suyiiyii/yq
1
0
Fork 0
mirror of https://github.com/mikefarah/yq.git synced 2026-06-29 16:41:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,262 Commits 87 Branches 208 Tags 16 MiB
fbf92beaf5
Commit Graph

32 Commits

Author SHA1 Message Date
Mike Farah
f9b0d7e45d Pinning using hashes 2026-06-07 19:49:39 +10:00
Mike Farah
131aa0b7cc pinning deps 2026-06-07 19:46:58 +10:00
Mike Farah
26434e221e Process for SHA-pin github action 2026-06-07 18:19:13 +10:00
dependabot[bot]
fe449b956a
Bump actions/checkout from 6.0.2 to 6.0.3 (#2732) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](de0fac2e45...df4cb1c069)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-06-06 15:52:53 +10:00
Copilot
0e803833fb
chore: pin GitHub Actions and Docker base images to full-length hashes (OSSF scorecard) (#2658) 
* Initial plan

* chore: pin GitHub Actions dependencies to specific commit SHAs (OSSF)

Agent-Logs-Url: https://github.com/mikefarah/yq/sessions/cbd03f0a-f2dc-4da4-b01c-7dd06ad83ee9

Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com>

* chore: pin Dockerfile base images to specific SHA digests (OSSF)

Agent-Logs-Url: https://github.com/mikefarah/yq/sessions/7a8f6690-37fb-42ab-b3dc-0dd23c270fbe

Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com>

* chore: revert yq pins in test-yq.yml; add release note for github-action/Dockerfile SHA

Agent-Logs-Url: https://github.com/mikefarah/yq/sessions/e1b35d79-92a3-47d5-b4ac-a2efe2fd58ce

Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mikefarah <1151925+mikefarah@users.noreply.github.com>
 2026-04-12 19:31:32 +10:00
dependabot[bot]
3a27e39778
Bump actions/setup-go from 5 to 6 (#2471) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-22 13:42:54 +11:00
dependabot[bot]
22510ab8d5 Bump actions/checkout from 5 to 6 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-06 14:28:39 +11:00
dependabot[bot]
c34edcf983 Bump actions/checkout from 4 to 5 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-09-04 14:18:19 +10:00
dependabot[bot]
c7b14eacbd
Bump actions/setup-go from 4 to 5 (#1894) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-12 09:55:42 +11:00
dependabot[bot]
0a0182da13
Bump actions/checkout from 3 to 4 (#1776) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-13 07:58:30 +10:00
dependabot[bot]
cbe84232a3
Bump actions/setup-go from 3 to 4 (#1601) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-18 14:22:25 +11:00
Mike Farah
f4e7203a55 Fix github action attempt 2023-02-11 23:50:47 +11:00
Mike Farah
5cb3c876fc bump to go 1.20 2023-02-11 04:06:16 +11:00
Mike Farah
b1a40a9fb7 Bumped go compiler; bumped quality tools 2022-08-29 14:13:15 +10:00
dependabot[bot]
22a2ccfdf4
Bump actions/setup-go from 2 to 3 (#1183) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2 to 3.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-15 08:27:51 +10:00
Naveen
b1f77d975e
Set permissions for GitHub actions (#1168) 
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-04-09 14:55:43 +10:00
Mike Farah
3cd999bb87 Bumping to go1.18, bumping dev tools 2022-03-28 14:18:55 +11:00
dependabot[bot]
b1fee26a7f
Bump actions/checkout from 2 to 3 (#1130) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-10 13:43:36 +11:00
Mike Farah
01b4917f26 Debug github build 2022-01-27 14:22:01 +11:00
Mike Farah
bff4c9e586 Fixing bad label in github action 2021-11-10 13:27:55 +11:00
Mike Farah
69e1a9e468 add build check to PRs 2021-11-10 13:27:55 +11:00
Matthieu MOREL
e7d4dc9581 Update go.yml 2021-11-09 08:25:26 +11:00
dependabot[bot]
bf02a865bd Bump actions/setup-go from 1 to 2.1.4 
* Bump actions/setup-go from 1 to 2.1.4

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 1 to 2.1.4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v1...v2.1.4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthieu MOREL <mmorel-35@users.noreply.github.com>
 2021-11-09 08:25:26 +11:00
Mike Farah
5972bb2f23 attempt to fix pipeline 2020-11-25 11:17:28 +11:00
Mike Farah
bb6f07d147 Use latest go-lang 2020-09-08 09:43:11 +10:00
Mike Farah
7dc3d62bb6 Attempt to fix github flow 2020-04-14 11:33:25 +10:00
Mike Farah
f68b24323e Attempt to fix git workflow action 2020-04-14 11:18:45 +10:00
Mike Farah
3c36db9285 Split github actions pipeline 2020-04-14 09:22:38 +10:00
Mike Farah
605d6fab9b Try newest golang version 2020-04-13 11:05:36 +10:00
Mike Farah
0d477841da Show github build status 2020-02-26 21:13:39 +11:00
Mike Farah
125d04a75b Attempt to fix git workflow 2020-02-26 11:03:05 +11:00
Mike Farah
954affea23
Create go.yml 2020-02-21 21:19:09 +11:00