commits  

Messages by Date

• 2025/12/29 (tooling-agents) branch main updated (610e1f2 -> 8057d1c) akm
• 2025/12/29 (tooling-agents) 01/01: Initial commit akm
• 2025/12/29 (tooling-agents) branch main created (now 610e1f2) akm
• 2025/12/29 (tooling-trusted-releases) branch main updated: Do not wrap phase breadcrumbs sbp
• 2025/12/29 (tooling-trusted-releases) branch main updated: Improve the error message when creating a release that already exists sbp
• 2025/12/29 (tooling-trusted-releases) branch main updated: Fix a problem with pluralisation sbp
• 2025/12/29 (tooling-trusted-releases) branch main updated: Ensure that published files are downloaded rather than rendered sbp
• 2025/12/29 (tooling-trusted-releases) branch dependabot/github_actions/astral-sh/setup-uv-7.1.6 deleted (was 59ae691) sbp
• 2025/12/29 (tooling-trusted-releases) branch main updated: Bump actions/cache from 4.3.0 to 5.0.1 sbp
• 2025/12/29 (tooling-trusted-releases) branch dependabot/github_actions/actions/checkout-6.0.1 deleted (was 795cfb5) sbp
• 2025/12/29 (tooling-trusted-releases) branch main updated: Bump astral-sh/setup-uv from 6.4.3 to 7.1.6 sbp
• 2025/12/29 (tooling-trusted-releases) branch main updated (e6d0110 -> e76e364) sbp
• 2025/12/29 (tooling-trusted-releases) branch main updated (e76e364 -> aa7d168) sbp
• 2025/12/29 (tooling-trusted-releases) branch dependabot/github_actions/actions/cache-5.0.1 deleted (was c84f4d2) sbp
• 2025/12/29 (tooling-trusted-releases) branch dependabot/github_actions/advanced-security/dismiss-alerts-2.0.2 deleted (was 0cbcb8c) sbp
• 2025/12/29 (tooling-trusted-releases) branch dependabot/github_actions/actions/checkout-6.0.1 created (now 795cfb5) github-bot
• 2025/12/29 (tooling-trusted-releases) branch dependabot/github_actions/actions/cache-5.0.1 created (now c84f4d2) github-bot
• 2025/12/29 (tooling-trusted-releases) branch dependabot/github_actions/astral-sh/setup-uv-7.1.6 created (now 59ae691) github-bot
• 2025/12/29 (tooling-trusted-releases) branch dependabot/github_actions/advanced-security/dismiss-alerts-2.0.2 created (now 0cbcb8c) github-bot
• 2025/12/29 (tooling-trusted-releases) branch main updated: Configure Dependabot to update GitHub Actions sbp
• 2025/12/29 (tooling-trusted-releases) branch main updated: Move navigation rendering to the appropriate module sbp
• 2025/12/29 (tooling-trusted-releases) branch main updated: Update check results when polling for tasks remaining sbp
• 2025/12/29 (tooling-trusted-releases) branch main updated: Hide project options from users that cannot use them sbp
• 2025/12/29 (tooling-trusted-releases) branch main updated: Require a label when making a new PAT sbp
• 2025/12/29 (tooling-trusted-releases) branch main updated: Make top margin more consistent between pages sbp
• 2025/12/29 (tooling-trusted-releases) branch main updated: Fix unparenthesized code sbp
• 2025/12/29 (tooling-trusted-releases) branch main updated: Make pluralisation more consistent throughout sbp
• 2025/12/29 (tooling-trusted-releases) branch main updated: Add a note about keeping Widget.SELECT as the form choice default sbp
• 2025/12/29 (tooling-actions) branch main updated: Remove the ASF UID parameter from the upload-to-ATR documentation sbp
• 2025/12/29 (tooling-trusted-releases) branch main updated: Fix a problem with preformatted style in table cells sbp
• 2025/12/29 (tooling-trusted-releases) branch main updated: Fix function ordering in some top level modules sbp
• 2025/12/29 (tooling-trusted-releases) branch main updated: Improve the display of the remaining vote duration sbp
• 2025/12/24 (tooling-trusted-releases) branch previous_sbom_results deleted (was ea8ecdd) arm
• 2025/12/24 (tooling-trusted-releases) branch main updated: Pull previous SBOM results into the report and highlight new/changed vulnerabilities and licenses. arm
• 2025/12/24 (tooling-trusted-releases) branch previous_sbom_results updated (759c95e -> ea8ecdd) arm
• 2025/12/24 (tooling-trusted-releases) branch previous_sbom_results updated (c80188d -> 759c95e) arm
• 2025/12/24 (tooling-trusted-releases) branch previous_sbom_results updated (5e53c04 -> c80188d) arm
• 2025/12/23 (tooling-trusted-releases) branch main updated: Add a paragraph about Bootstrap customisation to code conventions sbp
• 2025/12/23 (tooling-trusted-releases) branch main updated: Fix function order in POST route and shared modules sbp
• 2025/12/23 (tooling-trusted-releases) branch main updated: Fix function order in GET route modules sbp
• 2025/12/23 (tooling-trusted-releases) branch previous_sbom_results updated (3f2a259 -> 5e53c04) arm
• 2025/12/23 (tooling-trusted-releases) branch previous_sbom_results updated (6d267b9 -> 3f2a259) arm
• 2025/12/23 (tooling-trusted-releases) 01/01: Pull previous SBOM results into the report and highlight new/changed vulnerabilities and licenses. arm
• 2025/12/23 (tooling-trusted-releases) branch previous_sbom_results updated: Show previous/changed licenses arm
• 2025/12/23 (tooling-trusted-releases) branch main updated: Address some path traversal vulnerabilities sbp
• 2025/12/23 (tooling-trusted-releases) branch previous_sbom_results updated (0218edb -> b9e4de2) arm
• 2025/12/23 (tooling-trusted-releases) 01/02: Abstract task fetches arm
• 2025/12/23 (tooling-trusted-releases) 02/02: Add some colour to the report and add icon helper to htm arm
• 2025/12/23 (tooling-trusted-releases) branch main updated: Reserve a type for confirmation fields and make them more consistent sbp
• 2025/12/23 (tooling-trusted-releases) branch main updated: Explain to unauthenticated users when a vote is not open sbp
• 2025/12/23 (tooling-trusted-releases) branch main updated: Add best practices for installing JS dependencies to code conventions sbp
• 2025/12/23 (tooling-trusted-releases) branch main updated: Use uvloop to avoid APPLICATION_DATA_AFTER_CLOSE_NOTIFY errors sbp
• 2025/12/23 (tooling-trusted-releases) branch main updated: Take the phase navigation bar out of the top navigation shadow sbp
• 2025/12/23 (tooling-trusted-releases) 03/03: Show change from previous severity and change defaults for previous license info arm
• 2025/12/23 (tooling-trusted-releases) branch previous_sbom_results updated (837d129 -> 0218edb) arm
• 2025/12/23 (tooling-trusted-releases) 01/03: Fix non-digit character handling in version_sort_key arm
• 2025/12/23 (tooling-trusted-releases) 02/03: Don't need keys() arm
• 2025/12/23 (tooling-trusted-releases) branch main updated: Add a summary of checks before the compose file list sbp
• 2025/12/23 (tooling-trusted-releases) 02/02: Highlight new/updated vulnerabilities and colour code severities arm
• 2025/12/23 (tooling-trusted-releases) 01/02: Find previous results and include in score result for report. arm
• 2025/12/23 (tooling-trusted-releases) branch previous_sbom_results updated (2d9da11 -> 837d129) arm
• 2025/12/23 (tooling-trusted-releases) branch previous_sbom_results updated: Highlight new/updated vulnerabilities and colour code severities arm
• 2025/12/22 (tooling-trusted-releases) branch main updated: Fix a bug with counting abstain votes sbp
• 2025/12/22 (tooling-trusted-releases) 01/01: Find previous results and include in score result for report. arm
• 2025/12/22 (tooling-trusted-releases) branch previous_sbom_results created (now f6a26b2) arm
• 2025/12/22 (tooling-trusted-releases) branch main updated: Copy the most recent cached check only sbp
• 2025/12/22 (tooling-trusted-releases) branch main updated: Skip malformed upstream projects data sbp
• 2025/12/22 (tooling-trusted-releases) branch main updated: Add check result caching and apply to license checks sbp
• 2025/12/22 (tooling-trusted-releases) branch main updated: Parenthesize subexpressions consistently sbp
• 2025/12/22 (tooling-trusted-releases) branch main updated: Collate licenses as part of SBOM scoring and add to report arm
• 2025/12/22 (tooling-trusted-releases) branch main updated: Small CLI documentation improvement arm
• 2025/12/22 (tooling-trusted-releases) branch main updated: Fix a couple of bugs in the SBOM report augment section arm
• 2025/12/19 (tooling-trusted-releases) branch main updated: Add a column showing how long recent tasks took sbp
• 2025/12/19 (tooling-trusted-releases) branch sbom_version_changes deleted (was cf10e19) sbp
• 2025/12/19 (tooling-trusted-releases) branch main updated: Update outdated tool scanners and add ATR tool metadata to the SBOM. Reference existing BOM versions in augment tasks. sbp
• 2025/12/19 (tooling-trusted-releases) branch sbom_version_changes updated (a00cce5 -> cf10e19) arm
• 2025/12/19 (tooling-trusted-releases) branch sbom_version_changes updated (d4cae34 -> a00cce5) arm
• 2025/12/19 (tooling-trusted-releases) branch sbom_version_changes updated (347aa71 -> d4cae34) arm
• 2025/12/19 (tooling-trusted-releases) branch main updated (10932c3 -> 46b15aa) sbp
• 2025/12/19 (tooling-trusted-releases) branch sbom_version_changes updated (f2472bf -> 347aa71) arm
• 2025/12/19 (tooling-trusted-releases) branch main updated (25c7758 -> 10932c3) sbp
• 2025/12/19 (tooling-trusted-releases) 01/01: Update outdated tool scanners and add ATR tool metadata to the SBOM arm
• 2025/12/19 (tooling-trusted-releases) branch sbom_version_changes created (now f2472bf) arm
• 2025/12/18 (tooling-trusted-releases) branch vulnerabilities_sbom deleted (was cf42fec) sbp
• 2025/12/18 (tooling-trusted-releases) branch main updated: Store vulnerabilities in SBOM and read back from the report. Store ATR task info in SBOM as a reference. sbp
• 2025/12/18 (tooling-trusted-releases) 01/01: Add progress bars to indicate the status of uploads sbp
• 2025/12/18 (tooling-trusted-releases) branch main updated (9368da3 -> 02e2cdb) sbp
• 2025/12/18 (tooling-trusted-releases) branch main updated: Add progress bars to indicate the status of uploads sbp
• 2025/12/18 (tooling-trusted-releases) branch vulnerabilities_sbom updated (3884c68 -> cf42fec) arm
• 2025/12/18 (tooling-trusted-releases) branch vulnerabilities_sbom updated (3bafdd4 -> 3884c68) arm
• 2025/12/18 (tooling-trusted-releases) 01/01: Store vulnerabilities in SBOM and read back from the report. Store ATR task info in SBOM as a reference. arm
• 2025/12/18 (tooling-trusted-releases) branch vulnerabilities_sbom updated: Store vulnerabilities in SBOM and read back from the report. Store ATR task info in SBOM as a reference. arm
• 2025/12/18 (tooling-trusted-releases) 01/01: Store vulnerabilities in SBOM and read back from the report. Store ATR task info in SBOM as a reference. arm
• 2025/12/18 (tooling-trusted-releases) branch vulnerabilities_sbom updated (92b5e8b -> 9d7391d) arm
• 2025/12/17 (tooling-trusted-releases) branch main updated: Control dependencies more carefully and ensure frequent updates sbp
• 2025/12/17 (tooling-trusted-releases) 01/01: Saving first day's work arm
• 2025/12/17 (tooling-trusted-releases) branch vulnerabilities_sbom created (now 92b5e8b) arm
• 2025/12/17 (tooling-trusted-releases) branch main updated: Ensure that state is reset in test modules before starting sbp
• 2025/12/17 (tooling-trusted-releases) branch main updated: Update dependencies due to CVE-2025-68146 in filelock sbp
• 2025/12/17 (tooling-trusted-releases) branch main updated: Return actual error if task fails, otherwise timeout arm
• 2025/12/16 (tooling-docs) branch asf-site updated: Commit build products github-bot
• 2025/12/16 (tooling-docs) branch asf-site updated: Automatic Site Publish by Buildbot git-site-role
• 2025/12/16 (tooling-docs) branch main updated: Add ATR release download page guidance wave
• 2025/12/16 (tooling-trusted-releases) branch main updated: Use separate forms for the two ways to upload KEYS files sbp
• 2025/12/16 (tooling-trusted-releases) branch main updated: Only allow SVN imports from known locations sbp
• 2025/12/16 (tooling-trusted-releases) branch main updated: Fix a bug in the file interface sbp
• 2025/12/16 (tooling-trusted-releases) branch main updated: Scan files using puremagic on upload sbp
• 2025/12/16 (tooling-trusted-releases) branch main updated: Show list of components for validation errors arm
• 2025/12/15 (tooling-trusted-releases) branch main updated: Remove an unused Bootstrap CSS asset sbp
• 2025/12/15 (tooling-trusted-releases) branch main updated: Update Bootstrap CSS and JS build outputs to be based on 5.3.8 sbp
• 2025/12/15 (tooling-trusted-releases) branch main updated: Use Bootstrap 5.3.8 sbp
• 2025/12/15 (tooling-trusted-releases) branch main updated: Improve the Bootstrap build process sbp
• 2025/12/15 (tooling-trusted-releases) branch sbom_generation_fix deleted (was 32bfd76) arm
• 2025/12/15 (tooling-trusted-releases) 01/02: Link to vulnerability details from report, include more info in error model, don't error on missing PURL for files. sbp
• 2025/12/15 (tooling-trusted-releases) 02/02: Remove unused JS configuration files and settings sbp
• 2025/12/15 (tooling-trusted-releases) branch main updated (a9ebf7a -> cf7e2f6) sbp
• 2025/12/15 (tooling-trusted-releases) branch sbom_report_updates deleted (was d879a94) sbp
• 2025/12/15 (tooling-trusted-releases) branch sbom_report_updates updated (cbf0806 -> d879a94) sbp
• 2025/12/15 (tooling-trusted-releases) branch sbom_report_updates updated (65b12ae -> cbf0806) arm
• 2025/12/15 (tooling-trusted-releases) branch main updated: Use the script method to install syft sbp
• 2025/12/15 (tooling-trusted-releases) branch main updated: Split docker build into 3 stages, simplify dependencies, use uv for python since we use it anyway, use buildkit for parallel sbp
• 2025/12/15 (tooling-trusted-releases) branch docker_build_updates deleted (was 0f8c20d) sbp
• 2025/12/15 (tooling-trusted-releases) branch main updated (4335de2 -> 6e2e7f5) arm
• 2025/12/15 (tooling-trusted-releases) branch docker_build_updates created (now 0f8c20d) arm
• 2025/12/15 (tooling-trusted-releases) 01/01: Split docker build into 3 stages, simplify dependencies, use uv for python since we use it anyway, use buildkit for parallel arm
• 2025/12/12 (tooling-trusted-releases) branch main updated: Move biome and oxlint to the standard lints configuration sbp
• 2025/12/12 (tooling-trusted-releases) branch main updated: Fix lint errors in the script to display the vote email preview sbp
• 2025/12/12 (tooling-trusted-releases) branch main updated: Add tests for the script on the voting page sbp
• 2025/12/12 (tooling-trusted-releases) branch main updated: Treat all script lint warnings as errors sbp
• 2025/12/12 (tooling-trusted-releases) branch sbom_report_updates updated (b20b0b6 -> 65b12ae) arm
• 2025/12/12 (tooling-trusted-releases) branch main updated: Fix some lint errors in the report pages script sbp
• 2025/12/12 (tooling-trusted-releases) branch main updated: Add biome to the analysis workflow sbp
• 2025/12/12 (tooling-trusted-releases) branch main updated (ca9f18d -> b507f73) sbp
• 2025/12/12 (tooling-trusted-releases) branch sbom_report_updates updated (037ac71 -> b20b0b6) arm
• 2025/12/12 (tooling-trusted-releases) branch main updated (32bfd76 -> ca9f18d) sbp
• 2025/12/12 (tooling-trusted-releases) branch sbom_generation_fix created (now 32bfd76) arm
• 2025/12/11 (tooling-trusted-releases) branch main updated: Fix small issues in a few script files sbp
• 2025/12/11 (tooling-trusted-releases) branch main updated: Fix lint errors in the ongoing tasks script sbp
• 2025/12/11 (tooling-trusted-releases) branch main updated: Add tests for the ongoing tasks script sbp
• 2025/12/11 (tooling-trusted-releases) branch main updated: Add another container with reloading for faster testing sbp
• 2025/12/11 (tooling-trusted-releases) branch main updated: Fix a small linter error in the script to toggle key committees sbp
• 2025/12/11 (tooling-trusted-releases) branch main updated: Fix a small lint issue in the script to process ignore form changes sbp
• 2025/12/11 (tooling-trusted-releases) branch main updated: Add JS formatting to standard lints sbp
• 2025/12/11 (tooling-trusted-releases) branch main updated: Fix lint errors in the script for the committee directory sbp
• 2025/12/11 (tooling-trusted-releases) branch main updated: Add tests for the script on the committees page sbp
• 2025/12/11 (tooling-trusted-releases) branch main updated: Fix style and SBOM generation result message sbp
• 2025/12/11 (tooling-trusted-releases) branch sbom_generation_fix deleted (was bbede2b) sbp
• 2025/12/11 (tooling-trusted-releases) branch main updated: Wait for SBOM task to complete before continuing with revision sbp
• 2025/12/11 (tooling-trusted-releases) branch sbom_generation_fix updated (589696e -> bbede2b) sbp
• 2025/12/11 (tooling-trusted-releases) branch main updated (887f4de -> 536c9cc) sbp
• 2025/12/11 (tooling-trusted-releases) branch main updated (1e1f7a9 -> 887f4de) sbp
• 2025/12/11 (tooling-trusted-releases) branch sbom_generation_fix updated (6823fe3 -> 589696e) arm
• 2025/12/11 (tooling-trusted-releases) branch sbom_generation_fix created (now 6823fe3) arm
• 2025/12/11 (tooling-trusted-releases) 01/01: Wait for SBOM task to complete before continuing with revision arm
• 2025/12/11 (tooling-trusted-releases) branch main updated: Fix a lint error in the code to copy to clipboard sbp
• 2025/12/11 (tooling-trusted-releases) branch main updated: Add some vote page tests sbp
• 2025/12/11 (tooling-trusted-releases) branch main updated: Fix linting errors in the script for announcement previews sbp
• 2025/12/11 (tooling-trusted-releases) branch main updated: Increase the CodeQL frequency and coverage sbp
• 2025/12/11 (tooling-trusted-releases) branch main updated: Install syft using Go in the containers sbp
• 2025/12/11 (tooling-trusted-releases) branch sbom_report_updates updated (b983713 -> 037ac71) arm
• 2025/12/11 (tooling-trusted-releases) branch sbom_report_updates updated (7f9995c -> b983713) arm
• 2025/12/11 (tooling-trusted-releases) 02/02: Include source component on the conformance error model. Skip missing component errors for "file" components as they don't have PURLs etc. arm
• 2025/12/11 (tooling-trusted-releases) branch sbom_report_updates updated (23e133f -> 7f9995c) arm
• 2025/12/11 (tooling-trusted-releases) branch sbom_report_updates created (now 23e133f) arm
• 2025/12/11 (tooling-trusted-releases) 01/02: Fix some wording and add a hyperlink to vulnerability details arm
• 2025/12/10 (tooling-trusted-releases) branch main updated (63f4ff5 -> fe4ce6e) sbp
• 2025/12/10 (tooling-trusted-releases) 01/02: Fix root tests to search for a button to log in sbp
• 2025/12/10 (tooling-trusted-releases) 02/02: Add tests for the JS used on the announce page sbp
• 2025/12/10 (tooling-trusted-releases) branch main updated: Add installation instructions for Biome sbp
• 2025/12/10 (tooling-trusted-releases) branch main updated: Group JS files by origin sbp
• 2025/12/10 (tooling-trusted-releases) branch main updated: Add JS lints sbp
• 2025/12/10 (tooling-trusted-releases) branch main updated: Add a script to run a single test sbp
• 2025/12/10 (tooling-trusted-releases) branch sbom_tests deleted (was 0216092) sbp
• 2025/12/10 (tooling-trusted-releases) branch main updated: Add sbom generation test and fixtures for the rest of the sbom tests going forward. Remove root dir checking for SBOM generation. sbp
• 2025/12/10 (tooling-trusted-releases) branch sbom_tests updated (eb220fb -> 0216092) arm
• 2025/12/10 (tooling-trusted-releases) branch sbom_tests updated (2d336c5 -> eb220fb) arm
• 2025/12/10 (tooling-trusted-releases) branch main updated (3d4b955 -> 6f7fa72) sbp
• 2025/12/10 (tooling-trusted-releases) branch sbom_tests updated (1196d7d -> 2d336c5) arm
• 2025/12/10 (tooling-trusted-releases) branch sbom_tests updated (784ea76 -> 1196d7d) arm
• 2025/12/10 (tooling-trusted-releases) branch sbom_tests updated (2d7e62f -> 784ea76) arm
• 2025/12/10 (tooling-trusted-releases) branch sbom_tests updated (f4c170f -> 2d7e62f) arm
• 2025/12/10 (tooling-trusted-releases) branch sbom_tests updated (a5c3240 -> f4c170f) arm
• 2025/12/10 (tooling-trusted-releases) 01/01: Remove root dir check for sbom generation and add test case for generation function arm
• 2025/12/10 (tooling-trusted-releases) 01/01: Add missing sections for local dev compose, and re-add syft to Docker container arm
• 2025/12/10 (tooling-trusted-releases) branch sbom_tests updated (fcee62e -> a5c3240) arm
• 2025/12/10 (tooling-trusted-releases) branch main updated: Don't include the dev start shell script in the container - overwrite it in compose when launching locally arm
• 2025/12/10 (tooling-trusted-releases) 01/01: Add missing sections for local dev compose, and re-add syft to Docker container arm
• 2025/12/10 (tooling-trusted-releases) branch sbom_tests created (now fcee62e) arm
• 2025/12/10 (tooling-trusted-releases) branch main updated: Add missing sections for local dev compose, and re-add syft to Docker container arm
• 2025/12/10 (tooling-trusted-releases) branch main updated: Use a lighter theme with a gentle skeuomorphic gradient sbp
• 2025/12/10 (tooling-trusted-releases) branch main updated: Move event handlers from attributes to existing script files sbp
• 2025/12/10 (tooling-trusted-releases) branch main updated: Remove an unused clipboard copying script sbp
• 2025/12/10 (tooling-trusted-releases) 01/02: Move announcement and ignore form scripts to separate files sbp
• 2025/12/10 (tooling-trusted-releases) 02/02: Migrate keys, projects, and vote forms to standalone files sbp
• 2025/12/10 (tooling-trusted-releases) branch main updated (457829a -> 356fb51) sbp
• 2025/12/10 (tooling-trusted-releases) branch main updated: Move project filtering and report status toggling to separate files sbp
• 2025/12/10 (tooling-trusted-releases) branch main updated: Move background task polling and committee filtering to separate files sbp
• 2025/12/10 (tooling-trusted-releases) branch main updated: Move the script for copying text to clipboard sbp
• 2025/12/10 (tooling-trusted-releases) branch main updated: Add docker-compose for local use, with hot reload and local state directory arm
• 2025/12/10 (tooling-trusted-releases) branch main updated: Add revision number to recent tasks list arm

• Earlier messages
• Later messages