go/goreleaser
go/goreleaser
1
0
Fork 0
mirror of https://github.com/goreleaser/goreleaser.git synced 2025-01-22 04:08:49 +02:00
Code Issues Releases Activity

chore(deps): bump anchore/sbom-action from 0.11.0 to 0.12.0 (#3321)

Browse Source 
Bumps anchore/sbom-action from 0.11.0 to 0.12.0.

Release notes
Sourced from anchore/sbom-action's releases.

v0.12.0
Changes in v0.12.0

Update dependencies (#317) kzantow
Update Syft to v0.53.4 (#266) anchore-actions-token-generator
Expose upload-artifact and upload-release-assets inputs (#277) joshowen
Document the dependency-snapshot property (#297) kzantow




Commits

b5042e9 Update dependencies (#317)
ac5a533 Update Syft to v0.53.4 (#266)
0f0f981 Expose upload-artifact and upload-release-assets inputs (#277)
6fb484a Document the dependency-snapshot property (#297)
See full diff in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This commit is contained in:
dependabot[bot] 2022-08-19 09:11:54 -03:00 committed by GitHub
parent 2eb6f84f5c
commit 8b8da0d2d9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/build.yml vendored
View File

@ -81,7 +81,7 @@ jobs:
./dist/*.apk
key: ${{ runner.os }}-go-${{ hashFiles('**/*.go') }}-${{ hashFiles('**/go.sum') }}
- uses: sigstore/cosign-installer@v2.5.1
- uses: anchore/sbom-action/download-syft@v0.11.0
- uses: anchore/sbom-action/download-syft@v0.12.0
- name: setup-validate-krew-manifest
run: go install sigs.k8s.io/krew/cmd/validate-krew-manifest@latest
- name: setup-tparse