SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for zizmor-debugsource-1.3.1-1.1.x86_64.rpm :

* Mon Feb 10 2025 opensuse_buildserviceAATTojkastl.de- Update to version 1.3.1:
* chore: prep for 1.3.1 release (#523)
* bugfix: bump github-actions-models to 0.25.0 (#522)
* docs: bump trophies (#521)
* docs: bump trophies (#520)
* bugfix: fix has_tag lookup (#519)
* docs: bump trophies (#515)
* docs: bump trophies (#512)
* bugfix: expr: make index rule non-atomic (#511)
* chore(deps): bump the github-actions group with 2 updates (#509)
* chore(deps): bump the cargo group with 2 updates (#508)
* docs: bump trophies (#507)
* docs: update dev-docs (#505)
* README: more details (#504)
* docs: bump trophies (#503)
* bugfix: bump github-actions-models to 0.24.0 (#502)
* Wed Jan 29 2025 opensuse_buildserviceAATTojkastl.de- Update to version 1.3.0:
* chore: prep for 1.3.0 release (#500)
* docs: bump trophies (#499)
* deps: bump indicatif from 0.17.9 to 0.17.11 (#498)
* Downgrade tracing-indicatif (#496)
* docs: bump trophies (#495)
* ci: attempt to fix arm build (#494)
* chore(deps): bump the github-actions group with 3 updates (#493)
* chore(deps): bump the cargo group with 2 updates (#492)
* refactor: improve context handling (#491)
* feat(cli): add naches mode (#490)
* release-notes: record #485 (#489)
* feat: \"raw\" audit support + `overprovisioned-secrets` (#485)
* cli: reduce warning to info when skipping audits (#488)
* deps: bump github-actions-models (#487)
* docs: bump trophies (#486)
* docs: bump trophies (#484)
* Fix syntax in docs for bot-condition (#483)
* feat: improve parse error slightly (#482)
* docs: bump trophies (#481)
* chore(deps): bump the cargo group with 3 updates (#480)
* Add slash to avoid redirect (#478)
* bugfix: collect actions from subdirectories of .github/workflows (#477)
* Mon Jan 20 2025 opensuse_buildserviceAATTojkastl.de- Update to version 1.2.2:
* chore: prep for 1.2.2 release (#476)
* feat: improve error message when repo fetch fails (#475)
* bugfix: special-case workflow_call in excessive-permissions (#473)
* Mon Jan 20 2025 opensuse_buildserviceAATTojkastl.de- Update to version 1.2.1:
* chore: prep 1.2.1 (#470)
* bugfix: generalize path prefix handling (#469)
* chore(deps): bump astral-sh/setup-uv from 5.1.0 to 5.2.1 in the github-actions group (#467)
* docs: try to fix the site (#466)
* chore: remove site-requirements.txt (#465)
* Mon Jan 20 2025 opensuse_buildserviceAATTojkastl.de- Update to version 1.2.0:
* chore: prep 1.2.0 (#464)
* bugfix: bump github-actions-models (#463)
* bugfix: parse multi-line expressions correctly (#461)
* feat: bot-conditions (#460)
* ci: pypi: try enabling aarch64 on an ARM runner (#457)
* docs: typo (#456)
* docs: add sponsors to README and site (#454)
* bugfix: sarif: use absolute physical locations only (#453)
* chore(docs): bump trophies (#451)
* chore(docs): bump trophies (#450)
* refactor: reduce invalid states in job APIs (#449)
* fix: artipacked: check for stringy bools (#448)
* docs: bump trophies (#446)
* bugfix: mark another context as safe during injections (#445)
* docs: bump trophies (#444)
* docs: bump trophies (#443)
* docs: bump trophies (#442)
* refactor: make excessive-permissions more correct (#441)
* docs: bump trophies (#440)
* fix: don\'t flag local workflows in unpinned-uses (#439)
* Tue Jan 14 2025 opensuse_buildserviceAATTojkastl.de- Update to version 1.1.1:
* chore: prep 1.1.1 (#438)
* chore(deps): bump the cargo group with 4 updates (#434)
* chore(deps): bump the github-actions group with 2 updates (#436)
* fix: bump github-actions-models (#437)
* docs: bump trophies (#430)
* Mon Jan 13 2025 opensuse_buildserviceAATTojkastl.de- Update to version 1.1.0: This release comes with one new audit (secrets-inherit), plus a slew of bugfixes and internal refactors that unblock future improvements!
* Added - New audit: secrets-inherit detects use of secrets: inherit with reusable workflow calls (#408)
* Improved - The template-injection audit now detects injections in calls to azure/cli and azure/powershell (#421)
* Fixed - The template-injection audit no longer consider github.server_url dangerous (#412) - The template-injection audit no longer crashes when evaluating the static-ness of an environment for a uses: step (#420)
* Wed Jan 08 2025 opensuse_buildserviceAATTojkastl.de- Update to version 1.0.1: This is a small quality and bugfix release. Thank you to everybody who helped by reporting and shaking out bugs from our first stable release!
* Improved - The github-env audit now detects dangerous writes to GITHUB_PATH, is more precise, and can produce multiple findings per run block (#391)
* Fixed - workflow_call.secrets keys with missing values are now parsed correctly (#388) - The cache-poisoning audit no longer incorrectly treats docker/build-push-action as a publishing workflow is push: false is explicitly set (#389) - The template-injection audit no longer considers github.action_path to be a potentially dangerous expansion (#402) - The github-env audit no longer skips run: steps with non-trivial shell: stanzas (#403)
* Fri Jan 03 2025 Johannes Kastl - new package zizmore: a static analysis tool for GitHub Actions
  
ICM