{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":475074978,"defaultBranch":"main","name":"slsa-github-generator","ownerLogin":"slsa-framework","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2022-03-28T15:57:17.000Z","ownerAvatar":"https://github.com/avatars/u/80431187?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1722635197.0","currentOid":""},"activityList":{"items":[{"before":"dddd97fdc6ae04f4adf6f950968a79dbf435f26c","after":"ec24b2d9c930761025388e6ec1b15b469a2c34b1","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-07T21:50:38.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"--source branch\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"--source branch"}},{"before":"c8a9a5fc9a78b39fba82a81350bd808da4bd70bb","after":"dddd97fdc6ae04f4adf6f950968a79dbf435f26c","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-07T21:44:09.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"full prov path\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"full prov path"}},{"before":"e10f792283dbc0c487f967dfc4ef38a68f2c9de7","after":"c8a9a5fc9a78b39fba82a81350bd808da4bd70bb","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-07T21:39:04.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"rename all to .build.slsa\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"rename all to .build.slsa"}},{"before":"ce264d1968ae2d35dbe95eb3751a3323f32a57f1","after":"e10f792283dbc0c487f967dfc4ef38a68f2c9de7","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-07T21:23:08.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"rename prov\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"rename prov"}},{"before":"d693579784b892c4ae02d834fc79076612aa182a","after":"ce264d1968ae2d35dbe95eb3751a3323f32a57f1","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-07T21:20:57.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"actual prov name\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"actual prov name"}},{"before":"ff35a07147a52048dcbe75399a5743d240dafa65","after":"d693579784b892c4ae02d834fc79076612aa182a","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-07T21:17:48.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"secure download atts\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"secure download atts"}},{"before":"bf832e3b143be8f0cf43c58864a12cd95f9c8f6c","after":"ff35a07147a52048dcbe75399a5743d240dafa65","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-07T21:06:11.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"prov--name, not prov-download-name\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"prov--name, not prov-download-name"}},{"before":"ec9adcaecec2511ca3ddf2af98f5fcd2a68993a0","after":"bf832e3b143be8f0cf43c58864a12cd95f9c8f6c","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-07T21:02:40.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"ls -lahr\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"ls -lahr"}},{"before":"af6143d6c589fe993ad5b3d167f711ea3e1e52c9","after":"ec9adcaecec2511ca3ddf2af98f5fcd2a68993a0","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-07T20:58:35.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"use env\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"use env"}},{"before":"799f112ff6f0ff201a9402737eab1c3e2a3c2b0f","after":"af6143d6c589fe993ad5b3d167f711ea3e1e52c9","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-07T20:57:06.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"named output\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"named output"}},{"before":"9e33cd59600e6c9fc37863247ec306a0cf4db2f7","after":"799f112ff6f0ff201a9402737eab1c3e2a3c2b0f","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-07T20:51:16.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"set attestation-name variable\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"set attestation-name variable"}},{"before":"1f26df151f7f2b08076efa41e39c1331e1a4e742","after":"9e33cd59600e6c9fc37863247ec306a0cf4db2f7","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-07T20:29:07.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"upload the artifacts\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"upload the artifacts"}},{"before":"90cc9a248d72dc036c5feb41cd0446821962b5ad","after":"1f26df151f7f2b08076efa41e39c1331e1a4e742","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-07T20:24:06.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"add veridy\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"add veridy"}},{"before":"34d42d97bb5ef2d602031fa672aa504d95448ca7","after":"90cc9a248d72dc036c5feb41cd0446821962b5ad","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-07T20:16:15.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"dir\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"dir"}},{"before":"be3b3d587e92a684c90e9a03c34cad60199d876b","after":"34d42d97bb5ef2d602031fa672aa504d95448ca7","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-07T20:13:19.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"go1.22\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"go1.22"}},{"before":"32b938489a103dda4376a74d536b99d80be35652","after":"be3b3d587e92a684c90e9a03c34cad60199d876b","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-07T20:10:45.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"subshell cd\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"subshell cd"}},{"before":"8b77e284b05367ce03017cd101924bee98f9f5f3","after":"32b938489a103dda4376a74d536b99d80be35652","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-07T20:02:21.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"add go.mod\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"add go.mod"}},{"before":"297cf0731d4b98f2dd353925e182fc9c4915f174","after":"8b77e284b05367ce03017cd101924bee98f9f5f3","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-02T21:50:25.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"lahR\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"lahR"}},{"before":"493efcba5436064d500f39b4603dddb63c489d60","after":null,"ref":"refs/heads/dependabot/go_modules/go_modules-d85902239e","pushedAt":"2024-08-02T21:46:37.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://github.com/avatars/in/29110?s=80&v=4"}},{"before":"0f534386f9fddd22240c40d218acfd60ba46d402","after":"5ed7dda9adb19a39670f7b238efdf48b69a24abf","ref":"refs/heads/main","pushedAt":"2024-08-02T21:46:30.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"chore(deps): bump github.com/docker/docker from 24.0.9+incompatible to 25.0.6+incompatible in the go_modules group (#3760)\n\nBumps the go_modules group with 1 update:\r\n[github.com/docker/docker](https://github.com/docker/docker).\r\n\r\nUpdates `github.com/docker/docker` from 24.0.9+incompatible to\r\n25.0.6+incompatible\r\n
\r\nRelease notes\r\n

Sourced from github.com/docker/docker's\r\nreleases.

\r\n
\r\n

v25.0.6

\r\n

25.0.6

\r\n

For a full list of pull requests and changes in this release, refer\r\nto the relevant GitHub milestones:

\r\n
    \r\n
  • docker/cli,\r\n25.0.6 milestone
    • \r\n
  • moby/moby,\r\n25.0.6 milestone
    • \r\n
  • Deprecated and removed features, see Deprecated\r\nFeatures.
    • \r\n
  • Changes to the Engine API, see API\r\nversion history.
    • \r\n
\r\n

Security

\r\n

This release contains a fix for CVE-2024-41110\r\n/ GHSA-v23v-6jw2-98fq\r\nthat impacted setups using authorization\r\nplugins (AuthZ) for access control.

\r\n

Bug fixes and enhancements

\r\n
    \r\n
  • [25.0] remove erroneous platform from image\r\nconfig OCI descriptor in docker save output.\r\nmoby/moby#47695
    • \r\n
  • [25.0 backport] Fix a nil dereference when getting image history for\r\nimages having layers without the Created value set. moby/moby#47759
    • \r\n
  • [25.0 backport] apparmor: Allow confined runc to kill containers. moby/moby#47830
    • \r\n
  • [25.0 backport] Fix an issue where rapidly promoting a Swarm node\r\nafter another node was demoted could cause the promoted node to fail its\r\npromotion. moby/moby#47869
    • \r\n
  • [25.0 backport] don't depend on containerd platform.Parse to return\r\na typed error. moby/moby#47890
    • \r\n
  • [25.0 backport] builder/mobyexporter: Add missing nil check moby/moby#47987
    • \r\n
\r\n

Packaging updates

\r\n
    \r\n
  • Update AWS SDK Go v2 to v1.24.1 for AWS CloudWatch logging driver.\r\nmoby/moby#47724
    • \r\n
  • Update Go runtime to 1.21.12, which contains security fixes for CVE-2024-24791\r\nmoby/moby#48146
    • \r\n
  • Update Containerd (static binaries only) to v1.7.20.\r\nmoby/moby#48199
    • \r\n
\r\n

Full Changelog: https://github.com/moby/moby/compare/v25.0.5...v25.0.6

\r\n

v25.0.5

\r\n

25.0.5

\r\n

For a full list of pull requests and changes in this release, refer\r\nto the relevant GitHub milestones:

\r\n
    \r\n
  • docker/cli,\r\n25.0.5 milestone
    • \r\n
  • moby/moby,\r\n25.0.5 milestone
    • \r\n
  • Deprecated and removed features, see Deprecated\r\nFeatures.
    • \r\n
  • Changes to the Engine API, see API\r\nversion history.
    • \r\n
\r\n

Security

\r\n

This release contains a security fix for CVE-2024-29018,\r\na potential data exfiltration from 'internal' networks via authoritative\r\nDNS servers.

\r\n

Bug fixes and enhancements

\r\n
    \r\n
  • \r\n

    CVE-2024-29018:\r\nDo not forward requests to external DNS servers for a container that is\r\nonly connected to an 'internal' network. Previously, requests were\r\nforwarded if the host's DNS server was running on a loopback address,\r\nlike systemd's 127.0.0.53. moby/moby#47589

    \r\n
    • \r\n
  • \r\n

    plugin: fix mounting /etc/hosts when running in UserNS. moby/moby#47588

    \r\n
    • \r\n
  • \r\n

    rootless: fix open /etc/docker/plugins: permission\r\ndenied. moby/moby#47587

    \r\n
    • \r\n
  • \r\n

    Fix multiple parallel docker build runs leaking disk\r\nspace. moby/moby#47527

    \r\n
    • \r\n
\r\n\r\n
\r\n

... (truncated)

\r\n
\r\n
\r\nCommits\r\n
    \r\n
  • b08a51f\r\nMerge pull request #48231\r\nfrom austinvazquez/backport-vendor-otel-v0.46.1-to-...
    • \r\n
  • d151b0f\r\nvendor: OTEL v0.46.1 / v1.21.0
    • \r\n
  • c6ba9a5\r\nMerge pull request #48225\r\nfrom austinvazquez/backport-workflow-artifact-reten...
    • \r\n
  • 4673a3c\r\nMerge pull request #48227\r\nfrom austinvazquez/backport-backport-branch-check-t...
    • \r\n
  • 30f8908\r\ngithub/ci: Check if backport is opened against the expected branch
    • \r\n
  • 7454d6a\r\nci: update workflow artifacts retention
    • \r\n
  • 65cc597\r\nMerge commit from fork
    • \r\n
  • b722836\r\nMerge pull request #48199\r\nfrom austinvazquez/update-containerd-binary-to-1.7.20
    • \r\n
  • e8ecb9c\r\nupdate containerd binary to v1.7.20
    • \r\n
  • e6cae1f\r\nupdate containerd binary to v1.7.19
    • \r\n
  • Additional commits viewable in compare\r\nview
    • \r\n
\r\n
\r\n
\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=24.0.9+incompatible&new-version=25.0.6+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don't\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n
\r\nDependabot commands and options\r\n
\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot show ignore conditions` will show all\r\nof the ignore conditions of the specified dependency\r\n- `@dependabot ignore major version` will close this\r\ngroup update PR and stop Dependabot creating any more for the specific\r\ndependency's major version (unless you unignore this specific\r\ndependency's major version or upgrade to it yourself)\r\n- `@dependabot ignore minor version` will close this\r\ngroup update PR and stop Dependabot creating any more for the specific\r\ndependency's minor version (unless you unignore this specific\r\ndependency's minor version or upgrade to it yourself)\r\n- `@dependabot ignore ` will close this group update PR\r\nand stop Dependabot creating any more for the specific dependency\r\n(unless you unignore this specific dependency or upgrade to it yourself)\r\n- `@dependabot unignore ` will remove all of the ignore\r\nconditions of the specified dependency\r\n- `@dependabot unignore ` will\r\nremove the ignore condition of the specified dependency and ignore\r\nconditions\r\nYou can disable automated security fix PRs for this repo from the\r\n[Security Alerts\r\npage](https://github.com/slsa-framework/slsa-github-generator/network/alerts).\r\n\r\n
\r\n\r\nSigned-off-by: dependabot[bot] \r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"chore(deps): bump github.com/docker/docker from 24.0.9+incompatible tโ€ฆ"}},{"before":"3b3c4db1509a80dc8e35dabfe66aa04c2ca8b1af","after":"297cf0731d4b98f2dd353925e182fc9c4915f174","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-02T21:42:11.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"rel dir\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"rel dir"}},{"before":"97c6369f99ca67fbc2ce66536774a46355a50ff0","after":"3b3c4db1509a80dc8e35dabfe66aa04c2ca8b1af","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-02T21:36:55.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"all perms\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"all perms"}},{"before":"8303d06b58094b45b4e2905ccd539562315785be","after":"97c6369f99ca67fbc2ce66536774a46355a50ff0","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-02T21:36:00.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"idtoken write\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"idtoken write"}},{"before":"041f99a42fa0ae1c423abd2b8ad998364177bddf","after":"8303d06b58094b45b4e2905ccd539562315785be","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-02T21:31:26.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"debug: generic as byob\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"debug: generic as byob"}},{"before":null,"after":"493efcba5436064d500f39b4603dddb63c489d60","ref":"refs/heads/dependabot/go_modules/go_modules-d85902239e","pushedAt":"2024-08-02T19:52:46.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://github.com/avatars/in/29110?s=80&v=4"},"commit":{"message":"chore(deps): bump github.com/docker/docker in the go_modules group\n\nBumps the go_modules group with 1 update: [github.com/docker/docker](https://github.com/docker/docker).\n\n\nUpdates `github.com/docker/docker` from 24.0.9+incompatible to 25.0.6+incompatible\n- [Release notes](https://github.com/docker/docker/releases)\n- [Commits](https://github.com/docker/docker/compare/v24.0.9...v25.0.6)\n\n---\nupdated-dependencies:\n- dependency-name: github.com/docker/docker\n dependency-type: indirect\n dependency-group: go_modules\n...\n\nSigned-off-by: dependabot[bot] ","shortMessageHtmlLink":"chore(deps): bump github.com/docker/docker in the go_modules group"}},{"before":"afa0f38ec2bbdf5230c68444c7e964bb19e2b64b","after":"0f534386f9fddd22240c40d218acfd60ba46d402","ref":"refs/heads/main","pushedAt":"2024-08-02T19:51:32.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"chore(deps): update github-actions (#3753)\n\n[![Mend\r\nRenovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)\r\n\r\nThis PR contains the following updates:\r\n\r\n| Package | Type | Update | Change |\r\n|---|---|---|---|\r\n| actions/checkout | action | digest | `692973e` -> `9a9194f` |\r\n|\r\n[actions/download-artifact](https://togithub.com/actions/download-artifact)\r\n| action | patch | `v4.1.7` -> `v4.1.8` |\r\n| [actions/setup-go](https://togithub.com/actions/setup-go) | action |\r\npatch | `v5.0.1` -> `v5.0.2` |\r\n| [actions/setup-node](https://togithub.com/actions/setup-node) | action\r\n| patch | `v4.0.2` -> `v4.0.3` |\r\n| [actions/setup-node](https://togithub.com/actions/setup-node) | action\r\n| digest | `60edb5d` -> `1e60f62` |\r\n|\r\n[actions/upload-artifact](https://togithub.com/actions/upload-artifact)\r\n| action | patch | `v4.3.3` -> `v4.3.5` |\r\n| [github/codeql-action](https://togithub.com/github/codeql-action) |\r\naction | patch | `v3.25.11` -> `v3.25.15` |\r\n|\r\n[gradle/gradle-build-action](https://togithub.com/gradle/gradle-build-action)\r\n| action | minor | `v3.4.2` -> `v3.5.0` |\r\n| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |\r\naction | minor | `v2.3.3` -> `v2.4.0` |\r\n|\r\n[softprops/action-gh-release](https://togithub.com/softprops/action-gh-release)\r\n| action | patch | `v2.0.6` -> `v2.0.8` |\r\n\r\n---\r\n\r\n> [!WARNING]\r\n> Some dependencies could not be looked up. Check the Dependency\r\nDashboard for more information.\r\n\r\n---\r\n\r\n### Release Notes\r\n\r\n
\r\nactions/download-artifact (actions/download-artifact)\r\n\r\n###\r\n[`v4.1.8`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.8)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/download-artifact/compare/v4.1.7...v4.1.8)\r\n\r\n#### What's Changed\r\n\r\n- Update\r\n[@​actions/artifact](https://togithub.com/actions/artifact)\r\nversion, bump dependencies by\r\n[@​robherley](https://togithub.com/robherley) in\r\n[https://github.com/actions/download-artifact/pull/341](https://togithub.com/actions/download-artifact/pull/341)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/download-artifact/compare/v4...v4.1.8\r\n\r\n
\r\n\r\n
\r\nactions/setup-go (actions/setup-go)\r\n\r\n###\r\n[`v5.0.2`](https://togithub.com/actions/setup-go/compare/v5.0.1...v5.0.2)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/setup-go/compare/v5.0.1...v5.0.2)\r\n\r\n
\r\n\r\n
\r\nactions/setup-node (actions/setup-node)\r\n\r\n###\r\n[`v4.0.3`](https://togithub.com/actions/setup-node/compare/v4.0.2...v4.0.3)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/setup-node/compare/v4.0.2...v4.0.3)\r\n\r\n
\r\n\r\n
\r\nactions/upload-artifact (actions/upload-artifact)\r\n\r\n###\r\n[`v4.3.5`](https://togithub.com/actions/upload-artifact/compare/v4.3.4...v4.3.5)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/upload-artifact/compare/v4.3.4...v4.3.5)\r\n\r\n###\r\n[`v4.3.4`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.4)\r\n\r\n[Compare\r\nSource](https://togithub.com/actions/upload-artifact/compare/v4.3.3...v4.3.4)\r\n\r\n##### What's Changed\r\n\r\n- Update\r\n[@​actions/artifact](https://togithub.com/actions/artifact)\r\nversion, bump dependencies by\r\n[@​robherley](https://togithub.com/robherley) in\r\n[https://github.com/actions/upload-artifact/pull/584](https://togithub.com/actions/upload-artifact/pull/584)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/actions/upload-artifact/compare/v4.3.3...v4.3.4\r\n\r\n
\r\n\r\n
\r\ngithub/codeql-action (github/codeql-action)\r\n\r\n###\r\n[`v3.25.15`](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15)\r\n\r\n###\r\n[`v3.25.14`](https://togithub.com/github/codeql-action/compare/v3.25.13...v3.25.14)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.25.13...v3.25.14)\r\n\r\n###\r\n[`v3.25.13`](https://togithub.com/github/codeql-action/compare/v3.25.12...v3.25.13)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.25.12...v3.25.13)\r\n\r\n###\r\n[`v3.25.12`](https://togithub.com/github/codeql-action/compare/v3.25.11...v3.25.12)\r\n\r\n[Compare\r\nSource](https://togithub.com/github/codeql-action/compare/v3.25.11...v3.25.12)\r\n\r\n
\r\n\r\n
\r\ngradle/gradle-build-action\r\n(gradle/gradle-build-action)\r\n\r\n###\r\n[`v3.5.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v3.5.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/gradle/gradle-build-action/compare/v3.4.2...v3.5.0)\r\n\r\n> \\[!IMPORTANT]\r\n> As of `v3` this action has been superceded by\r\n`gradle/actions/setup-gradle`.\r\n> Any workflow that uses `gradle/gradle-build-action@v3` will\r\ntransparently delegate to `gradle/actions/setup-gradle@v3`.\r\n>\r\n> Users are encouraged to update their workflows, replacing:\r\n>\r\n> uses: gradle/gradle-build-action@v3\r\n>\r\n> with\r\n>\r\n> uses: gradle/actions/setup-gradle@v3\r\n>\r\n> See the [setup-gradle\r\ndocumentation](https://togithub.com/gradle/actions/tree/main/setup-gradle)\r\nfor up-to-date documentation for `gradle/actions/setup-gradle`.\r\n\r\nFor release details, see\r\nhttps://github.com/gradle/actions/releases/tag/v3.5.0\r\n\r\n
\r\n\r\n
\r\nossf/scorecard-action (ossf/scorecard-action)\r\n\r\n###\r\n[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)\r\n\r\n[Compare\r\nSource](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)\r\n\r\n#### What's Changed\r\n\r\nThis update bumps the Scorecard version to the v5 release. For a\r\ncomplete list of changes, please refer to the [v5.0.0 release\r\nnotes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of\r\nspecial note to Scorecard Action is the Maintainer Annotation feature,\r\nwhich can be used to suppress some Code Scanning false positives. Alerts\r\nwill not be generated for any Scorecard Check with an annotation.\r\n\r\n- :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0\r\nby [@​spencerschrock](https://togithub.com/spencerschrock) in\r\n[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)\r\n- :bug: lower license sarif alert threshold to 9 by\r\n[@​spencerschrock](https://togithub.com/spencerschrock) in\r\n[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)\r\n\r\n##### Documentation\r\n\r\n- docs: dogfooding badge by\r\n[@​jkowalleck](https://togithub.com/jkowalleck) in\r\n[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)\r\n\r\n#### New Contributors\r\n\r\n- [@​jkowalleck](https://togithub.com/jkowalleck) made their first\r\ncontribution in\r\n[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0\r\n\r\n
\r\n\r\n
\r\nsoftprops/action-gh-release\r\n(softprops/action-gh-release)\r\n\r\n###\r\n[`v2.0.8`](https://togithub.com/softprops/action-gh-release/releases/tag/v2.0.8)\r\n\r\n[Compare\r\nSource](https://togithub.com/softprops/action-gh-release/compare/v2.0.7...v2.0.8)\r\n\r\n\r\n\r\n#### What's Changed\r\n\r\n##### Other Changes ๐Ÿ”„\r\n\r\n- chore(deps): bump prettier from 2.8.0 to 3.3.3 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/softprops/action-gh-release/pull/480](https://togithub.com/softprops/action-gh-release/pull/480)\r\n- chore(deps): bump\r\n[@​types/node](https://togithub.com/types/node) from 20.14.9 to\r\n20.14.11 by [@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/softprops/action-gh-release/pull/483](https://togithub.com/softprops/action-gh-release/pull/483)\r\n- chore(deps): bump\r\n[@​octokit/plugin-throttling](https://togithub.com/octokit/plugin-throttling)\r\nfrom 9.3.0 to 9.3.1 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/softprops/action-gh-release/pull/484](https://togithub.com/softprops/action-gh-release/pull/484)\r\n- chore(deps): bump glob from 10.4.2 to 11.0.0 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/softprops/action-gh-release/pull/477](https://togithub.com/softprops/action-gh-release/pull/477)\r\n- refactor: write jest config in ts by\r\n[@​chenrui333](https://togithub.com/chenrui333) in\r\n[https://github.com/softprops/action-gh-release/pull/485](https://togithub.com/softprops/action-gh-release/pull/485)\r\n- chore(deps): bump\r\n[@​actions/github](https://togithub.com/actions/github) from 5.1.1\r\nto 6.0.0 by [@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/softprops/action-gh-release/pull/470](https://togithub.com/softprops/action-gh-release/pull/470)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/softprops/action-gh-release/compare/v2...v2.0.8\r\n\r\n###\r\n[`v2.0.7`](https://togithub.com/softprops/action-gh-release/releases/tag/v2.0.7)\r\n\r\n[Compare\r\nSource](https://togithub.com/softprops/action-gh-release/compare/v2.0.6...v2.0.7)\r\n\r\n\r\n\r\n#### What's Changed\r\n\r\n##### Bug fixes ๐Ÿ›\r\n\r\n- Fix missing update release body by\r\n[@​FirelightFlagboy](https://togithub.com/FirelightFlagboy) in\r\n[https://github.com/softprops/action-gh-release/pull/365](https://togithub.com/softprops/action-gh-release/pull/365)\r\n\r\n##### Other Changes ๐Ÿ”„\r\n\r\n- Bump\r\n[@​octokit/plugin-retry](https://togithub.com/octokit/plugin-retry)\r\nfrom 4.0.3 to 7.1.1 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/softprops/action-gh-release/pull/443](https://togithub.com/softprops/action-gh-release/pull/443)\r\n- Bump typescript from 4.9.5 to 5.5.2 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/softprops/action-gh-release/pull/467](https://togithub.com/softprops/action-gh-release/pull/467)\r\n- Bump [@​types/node](https://togithub.com/types/node) from\r\n20.14.6 to 20.14.8 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/softprops/action-gh-release/pull/469](https://togithub.com/softprops/action-gh-release/pull/469)\r\n- Bump [@​types/node](https://togithub.com/types/node) from\r\n20.14.8 to 20.14.9 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/softprops/action-gh-release/pull/473](https://togithub.com/softprops/action-gh-release/pull/473)\r\n- Bump typescript from 5.5.2 to 5.5.3 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/softprops/action-gh-release/pull/472](https://togithub.com/softprops/action-gh-release/pull/472)\r\n- Bump ts-jest from 29.1.5 to 29.2.2 by\r\n[@​dependabot](https://togithub.com/dependabot) in\r\n[https://github.com/softprops/action-gh-release/pull/479](https://togithub.com/softprops/action-gh-release/pull/479)\r\n- docs: document that existing releases are updated by\r\n[@​jvanbruegge](https://togithub.com/jvanbruegge) in\r\n[https://github.com/softprops/action-gh-release/pull/474](https://togithub.com/softprops/action-gh-release/pull/474)\r\n\r\n#### New Contributors\r\n\r\n- [@​jvanbruegge](https://togithub.com/jvanbruegge) made their\r\nfirst contribution in\r\n[https://github.com/softprops/action-gh-release/pull/474](https://togithub.com/softprops/action-gh-release/pull/474)\r\n- [@​FirelightFlagboy](https://togithub.com/FirelightFlagboy) made\r\ntheir first contribution in\r\n[https://github.com/softprops/action-gh-release/pull/365](https://togithub.com/softprops/action-gh-release/pull/365)\r\n\r\n**Full Changelog**:\r\nhttps://github.com/softprops/action-gh-release/compare/v2.0.6...v2.0.7\r\n\r\n
\r\n\r\n---\r\n\r\n### Configuration\r\n\r\n๐Ÿ“… **Schedule**: Branch creation - \"before 4am on the first day of the\r\nmonth\" (UTC), Automerge - At any time (no schedule defined).\r\n\r\n๐Ÿšฆ **Automerge**: Disabled by config. Please merge this manually once you\r\nare satisfied.\r\n\r\nโ™ป **Rebasing**: Whenever PR becomes conflicted, or you tick the\r\nrebase/retry checkbox.\r\n\r\n๐Ÿ‘ป **Immortal**: This PR will be recreated if closed unmerged. Get\r\n[config help](https://togithub.com/renovatebot/renovate/discussions) if\r\nthat's undesired.\r\n\r\n---\r\n\r\n- [ ] If you want to rebase/retry this PR, check\r\nthis box\r\n\r\n---\r\n\r\nThis PR was generated by [Mend\r\nRenovate](https://www.mend.io/free-developer-tools/renovate/). View the\r\n[repository job\r\nlog](https://developer.mend.io/github/slsa-framework/slsa-github-generator).\r\n\r\n\r\n\r\nSigned-off-by: Mend Renovate ","shortMessageHtmlLink":"chore(deps): update github-actions (#3753)"}},{"before":"f6b4b619e1cac2afa761931eb61396e8941e03f3","after":"041f99a42fa0ae1c423abd2b8ad998364177bddf","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-01T21:51:16.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"back to trying to verify the bundle\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"back to trying to verify the bundle"}},{"before":"0405b72ebfe8ca1f84270a948ffb2844f3b70371","after":"f6b4b619e1cac2afa761931eb61396e8941e03f3","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-01T21:47:56.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"sign the envelope directly\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"sign the envelope directly"}},{"before":"5894c13b19f7f1d4fb3a8590f179e092c1292006","after":"0405b72ebfe8ca1f84270a948ffb2844f3b70371","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-01T21:26:28.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"debug: back to dsse data, nil trusted root so we don't try to verify, todo: open issue about verifying dseedata\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"debug: back to dsse data, nil trusted root so we don't try to verify,โ€ฆ"}},{"before":"d24cc1c12221b7cd25883f5e7fc7fb61040c8e67","after":"5894c13b19f7f1d4fb3a8590f179e092c1292006","ref":"refs/heads/ramonpetgrave64-internal-builder-sigstore-bundle","pushedAt":"2024-08-01T21:07:18.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ramonpetgrave64","name":"Ramon Petgrave","path":"/ramonpetgrave64","primaryAvatarUrl":"https://github.com/avatars/u/32398091?s=80&v=4"},"commit":{"message":"debug: use plain data for bundle content\n\nSigned-off-by: Ramon Petgrave ","shortMessageHtmlLink":"debug: use plain data for bundle content"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAElKOW2wA","startCursor":null,"endCursor":null}},"title":"Activity ยท slsa-framework/slsa-github-generator"}