Bump github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2 #227
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
dependencies
Minder Vulnerability Report ✅Minder analyzed this PR and found it does not add any new vulnerable dependencies.
|
![stacklok-cloud-staging[bot]](https://avatars.githubusercontent.com/u/110237746?s=60&v=4){kind=small}
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: github.com/go-git/go-billy/v5
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 5.9 |
| Repository activity | 4.1 |
| User activity | 7.8 |
| Provenance | verified_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 11 |
| Number of git tags or releases | 31 |
| Versions matched to tags or releases | 7 |
Alternatives
| Package | Score | Description |
|---|---|---|
| github.com/spf13/afero | 0 | |
| github.com/fsnotify/fsnotify | 0 | |
| github.com/gohugoio/hugo | 0 |
dependabot
bot
force-pushed
the
dependabot/go_modules/github.com/go-git/go-billy/v5-5.6.2
branch
from
6f8c466 to
f6f28d8
Compare
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: github.com/go-git/go-billy/v5
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 5.9 |
| Repository activity | 4.1 |
| User activity | 7.8 |
| Provenance | verified_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 11 |
| Number of git tags or releases | 31 |
| Versions matched to tags or releases | 7 |
|
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting |
|
@dependabot recreate |
Bumps [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy) from 5.6.1 to 5.6.2. - [Release notes](https://github.com/go-git/go-billy/releases) - [Commits](go-git/go-billy@v5.6.1...v5.6.2) --- updated-dependencies: - dependency-name: github.com/go-git/go-billy/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/go_modules/github.com/go-git/go-billy/v5-5.6.2
branch
from
f6f28d8 to
082905d
Compare
There was a problem hiding this comment.
Dependency Information
Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.
📦 Dependency: github.com/go-git/go-billy/v5
Trusty Score: 0
Scoring details
| Component | Score |
|---|---|
| Package activity | 5.9 |
| Repository activity | 4.1 |
| User activity | 7.8 |
| Provenance | verified_provenance_match |
Proof of Origin (Provenance)
This package can be linked back to its source code using a historical provenance map.
We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
| Published package versions | 11 |
| Number of git tags or releases | 31 |
| Versions matched to tags or releases | 7 |
Alternatives
| Package | Score | Description |
|---|---|---|
| github.com/spf13/afero | 0 | |
| github.com/gohugoio/hugo | 0 |
eleftherias
deleted the
dependabot/go_modules/github.com/go-git/go-billy/v5-5.6.2
branch
Bumps github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2.
Release notes
Sourced from github.com/go-git/go-billy/v5's releases.
Commits
9f8b16dMerge pull request #103 from pjbgf/bump-deps783f58cbuild: Bump dependencies0009381Merge pull request #102 from JAORMX/iofs-extra-interfaces-v521beb15Enable theiofsadapter to also return other interfaces fromio/fsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)