v5.5.1

What's Changed

Bug Fixes

• Include git-lfs in the image to avoid issues with projects using it

Maintenance

• Improve debugging even more 🕵️ (#472) @jamacku

Full Changelog: v5.5.0...v5.5.1

v5.5.0

What's Changed

New

• Remove hardcoded github.com references in the code (#469) @barzaka12
• feat: fail when running in a shallow git repository 🦒 (#468) @jamacku
• feat: Make SARIF file more compact to allow for more findings to be uploaded to GitHub 🐘 (#467) @jamacku
• Use Fedora 41 as base image & update ShellCheck to 0.10.0 (#466) @jamacku

Maintenance

• feat: improve debugging (#471) @jamacku
• update csdiff to 3.5.0 & update fedora container (#452) @jamacku

Dependency Updates

18 changes

• build(deps): bump fedora from d0207db to 3ec60eb (#459) @dependabot
• build(deps): bump test/test_helper/bats-file from 048aa4c to 7d839ca (#464) @dependabot
• build(deps): bump test/bats from b640ec3 to 3cad1df (#465) @dependabot
• build(deps): bump actions/checkout from 4.2.0 to 4.2.2 (#454) @dependabot
• build(deps): bump actions/upload-artifact from 4.4.0 to 4.4.3 (#455) @dependabot
• build(deps): bump docker/setup-buildx-action from 3.6.1 to 3.7.1 (#458) @dependabot
• build(deps): bump test/bats from 89a7fae to b640ec3 (#461) @dependabot
• build(deps): bump github/codeql-action from 3.26.10 to 3.27.5 (#462) @dependabot
• build(deps): bump codecov/codecov-action from 4.5.0 to 5.0.7 (#463) @dependabot
• build(deps): bump test/bats from 190c7c9 to 89a7fae (#448) @dependabot
• build(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#451) @dependabot
• build(deps): bump docker/build-push-action from 6.7.0 to 6.9.0 (#450) @dependabot
• build(deps): bump github/codeql-action from 3.26.6 to 3.26.10 (#449) @dependabot
• build(deps): bump github/codeql-action from 3.25.15 to 3.26.6 (#445) @dependabot
• build(deps): bump docker/build-push-action from 6.5.0 to 6.7.0 (#444) @dependabot
• build(deps): bump actions/upload-artifact from 4.3.4 to 4.4.0 (#443) @dependabot
• build(deps): bump super-linter/super-linter from 6.8.0 to 7.1.0 (#442) @dependabot
• build(deps): bump docker/setup-buildx-action from 3.4.0 to 3.6.1 (#441) @dependabot

Full Changelog: v5.4.0...v5.5.0

v5.4.0

What's Changed

New

• Support merge_group event natively (#433) @masaru-iritani

Automation and CI changes

• Update Differential ShellCheck workflow (#440) @jamacku
• Run differential ShellCheck on merge_group (#434) @masaru-iritani

Dependency Updates

• build(deps): bump super-linter/super-linter from 6.7.0 to 6.8.0 (#439) @dependabot
• build(deps): bump docker/login-action from 3.2.0 to 3.3.0 (#438) @dependabot
• build(deps): bump docker/build-push-action from 6.4.1 to 6.5.0 (#437) @dependabot
• build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 (#436) @dependabot
• build(deps): bump github/codeql-action from 3.25.13 to 3.25.15 (#435) @dependabot

Full Changelog: v5.3.1...v5.4.0

v5.3.1

What's Changed

Bug Fixes

• Don't throw away untracked files when run locally 📟 (#409) @jamacku

Documentation

• Update token permissions documentation 🗝️ (#418) @jamacku

Dependency Updates

18 changes

• build(deps): bump docker/build-push-action from 6.4.0 to 6.4.1 (#431) @dependabot
• build(deps): bump github/codeql-action from 3.25.12 to 3.25.13 (#430) @dependabot
• deps: update csdiff to v3.4.0 (#429) @jamacku
• build(deps): bump docker/setup-buildx-action from 3.3.0 to 3.4.0 (#424) @dependabot
• build(deps): bump docker/build-push-action from 5.3.0 to 6.4.0 (#425) @dependabot
• build(deps): bump github/codeql-action from 3.25.11 to 3.25.12 (#426) @dependabot
• build(deps): bump super-linter/super-linter from 6.6.0 to 6.7.0 (#427) @dependabot
• build(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 (#428) @dependabot
• build(deps): bump docker/login-action from 3.1.0 to 3.2.0 (#412) @dependabot
• build(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#419) @dependabot
• build(deps): bump github/codeql-action from 3.25.3 to 3.25.11 (#420) @dependabot
• build(deps): bump codecov/codecov-action from 4.3.0 to 4.5.0 (#421) @dependabot
• build(deps): bump super-linter/super-linter from 6.5.1 to 6.6.0 (#422) @dependabot
• build(deps): bump test/bats from 902578d to 190c7c9 (#423) @dependabot
• build(deps): bump actions/checkout from 4.1.4 to 4.1.6 (#414) @dependabot
• build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#415) @dependabot
• build(deps): bump super-linter/super-linter from 6.4.1 to 6.5.1 (#416) @dependabot
• build(deps): bump test/bats from a751f3d to 902578d (#411) @dependabot

Full Changelog: v5.3.0...v5.3.1

v5.3.0

What's Changed

New

• Update to csdiff 3.3.0 🐾 (#408) @jamacku
• Add support for different display engines (csgrep, sarif-fmt) 🚀 (#406) @jamacku

Maintenance

• Add support functions for future CLI ⚡ (#405) @jamacku

Other changes

• Add mention about sarif-tools - conversion tool 🐢 (#404) @jamacku

Full Changelog: v5.2.0...v5.3.0

v5.2.0

What's Changed

New

• Provide html output with detected defects 🌐 (#400) @jamacku
• Embed code context into SARIF output 🐾 (#399) @jamacku
• Update csdiff to 3.2.2 🚀 (#395) @jamacku
• Allow specifying WORK_DIR for intermediate files (#393) @mpoberezhniy

Documentation

• Simplify if statements in GHA workflows and in examples 🦆 (#401) @jamacku

Automation and CI changes

• Add labeler to replace Mergify 🏷️ (#403) @jamacku
• Remove mergify it caused more problems than it solved 🙅‍♂️ (#402) @jamacku

Dependency Updates

• build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler from 3.1.0 to 3.2.0 (#398) @dependabot

Full Changelog: v5.1.2...v5.2.0

v5.1.2

What's Changed

Bug Fixes

• Fix curl Argument list too long by using a payload.json file (#376) @mpoberezhniy

Documentation

• Add alt properties to images 🖼️ (#392) @jamacku
• Make fetch-depth: 0 more visible in example ⚠️ (#391) @jamacku

Dependency Updates

• build(deps): bump Fedora from f39 to f40 (#378) @dependabot

15 changes

• build(deps): bump docker/build-push-action from 5.1.0 to 5.3.0 (#386) @dependabot
• build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.3 (#387) @dependabot
• build(deps): bump actions/checkout from 4.1.1 to 4.1.4 (#388) @dependabot
• build(deps): bump docker/setup-buildx-action from 3.2.0 to 3.3.0 (#389) @dependabot
• build(deps): bump super-linter/super-linter from 5.7.2 to 6.4.1 (#381) @dependabot
• build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler from 3.0.0 to 3.1.0 (#384) @dependabot
• build(deps): bump codecov/codecov-action from 3.1.4 to 4.3.0 (#385) @jamacku
• build(deps): bump test/bats from 12c23ed to a751f3d (#382) @dependabot
• build(deps): bump dorny/paths-filter from 3.0.0 to 3.0.2 (#380) @dependabot
• build(deps): bump github/codeql-action from 3.24.6 to 3.25.3 (#379) @dependabot
• build(deps): bump bobheadxi/deployments from 1.4.0 to 1.5.0 (#368) @dependabot
• build(deps): bump docker/login-action from 3.0.0 to 3.1.0 (#367) @dependabot
• build(deps): bump docker/setup-buildx-action from 3.0.0 to 3.2.0 (#366) @dependabot
• build(deps): bump test/bats from 2d905aa to 12c23ed (#370) @dependabot

Full Changelog: v5.1.1...v5.1.2

v5.1.1

What's Changed

Bug Fixes

• Fix regex for emacs style annotations- also match -*- shell script -*- (#365) @jamacku

Dependency Updates

• build(deps): bump fedora from 06df381 to 61864fd (#358) @dependabot
• build(deps): bump github/codeql-action from 3.23.2 to 3.24.6 (#363) @dependabot
• build(deps): bump release-drafter/release-drafter from 5.25.0 to 6.0.0 (#361) @dependabot
• build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 (#360) @dependabot
• build(deps): bump test/bats from 990d8e2 to 2d905aa (#359) @dependabot

Full Changelog: v5.1.0...v5.1.1

v5.1.0

What's Changed

New

• Improve shell script detection based on emacs file mode header 🐯 (#357) @jamacku

Documentation

• Update markdown warning, use supported syntax 💄 (#341) @jamacku

Other changes

• README.md: bump actions/upload-artifact from v3 to v4 (#347) @ldv-alt
• doc: remove extra spaces from example 👾 (#346) @jamacku

Automation and CI changes

• ci: fix release workflow 🐛 (#340) @jamacku

Dependency Updates

• deps: update csutils to 3.2.0 (#355) @jamacku

8 changes

• build(deps): bump test/bats from 3d3f63d to 990d8e2 (#354) @dependabot
• build(deps): bump actions/upload-artifact from 4.0.0 to 4.3.0 (#352) @dependabot
• build(deps): bump dorny/paths-filter from 2.11.1 to 3.0.0 (#351) @dependabot
• build(deps): bump github/codeql-action from 3.22.12 to 3.23.2 (#349) @dependabot
• build(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 (#342) @dependabot
• build(deps): bump github/codeql-action from 2.22.8 to 3.22.12 (#343) @dependabot
• build(deps): bump super-linter/super-linter from 5.7.1 to 5.7.2 (#344) @dependabot
• build(deps): bump test/bats from e9fd17a to 3d3f63d (#345) @dependabot

Full Changelog: v5.0.2...v5.1.0

v5.0.2

What's Changed

Dependency Updates

• Update csutils to 3.1.0 (#339) @jamacku
• build(deps): bump fedora from 38 to 39 (#332) @dependabot

12 changes

• build(deps): bump test/bats from f1f5115 to e9fd17a (#333) @dependabot
• build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler from 2.0.7 to 2.1.0 (#334) @dependabot
• build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 (#335) @dependabot
• build(deps): bump docker/build-push-action from 5.0.0 to 5.1.0 (#336) @dependabot
• build(deps): bump github/codeql-action from 2.22.5 to 2.22.8 (#337) @dependabot
• build(deps): bump super-linter/super-linter from 5.6.0 to 5.7.1 (#338) @dependabot
• build(deps): bump github/codeql-action from 2.21.9 to 2.22.5 (#325) @dependabot
• build(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#326) @dependabot
• build(deps): bump super-linter/super-linter from 5.3.1 to 5.6.0 (#327) @dependabot
• build(deps): bump release-drafter/release-drafter from 5.24.0 to 5.25.0 (#328) @dependabot
• build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler from 2.0.6 to 2.0.7 (#329) @dependabot
• build(deps): bump test/bats from 360c1ea to f1f5115 (#330) @dependabot

Full Changelog: v5.0.1...v5.0.2