency/Security update

Latest
Latest
Compare
Choose a tag to compare
@wneessen wneessen released this 04 Apr 08:59
· 80 commits to main since this release
v0.3.4
c19b0a8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

This is a maintenance release to update dependencies and to release the packages with the latest Go version 1.22.2, which fixes a security vulnerbility in net/http.

What's Changed

  • build(deps): bump github.com/labstack/echo/v4 from 4.11.2 to 4.11.3 by @dependabot in #62
  • build(deps): bump github.com/labstack/gommon from 0.4.0 to 0.4.1 by @dependabot in #63
  • build(deps): bump github.com/kkyr/fig from 0.3.2 to 0.4.0 by @dependabot in #64
  • build(deps): bump github.com/labstack/gommon from 0.4.1 to 0.4.2 by @dependabot in #65
  • build(deps): bump github.com/labstack/echo/v4 from 4.11.3 to 4.11.4 by @dependabot in #66
  • build(deps): bump github.com/wneessen/go-mail from 0.4.0 to 0.4.1 by @dependabot in #67
  • [StepSecurity] Apply security best practices by @step-security-bot in #68
  • build(deps): bump actions/setup-go from 3.5.0 to 5.0.0 by @dependabot in #72
  • build(deps): bump docker/build-push-action from 5.0.0 to 5.3.0 by @dependabot in #71
  • build(deps): bump docker/login-action from 3.0.0 to 3.1.0 by @dependabot in #73
  • build(deps): bump sigstore/cosign-installer from 3.1.1 to 3.4.0 by @dependabot in #69
  • build(deps): bump github/codeql-action from 1.1.39 to 3.24.8 by @dependabot in #70
  • Remove cosign version specification in Docker workflow by @wneessen in #74
  • Remove .idea from VCS by @wneessen in #75
  • Update scorecards.yml configuration and action versions by @wneessen in #76
  • [StepSecurity] Apply security best practices by @step-security-bot in #77
  • Update codeql-analysis.yml configuration and runner conditions by @wneessen in #78
  • Improve Swift and Go conditions in codeql-analysis.yml by @wneessen in #79
  • Create codeql.yml by @wneessen in #80
  • [StepSecurity] ci: Harden GitHub Actions by @step-security-bot in #81
  • Fix sec findings by @wneessen in #82
  • Add read-only permissions to SonarQube workflow file by @wneessen in #83
  • build(deps): bump docker/setup-buildx-action from 3.0.0 to 3.2.0 by @dependabot in #88
  • build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by @dependabot in #87
  • build(deps): bump actions/dependency-review-action from 2.5.1 to 4.2.3 by @dependabot in #86
  • build(deps): bump docker/metadata-action from 5.0.0 to 5.5.1 by @dependabot in #85
  • build(deps): bump actions/checkout from 2.7.0 to 4.1.2 by @dependabot in #84
  • build(deps): bump actions/dependency-review-action from 4.2.3 to 4.2.4 by @dependabot in #89
  • build(deps): bump github/codeql-action from 3.24.8 to 3.24.9 by @dependabot in #90
  • build(deps): bump actions/dependency-review-action from 4.2.4 to 4.2.5 by @dependabot in #91
  • build(deps): bump sonarsource/sonarqube-scan-action from 9ad16418d1dd6d28912bc0047ee387e90181ce1c to 53c3e3207fe4b8d52e2f1ac9d6eb1d2506f626c0 by @dependabot in #92
  • Update server.go by @wneessen in #93
  • build(deps): bump golang from 0b55ab8 to c4fb952 by @dependabot in #94

New Contributors

Full Changelog: v0.3.3...v0.3.4

Contributors

wneessen, dependabot, and step-security-bot
Assets 2