Skip to content

Release v1.6.4 #322

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ykim-akamai merged 8 commits into from
Apr 21, 2025
Merged

Release v1.6.4 #322

ykim-akamai merged 8 commits into from
Apr 21, 2025

Conversation

@ykim-akamai
Copy link
Contributor

@ykim-akamai ykim-akamai commented Apr 21, 2025

No description provided.

dependabot bot and others added 7 commits April 1, 2025 08:51
@dependabot
build(deps): bump github.com/hashicorp/packer-plugin-sdk (#317)
41a4973 
Bumps [github.com/hashicorp/packer-plugin-sdk](https://github.com/hashicorp/packer-plugin-sdk) from 0.6.0 to 0.6.1.
- [Release notes](https://github.com/hashicorp/packer-plugin-sdk/releases)
- [Changelog](https://github.com/hashicorp/packer-plugin-sdk/blob/main/CHANGELOG.md)
- [Commits](hashicorp/packer-plugin-sdk@v0.6.0...v0.6.1)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/packer-plugin-sdk
  dependency-version: 0.6.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps): bump goreleaser/goreleaser-action from 6.2.1 to 6.3.0 (#316
88a1b5a 
)

Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 6.2.1 to 6.3.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](goreleaser/goreleaser-action@90a3faa...9c156ee)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps): bump crazy-max/ghaction-github-labeler from 5.2.0 to 5.3…
ead7dd9 
….0 (#315)

Bumps [crazy-max/ghaction-github-labeler](https://github.com/crazy-max/ghaction-github-labeler) from 5.2.0 to 5.3.0.
- [Release notes](https://github.com/crazy-max/ghaction-github-labeler/releases)
- [Commits](crazy-max/ghaction-github-labeler@31674a3...24d110a)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-github-labeler
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @yec-akamai @zliang-akamai
build(deps): bump golangci/golangci-lint-action from 6 to 7 (#314)
572cd80 
* build(deps): bump golangci/golangci-lint-action from 6 to 7

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6 to 7.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](golangci/golangci-lint-action@v6...v7)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

* upgrade to golangci v2.0

* golangci migrate

* Remove unnecessary version parameter

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ye Chen <[email protected]>
Co-authored-by: Zhiwei Liang <[email protected]>
@dependabot
build(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 (#319)
db775e7 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.28.0 to 0.29.0.
- [Commits](golang/oauth2@v0.28.0...v0.29.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.29.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps): bump golang.org/x/crypto from 0.36.0 to 0.37.0 (#318)
5789322 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.36.0 to 0.37.0.
- [Commits](golang/crypto@v0.36.0...v0.37.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.37.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps): bump github.com/linode/linodego from 1.48.1 to 1.49.0 (#320
fa899b7 
)

Bumps [github.com/linode/linodego](https://github.com/linode/linodego) from 1.48.1 to 1.49.0.
- [Release notes](https://github.com/linode/linodego/releases)
- [Commits](linode/linodego@v1.48.1...v1.49.0)

---
updated-dependencies:
- dependency-name: github.com/linode/linodego
  dependency-version: 1.49.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@ykim-akamai ykim-akamai added the ignore-for-release PRs you do not want to render in the changelog label Apr 21, 2025
@ykim-akamai ykim-akamai requested a review from a team as a code owner April 21, 2025 15:59
@ykim-akamai ykim-akamai requested review from ezilber-akamai and yec-akamai and removed request for a team April 21, 2025 15:59
@github-actions
Copy link

github-actions bot commented Apr 21, 2025

Dependency Review

The following issues were found:
  • ❌ 1 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 10 package(s) with unknown licenses.
See the Details below.

Vulnerabilities

go.mod

NameVersionVulnerabilitySeverity
golang.org/x/net0.37.0golang.org/x/net vulnerable to Cross-site Scriptingmoderate

License Issues

go.mod

PackageVersionLicenseIssue Type
golang.org/x/net0.37.0NullUnknown License
golang.org/x/crypto0.37.0NullUnknown License
golang.org/x/mod0.24.0NullUnknown License
golang.org/x/oauth20.29.0NullUnknown License
golang.org/x/sync0.13.0NullUnknown License
golang.org/x/sys0.32.0NullUnknown License
golang.org/x/term0.31.0NullUnknown License
golang.org/x/text0.24.0NullUnknown License
golang.org/x/time0.11.0NullUnknown License
golang.org/x/tools0.31.0NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
actions/golangci/golangci-lint-action 7.*.* 🟢 5.8
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 1Found 2/13 approved changesets -- score normalized to 1
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 82 existing vulnerabilities detected
actions/crazy-max/ghaction-github-labeler 24d110aa46a59976b8a7f35518cb7f14f434c916 🟢 5.9
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 3Found 2/6 approved changesets -- score normalized to 3
Maintained🟢 1024 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Vulnerabilities🟢 73 existing vulnerabilities detected
actions/goreleaser/goreleaser-action 9c156ee8a17a598857849441385a2041ef570552 🟢 5.7
Details
CheckScoreReason
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 2Found 4/18 approved changesets -- score normalized to 2
Maintained🟢 1010 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy⚠️ 0security policy file not detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities🟢 64 existing vulnerabilities detected
gomod/golang.org/x/net 0.37.0 UnknownUnknown
gomod/github.com/hashicorp/packer-plugin-sdk 0.6.1 🟢 6.6
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Maintained🟢 1019 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
Vulnerabilities🟢 64 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/github.com/linode/linodego 1.49.0 🟢 6.6
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
SAST🟢 10SAST tool is run on all commits
Vulnerabilities🟢 100 existing vulnerabilities detected
gomod/golang.org/x/crypto 0.37.0 UnknownUnknown
gomod/golang.org/x/mod 0.24.0 UnknownUnknown
gomod/golang.org/x/oauth2 0.29.0 UnknownUnknown
gomod/golang.org/x/sync 0.13.0 UnknownUnknown
gomod/golang.org/x/sys 0.32.0 UnknownUnknown
gomod/golang.org/x/term 0.31.0 UnknownUnknown
gomod/golang.org/x/text 0.24.0 UnknownUnknown
gomod/golang.org/x/time 0.11.0 UnknownUnknown
gomod/golang.org/x/tools 0.31.0 UnknownUnknown

Scanned Files

  • .github/workflows/go-validate.yml
  • .github/workflows/labeler.yml
  • .github/workflows/release.yml
  • go.mod

@yec-akamai yec-akamai self-requested a review April 21, 2025 16:38
@ykim-akamai ykim-akamai merged commit cdfa92f into main Apr 21, 2025
27 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yec-akamai yec-akamai yec-akamai approved these changes

@ezilber-akamai ezilber-akamai ezilber-akamai approved these changes

Assignees

No one assigned

Labels

ignore-for-release PRs you do not want to render in the changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ykim-akamai @yec-akamai @ezilber-akamai