v0.4.0

What's Changed

New Features 🌈

• Fix singular and plural for 'findings' by @hugovk in #162
• feat: unpinned-uses audit by @woodruffw in #161

Bug Fixes 🐛

• Fix typos including github.repostoryUrl -> github.repositoryUrl by @hugovk in #164

Full Changelog: v0.3.2...v0.4.0

v0.3.2

What's Changed

• fix(cli): remove '0 ignored' from another place by @woodruffw in #157
• perf: speed up impostor-commit's fast path by @woodruffw in #158
• fix(cli): fixup error printing by @woodruffw in #159

Full Changelog: v0.3.1...v0.3.2

v0.3.1

What's Changed

• feat(cli): don't render "0 ignored" by @woodruffw in #148
• feat: --no-exit-codes + sarif tweaks by @woodruffw in #154

New Contributors

• @baggiponte made their first contribution in #150

Full Changelog: v0.3.0...v0.3.1

v0.3.0

What's Changed

• feat: exit code support by @woodruffw in #133
• fix: github.event.merge_group.base_sha is a safe context by @woodruffw in #137
• fix: exclude information about the repo and owner by @funnelfiasco in #136
• feat: add --no-config by @woodruffw in #142

Full Changelog: v0.2.1...v0.3.0

v0.2.1

What's Changed

• refactor: clean up expr APIs slightly by @woodruffw in #126
• feat: Exclude safe values from template injection rule by @funnelfiasco in #128
• fix: bump github-actions-models by @woodruffw in #131
• feat: analyze expressions for safety by @woodruffw in #127

Full Changelog: v0.2.0...v0.2.1

v0.2.0

What's Changed

• chore: add description to --help by @woodruffw in #111
• fix: bump github-actions-models by @woodruffw in #112
• feat: improves plain output with audit confidence by @ubiratansoares in #119
• fix: bump github-actions-models by @woodruffw in #120
• docs: improve usage page and options for sarif and code scanning by @tobiastornros in #121
• feat: configuration file support by @woodruffw in #116

New Contributors

• @dependabot made their first contribution in #118
• @tobiastornros made their first contribution in #121

Full Changelog: v0.1.6...v0.2.0

v0.1.6

What's Changed

• feat: accept multiple arguments as inputs by @miketheman in #104

Full Changelog: v0.1.5...v0.1.6

v0.1.5

What's Changed

• Exclude github.run_* from template injection check by @funnelfiasco in #92
• fix(ci): move read permissions to job scope by @miketheman in #95
• fix: links in README.md by @dmwyatt in #96
• test: adds acceptance tests on top of json-formatted output by @ubiratansoares in #97
• docs: add an example GHA workflow by @woodruffw in #98
• docs: update readme by @miketheman in #100
• docs: show example for usage in private repos by @miketheman in #99

New Contributors

• @funnelfiasco made their first contribution in #92
• @dmwyatt made their first contribution in #96
• @ubiratansoares made their first contribution in #97

Full Changelog: v0.1.4...v0.1.5

v0.1.4

What's Changed

• perf: Enable Link-Time Optimization (LTO) by @zamazan4ik in #81
• feat: begin prepping zizmor's website by @woodruffw in #78
• fix: Always use the plain formatter even when the output is not a terminal by @asmeurer in #83
• feat: show version by @miketheman in #84
• fix: finding url link to audits doc by @amenasria in #87

New Contributors

• @zamazan4ik made their first contribution in #81
• @asmeurer made their first contribution in #83
• @amenasria made their first contribution in #87

Full Changelog: v0.1.3...v0.1.4

v0.1.3

What's Changed

• fix: use relative workflow paths in SARIF output by @woodruffw in #77

Full Changelog: v0.1.2...v0.1.3