15947616a9
fix(deps): update non-major-updates
2026-04-15 16:02:03 +00:00
8d6645415a
Merge pull request #926 from Wikid82/renovate/feature/beta-release-non-major-updates
...
chore(deps): update non-major-updates (feature/beta-release)
2026-04-10 15:21:01 -04:00
4cfcc9aa02
chore(deps): update non-major-updates
2026-04-10 19:18:28 +00:00
5d384e4afa
Merge pull request #925 from Wikid82/renovate/feature/beta-release-actions-github-script-9.x
...
chore(deps): update actions/github-script action to v9 (feature/beta-release)
2026-04-10 15:17:21 -04:00
585ae9494d
chore(deps): update actions/github-script action to v9
2026-04-10 15:11:56 +00:00
ed9d6fe5d8
fix(deps): update non-major-updates
2026-04-10 15:11:47 +00:00
bb496daae3
fix(ci): improve health check for Charon container in nightly build
2026-04-09 14:08:19 +00:00
73565e0e0d
fix(deps): update non-major-updates
2026-04-09 09:20:57 +00:00
b45861090d
fix(deps): update non-major-updates
2026-04-04 00:58:06 +00:00
2b8ed06c3c
fix: remediate axios supply chain compromise and harden CI workflow permissions
2026-04-04 00:05:27 +00:00
543388b5a4
fix(deps): update non-major-updates
2026-03-31 01:08:59 +00:00
fa42e79af3
fix(deps): update non-major-updates
2026-03-21 00:12:20 +00:00
3b247cdd73
fix(deps): update non-major-updates
2026-03-20 18:09:46 +00:00
ec25165e54
fix(deps): update non-major-updates
2026-03-19 18:02:03 +00:00
81f1dce887
fix(deps): update non-major-updates
2026-03-16 11:06:23 +00:00
3186676f94
chore(deps): update non-major-updates
2026-03-11 16:26:55 +00:00
13c5f8356c
chore(deps): update non-major-updates
2026-03-10 13:21:37 +00:00
e2ebdb37f0
fix(deps): update non-major-updates
2026-03-09 18:49:35 +00:00
9cc7393e7b
fix: update digest references in nightly build workflow to use output from resolve_digest step
2026-03-09 00:28:55 +00:00
187c3aea68
fix: remove unused tags output from build-and-push-nightly job
2026-03-09 00:06:00 +00:00
e68035fe30
fix: add Trivy ignore for CVE-2026-22184 and update expiry date for CVE-2026-22184 in Grype configuration
2026-03-07 13:56:01 +00:00
80ecb7de7f
fix: enhance vulnerability reporting in nightly build with detailed triage information
2026-03-07 13:38:16 +00:00
75cd0a4d9c
fix: update nightly branch checkout reference to support manual triggers
2026-03-07 12:58:40 +00:00
2824a731f5
fix: improve Alpine image digest resolution in nightly build workflow
2026-03-07 12:40:00 +00:00
2dbb00036d
fix: resolve image digest from GHCR API for nightly builds
2026-03-07 12:25:57 +00:00
0ad0c2f2c4
fix: improve error handling for empty build digest in Syft SBOM scan
2026-03-07 12:18:20 +00:00
104f0eb6ee
fix: add error handling for empty build digest in Syft SBOM scan
2026-03-07 12:04:15 +00:00
4cee4f01f3
chore(deps): update aquasecurity/trivy-action action to v0.35.0
2026-03-07 04:29:40 +00:00
5bbae48b6b
chore(docker): wire all workflows to single-source version ARGs
...
The Dockerfile already centralizes all version pins into top-level ARGs
(GO_VERSION, ALPINE_IMAGE, CROWDSEC_VERSION, EXPR_LANG_VERSION, XNET_VERSION).
This change closes the remaining gaps so those ARGs are the single source of
truth end-to-end:
- nightly-build.yml now resolves the Alpine image digest at build time and
passes ALPINE_IMAGE as a build-arg, matching the docker-build.yml pattern.
Previously, nightly images were built with the Dockerfile ARG default and
without a pinned digest, making runtime Alpine differ from docker-build.yml.
- six CI workflows (quality-checks, codecov-upload, benchmark, e2e-tests-split,
release-goreleaser, codeql) declared a GO_VERSION env var but their setup-go
steps ignored it and hardcoded the version string directly. They now reference
${{ env.GO_VERSION }}, so Renovate only needs to update one value per file
and the env var actually serves its purpose.
- codeql.yml had no GO_VERSION env var at all; one is now added alongside the
existing GOTOOLCHAIN: auto entry.
When Renovate bumps Go, it updates the env var at the top of each workflow and
the Dockerfile ARG — zero manual hunting required.
2026-03-06 03:57:18 +00:00
834907cb5d
chore(deps): update non-major-updates
2026-03-06 02:02:10 +00:00
132bbbd657
chore(deps): update docker/build-push-action action to v7
2026-03-06 01:07:01 +00:00
e1e422bfc6
Merge pull request #805 from Wikid82/renovate/feature/beta-release-docker-metadata-action-6.x
...
chore(deps): update docker/metadata-action action to v6 (feature/beta-release)
2026-03-05 20:02:26 -05:00
396d01595e
chore(deps): update docker/metadata-action action to v6
2026-03-05 21:12:58 +00:00
6a13e648ea
fix(deps): update non-major-updates
2026-03-05 21:12:51 +00:00
5aade0456e
chore(deps): update docker/setup-buildx-action action to v4
2026-03-05 14:39:50 +00:00
8c7a55eaa2
fix: pin Trivy binary version to v0.69.3 in all CI workflows
2026-03-05 13:04:33 +00:00
27c252600a
chore: git cache cleanup
2026-03-04 18:34:49 +00:00
c32cce2a88
chore: git cache cleanup
2026-03-04 18:34:39 +00:00
d1362a7fba
chore(deps): update docker/login-action action to v4
2026-03-04 13:35:15 +00:00
348c5e5405
chore(deps): update docker/setup-qemu-action action to v4
2026-03-04 12:16:35 +00:00
5ee52dd4d6
chore(deps): update aquasecurity/trivy-action action to v0.34.2
2026-03-02 19:02:20 +00:00
3b92700b5b
fix(deps): update non-major-updates
2026-03-02 14:58:14 +00:00
5b3e005f2b
fix: enhance nightly build workflow with SBOM generation and fallback mechanism
2026-02-27 10:16:09 +00:00
afb2901618
chore(deps): update github artifact actions to v7
2026-02-27 10:04:19 +00:00
fc508d01d7
chore(deps): update github artifact actions to v8
2026-02-27 01:50:32 +00:00
ccdc719501
fix(deps): update non-major-updates
2026-02-26 03:31:33 +00:00
cb16ac05a2
fix: implement security severity policy and enhance CodeQL checks for blocking findings
2026-02-25 15:05:41 +00:00
783956cb78
fix(deps): update non-major-updates
2026-02-21 16:43:51 +00:00
c48ced8c03
fix(deps): update non-major-updates
2026-02-20 19:26:28 +00:00
0a8106aed4
chore: update nightly build workflow to use CHARON_CI_TRIGGER_TOKEN and remove quality-checks workflow dispatch trigger
2026-02-18 04:12:31 +00:00
renovate[bot]
Jeremy
GitHub Actions