187 commits

Author	SHA1	Message	Date
William Woodruff	2e85156ddf	feat: make zizmor's core async (#1314)	2025-11-07 19:04:53 -05:00
William Woodruff	d94931b9a6	chore: prep 1.16.3 release (#1320) ... Signed-off-by: William Woodruff <william@yossarian.net>	2025-11-05 15:16:10 +00:00
Bo Anderson	7341ad17c4	fix: fix error bubbling in GitHub requests (#1319) ... Co-authored-by: William Woodruff <william@yossarian.net>	2025-11-05 10:10:57 -05:00
William Woodruff	57f910252f	chore: prep release 1.16.2 (#1311)	2025-11-02 00:51:54 +00:00
William Woodruff	70d35617c2	fix: dependabot: allow 'day' field for non-weekly intervals (#1308)	2025-11-02 00:03:58 +00:00
William Woodruff	96a96bcc89	feat: improve panic handling in CI environments (#1307)	2025-11-01 19:49:56 -04:00
William Woodruff	14f57d9ca6	feat: decrease sensitivity of concurrency-limits audit (#1303)	2025-10-31 16:09:11 -04:00
William Woodruff	1a264aa6a1	chore: prep for 1.16.1 release (#1298)	2025-10-29 01:07:02 +00:00
William Woodruff	6a4c90537f	fix: improve error message when ref listing fails (#1293)	2025-10-27 20:46:57 -04:00
William Woodruff	200abd04b0	chore: prep for 1.16.0 (#1280)	2025-10-23 22:46:28 +00:00
William Woodruff	343c3814fe	feat: begin replacing git2 with direct remote listing (#1273)	2025-10-23 18:30:17 -04:00
William Woodruff	e202bd4ea2	feat: yamlpath: anchor support (#1266)	2025-10-20 21:30:23 -04:00
Mostafa Moradian	32fdf28173	Add Fixes for dependabot-cooldown and dependabot-execution audit rules (#1229) ... Co-authored-by: William Woodruff <william@yossarian.net>	2025-10-19 15:39:55 -04:00
William Woodruff	e450a597b3	feat: use git2 and improve HTTP caching (#1257) ... Co-authored-by: Bo Anderson <mail@boanderson.me>	2025-10-16 22:00:44 -04:00
Joe Wallwork	5b5ad5d924	New audit: concurrency-limits (#1227) ... Co-authored-by: William Woodruff <william@yossarian.net>	2025-10-16 20:24:19 -04:00
Chase Naples	eeac63b339	Fix exit code to return 0 when all findings are auto-fixable (#1242) ... Co-authored-by: William Woodruff <william@yossarian.net>	2025-10-14 20:57:34 -04:00
Kingsword	2189780f91	feat: Add validation for extended Dependabot schedule intervals (#1247) ... Co-authored-by: William Woodruff <william@yossarian.net>	2025-10-14 10:31:04 -04:00
William Woodruff	7984062d34	chore: prep release 1.15.1 (#1243)	2025-10-13 23:19:42 -04:00
William Woodruff	e9e4eb9ec4	models: add devcontainers as a known ecosystem (#1240)	2025-10-13 23:08:56 -04:00
William Woodruff	4494b8a426	prep for 1.15.0 release (#1236)	2025-10-13 18:53:50 -04:00
William Woodruff	d9c2d957d6	feat: stabilize the auto-fix mode (#1232)	2025-10-13 17:35:23 -04:00
William Woodruff	d4c5a62cfb	feat: refactor --collect (#1228)	2025-10-12 00:41:32 -04:00
William Woodruff	76c1b19008	feat: new audit: dependabot-cooldown (#1223)	2025-10-07 21:02:24 -04:00
William Woodruff	bee86b1bb2	feat: add retry logic to GitHub API requests (#1219)	2025-10-06 16:51:59 -04:00
Mostafa Moradian	587bd72fc3	Add Fix to imposter-commit audit rule (#1090) ... Co-authored-by: William Woodruff <william@yossarian.net>	2025-10-05 21:19:49 -04:00
Mostafa Moradian	a259b96ada	Add Fix for ref-version-mismatch audit rule (#1205) ... Co-authored-by: William Woodruff <william@yossarian.net>	2025-10-06 00:49:59 +00:00
William Woodruff	1a1a77c334	fix: don't fail on single-file inputs without parent dir (#1212)	2025-10-04 16:56:24 -04:00
William Woodruff	a0e9662341	perf: use jemalloc as the global allocator on non-Windows (#1200)	2025-09-29 22:12:13 -04:00
William Woodruff	1813fe381e	cli: emit the version on every run (#1199)	2025-09-29 20:46:28 -04:00
William Woodruff	03af241587	prep release 1.14.2 (#1193)	2025-09-29 13:58:59 +00:00
William Woodruff	0b8b2b09a9	fix(use-trusted-publishing): eliminate FPs (#1192)	2025-09-29 13:52:58 +00:00
William Woodruff	6c8b25171a	prep 1.14.1 (#1185)	2025-09-26 19:28:00 +00:00
William Woodruff	15784e61c9	fix(ref-version-mismatch): correct commit SHA in audit message (#1183)	2025-09-26 13:22:59 -04:00
William Woodruff	b5334ce378	prep for 1.14.0 release (#1180)	2025-09-26 10:14:59 -04:00
William Woodruff	48b8ece8a1	docs: document ref-version-mismatch audit (#1179)	2025-09-26 04:40:46 +00:00
William Woodruff	9ed3607f8f	fix(obfuscation): don't consider fromJSON(...) constant-reducible (#1178)	2025-09-26 00:25:39 -04:00
William Woodruff	ffd91b1eb1	refactor: formalize input collection errors (#1169)	2025-09-25 23:53:19 -04:00
Samuel Giddins	67986e3eb8	feat: new audit: ref-version-mismatch (#972) ... Co-authored-by: William Woodruff <william@yossarian.net>	2025-09-18 21:33:32 -04:00
Mostafa Moradian	1e6508e237	Add Fix to unsound-condition audit rule (#1089) ... Co-authored-by: William Woodruff <william@yossarian.net>	2025-09-19 00:34:34 +00:00
Kristian Bremberg	8581a84f98	feat: add npm trusted publishing detection (#1161) ... Co-authored-by: William Woodruff <william@yossarian.net>	2025-09-18 19:24:05 -04:00
William Woodruff	d806ef6560	feat: remove unknown severity and confidence (#1164)	2025-09-17 22:30:37 -04:00
William Woodruff	13465ab42f	fix: handle another cache setting in setup-node (#1153)	2025-09-14 09:09:41 -04:00
William Woodruff	1deee9aa61	chore(docs): fix link (#1148)	2025-09-12 23:47:58 +00:00
William Woodruff	bcaa1bb94e	chore: prep for v1.13.0 release (#1147)	2025-09-12 19:25:00 -04:00
John Blackbourn	e0ec65a187	Introduce a rule which suggests that permissions are documented (#1131) ... Co-authored-by: William Woodruff <william@yossarian.net>	2025-09-11 21:50:44 -04:00
Mostafa Moradian	5a4d4e5785	Add Fixes for obfuscation audit rule (#1088) ... Co-authored-by: William Woodruff <william@yossarian.net>	2025-09-11 21:07:04 -04:00
William Woodruff	8b5a35835f	bugfix(deps): bump annotate-snippets to 0.12.2 (#1136)	2025-09-03 22:41:29 -04:00
William Woodruff	f95c1a57b9	feat: allow audits to be disabled in config (#1132)	2025-09-01 22:52:39 -04:00
William Woodruff	2b3cb27ee4	fix: respect --strict-collection for remote inputs (#1122)	2025-08-29 23:39:49 -04:00
William Woodruff	d75933e72d	feat: load separate configs for input groups (#1094)	2025-08-27 23:39:13 -04:00