zizmor 1.4.0__tar.gz → 1.4.1__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of zizmor might be problematic. Click here for more details.

Files changed (206) hide show
  1. {zizmor-1.4.0 → zizmor-1.4.1}/.github/workflows/docker.yml +2 -0
  2. {zizmor-1.4.0 → zizmor-1.4.1}/Cargo.lock +1 -1
  3. {zizmor-1.4.0 → zizmor-1.4.1}/Cargo.toml +1 -1
  4. {zizmor-1.4.0 → zizmor-1.4.1}/Dockerfile +1 -1
  5. {zizmor-1.4.0 → zizmor-1.4.1}/PKG-INFO +1 -1
  6. {zizmor-1.4.0 → zizmor-1.4.1}/docs/release-notes.md +9 -0
  7. {zizmor-1.4.0 → zizmor-1.4.1}/docs/usage.md +1 -1
  8. {zizmor-1.4.0 → zizmor-1.4.1}/src/audit/unredacted_secrets.rs +5 -1
  9. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__unredacted_secrets.snap +2 -3
  10. {zizmor-1.4.0 → zizmor-1.4.1}/.github/ISSUE_TEMPLATE/bug-report.yml +0 -0
  11. {zizmor-1.4.0 → zizmor-1.4.1}/.github/ISSUE_TEMPLATE/config.yml +0 -0
  12. {zizmor-1.4.0 → zizmor-1.4.1}/.github/ISSUE_TEMPLATE/feature-request.yml +0 -0
  13. {zizmor-1.4.0 → zizmor-1.4.1}/.github/dependabot.yml +0 -0
  14. {zizmor-1.4.0 → zizmor-1.4.1}/.github/workflows/ci.yml +0 -0
  15. {zizmor-1.4.0 → zizmor-1.4.1}/.github/workflows/pypi.yml +0 -0
  16. {zizmor-1.4.0 → zizmor-1.4.1}/.github/workflows/release.yml +0 -0
  17. {zizmor-1.4.0 → zizmor-1.4.1}/.github/workflows/site.yml +0 -0
  18. {zizmor-1.4.0 → zizmor-1.4.1}/.github/workflows/zizmor.yml +0 -0
  19. {zizmor-1.4.0 → zizmor-1.4.1}/.gitignore +0 -0
  20. {zizmor-1.4.0 → zizmor-1.4.1}/CONTRIBUTING.md +0 -0
  21. {zizmor-1.4.0 → zizmor-1.4.1}/LICENSE +0 -0
  22. {zizmor-1.4.0 → zizmor-1.4.1}/Makefile +0 -0
  23. {zizmor-1.4.0 → zizmor-1.4.1}/README.md +0 -0
  24. {zizmor-1.4.0 → zizmor-1.4.1}/docs/assets/favicon48x48.png +0 -0
  25. {zizmor-1.4.0 → zizmor-1.4.1}/docs/assets/rainbow.svg +0 -0
  26. {zizmor-1.4.0 → zizmor-1.4.1}/docs/assets/zizmor-demo.gif +0 -0
  27. {zizmor-1.4.0 → zizmor-1.4.1}/docs/audits.md +0 -0
  28. {zizmor-1.4.0 → zizmor-1.4.1}/docs/configuration.md +0 -0
  29. {zizmor-1.4.0 → zizmor-1.4.1}/docs/development.md +0 -0
  30. {zizmor-1.4.0 → zizmor-1.4.1}/docs/index.md +0 -0
  31. {zizmor-1.4.0 → zizmor-1.4.1}/docs/installation.md +0 -0
  32. {zizmor-1.4.0 → zizmor-1.4.1}/docs/magiclink.css +0 -0
  33. {zizmor-1.4.0 → zizmor-1.4.1}/docs/quickstart.md +0 -0
  34. {zizmor-1.4.0 → zizmor-1.4.1}/docs/snippets/help.txt +0 -0
  35. {zizmor-1.4.0 → zizmor-1.4.1}/docs/snippets/render-sponsors.py +0 -0
  36. {zizmor-1.4.0 → zizmor-1.4.1}/docs/snippets/render-trophies.py +0 -0
  37. {zizmor-1.4.0 → zizmor-1.4.1}/docs/snippets/sponsors.html +0 -0
  38. {zizmor-1.4.0 → zizmor-1.4.1}/docs/snippets/sponsors.json +0 -0
  39. {zizmor-1.4.0 → zizmor-1.4.1}/docs/snippets/trophies.md +0 -0
  40. {zizmor-1.4.0 → zizmor-1.4.1}/docs/snippets/trophies.txt +0 -0
  41. {zizmor-1.4.0 → zizmor-1.4.1}/docs/trophy-case.md +0 -0
  42. {zizmor-1.4.0 → zizmor-1.4.1}/mkdocs.yml +0 -0
  43. {zizmor-1.4.0 → zizmor-1.4.1}/pyproject.toml +0 -0
  44. {zizmor-1.4.0 → zizmor-1.4.1}/src/audit/artipacked.rs +0 -0
  45. {zizmor-1.4.0 → zizmor-1.4.1}/src/audit/bot_conditions.rs +0 -0
  46. {zizmor-1.4.0 → zizmor-1.4.1}/src/audit/cache_poisoning.rs +0 -0
  47. {zizmor-1.4.0 → zizmor-1.4.1}/src/audit/dangerous_triggers.rs +0 -0
  48. {zizmor-1.4.0 → zizmor-1.4.1}/src/audit/excessive_permissions.rs +0 -0
  49. {zizmor-1.4.0 → zizmor-1.4.1}/src/audit/github_env.rs +0 -0
  50. {zizmor-1.4.0 → zizmor-1.4.1}/src/audit/hardcoded_container_credentials.rs +0 -0
  51. {zizmor-1.4.0 → zizmor-1.4.1}/src/audit/impostor_commit.rs +0 -0
  52. {zizmor-1.4.0 → zizmor-1.4.1}/src/audit/insecure_commands.rs +0 -0
  53. {zizmor-1.4.0 → zizmor-1.4.1}/src/audit/known_vulnerable_actions.rs +0 -0
  54. {zizmor-1.4.0 → zizmor-1.4.1}/src/audit/mod.rs +0 -0
  55. {zizmor-1.4.0 → zizmor-1.4.1}/src/audit/overprovisioned_secrets.rs +0 -0
  56. {zizmor-1.4.0 → zizmor-1.4.1}/src/audit/ref_confusion.rs +0 -0
  57. {zizmor-1.4.0 → zizmor-1.4.1}/src/audit/secrets_inherit.rs +0 -0
  58. {zizmor-1.4.0 → zizmor-1.4.1}/src/audit/self_hosted_runner.rs +0 -0
  59. {zizmor-1.4.0 → zizmor-1.4.1}/src/audit/template_injection.rs +0 -0
  60. {zizmor-1.4.0 → zizmor-1.4.1}/src/audit/unpinned_uses.rs +0 -0
  61. {zizmor-1.4.0 → zizmor-1.4.1}/src/audit/use_trusted_publishing.rs +0 -0
  62. {zizmor-1.4.0 → zizmor-1.4.1}/src/config.rs +0 -0
  63. {zizmor-1.4.0 → zizmor-1.4.1}/src/expr/expr.pest +0 -0
  64. {zizmor-1.4.0 → zizmor-1.4.1}/src/expr/mod.rs +0 -0
  65. {zizmor-1.4.0 → zizmor-1.4.1}/src/finding/mod.rs +0 -0
  66. {zizmor-1.4.0 → zizmor-1.4.1}/src/github_api.rs +0 -0
  67. {zizmor-1.4.0 → zizmor-1.4.1}/src/main.rs +0 -0
  68. {zizmor-1.4.0 → zizmor-1.4.1}/src/models/coordinate.rs +0 -0
  69. {zizmor-1.4.0 → zizmor-1.4.1}/src/models/uses.rs +0 -0
  70. {zizmor-1.4.0 → zizmor-1.4.1}/src/models.rs +0 -0
  71. {zizmor-1.4.0 → zizmor-1.4.1}/src/registry.rs +0 -0
  72. {zizmor-1.4.0 → zizmor-1.4.1}/src/render.rs +0 -0
  73. {zizmor-1.4.0 → zizmor-1.4.1}/src/sarif.rs +0 -0
  74. {zizmor-1.4.0 → zizmor-1.4.1}/src/state.rs +0 -0
  75. {zizmor-1.4.0 → zizmor-1.4.1}/src/utils.rs +0 -0
  76. {zizmor-1.4.0 → zizmor-1.4.1}/tests/acceptance.rs +0 -0
  77. {zizmor-1.4.0 → zizmor-1.4.1}/tests/common.rs +0 -0
  78. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshot.rs +0 -0
  79. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__artipacked-2.snap +0 -0
  80. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__artipacked-3.snap +0 -0
  81. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__artipacked-4.snap +0 -0
  82. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__artipacked.snap +0 -0
  83. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__bot_conditions.snap +0 -0
  84. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__cache_poisoning-10.snap +0 -0
  85. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__cache_poisoning-11.snap +0 -0
  86. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__cache_poisoning-12.snap +0 -0
  87. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__cache_poisoning-13.snap +0 -0
  88. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__cache_poisoning-14.snap +0 -0
  89. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__cache_poisoning-2.snap +0 -0
  90. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__cache_poisoning-3.snap +0 -0
  91. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__cache_poisoning-4.snap +0 -0
  92. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__cache_poisoning-5.snap +0 -0
  93. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__cache_poisoning-6.snap +0 -0
  94. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__cache_poisoning-7.snap +0 -0
  95. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__cache_poisoning-8.snap +0 -0
  96. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__cache_poisoning-9.snap +0 -0
  97. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__cache_poisoning.snap +0 -0
  98. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__cant_retrieve.snap +0 -0
  99. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__excessive_permissions-10.snap +0 -0
  100. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__excessive_permissions-11.snap +0 -0
  101. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__excessive_permissions-12.snap +0 -0
  102. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__excessive_permissions-2.snap +0 -0
  103. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__excessive_permissions-3.snap +0 -0
  104. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__excessive_permissions-4.snap +0 -0
  105. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__excessive_permissions-5.snap +0 -0
  106. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__excessive_permissions-6.snap +0 -0
  107. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__excessive_permissions-7.snap +0 -0
  108. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__excessive_permissions-8.snap +0 -0
  109. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__excessive_permissions-9.snap +0 -0
  110. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__excessive_permissions.snap +0 -0
  111. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__github_env-2.snap +0 -0
  112. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__github_env-3.snap +0 -0
  113. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__github_env.snap +0 -0
  114. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__insecure_commands-2.snap +0 -0
  115. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__insecure_commands-3.snap +0 -0
  116. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__insecure_commands.snap +0 -0
  117. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__invalid_inputs.snap +0 -0
  118. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__overprovisioned_secrets.snap +0 -0
  119. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__ref_confusion-2.snap +0 -0
  120. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__ref_confusion.snap +0 -0
  121. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__secrets_inherit.snap +0 -0
  122. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__self_hosted-2.snap +0 -0
  123. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__self_hosted-3.snap +0 -0
  124. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__self_hosted-4.snap +0 -0
  125. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__self_hosted-5.snap +0 -0
  126. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__self_hosted-6.snap +0 -0
  127. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__self_hosted-7.snap +0 -0
  128. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__self_hosted-8.snap +0 -0
  129. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__self_hosted.snap +0 -0
  130. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__template_injection-2.snap +0 -0
  131. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__template_injection-3.snap +0 -0
  132. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__template_injection-4.snap +0 -0
  133. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__template_injection-5.snap +0 -0
  134. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__template_injection-6.snap +0 -0
  135. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__template_injection-7.snap +0 -0
  136. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__template_injection-8.snap +0 -0
  137. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__template_injection.snap +0 -0
  138. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__unpinned_uses-2.snap +0 -0
  139. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__unpinned_uses-3.snap +0 -0
  140. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__unpinned_uses-4.snap +0 -0
  141. {zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__unpinned_uses.snap +0 -0
  142. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/artipacked/issue-447-repro.yml +0 -0
  143. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/artipacked.yml +0 -0
  144. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/bot-conditions.yml +0 -0
  145. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/cache-poisoning/caching-disabled-by-default.yml +0 -0
  146. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/cache-poisoning/caching-enabled-by-default.yml +0 -0
  147. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/cache-poisoning/caching-not-configurable.yml +0 -0
  148. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/cache-poisoning/caching-opt-in-boolean-toggle.yml +0 -0
  149. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/cache-poisoning/caching-opt-in-boolish-toggle.yml +0 -0
  150. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/cache-poisoning/caching-opt-in-expression.yml +0 -0
  151. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/cache-poisoning/caching-opt-in-multi-value-toggle.yml +0 -0
  152. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/cache-poisoning/caching-opt-out.yml +0 -0
  153. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/cache-poisoning/issue-343-repro.yml +0 -0
  154. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/cache-poisoning/issue-378-repro.yml +0 -0
  155. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/cache-poisoning/no-cache-aware-steps.yml +0 -0
  156. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/cache-poisoning/publisher-step.yml +0 -0
  157. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/cache-poisoning/workflow-release-branch-trigger.yml +0 -0
  158. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/cache-poisoning/workflow-tag-trigger.yml +0 -0
  159. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/cache-poisoning.yml +0 -0
  160. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/excessive-permissions/issue-336-repro.yml +0 -0
  161. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/excessive-permissions/issue-472-repro.yml +0 -0
  162. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/excessive-permissions/jobs-broaden-permissions.yml +0 -0
  163. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/excessive-permissions/reusable-workflow-call.yml +0 -0
  164. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/excessive-permissions/reusable-workflow-other-triggers.yml +0 -0
  165. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/excessive-permissions/workflow-default-perms-all-jobs-explicit.yml +0 -0
  166. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/excessive-permissions/workflow-default-perms.yml +0 -0
  167. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/excessive-permissions/workflow-empty-perms.yml +0 -0
  168. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/excessive-permissions/workflow-read-all.yml +0 -0
  169. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/excessive-permissions/workflow-write-all.yml +0 -0
  170. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/excessive-permissions/workflow-write-explicit.yml +0 -0
  171. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/excessive-permissions.yml +0 -0
  172. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/github-env/action.yml +0 -0
  173. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/github-env/github-path.yml +0 -0
  174. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/github-env/issue-397-repro.yml +0 -0
  175. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/github_env.yml +0 -0
  176. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/hardcoded-credentials.yml +0 -0
  177. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/inlined-ignores.yml +0 -0
  178. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/insecure-commands/action.yml +0 -0
  179. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/insecure-commands.yml +0 -0
  180. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/invalid/invalid-workflow.yml +0 -0
  181. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/overprovisioned-secrets.yml +0 -0
  182. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/ref-confusion/issue-518-repro.yml +0 -0
  183. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/ref-confusion.yml +0 -0
  184. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/secrets-inherit.yml +0 -0
  185. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/self-hosted/issue-283-repro.yml +0 -0
  186. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/self-hosted/self-hosted-matrix-dimension.yml +0 -0
  187. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/self-hosted/self-hosted-matrix-exclusion.yml +0 -0
  188. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/self-hosted/self-hosted-matrix-inclusion.yml +0 -0
  189. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/self-hosted/self-hosted-runner-group.yml +0 -0
  190. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/self-hosted/self-hosted-runner-label.yml +0 -0
  191. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/self-hosted.yml +0 -0
  192. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/template-injection/issue-22-repro.yml +0 -0
  193. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/template-injection/issue-339-repro.yml +0 -0
  194. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/template-injection/issue-418-repro.yml +0 -0
  195. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/template-injection/pr-317-repro.yml +0 -0
  196. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/template-injection/pr-425-backstop/action.yml +0 -0
  197. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/template-injection/static-env.yml +0 -0
  198. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/template-injection/template-injection-dynamic-matrix.yml +0 -0
  199. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/template-injection/template-injection-static-matrix.yml +0 -0
  200. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/template-injection.yml +0 -0
  201. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/unpinned-uses/action.yml +0 -0
  202. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/unpinned-uses/issue-433-repro.yml +0 -0
  203. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/unpinned-uses.yml +0 -0
  204. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/unredacted-secrets.yml +0 -0
  205. {zizmor-1.4.0 → zizmor-1.4.1}/tests/test-data/use-trusted-publishing.yml +0 -0
  206. {zizmor-1.4.0 → zizmor-1.4.1}/uv.lock +0 -0
{zizmor-1.4.0 → zizmor-1.4.1}/.github/workflows/docker.yml RENAMED
@@ -73,6 +73,8 @@ jobs:
73
73
  platforms: ${{ matrix.image.platform }}
74
74
  labels: ${{ steps.docker-metadata.outputs.labels }}
75
75
  outputs: type=image,"name=${{ env.ZIZMOR_IMAGE }}",push-by-digest=true,name-canonical=true,push=true
76
+ build-args: |
77
+ ZIZMOR_VERSION=${{ github.event.inputs.version }}
76
78
 
77
79
  - name: Export digest
78
80
  run: |
{zizmor-1.4.0 → zizmor-1.4.1}/Cargo.lock RENAMED
@@ -3151,7 +3151,7 @@ dependencies = [
3151
3151
 
3152
3152
  [[package]]
3153
3153
  name = "zizmor"
3154
- version = "1.4.0"
3154
+ version = "1.4.1"
3155
3155
  dependencies = [
3156
3156
  "annotate-snippets",
3157
3157
  "anstream",
{zizmor-1.4.0 → zizmor-1.4.1}/Cargo.toml RENAMED
@@ -1,7 +1,7 @@
1
1
  [package]
2
2
  name = "zizmor"
3
3
  description = "Static analysis for GitHub Actions"
4
- version = "1.4.0"
4
+ version = "1.4.1"
5
5
  edition = "2021"
6
6
  repository = "https://github.com/woodruffw/zizmor"
7
7
  homepage = "https://github.com/woodruffw/zizmor"
{zizmor-1.4.0 → zizmor-1.4.1}/Dockerfile RENAMED
@@ -14,7 +14,7 @@ RUN set -eux && \
14
14
  apt-get clean && \
15
15
  rm -rf /var/lib/apt/lists/*
16
16
 
17
- RUN pip install zizmor && \
17
+ RUN pip install zizmor==${ZIZMOR_VERSION} && \
18
18
  which zizmor
19
19
 
20
20
  # ------------------------------------------------------------------------------
{zizmor-1.4.0 → zizmor-1.4.1}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: zizmor
3
- Version: 1.4.0
3
+ Version: 1.4.1
4
4
  License-File: LICENSE
5
5
  Summary: Static analysis for GitHub Actions
6
6
  Keywords: cli,github-actions,static-analysis,security
{zizmor-1.4.0 → zizmor-1.4.1}/docs/release-notes.md RENAMED
@@ -9,6 +9,15 @@ of `zizmor`.
9
9
 
10
10
  ## Next (UNRELEASED)
11
11
 
12
+ ## v1.4.1
13
+
14
+ This is a small corrective release for v1.4.0.
15
+
16
+ ### Bug Fixes 🐛
17
+
18
+ * Findings produced by ([unredacted-secrets]) now use the correct ID and
19
+ link to the correct URL in the audit documentation (#566)
20
+
12
21
  ## v1.4.0
13
22
 
14
23
  This release comes with one new audit ([unredacted-secrets]), plus a handful
{zizmor-1.4.0 → zizmor-1.4.1}/docs/usage.md RENAMED
@@ -463,7 +463,7 @@ To do so, add the following to your `.pre-commit-config.yaml` `repos` section:
463
463
 
464
464
  ```yaml
465
465
  - repo: https://github.com/woodruffw/zizmor-pre-commit
466
- rev: v1.4.0 # (1)!
466
+ rev: v1.4.1 # (1)!
467
467
  hooks:
468
468
  - id: zizmor
469
469
  ```
{zizmor-1.4.0 → zizmor-1.4.1}/src/audit/unredacted_secrets.rs RENAMED
@@ -9,7 +9,11 @@ use super::{audit_meta, Audit};
9
9
 
10
10
  pub(crate) struct UnredactedSecrets;
11
11
 
12
- audit_meta!(UnredactedSecrets, "secret-leakage", "leaked secret values");
12
+ audit_meta!(
13
+ UnredactedSecrets,
14
+ "unredacted-secrets",
15
+ "leaked secret values"
16
+ );
13
17
 
14
18
  impl Audit for UnredactedSecrets {
15
19
  fn new(_: crate::AuditState) -> anyhow::Result<Self>
{zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshots/snapshot__unredacted_secrets.snap RENAMED
@@ -1,9 +1,8 @@
1
1
  ---
2
2
  source: tests/snapshot.rs
3
3
  expression: "zizmor().workflow(workflow_under_test(\"unredacted-secrets.yml\")).run()?"
4
- snapshot_kind: text
5
4
  ---
6
- warning[secret-leakage]: leaked secret values
5
+ warning[unredacted-secrets]: leaked secret values
7
6
  --> @@INPUT@@:14:18
8
7
  |
9
8
  14 | stuff: ${{ fromJSON(secrets.password) }}
@@ -11,7 +10,7 @@ warning[secret-leakage]: leaked secret values
11
10
  |
12
11
  = note: audit confidence → High
13
12
 
14
- warning[secret-leakage]: leaked secret values
13
+ warning[unredacted-secrets]: leaked secret values
15
14
  --> @@INPUT@@:17:23
16
15
  |
17
16
  17 | otherstuff: ${{ fromJson(secrets.otherstuff).field }}
{zizmor-1.4.0 → zizmor-1.4.1}/.github/dependabot.yml RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/.github/workflows/ci.yml RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/.gitignore RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/CONTRIBUTING.md RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/LICENSE RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/Makefile RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/README.md RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/docs/assets/rainbow.svg RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/docs/audits.md RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/docs/configuration.md RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/docs/development.md RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/docs/index.md RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/docs/installation.md RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/docs/magiclink.css RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/docs/quickstart.md RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/docs/snippets/help.txt RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/docs/snippets/trophies.md RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/docs/trophy-case.md RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/mkdocs.yml RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/pyproject.toml RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/src/audit/artipacked.rs RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/src/audit/github_env.rs RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/src/audit/mod.rs RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/src/config.rs RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/src/expr/expr.pest RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/src/expr/mod.rs RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/src/finding/mod.rs RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/src/github_api.rs RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/src/main.rs RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/src/models/coordinate.rs RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/src/models/uses.rs RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/src/models.rs RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/src/registry.rs RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/src/render.rs RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/src/sarif.rs RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/src/state.rs RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/src/utils.rs RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/tests/acceptance.rs RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/tests/common.rs RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/tests/snapshot.rs RENAMED
File without changes
{zizmor-1.4.0 → zizmor-1.4.1}/uv.lock RENAMED
File without changes