package-feeds
package-feeds copied to clipboard
ossf
Feed parsing for language package manager updates
Right now our jobs run in standard Docker containers (python/node/ruby) specifically, as root users, in a k8s cluster. This is probably fairly accurate to many CI jobs. In #47, I...
https://wapm.io/ I don't think there are dynamic import issues, but still good to get into a feed!
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.18 to 1.26.19. Release notes Sourced from urllib3's releases. 1.26.19 🚀 urllib3 is fundraising for HTTP/2 support urllib3 is raising ~$40,000 USD to release HTTP/2 support and...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.6 to 4.3.3. Release notes Sourced from actions/dependency-review-action's releases. Notes for v4.3.3 What's Changed Allow slashes in purl package names by @juxtin in actions/dependency-review-action#765 use the v3...
Bumps [docker/login-action](https://github.com/docker/login-action) from 2.2.0 to 3.2.0. Release notes Sourced from docker/login-action's releases. v3.2.0 Improve missing username/password by @Frankkkkk in docker/login-action#706 Bump @docker/actions-toolkit from 0.18.0 to 0.24.0 in docker/login-action#715 docker/login-action#721 Bump...
Bumps [requests](https://github.com/psf/requests) from 2.31.0 to 2.32.0. Release notes Sourced from requests's releases. v2.32.0 2.32.0 (2024-05-20) 🐍 PYCON US 2024 EDITION 🐍 Security Fixed an issue where setting verify=False on the...
Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 1.1.1 to 2.1.3. Release notes Sourced from google-github-actions/auth's releases. v2.1.3 What's Changed Security considerations: ids are strings, not integers by @ewjoachim in google-github-actions/auth#400 security: bump undici from...
Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 2.1.5 to 2.1.6. Release notes Sourced from google-github-actions/auth's releases. v2.1.6 What's Changed Recommend gcloud storage over gsutil by @sethvargo in google-github-actions/auth#438 Add missing log line by @sethvargo...
Bumps golang from 1.22.6-bookworm to 1.23.2-bookworm. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.7.0 to 6.9.0. Release notes Sourced from docker/build-push-action's releases. v6.9.0 Bump @docker/actions-toolkit from 0.38.0 to 0.39.0 in docker/build-push-action#1234 Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/build-push-action#1232 Full...