Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: zizmor-zsh-completion | Distribution: openSUSE:Factory:zSystems |
Version: 1.15.2 | Vendor: openSUSE |
Release: 1.1 | Build date: Fri Oct 17 07:04:53 2025 |
Group: System/Shells | Build host: reproducible |
Size: 4010 | Source RPM: zizmor-1.15.2-1.1.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: https://github.com/zizmorcore/zizmor | |
Summary: Zsh Completion for zizmor |
zsh command line completion support for zizmor.
MIT
* Fri Oct 17 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 1.15.2: * Bug Fixes - Fixed a bug where zizmor would fail to parse some Dependabot configuration files due to missing support for some schedule formats (#1247) * Tue Oct 14 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 1.15.1: * Bug Fixes - Fixed a bug where zizmor would fail to parse Dependabot configuration files due to missing support for some package ecosystems (#1240) * Tue Oct 14 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 1.15.0: This release comes with support for auditing Dependabot configuration files! Like with composite action definition auditing (introduced in v1.0.0), Dependabot configuration auditing is enabled by default but can be disabled as part of input collection. To complement this new functionality, this release comes with two new audits: dependabot-execution and dependabot-cooldown. * New Features - New audit: dependabot-execution detects Dependabot configurations that allow insecure external code execution (#1220) - New audit: dependabot-cooldown detects Dependabot configurations that do not include cooldown settings, or that set an insufficient cooldown (#1223) * Performance Improvements - zizmor now uses jemalloc as its default allocator on non-MSVC targets, which should significantly improve performance for Linux and macOS users (#1200) * Enhancements - zizmor now unconditionally emits its version number to stderr on startup (#1199) - The ref-version-mismatch audit now supports auto-fixes for many findings (#1205) - The [impostor-commit] audit now supports auto-fixes for many findings (#1090) - zizmor is now more resilient to sporadic request failures when performing GitHub API requests (#1219) - --collect=dependabot is now supported as a collection option, allowing users to audit only Dependabot configuration files (#1215) - The --fix mode (introduced with v1.10.0) is now considered stable and no longer experimental (#1232) * Bug Fixes - Fixed a bug where zizmor would fail instead of analyzing single-file inputs that lacked an explicit parent path component, e.g. zizmor foo.yml instead of zizmor ./foo.yml (#1212) * Deprecations - The workflows-only and actions-only values for --collect are now deprecated. These values have been replaced with workflows and actions, respectively, which have the same behavior but can be composed together with other collection modes. The deprecated modes will be removed in a future release (#1228) - Until removal, using these values will emit a warning. * Tue Sep 30 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 1.14.2: * Bug Fixes - Fixed a bug where the use-trusted-publishing audit would produce-false positive findings for some run: blocks that implicitly performed trusted publishing (#1191) * Sun Sep 28 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 1.14.1: * Bug Fixes - Fixed a bug where the ref-version-mismatch would incorrectly show the wrong commit SHAs in its findings (#1183) * Sun Sep 28 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 1.14.0: * New Features - New audit: ref-version-mismatch detects mismatches between hash-pinned action references and their version comments (#972) * Enhancements - zizmor no longer uses the "Unknown" severity or confidence levels for any findings. All findings previously categorized at these levels are now given a more meaningful level (#1164) - The use-trusted-publishing audit now detects various Trusted Publishing patterns for the npm ecosystem (#1161) - The unsound-condition audit now supports auto-fixes for many findings (#1089) - zizmor's error handling has been restructured, improving the quality of error messages and their associated suggestions (#1169) * Bug Fixes - Fixed a bug where the cache-poisoning audit would fail to detect some cache usage variants in newer versions of actions/setup-node (#1152) - Fixed a bug where the obfuscation audit would incorrectly flag some subexpressions as constant-reducible when they were not (#1170) * Deprecations - The unknown values for --min-severity and --min-confidence are now deprecated. These values were already no-ops (and have been since introduction), and will be removed in a future release (#1164) - Until removal, using these values will emit a warning. * Sun Sep 14 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 1.13.0: * New Features - New audit: undocumented-permissions detects explicit permission grants that lack an explanatory comment (#1131) Many thanks to @johnbillion for proposing and implementing this audit! * Enhancements - zizmor's configuration discovery behavior has been significantly refactored, making it easier to audit multiple independent inputs with their own configuration files (#1094) For most users, this change should cause no compatibility issues. For example, the following commands will continue to load the same configuration files as before: zizmor . zizmor .github/ For other users, the behavior will change, but in a way that's intended to correct a long-standing bug with configuration discovery. In particular, the following commands will now behave differently: [#] OLD: would discover config in $CWD [#] NEW: will discover two different configs, one in each of the repos zizmor ./repoA ./repoB Separately from these changes, zizmor continues to support - -config <path> and ZIZMOR_CONFIG with the exact same behavior as before. See Configuration - Discovery for a detailed explanation of the new behavior. - Audit rules can now be disabled entirely in zizmor's configuration. See rules..disable for details (#1132) - The obfuscation audit now supports auto-fixes for many findings (#1088) * Bug Fixes - zizmor now correctly honors --strict-collection when collecting from remote inputs. This also means that the default collection strictness has changed for remote inputs to match all other inputs (#1122) - Fixed a bug where zizmor would crash on certain UTF-8 inputs lacking an explicit final newline due to a bug in the annotate-snippets crate (#1136) * Dependencies - chore(deps): bump github/codeql-action in the github-actions group (#1140) - chore(deps): bump the cargo group with 4 updates (#1141) - chore(docs): remove external links section, add crates.io link to footer (#1137) - bugfix(deps): bump annotate-snippets to 0.12.2 (#1136) - chore(deps): bump the github-actions group with 3 updates (#1129) - chore(deps): bump the cargo group with 2 updates (#1130) - chore(deps): bump tracing-subscriber from 0.3.19 to 0.3.20 (#1121) - chore(deps): bump the github-actions group with 2 updates (#1112) - chore(deps): bump the cargo group with 5 updates (#1111) - chore(deps): bump the cargo group with 6 updates (#1097) - chore(deps): bump the github-actions group with 6 updates (#1096) * Mon Aug 18 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 1.12.1: * Bug Fixes - Fixed a bug where the cache-poisoning would incorrectly detect the opposite cases for cache enablement (#1081) * Mon Aug 18 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 1.12.0: * New Features - New audit: unsound-condition detects if: conditions that inadvertently always evaluate to true (#1053) * Enhancements - The cache-poisoning audit now supports auto-fixes for many findings (#923) - The known-vulnerable-actions audit now supports auto-fixes for many findings (#1019) - zizmor is now stricter about parsing uses: clauses. In particular, zizmor will no longer accept uses: org/repo without a trailing @ref, as GitHub Actions itself does not accept this syntax (#1019) - The use-trusted-publishing audit now detects many more patterns, including cargo publish and other run: blocks that make use of publishing commands directly (#1042) - The insecure-commands audit now supports auto-fixes for many findings (#1045) - The template-injection audit now detects more action injection sinks (#1059) * Bug Fixes - Fixed a bug where --fix would fail to preserve comments when modifying block-style YAML mappings (#995) - Fixed a bug where zizmor would crash when given a GitHub API token with leading or trailing whitespace (#1027) - Fixed a bug where template-injection findings in --fix mode would be incorrectly patched when referencing an env.* context (#1052) - Fixed a bug where template-injection findings in --fix mode would be patched with shell syntax that didn't match the step's actual shell (#1064) * Tue Jul 01 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 1.11.0: * New Features - zizmor now has experimental support for IDE/editor integrations via zizmor --lsp; see the IDE integration documentation for more information (#984) * Enhancements - The bot-conditions audit now supports auto-fixes for many findings (#921) - The bot-conditions audit now produces findings on triggers other than pull_request_target (#921) * Bug Fixes - Fixed a bug where zizmor would crash when attempting to extract subfeatures from features containing non-ASCII codepoints (#989) * Dependencies - chore(deps): bump the github-actions group with 3 updates (#990) - chore(deps): bump the cargo group with 3 updates (#991) - chore(deps): bump http-cache-reqwest to 0.16.0 (#982) - chore(deps): bump http-cache-reqwest to 0.15.2 (#980) - chore(docs): remove demo file, link to zizmor.sh (#978) * Mon Jun 30 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 1.10.0: * New Features - New audit: anonymous-definition detects unnamed workflows and actions. Definitions without a name: field appear anonymously in the GitHub Actions UI, making them harder to distinguish (#937) - Auto-fix mode: zizmor now experimentally supports - -fix=[MODE], which enables the brand new auto-fix mode. This mode can automatically fix a subset of zizmor's findings. For this experimental release, auto-fixes are available for findings from the following audits: - artipacked: zizmor will attempt to add persist-credentials: false to actions/checkout steps that do not already have it. - template-injection: zizmor will attempt to rewrite run: blocks containing ${{ foo.bar }} to use ${FOO_BAR} instead, and will add an appropriate env: block to set FOO_BAR to the expression's evaluation. Read more about the new auto-fix mode in the documentation. https://docs.zizmor.sh/usage/#auto-fixing-results * Enhancements - The artipacked audit now produces findings on composite action definitions, rather than just workflow definitions (#896) - The use-trusted-publishing audit now produces findings on composite action definitions, rather than just workflow definitions (#899) - The bot-conditions audit now detects more spoofable actor checks, including checks against well-known user IDs for bot accounts (#905) - The template-injection and other audits now produce more precise findings when analyzing env context accesses for static-ness (#911) - The template-injection audit now produces more precise findings when analyzing inputs context accesses (#919) - zizmor now produces more descriptive error messages when it fails to parse a workflow or action definition (#956) - The bot-conditions audit now returns precise spans for flagged actor checks, instead of flagging the entire if: value (#949) - The template-injection audit now returns precise spans for flagged contexts and expressions, instead of flagging the entire script block (#958) - The obfuscation audit now returns precise spans for flagged expressions (#969) - The obfuscation audit now detects computed indices (e.g. inputs.foo[inputs.bar]) as a potentially obfuscatory pattern (#969) * Bug Fixes - The template-injection audit no longer crashes when attempting to evaluate the static-ness of an environment context within a composite action uses: step (#887) - The bot-conditions audit now correctly analyzes index-style contexts, e.g. github['actor'] (#905) - Fixed a bug where zizmor would fail to parse expressions that contained >= or <= (#916) - Fixed a bug where zizmor would fail to parse expressions containing contexts with interstitial whitespace (#958) * Sat May 31 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 1.9.0: * New Features - zizmor now supports generating completions for Nushell (#838) * Enhancements - The template-injection audit has been rewritten, and is now significantly more precise and general over contexts supplied via GitHub's webhook payloads (i.e. github.event.*) (#745) - The template-injection audit now detects vulnerable template injections in more actions inputs, thanks to an integration with CodeQL's sink metadata (#849) * Bug Fixes - The insecure-commands now correctly detects different truthy values in ACTIONS_ALLOW_UNSECURE_COMMANDS (#840) - The template-injection audit now correctly emits pedantic findings in a blanket manner, rather than filtering them based on the presence of other findings (#745) - CLI: Fixed a misleading error message when zizmor is used with a GitHub host other than github.com (#863) * Dependencies - chore(deps): bump the cargo group with 3 updates (#860) - chore(deps): bump astral-sh/setup-uv in the github-actions group (#859) * Wed May 21 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 1.8.0: * Announcements - zizmor's website has changed! The new website is hosted at docs.zizmor.sh. The old website will redirect to the new one for a while, but users should update any old links in preparation for the v1.8.0 release, which will likely remove the redirects entirely (#769) - zizmor is now hosted under the @zizmorcore GitHub organization as zizmorcore/zizmor. The old repository at woodruffw/zizmor will redirect to the new one, but users should update any old links to limit confusion * New Features - zizmor now supports the ZIZMOR_CONFIG environment variable as an alternative to --config (#789) * Bug Fixes - zizmor now correctly handles index-style contexts in the template-injection audit (#800, #806) * Dependencies - chore(deps): `cargo autoinherit` (#826) - chore(deps): bump zizmorcore/zizmor-action in the github-actions group (#822) - chore(deps): bump owo-colors from 4.2.0 to 4.2.1 in the cargo group (#812) - chore(deps): run `cargo autoinherit` (#805) - chore(deps): bump the cargo group with 5 updates (#786) * Fri May 09 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - add shell completion subpackages - Update to version 1.7.0: This release comes with four new audits: obfuscation, stale-action-refs, unsound-contains, and unpinned-images. It also includes several improvements to existing audits and zizmor's output formats and error reporting behavior. Additionally, this release comes with bugfixes for the SARIF output format as well as input collection in some edge cases when collecting from remote repositories. * New Features - New audit: The obfuscation audit detects obfuscatory patterns in GitHub Actions usages. These patterns are not themselves dangerous, but may indicate an attempt to obscure malicious behavior (#683) - New audit: The stale-action-refs pedantic audit detects pinned action references which don't point to a Git tag (#713) - New audit: The unsound-contains audit detects uses of the contains() function that can be bypassed (#577) - New audit: The unpinned-images audit detects uses of Docker images that are unpinned or pinned to :latest (#733) - zizmor now reports much clearer error messages when auditing fails due to an invalid workflow or action definition (#719) - zizmor now has a --strict-collection flag that turns skipped workflow or action definition warnings into errors. Passing this flag changes zizmor's behavior back to the default in v1.6.0 and earlier, which was to terminate the audit if any collected input could not be parsed (#734) - The forbidden-uses audit can now be configured with patterns that match exact uses: clauses, including refs. For example, exactly actions/checkout@v4 can now be explicitly allowed or forbidden, rather than every ref that matches actions/checkout (#750) - zizmor now has a --completions=<shell> flag that generates shell completion scripts (#765) * Bug Fixes - The SARIF output format now uses zizmor/{id} for rule IDs instead of bare IDs, reducing the chance of conflict or confusion with other tools (#710) - The SARIF output format now includes a rule name for each rule descriptor, which should improve rendering behavior in SARIF viewers like the VS Code SARIF Viewer extension (#710) - Fixed a bug where zizmor would fail to collection actions defined within subdirectories of .github/workflows when collecting from a remote source (#731) * Upcoming Changes Starting with v1.8.0, zizmor will migrate from @woodruffw on GitHub to @zizmorcore. This should not cause any breakage as GitHub will handle redirects, but users who explicitly reference @woodruffw/zizmor should consider updating their references to @zizmorcore/zizmor once the migration occurs. See #758 for details. * Dependencies - chore(deps): bump the github-actions group with 3 updates (#747) - chore(deps): cargo update (#722) - chore(deps): bump insta from 1.42.2 to 1.43.0 in the cargo group (#702) - chore(deps): bump the cargo group with 2 updates (#686) - chore(deps): bump astral-sh/setup-uv in the github-actions group (#685) * Sun Apr 20 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - Update to version 1.6.0: * New Features - New audit: The forbidden-uses audit is a configurable audit that allows allow- or denylisting of entire orgs, repos, or specific action patterns. This audit must be configured; by default it has no effect (#664) - zizmor now supports --format=github as an output format. This format produces check annotations via GitHub workflow commands, e.g. ::warning and ::error. See the Output formats documentation for more information on annotations, including key limitations (#634) - The unpinned-uses audit has been completely rewritten, with two key changes: - The audit now has configurable policies that give users more control over the audit's behavior. In particular, users can now define policies that mirror their actual threat model, such as trusting their own GitHub organizations while leaving others untrusted. - The audit's default policy is more precise and conservative: official GitHub actions (e.g. those under actions/* and similar) are allowed to be pinned by branch or tag, but all other actions are required to be pinned by SHA. This is a change from the previous policy, which was to only flag completely unpinned actions by default. * Improvements - The SARIF output format now marks each rule as a "security" rule, which helps GitHub's presentation of the results (#631) - The template-injection audit is now performs dataflow analysis to determine whether contexts actually expand in an unsafe manner, making it significantly more accurate (#640) - The cache-poisoning audit is now aware of jdx/mise-action (#645) - The cache-poisoning audit is now significantly more accurate when analyzing workflows that use docker/setup-buildx-action (#644) - --format=json is now an alias for --format=json-v1, enabling future JSON formats. The policy for the --format=json alias is documented under Output formats - JSON (#657) - Configuration file loading is now stricter, and produces a more useful error message when the configuration file is invalid (#663) * Bug Fixes - The template-injection audit no longer considers github.event.pull_request.head.sha dangerous (#636) - Fixed a bug where zizmor would fail to parse workflows with workflow_call triggers that specified inputs without the required field being present (#646) - Fixed a bug where zizmor would fail to parse workflows with pull_request or pull_request_target triggers that specified types as a scalar value (#653) - Fixed a crash where zizmor would fail to generate correct concrete location spans for YAML inputs with comments inside block sequences (#660) - The template-injection audit no longer considers github.job dangerous (#661) - The template-injection audit no longer considers github.event.pull_request.head.repo.fork dangerous (#675) * Sun Mar 23 2025 opensuse_buildservice@ojkastl.de - Update to version 1.5.2: * Bug Fixes - Fixed a bug where zizmor would over-eagerly parse invalid and commented-out expressions, resulting in spurious warnings (#570) - Fixed a bug where zizmor would fail to honor # zizmor: ignore[rule] comments in unintuitive cases (#612) - Fixed a regression in zizmor's SARIF output format that caused suboptimal presentation of findings on GitHub (#621) * Wed Mar 12 2025 opensuse_buildservice@ojkastl.de - Update to version 1.5.1: * chore: prep for v1.5.1 release (#601) * bugfix: don't require `.git/` to respect `.gitignore` files (#598) * docs: fix typo in release notes (#595) * Tue Mar 11 2025 opensuse_buildservice@ojkastl.de - Update to version 1.5.0: * chore: prep for release v1.5.0 (#594) * chore(deps): bump the cargo group with 3 updates (#592) * chore(deps): bump the github-actions group with 2 updates (#593) * docs: fix typo (#591) * docs: fixup release notes (#590) * feat(cli): fine-grained color control (#586) * cli: re-add `--no-progress` flag (#589) * chore(deps): bump ring from 0.17.8 to 0.17.13 (#588) * docs: bump trophies (#587) * cargo: bump edition (#585) * docs: bump trophies (#584) * ci: pypi: bump maturin-action to v1.47.2 (#583) * chore(deps): bump the cargo group with 5 updates (#580) * chore(deps): bump the github-actions group with 7 updates (#581) * feat: respect .gitignore files when collecting inputs (#575) * test: refactor integration tests (#576) * feat: detect overprovisioned `secrets[...]` (#573) * bugfix: don't remove prefixes from local paths (#572) * Tue Feb 25 2025 opensuse_buildservice@ojkastl.de - Update to version 1.4.1: * Bug Fixes - Findings produced by (unredacted-secrets) now use the correct ID and link to the correct URL in the audit documentation (#566) * Tue Feb 25 2025 opensuse_buildservice@ojkastl.de - Update to version 1.4.0: * New Features - zizmor now has official Docker images! You can find them on the GitHub Container Registry under ghcr.io/woodruffw/zizmor (#532) - New audit: unredacted-secrets detects secret accesses that are not redacted in logs (#549) * Improvements - SARIF outputs are now slightly more aligned with GitHub Code Scanning expectations (#528) - # zizmor: ignore[rule] comments can now have trailing explanations, e.g. # zizmor: ignore[rule] because reasons (#531) - The bot-conditions audit now detects github.triggering_actor as another spoofable actor check (#559) * Bug Fixes - Fixed a bug where zizmor would fail to parse workflows with workflow_dispatch triggers that contained non-string inputs (#563) * Upcoming Changes - The next minor release of zizmor will be built with Rust 2024. This should have no effect on most users, but may require users who build zizmor from source to update their Rust toolchain. * Mon Feb 10 2025 opensuse_buildservice@ojkastl.de - Update to version 1.3.1: * chore: prep for 1.3.1 release (#523) * bugfix: bump github-actions-models to 0.25.0 (#522) * docs: bump trophies (#521) * docs: bump trophies (#520) * bugfix: fix has_tag lookup (#519) * docs: bump trophies (#515) * docs: bump trophies (#512) * bugfix: expr: make index rule non-atomic (#511) * chore(deps): bump the github-actions group with 2 updates (#509) * chore(deps): bump the cargo group with 2 updates (#508) * docs: bump trophies (#507) * docs: update dev-docs (#505) * README: more details (#504) * docs: bump trophies (#503) * bugfix: bump github-actions-models to 0.24.0 (#502) * Wed Jan 29 2025 opensuse_buildservice@ojkastl.de - Update to version 1.3.0: * chore: prep for 1.3.0 release (#500) * docs: bump trophies (#499) * deps: bump indicatif from 0.17.9 to 0.17.11 (#498) * Downgrade tracing-indicatif (#496) * docs: bump trophies (#495) * ci: attempt to fix arm build (#494) * chore(deps): bump the github-actions group with 3 updates (#493) * chore(deps): bump the cargo group with 2 updates (#492) * refactor: improve context handling (#491) * feat(cli): add naches mode (#490) * release-notes: record #485 (#489) * feat: "raw" audit support + `overprovisioned-secrets` (#485) * cli: reduce warning to info when skipping audits (#488) * deps: bump github-actions-models (#487) * docs: bump trophies (#486) * docs: bump trophies (#484) * Fix syntax in docs for bot-condition (#483) * feat: improve parse error slightly (#482) * docs: bump trophies (#481) * chore(deps): bump the cargo group with 3 updates (#480) * Add slash to avoid redirect (#478) * bugfix: collect actions from subdirectories of .github/workflows (#477) * Mon Jan 20 2025 opensuse_buildservice@ojkastl.de - Update to version 1.2.2: * chore: prep for 1.2.2 release (#476) * feat: improve error message when repo fetch fails (#475) * bugfix: special-case workflow_call in excessive-permissions (#473) * Mon Jan 20 2025 opensuse_buildservice@ojkastl.de - Update to version 1.2.1: * chore: prep 1.2.1 (#470) * bugfix: generalize path prefix handling (#469) * chore(deps): bump astral-sh/setup-uv from 5.1.0 to 5.2.1 in the github-actions group (#467) * docs: try to fix the site (#466) * chore: remove site-requirements.txt (#465) * Mon Jan 20 2025 opensuse_buildservice@ojkastl.de - Update to version 1.2.0: * chore: prep 1.2.0 (#464) * bugfix: bump github-actions-models (#463) * bugfix: parse multi-line expressions correctly (#461) * feat: bot-conditions (#460) * ci: pypi: try enabling aarch64 on an ARM runner (#457) * docs: typo (#456) * docs: add sponsors to README and site (#454) * bugfix: sarif: use absolute physical locations only (#453) * chore(docs): bump trophies (#451) * chore(docs): bump trophies (#450) * refactor: reduce invalid states in job APIs (#449) * fix: artipacked: check for stringy bools (#448) * docs: bump trophies (#446) * bugfix: mark another context as safe during injections (#445) * docs: bump trophies (#444) * docs: bump trophies (#443) * docs: bump trophies (#442) * refactor: make excessive-permissions more correct (#441) * docs: bump trophies (#440) * fix: don't flag local workflows in unpinned-uses (#439) * Tue Jan 14 2025 opensuse_buildservice@ojkastl.de - Update to version 1.1.1: * chore: prep 1.1.1 (#438) * chore(deps): bump the cargo group with 4 updates (#434) * chore(deps): bump the github-actions group with 2 updates (#436) * fix: bump github-actions-models (#437) * docs: bump trophies (#430) * Mon Jan 13 2025 opensuse_buildservice@ojkastl.de - Update to version 1.1.0: This release comes with one new audit (secrets-inherit), plus a slew of bugfixes and internal refactors that unblock future improvements! * Added - New audit: secrets-inherit detects use of secrets: inherit with reusable workflow calls (#408) * Improved - The template-injection audit now detects injections in calls to azure/cli and azure/powershell (#421) * Fixed - The template-injection audit no longer consider github.server_url dangerous (#412) - The template-injection audit no longer crashes when evaluating the static-ness of an environment for a uses: step (#420) * Wed Jan 08 2025 opensuse_buildservice@ojkastl.de - Update to version 1.0.1: This is a small quality and bugfix release. Thank you to everybody who helped by reporting and shaking out bugs from our first stable release! * Improved - The github-env audit now detects dangerous writes to GITHUB_PATH, is more precise, and can produce multiple findings per run block (#391) * Fixed - workflow_call.secrets keys with missing values are now parsed correctly (#388) - The cache-poisoning audit no longer incorrectly treats docker/build-push-action as a publishing workflow is push: false is explicitly set (#389) - The template-injection audit no longer considers github.action_path to be a potentially dangerous expansion (#402) - The github-env audit no longer skips run: steps with non-trivial shell: stanzas (#403) * Fri Jan 03 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de> - new package zizmore: a static analysis tool for GitHub Actions
/usr/share/zsh/site-functions/_zizmor
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Oct 22 23:06:31 2025