go/goreleaser
go/goreleaser
1
0
Fork 0
mirror of https://github.com/goreleaser/goreleaser.git synced 2025-01-24 04:16:27 +02:00
Code Issues Releases Activity
4,611 Commits 10 Branches 560 Tags
Commit Graph

167 Commits

Author SHA1 Message Date
Carlos Alexandro Becker
d4fc62780c
chore(deps): bump many actions 2023-05-02 12:24:53 +00:00
Carlos Alexandro Becker
43ae761179
feat: native upx support (#3965) 
this adds a new root-level `upx` config, so users can pack their
binaries with upx :)

---------

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-05-01 21:22:05 -03:00
Carlos A Becker
b4b6496ea6
build: setup-go update 2023-03-17 16:04:47 -03:00
dependabot[bot]
b623247fb7
chore(deps): bump actions/setup-go from 3.5.0 to 4.0.0 (#3871) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.5.0
to 4.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v4.0.0</h2>
<p>In scope of release we enable cache by default. The action won’t
throw an error if the cache can’t be restored or saved. The action will
throw a warning message but it won’t stop a build process. The cache can
be disabled by specifying <code>cache: false</code>.</p>
<pre lang="yaml"><code>steps:
  - uses: actions/checkout@v3
  - uses: actions/setup-go@v4
    with:
      go-version: ‘1.19’
  - run: go run hello.go
</code></pre>
<p>Besides, we introduce such changes as</p>
<ul>
<li><a
href="https://redirect.github.com/actions/setup-go/pull/305">Allow to
use only GOCACHE for cache</a></li>
<li><a href="https://redirect.github.com/actions/setup-go/pull/315">Bump
json5 from 2.2.1 to 2.2.3</a></li>
<li><a href="https://redirect.github.com/actions/setup-go/pull/323">Use
proper version for primary key in cache</a></li>
<li><a
href="https://redirect.github.com/actions/setup-go/pull/351">Always add
Go bin to the PATH</a></li>
<li><a href="https://redirect.github.com/actions/setup-go/pull/350">Add
step warning if go-version input is empty</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4d34df0c23"><code>4d34df0</code></a>
Update configuration files (<a
href="https://redirect.github.com/actions/setup-go/issues/348">#348</a>)</li>
<li><a
href="fdc0d672a1"><code>fdc0d67</code></a>
Add Go bin if go-version input is empty (<a
href="https://redirect.github.com/actions/setup-go/issues/351">#351</a>)</li>
<li><a
href="ebfdf6ac95"><code>ebfdf6a</code></a>
add warning if go-version is empty (<a
href="https://redirect.github.com/actions/setup-go/issues/350">#350</a>)</li>
<li><a
href="b27d76912e"><code>b27d769</code></a>
fix lockfileVersion (<a
href="https://redirect.github.com/actions/setup-go/issues/349">#349</a>)</li>
<li><a
href="c51a720768"><code>c51a720</code></a>
Enable caching by default with default input (<a
href="https://redirect.github.com/actions/setup-go/issues/332">#332</a>)</li>
<li><a
href="6b848af622"><code>6b848af</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/setup-go/issues/343">#343</a>
from akv-platform/reusable-workflow</li>
<li><a
href="12741cc209"><code>12741cc</code></a>
Format update-config-files.yml</li>
<li><a
href="7a77a6aab6"><code>7a77a6a</code></a>
Merge branch 'main' into reusable-workflow</li>
<li><a
href="42a0cc8e14"><code>42a0cc8</code></a>
Add update-config-files.yml</li>
<li><a
href="7406d654ad"><code>7406d65</code></a>
Add and configure ESLint and update configuration for Prettier (<a
href="https://redirect.github.com/actions/setup-go/issues/341">#341</a>)</li>
<li>Additional commits viewable in <a
href="6edd4406fa...4d34df0c23">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=3.5.0&new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-03-17 00:40:25 -03:00
dependabot[bot]
5773f1a246
chore(deps): bump actions/checkout from 3.3.0 to 3.4.0 (#3872) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.3.0
to 3.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Upgrade codeql actions to v2 by <a
href="https://github.com/Link"><code>@​Link</code></a>- in <a
href="https://redirect.github.com/actions/checkout/pull/1209">actions/checkout#1209</a></li>
<li>Upgrade dependencies by <a
href="https://github.com/Link"><code>@​Link</code></a>- in <a
href="https://redirect.github.com/actions/checkout/pull/1210">actions/checkout#1210</a></li>
<li>Backfill changelog and bump actions/io by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1225">actions/checkout#1225</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Link"><code>@​Link</code></a>- made
their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1209">actions/checkout#1209</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v3.3.0...v3.4.0">https://github.com/actions/checkout/compare/v3.3.0...v3.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v3.4.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1209">Upgrade
codeql actions to v2</a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1210">Upgrade
dependencies</a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1225">Upgrade
<code>@​actions/io</code></a></li>
</ul>
<h2>v3.3.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1045">Implement
branch list using callbacks from exec function</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1050">Add
in explicit reference to private checkout options</a></li>
<li>[Fix comment typos (that got added in <a
href="https://redirect.github.com/actions/checkout/issues/770">#770</a>)](<a
href="https://redirect.github.com/actions/checkout/pull/1057">actions/checkout#1057</a>)</li>
</ul>
<h2>v3.2.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/942">Add
GitHub Action to perform release</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/967">Fix
status badge</a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1002">Replace
datadog/squid with ubuntu/squid Docker image</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/964">Wrap
pipeline commands for submoduleForeach in quotes</a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1029">Update
<code>@​actions/io</code> to 1.1.2</a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1039">Upgrading
version to 3.2.0</a></li>
</ul>
<h2>v3.1.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/939">Use
<code>@​actions/core</code> <code>saveState</code> and
<code>getState</code></a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/922">Add
<code>github-server-url</code> input</a></li>
</ul>
<h2>v3.0.2</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/770">Add
input <code>set-safe-directory</code></a></li>
</ul>
<h2>v3.0.1</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/762">Fixed an
issue where checkout failed to run in container jobs due to the new git
setting <code>safe.directory</code></a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/744">Bumped
various npm package versions</a></li>
</ul>
<h2>v3.0.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/689">Update to
node 16</a></li>
</ul>
<h2>v2.3.1</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/284">Fix
default branch resolution for .wiki and when using SSH</a></li>
</ul>
<h2>v2.3.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/278">Fallback to
the default branch</a></li>
</ul>
<h2>v2.2.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/258">Fetch all
history for all tags and branches when fetch-depth=0</a></li>
</ul>
<h2>v2.1.1</h2>
<ul>
<li>Changes to support GHES (<a
href="https://redirect.github.com/actions/checkout/pull/236">here</a>
and <a
href="https://redirect.github.com/actions/checkout/pull/248">here</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="24cb908017"><code>24cb908</code></a>
Bump <code>@​actions/io</code> to v1.1.3 (<a
href="https://redirect.github.com/actions/checkout/issues/1225">#1225</a>)</li>
<li><a
href="27135e314d"><code>27135e3</code></a>
Upgrade dependencies (<a
href="https://redirect.github.com/actions/checkout/issues/1210">#1210</a>)</li>
<li><a
href="7b187184d1"><code>7b18718</code></a>
Upgrade codeql actions to v2 (<a
href="https://redirect.github.com/actions/checkout/issues/1209">#1209</a>)</li>
<li>See full diff in <a
href="ac59398561...24cb908017">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.3.0&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-17 00:11:19 -03:00
dependabot[bot]
6341c3d0dc
chore(deps): bump docker/setup-buildx-action from 2.4.1 to 2.5.0 (#3865) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.4.1 to 2.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.5.0</h2>
<ul>
<li><code>cleanup</code> input to remove builder and temp files by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/213">docker/setup-buildx-action#213</a></li>
<li>do not remove builder using the <code>docker</code> driver by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/218">docker/setup-buildx-action#218</a></li>
<li>fix current context as builder name for <code>docker</code> driver
by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a>
in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/209">docker/setup-buildx-action#209</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.4.1...v2.5.0">https://github.com/docker/setup-buildx-action/compare/v2.4.1...v2.5.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4b4e9c3e2d"><code>4b4e9c3</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/216">#216</a>
from awendland/patch-1</li>
<li><a
href="eb27bcbef3"><code>eb27bcb</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/218">#218</a>
from crazy-max/fix-builder-removal</li>
<li><a
href="b7471d4240"><code>b7471d4</code></a>
update generated content</li>
<li><a
href="e2df91e851"><code>e2df91e</code></a>
check builder exists before removal</li>
<li><a
href="85ce96bcbc"><code>85ce96b</code></a>
do not remove builder using the docker driver</li>
<li><a
href="f549413411"><code>f549413</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/217">#217</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="99988698a5"><code>9998869</code></a>
update generated content</li>
<li><a
href="e30725c029"><code>e30725c</code></a>
Bump <code>@​docker/actions-toolkit</code> from 0.1.0-beta.16 to
0.1.0-beta.18</li>
<li><a
href="f1dc97ee10"><code>f1dc97e</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/213">#213</a>
from crazy-max/cleanup-input</li>
<li><a
href="51ecd0a47f"><code>51ecd0a</code></a>
nit typo in README.md, csv is comma-delimited</li>
<li>Additional commits viewable in <a
href="f03ac48505...4b4e9c3e2d">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.4.1&new-version=2.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-13 09:25:22 -03:00
Carlos Alexandro Becker
dd1315b0a7
fix(GO-2023-1621): update from go 1.20.1 to 1.20.2 (#3854) 2023-03-09 08:24:20 -03:00
dependabot[bot]
008d43d72b
chore(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 (#3818) 
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 2.8.1 to 3.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>make cosign v2.0.0 default version by <a
href="https://github.com/developer-guy"><code>@​developer-guy</code></a>
in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/109">sigstore/cosign-installer#109</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v3.0.0...v3.0.1">https://github.com/sigstore/cosign-installer/compare/v3.0.0...v3.0.1</a></p>
<h2>v3.0.0</h2>
<h1>Breaking change</h1>
<p>Cosign v2 has some breaking changes. Please check those: <a
href="https://blog.sigstore.dev/cosign-2-0-released/">https://blog.sigstore.dev/cosign-2-0-released/</a></p>
<h2>What's Changed</h2>
<ul>
<li>test: add logs when downloading the public keys by <a
href="https://github.com/hectorj2f"><code>@​hectorj2f</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/106">sigstore/cosign-installer#106</a></li>
<li>Add support to install v2 and any other cosign release candidate by
<a href="https://github.com/hectorj2f"><code>@​hectorj2f</code></a> in
<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/105">sigstore/cosign-installer#105</a></li>
<li>v2.0.0 release by <a
href="https://github.com/sabre1041"><code>@​sabre1041</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/108">sigstore/cosign-installer#108</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/hectorj2f"><code>@​hectorj2f</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/106">sigstore/cosign-installer#106</a></li>
<li><a href="https://github.com/sabre1041"><code>@​sabre1041</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/108">sigstore/cosign-installer#108</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v2...v3.0.0">https://github.com/sigstore/cosign-installer/compare/v2...v3.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c3667d9942"><code>c3667d9</code></a>
make cosign v2.0.0 default version (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/109">#109</a>)</li>
<li><a
href="77560e399f"><code>77560e3</code></a>
v2.0.0 release (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/108">#108</a>)</li>
<li><a
href="4079ad3567"><code>4079ad3</code></a>
Bump actions/checkout from 3.2.0 to 3.3.0 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/107">#107</a>)</li>
<li><a
href="55fd288876"><code>55fd288</code></a>
Add support to install v2 and any other cosign release candidate (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/105">#105</a>)</li>
<li><a
href="651c379c48"><code>651c379</code></a>
test: add logs when downloading the public keys (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/106">#106</a>)</li>
<li><a
href="df6c89e679"><code>df6c89e</code></a>
Bump actions/checkout from 3.1.0 to 3.2.0 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/102">#102</a>)</li>
<li><a
href="31f26445bf"><code>31f2644</code></a>
Bump actions/setup-go from 3.4.0 to 3.5.0 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/103">#103</a>)</li>
<li><a
href="b6757d8360"><code>b6757d8</code></a>
Bump actions/setup-go from 3.3.1 to 3.4.0 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/101">#101</a>)</li>
<li><a
href="7bca8b4116"><code>7bca8b4</code></a>
Bump actions/setup-go from 3.3.0 to 3.3.1 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/99">#99</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v2.8.1...v3.0.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=2.8.1&new-version=3.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-02 09:36:26 -03:00
Carlos A Becker
6d3eb57c7a
fix: update to go 1.20.1 2023-02-17 10:44:02 -03:00
dependabot[bot]
9da9f78537
chore(deps): bump docker/setup-buildx-action from 2.4.0 to 2.4.1 (#3762) 2023-02-07 14:07:51 +00:00
Carlos A Becker
b0783c7401
build: run test on any workflow change 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-02-07 09:48:26 -03:00
Carlos A Becker
addd7c4ceb
build: fix workflow syntax 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-02-07 09:44:33 -03:00
Carlos Alexandro Becker
81914757da
build: use go1.20 (#3757) 
update everything to go 1.20

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-05 13:39:39 -03:00
dependabot[bot]
599f9b4c6a
chore(deps): bump arduino/setup-task from 1.0.2 to 1.0.3 (#3736) 
Bumps [arduino/setup-task](https://github.com/arduino/setup-task) from
1.0.2 to 1.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/arduino/setup-task/releases">arduino/setup-task's
releases</a>.</em></p>
<blockquote>
<h2>1.0.3</h2>
<h2>Changelog</h2>
<h4>Enhancement</h4>
<ul>
<li>Add support for all Task build architectures
(43e1bb8c37ce39c24e88b4622c2f66b6d7d9ebbd)</li>
</ul>
<h2>Full Changeset</h2>
<p><a
href="https://github.com/arduino/setup-task/compare/1.0.2...1.0.3">https://github.com/arduino/setup-task/compare/1.0.2...1.0.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e26d897557"><code>e26d897</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/636">#636</a>
from per1234/arm-arch</li>
<li><a
href="43e1bb8c37"><code>43e1bb8</code></a>
Add support for all Task build architectures</li>
<li><a
href="bf9d22fbca"><code>bf9d22f</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/637">#637</a>
from arduino/dependabot/npm_and_yarn/eslint-8.33.0</li>
<li><a
href="f307193035"><code>f307193</code></a>
build(deps-dev): bump eslint from 8.32.0 to 8.33.0</li>
<li><a
href="9a385911a6"><code>9a38591</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/635">#635</a>
from arduino/dependabot/npm_and_yarn/jest-circus-29.4.1</li>
<li><a
href="446dc59e7a"><code>446dc59</code></a>
build(deps-dev): bump jest-circus from 29.4.0 to 29.4.1</li>
<li><a
href="fe65533e09"><code>fe65533</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/634">#634</a>
from arduino/dependabot/npm_and_yarn/vercel/ncc-0.36.1</li>
<li><a
href="af97840bda"><code>af97840</code></a>
build(deps-dev): bump <code>@​vercel/ncc</code> from 0.36.0 to
0.36.1</li>
<li><a
href="88a5c5cdc0"><code>88a5c5c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/632">#632</a>
from arduino/dependabot/npm_and_yarn/jest-circus-29.4.0</li>
<li><a
href="4d2bca9f30"><code>4d2bca9</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/631">#631</a>
from arduino/dependabot/npm_and_yarn/typescript-eslin...</li>
<li>Additional commits viewable in <a
href="d665c6beeb...e26d897557">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=arduino/setup-task&package-manager=github_actions&previous-version=1.0.2&new-version=1.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-01 09:19:19 -03:00
dependabot[bot]
ce5826ff36
chore(deps): bump docker/setup-buildx-action from 2.3.0 to 2.4.0 (#3737) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.3.0 to 2.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.4.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Don't depend on the GitHub API to check release by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/196">#196</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.3.0...v2.4.0">https://github.com/docker/setup-buildx-action/compare/v2.3.0...v2.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="15c905b16b"><code>15c905b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/196">#196</a>
from crazy-max/dl-no-token</li>
<li><a
href="a25d6a0130"><code>a25d6a0</code></a>
update generated content</li>
<li><a
href="39322d9057"><code>39322d9</code></a>
don't depend on the GitHub API to check release</li>
<li><a
href="0648fd6fd6"><code>0648fd6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/195">#195</a>
from crazy-max/fix-readme</li>
<li><a
href="30d8a59ee0"><code>30d8a59</code></a>
fix action version in README</li>
<li><a
href="71320d2e17"><code>71320d2</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/193">#193</a>
from fevrin/update-gh-doc-url</li>
<li><a
href="272f8b84cf"><code>272f8b8</code></a>
update GH doc URL</li>
<li>See full diff in <a
href="5e716dcfd6...15c905b16b">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.3.0&new-version=2.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-01 09:15:36 -03:00
dependabot[bot]
5c1fd3582b
chore(deps): bump docker/setup-buildx-action from 2.2.1 to 2.3.0 (#3729) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.2.1 to 2.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Use Octokit to check Buildx release on GitHub by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/191">#191</a>
<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/192">#192</a>)</li>
<li>Add version pinning information to the README by <a
href="https://github.com/jedevc"><code>@​jedevc</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/189">#189</a>)</li>
<li>Bump minimatch from 3.0.4 to 3.1.2 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/182">#182</a>)</li>
<li>Bump csv-parse from 5.3.1 to 5.3.3 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/181">#181</a>)</li>
<li>Bump json5 from 2.2.0 to 2.2.3 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/184">#184</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.2.1...v2.3.0">https://github.com/docker/setup-buildx-action/compare/v2.2.1...v2.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e716dcfd6"><code>5e716dc</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/192">#192</a>
from crazy-max/support-ghes</li>
<li><a
href="a83788eef0"><code>a83788e</code></a>
update generated content</li>
<li><a
href="d0d9a72195"><code>d0d9a72</code></a>
pass the token input through on GHES</li>
<li><a
href="a8165e7b70"><code>a8165e7</code></a>
enforce baseUrl to api.github.com if action used on GHES</li>
<li><a
href="a024221c60"><code>a024221</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/191">#191</a>
from crazy-max/fix-dl-release</li>
<li><a
href="4c3fce4ab2"><code>4c3fce4</code></a>
update generated content</li>
<li><a
href="7c965aebec"><code>7c965ae</code></a>
use Octokit client to download buildx</li>
<li><a
href="7932f6210d"><code>7932f62</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/189">#189</a>
from docker/version-pinning-docs</li>
<li><a
href="70deadb37a"><code>70deadb</code></a>
docs: add version pinning information to the README</li>
<li><a
href="165fe681b8"><code>165fe68</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/184">#184</a>
from docker/dependabot/npm_and_yarn/json5-2.2.3</li>
<li>Additional commits viewable in <a
href="8c0edbc76e...5e716dcfd6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.2.1&new-version=2.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-30 09:50:59 -03:00
dependabot[bot]
71bc3f9ba1
chore(deps): bump anchore/sbom-action from 0.13.2 to 0.13.3 (#3724) 
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from
0.13.2 to 0.13.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.13.3</h2>
<h2>Changes in v0.13.3</h2>
<ul>
<li>Update Syft to v0.68.1 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/391">#391</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="07978da4bd"><code>07978da</code></a>
Update Syft to v0.68.1 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/391">#391</a>)</li>
<li>See full diff in <a
href="https://github.com/anchore/sbom-action/compare/v0.13.2...v0.13.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.13.2&new-version=0.13.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-27 08:55:18 -03:00
dependabot[bot]
d120e4dd36
chore(deps): bump anchore/sbom-action from 0.13.1 to 0.13.2 (#3720) 
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from
0.13.1 to 0.13.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.13.2</h2>
<h2>Changes in v0.13.2</h2>
<ul>
<li>Update Syft to v0.68.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/387">#387</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="54e36e45f3"><code>54e36e4</code></a>
feat: update Syft to v0.68.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/387">#387</a>)</li>
<li>See full diff in <a
href="https://github.com/anchore/sbom-action/compare/v0.13.1...v0.13.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.13.1&new-version=0.13.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-26 09:48:38 -03:00
Carlos A Becker
17cd672149
build: use go 1.19.5 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-01-11 09:18:25 -03:00
dependabot[bot]
d80b937827
chore(deps): bump actions/checkout from 3.2.0 to 3.3.0 (#3683) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.2.0
to 3.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v3.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Implement branch list using callbacks from exec function by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1045">actions/checkout#1045</a></li>
<li>Add in explicit reference to private checkout options by <a
href="https://github.com/vanZeben"><code>@​vanZeben</code></a> in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1050">actions/checkout#1050</a></li>
<li>Fix comment typos (that got added in <a
href="https://github-redirect.dependabot.com/actions/checkout/issues/770">#770</a>)
by <a href="https://github.com/lurch"><code>@​lurch</code></a> in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1057">actions/checkout#1057</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/vanZeben"><code>@​vanZeben</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1050">actions/checkout#1050</a></li>
<li><a href="https://github.com/lurch"><code>@​lurch</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1057">actions/checkout#1057</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v3.2.0...v3.3.0">https://github.com/actions/checkout/compare/v3.2.0...v3.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ac59398561"><code>ac59398</code></a>
Fix comment typos (that got added in <a
href="https://github-redirect.dependabot.com/actions/checkout/issues/770">#770</a>)
(<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/1057">#1057</a>)</li>
<li><a
href="3ba5ee6fac"><code>3ba5ee6</code></a>
Add in explicit reference to private checkout options (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/1050">#1050</a>)</li>
<li><a
href="8856415920"><code>8856415</code></a>
Implement branch list using callbacks from exec function (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/1045">#1045</a>)</li>
<li>See full diff in <a
href="755da8c3cf...ac59398561">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.2.0&new-version=3.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-06 09:20:17 -03:00
Carlos Alexandro Becker
cac3f17562
feat(deps): build with go 1.19.4 (#3644) 
latest and greatest

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-12-14 15:23:40 -03:00
dependabot[bot]
f05b211b61
chore(deps): bump actions/setup-go from 3.4.0 to 3.5.0 (#3643) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.4.0
to 3.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>Add support for stable and oldstable aliases</h2>
<p>In scope of this release we introduce aliases for the
<code>go-version</code> input. The <code>stable</code> alias instals the
latest stable version of Go. The <code>oldstable</code> alias installs
previous latest minor release (the stable is 1.19.x -&gt; the oldstable
is 1.18.x).</p>
<h3>Stable</h3>
<pre lang="yaml"><code>steps:
  - uses: actions/checkout@v3
  - uses: actions/setup-go@v3
    with:
      go-version: 'stable'
  - run: go run hello.go
</code></pre>
<h3>OldStable</h3>
<pre lang="yaml"><code>steps:
  - uses: actions/checkout@v3
  - uses: actions/setup-go@v3
    with:
      go-version: 'oldstable'
  - run: go run hello.go
</code></pre>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6edd4406fa"><code>6edd440</code></a>
fix log for stable aliases (<a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/303">#303</a>)</li>
<li><a
href="38dbe75f81"><code>38dbe75</code></a>
Add stable and oldstable aliases (<a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/300">#300</a>)</li>
<li><a
href="30c39bfe0c"><code>30c39bf</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/301">#301</a>
from jongwooo/chore/use-cache-in-check-dist</li>
<li><a
href="8377b69a56"><code>8377b69</code></a>
Use cache in check-dist.yml</li>
<li>See full diff in <a
href="d0a58c1c4d...6edd4406fa">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=3.4.0&new-version=3.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-14 12:09:30 -03:00
dependabot[bot]
43e2b3bf69
chore(deps): bump actions/checkout from 3.1.0 to 3.2.0 (#3636) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0
to 3.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add GitHub Action to perform release by <a
href="https://github.com/rentziass"><code>@​rentziass</code></a> in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/942">actions/checkout#942</a></li>
<li>Fix status badge by <a
href="https://github.com/ScottBrenner"><code>@​ScottBrenner</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/967">actions/checkout#967</a></li>
<li>Replace datadog/squid with ubuntu/squid Docker image by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1002">actions/checkout#1002</a></li>
<li>Wrap pipeline commands for submoduleForeach in quotes by <a
href="https://github.com/jokreliable"><code>@​jokreliable</code></a> in
<a
href="https://github-redirect.dependabot.com/actions/checkout/pull/964">actions/checkout#964</a></li>
<li>Update <code>@​actions/io</code> to 1.1.2 by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1029">actions/checkout#1029</a></li>
<li>Upgrading version to 3.2.0 by <a
href="https://github.com/vmjoseph"><code>@​vmjoseph</code></a> in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1039">actions/checkout#1039</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/ScottBrenner"><code>@​ScottBrenner</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/967">actions/checkout#967</a></li>
<li><a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1002">actions/checkout#1002</a></li>
<li><a
href="https://github.com/jokreliable"><code>@​jokreliable</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/964">actions/checkout#964</a></li>
<li><a href="https://github.com/vmjoseph"><code>@​vmjoseph</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1039">actions/checkout#1039</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v3...v3.2.0">https://github.com/actions/checkout/compare/v3...v3.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="755da8c3cf"><code>755da8c</code></a>
3.2.0 (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/1039">#1039</a>)</li>
<li><a
href="26d48e8ea1"><code>26d48e8</code></a>
Update <code>@​actions/io</code> to 1.1.2 (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/1029">#1029</a>)</li>
<li><a
href="bf085276ce"><code>bf08527</code></a>
wrap pipeline commands for submoduleForeach in quotes (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/964">#964</a>)</li>
<li><a
href="5c3ccc22eb"><code>5c3ccc2</code></a>
Replace datadog/squid with ubuntu/squid Docker image (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/1002">#1002</a>)</li>
<li><a
href="1f9a0c22da"><code>1f9a0c2</code></a>
README - fix status badge (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/967">#967</a>)</li>
<li><a
href="8230315d06"><code>8230315</code></a>
Add workflow to update a main version (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/942">#942</a>)</li>
<li>See full diff in <a
href="93ea575cb5...755da8c3cf">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.1.0&new-version=3.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-13 09:44:45 -03:00
dependabot[bot]
2228edc406
chore(deps): bump actions/setup-go from 3.3.1 to 3.4.0 (#3616) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.3.1
to 3.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>Add support for go.work and pass the token input through on
GHES</h2>
<p>In scope of this release we added <a
href="https://github-redirect.dependabot.com/actions/setup-go/pull/283">support
for go.work file to pass it in go-version-file input</a>.</p>
<pre lang="yaml"><code>steps:
  - uses: actions/checkout@v3
  - uses: actions/setup-go@v3
    with:
      go-version-file: go.work
  - run: go run hello.go
</code></pre>
<p>Besides, we added support to <a
href="https://github-redirect.dependabot.com/actions/setup-go/pull/277">pass
the token input through on GHES</a>.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d0a58c1c4d"><code>d0a58c1</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/294">#294</a>
from JamesMGreene/patch-1</li>
<li><a
href="3dcd9d6eb3"><code>3dcd9d6</code></a>
Update to latest <code>actions/publish-action</code></li>
<li><a
href="e983b65a44"><code>e983b65</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/283">#283</a>
from koba1t/add_support_gowork_for_go-version-file</li>
<li><a
href="27b43e1b0d"><code>27b43e1</code></a>
Pass the token input through on GHES (<a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/277">#277</a>)</li>
<li><a
href="7678c83214"><code>7678c83</code></a>
add support gowork for go-version-file</li>
<li>See full diff in <a
href="c4a742cab1...d0a58c1c4d">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=3.3.1&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-02 09:09:52 -03:00
dependabot[bot]
bd4d497c99
chore(deps): bump anchore/sbom-action from 0.13.0 to 0.13.1 (#3533) 
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from
0.13.0 to 0.13.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.13.1</h2>
<h2>Changes in v0.13.1</h2>
<ul>
<li>File input not being passed properly to Syft invocation (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/385">#385</a>)
[<a href="https://github.com/kzantow">kzantow</a>]</li>
<li>Update Syft to v0.60.3 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/386">#386</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="06e109483e"><code>06e1094</code></a>
fix: file input not being passed properly to syft invocation (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/385">#385</a>)</li>
<li><a
href="f4e264e189"><code>f4e264e</code></a>
Update Syft to v0.60.3 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/386">#386</a>)</li>
<li><a
href="faa694c549"><code>faa694c</code></a>
chore: update dependencies (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/384">#384</a>)</li>
<li>See full diff in <a
href="https://github.com/anchore/sbom-action/compare/v0.13.0...v0.13.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.13.0&new-version=0.13.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-07 09:11:22 -03:00
Carlos Alexandro Becker
7544f7ab96
feat: update to go 1.19.3 (#3523) 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-11-02 14:19:01 -03:00
dependabot[bot]
f3aea7663f
chore(deps): bump anchore/sbom-action from 0.12.0 to 0.13.0 (#3512) 
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from
0.12.0 to 0.13.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.13.0</h2>
<h2>Changes in v0.13.0</h2>
<ul>
<li>Allow type &quot;file:...&quot; to enable creation of SBOMs from tar
and other package formats (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/357">#357</a>)
[<a href="https://github.com/malt3">malt3</a>]</li>
<li>Update Syft to v0.59.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/371">#371</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
<li>Update dependencies and node version (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/372">#372</a>)
[<a href="https://github.com/kzantow">kzantow</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b7e8507c6a"><code>b7e8507</code></a>
chore: remove dependabot (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/381">#381</a>)</li>
<li><a
href="2424de21c4"><code>2424de2</code></a>
Bump <code>@​types/node</code> from 18.11.2 to 18.11.3 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/373">#373</a>)</li>
<li><a
href="12a03b588c"><code>12a03b5</code></a>
Update Syft to v0.59.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/371">#371</a>)</li>
<li><a
href="563238bdcc"><code>563238b</code></a>
chore: Update dependencies and action node version (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/372">#372</a>)</li>
<li><a
href="eda59434a8"><code>eda5943</code></a>
Update Syft to v0.58.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/354">#354</a>)</li>
<li><a
href="614fe8a3b7"><code>614fe8a</code></a>
feat: Allow type &quot;file:...&quot; (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/357">#357</a>)</li>
<li><a
href="6218d4fbd4"><code>6218d4f</code></a>
Update Syft to v0.57.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/344">#344</a>)</li>
<li><a
href="a173e5341b"><code>a173e53</code></a>
Update Syft to v0.56.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/329">#329</a>)</li>
<li><a
href="2cd5755dcc"><code>2cd5755</code></a>
Add update-deps script (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/322">#322</a>)</li>
<li>See full diff in <a
href="https://github.com/anchore/sbom-action/compare/v0.12.0...v0.13.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.12.0&new-version=0.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-31 11:13:56 -03:00
dependabot[bot]
097baac606
chore(deps): bump actions/setup-go from 3.3.0 to 3.3.1 (#3477) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.3.0
to 3.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>Fix cache issues and update dependencies</h2>
<p>In scope of this release we fixed the issue with the correct
generation of the cache key when the <code>go-version-file</code> input
is set (<a
href="https://github-redirect.dependabot.com/actions/setup-go/pull/267">actions/setup-go#267</a>).
Moreover, we fixed an issue when <a
href="https://github-redirect.dependabot.com/actions/setup-go/pull/264">the
cache folder was not found</a>. Besides, we updated
<code>actions/core</code> to 1.10.0 version (<a
href="https://github-redirect.dependabot.com/actions/setup-go/pull/273">actions/setup-go#273</a>).</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c4a742cab1"><code>c4a742c</code></a>
fix(): cache resolve version input (<a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/267">#267</a>)</li>
<li><a
href="f556e5b7e0"><code>f556e5b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/273">#273</a>
from rentziass/rentziass/update-actions-core</li>
<li><a
href="514ae57904"><code>514ae57</code></a>
Update <code>@​actions/core</code> to 1.10.0</li>
<li><a
href="30b9ddff11"><code>30b9ddf</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/264">#264</a>
from e-korolevskii/258-not-throw-err-no-cache-folders</li>
<li><a
href="c4e169859f"><code>c4e1698</code></a>
prettier format</li>
<li><a
href="db58e98a43"><code>db58e98</code></a>
format</li>
<li><a
href="2905db4069"><code>2905db4</code></a>
update build</li>
<li><a
href="57452eb902"><code>57452eb</code></a>
fix debug lines in test</li>
<li><a
href="5547b9ed8d"><code>5547b9e</code></a>
fix(cache): Not throw err if no cache folders</li>
<li><a
href="be45b2722d"><code>be45b27</code></a>
build</li>
<li>Additional commits viewable in <a
href="268d8c0ca0...c4a742cab1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=3.3.0&new-version=3.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-19 09:54:46 -03:00
dependabot[bot]
a94d809a63
chore(deps): bump sigstore/cosign-installer from 2.8.0 to 2.8.1 (#3478) 
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 2.8.0 to 2.8.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v2.8.1</h2>
<h2>What's Changed</h2>
<ul>
<li>bump cosign install to use release v1.13.1 by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/98">sigstore/cosign-installer#98</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v2...v2.8.1">https://github.com/sigstore/cosign-installer/compare/v2...v2.8.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9becc61764"><code>9becc61</code></a>
bump cosign install to use release v1.13.1 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/98">#98</a>)</li>
<li><a
href="c6d50c2e98"><code>c6d50c2</code></a>
Bump actions/checkout from 3.0.2 to 3.1.0 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/96">#96</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v2.8.0...v2.8.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=2.8.0&new-version=2.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-19 09:54:06 -03:00
dependabot[bot]
97e9bc40f9
chore(deps): bump docker/setup-buildx-action from 2.2.0 to 2.2.1 (#3480) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.2.0 to 2.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Preserve quotes surrounding fields in input list by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/174">#174</a>)</li>
<li>Escape surrounding quotes for <code>platforms</code> input by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/175">#175</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.2.0...v2.2.1">https://github.com/docker/setup-buildx-action/compare/v2.2.0...v2.2.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8c0edbc76e"><code>8c0edbc</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/175">#175</a>
from crazy-max/input-list-quotes</li>
<li><a
href="1fb9cbdb32"><code>1fb9cbd</code></a>
escape surrounding quotes for platforms input</li>
<li><a
href="693fdd6ca6"><code>693fdd6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/174">#174</a>
from crazy-max/input-quote</li>
<li><a
href="fe4c1ac86d"><code>fe4c1ac</code></a>
preserve quotes surrounding fields in input list</li>
<li>See full diff in <a
href="c74574e6c8...8c0edbc76e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.2.0&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-19 09:53:41 -03:00
dependabot[bot]
903713ea0a
chore(deps): bump docker/setup-buildx-action from 2.1.0 to 2.2.0 (#3474) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.1.0 to 2.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Append nodes to builder support by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/165">#165</a>)</li>
<li>Bump csv-parse from 5.3.0 to 5.3.1 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/172">#172</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.1.0...v2.2.0">https://github.com/docker/setup-buildx-action/compare/v2.1.0...v2.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c74574e6c8"><code>c74574e</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/172">#172</a>
from docker/dependabot/npm_and_yarn/csv-parse-5.3.1</li>
<li><a
href="2d0cf98781"><code>2d0cf98</code></a>
update generated content</li>
<li><a
href="5f1d4ea81f"><code>5f1d4ea</code></a>
Bump csv-parse from 5.3.0 to 5.3.1</li>
<li><a
href="59b5ed6124"><code>59b5ed6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/165">#165</a>
from crazy-max/append</li>
<li><a
href="bd61d52837"><code>bd61d52</code></a>
update generated content</li>
<li><a
href="f6efb5fcbb"><code>f6efb5f</code></a>
platforms input</li>
<li><a
href="2dfca373f3"><code>2dfca37</code></a>
append nodes to builder support</li>
<li>See full diff in <a
href="95cb08cb26...c74574e6c8">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.1.0&new-version=2.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-18 09:19:42 -03:00
dependabot[bot]
6a5a3d9f1d
chore(deps): bump docker/setup-qemu-action from 2.0.0 to 2.1.0 (#3458) 
Bumps
[docker/setup-qemu-action](https://github.com/docker/setup-qemu-action)
from 2.0.0 to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Use context for inputs by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/62">#62</a>)</li>
<li>Use built-in <code>getExecOutput</code> by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/61">#61</a>)</li>
<li>Remove workaround for <code>setOutput</code> by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/63">#63</a>)</li>
<li>Bump <code>@​actions/core</code> from 1.6.0 to 1.10.0 (<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/54">#54</a>
<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/58">#58</a>
<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/59">#59</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-qemu-action/compare/v2.0.0...v2.1.0">https://github.com/docker/setup-qemu-action/compare/v2.0.0...v2.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e81a89b173"><code>e81a89b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/63">#63</a>
from crazy-max/setOutput</li>
<li><a
href="2d3efc7878"><code>2d3efc7</code></a>
Remove workaround for setOutput</li>
<li><a
href="bfc44eaf57"><code>bfc44ea</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/62">#62</a>
from crazy-max/context</li>
<li><a
href="25725d8d2e"><code>25725d8</code></a>
Use context for inputs</li>
<li><a
href="8c1e35a8c6"><code>8c1e35a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/61">#61</a>
from crazy-max/exec-output</li>
<li><a
href="f3c51a3313"><code>f3c51a3</code></a>
update README</li>
<li><a
href="c47ad32952"><code>c47ad32</code></a>
Use built-in getExecOutput</li>
<li><a
href="aa087459ac"><code>aa08745</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/59">#59</a>
from docker/dependabot/npm_and_yarn/actions/core-1.10.0</li>
<li><a
href="9443994984"><code>9443994</code></a>
Update generated content</li>
<li><a
href="81a47e15eb"><code>81a47e1</code></a>
Bump <code>@​actions/core</code> from 1.9.1 to 1.10.0</li>
<li>Additional commits viewable in <a
href="8b122486ce...e81a89b173">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-qemu-action&package-manager=github_actions&previous-version=2.0.0&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2022-10-13 10:52:43 -03:00
dependabot[bot]
9ce619ad09
chore(deps): bump docker/setup-buildx-action from 2.0.0 to 2.1.0 (#3459) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.0.0 to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Auth support for tls endpoint by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/164">#164</a>)</li>
<li>Nodes metadata JSON ouput by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/162">#162</a>)
<ul>
<li><code>endpoint</code>, <code>status</code> and <code>flags</code>
outputs are deprecated. Use <code>nodes</code> output instead.</li>
</ul>
</li>
<li>Skip setting buildkitd flags and config for remote driver by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/161">#161</a>)</li>
<li>Move args logic to context module and add tests by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/169">#169</a>)</li>
<li>Remove workaround for <code>setOutput</code> by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/170">#170</a>)</li>
<li>Fix deprecated <code>fs.rmdir</code> by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/171">#171</a>)</li>
<li>Docs: clarify install option by <a
href="https://github.com/rodrigc"><code>@​rodrigc</code></a> in (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/152">#152</a>)</li>
<li>Bump <code>@​actions/core</code> from 1.6.0 to 1.10.0 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/151">#151</a>
<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/157">#157</a>
<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/167">#167</a>)</li>
<li>Bump <code>@​actions/tool-cache</code> from 1.7.2 to 2.0.1 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/150">#150</a>)</li>
<li>Bump <code>@​actions/http-client</code> from 1.0.11 to 2.0.1 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/149">#149</a>)</li>
<li>Bump uuid from 8.3.2 to 9.0.0 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/159">#159</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.0.0...v2.1.0">https://github.com/docker/setup-buildx-action/compare/v2.0.0...v2.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="95cb08cb26"><code>95cb08c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/171">#171</a>
from crazy-max/rmsync</li>
<li><a
href="eb5c2a6eea"><code>eb5c2a6</code></a>
Fix deprecated fs.rmdir</li>
<li><a
href="83612bea36"><code>83612be</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/170">#170</a>
from crazy-max/setOutput</li>
<li><a
href="40fefd8a58"><code>40fefd8</code></a>
Remove workaround for setOutput</li>
<li><a
href="90a1e4619e"><code>90a1e46</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/169">#169</a>
from crazy-max/context-module</li>
<li><a
href="5a9fc40575"><code>5a9fc40</code></a>
move args logic to context module and add tests</li>
<li><a
href="6c48dad5f0"><code>6c48dad</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/159">#159</a>
from docker/dependabot/npm_and_yarn/uuid-9.0.0</li>
<li><a
href="16c2ddbfa7"><code>16c2ddb</code></a>
update generated content</li>
<li><a
href="0fe8589bf4"><code>0fe8589</code></a>
Bump uuid from 8.3.2 to 9.0.0</li>
<li><a
href="f3692cbe43"><code>f3692cb</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/167">#167</a>
from docker/dependabot/npm_and_yarn/actions/core-1.10.0</li>
<li>Additional commits viewable in <a
href="dc7b9719a9...95cb08cb26">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.0.0&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2022-10-13 10:51:29 -03:00
dependabot[bot]
38c8436863
chore(deps): bump arduino/setup-task from 1.0.1 to 1.0.2 (#3452) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [arduino/setup-task](https://github.com/arduino/setup-task) from
1.0.1 to 1.0.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/arduino/setup-task/releases">arduino/setup-task's
releases</a>.</em></p>
<blockquote>
<h2>1.0.2</h2>
<h2>Release Notes</h2>
<h3>Changelog</h3>
<h4>Enhancement</h4>
<ul>
<li>Run action with Node.js 16 (<a
href="https://github-redirect.dependabot.com/arduino/setup-task/pull/552">arduino/setup-task#552</a>)</li>
<li>Various dependency updates</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a href="https://github.com/kasperg"><code>@​kasperg</code></a></li>
</ul>
<hr />
<p><strong>Full Changeset</strong>: <a
href="https://github.com/arduino/setup-task/compare/1.0.1...1.0.2">https://github.com/arduino/setup-task/compare/1.0.1...1.0.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d665c6beeb"><code>d665c6b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/554">#554</a>
from arduino/dependabot/npm_and_yarn/types/node-16.11.65</li>
<li><a
href="f911dc0bbc"><code>f911dc0</code></a>
build(deps-dev): bump <code>@​types/node</code> from 16.11.64 to
16.11.65</li>
<li><a
href="2cdd1760c6"><code>2cdd176</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/555">#555</a>
from arduino/dependabot/npm_and_yarn/typescript-eslin...</li>
<li><a
href="0238d42112"><code>0238d42</code></a>
build(deps-dev): bump
<code>@​typescript-eslint/eslint-plugin</code></li>
<li><a
href="b592b746bd"><code>b592b74</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/553">#553</a>
from arduino/dependabot/npm_and_yarn/typescript-eslin...</li>
<li><a
href="1b72357a23"><code>1b72357</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.38.1 to 5.40.0</li>
<li><a
href="eea6bc2215"><code>eea6bc2</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/551">#551</a>
from arduino/dependabot/npm_and_yarn/eslint-8.25.0</li>
<li><a
href="c36e056867"><code>c36e056</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/552">#552</a>
from kasperg/patch-1</li>
<li><a
href="ba0113b2fc"><code>ba0113b</code></a>
Bump Node version from 12 to 16</li>
<li><a
href="1bdabdfc86"><code>1bdabdf</code></a>
build(deps-dev): bump eslint from 8.24.0 to 8.25.0</li>
<li>Additional commits viewable in <a
href="ca745e1891...d665c6beeb">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=arduino/setup-task&package-manager=github_actions&previous-version=1.0.1&new-version=1.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-12 19:04:36 -03:00
dependabot[bot]
1317be8a7d
chore(deps): bump sigstore/cosign-installer from 2.7.0 to 2.8.0 (#3448) 
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 2.7.0 to 2.8.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v2.8.0</h2>
<h2>What's Changed</h2>
<ul>
<li>bump cosign to v1.13.0 by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/95">sigstore/cosign-installer#95</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v2.7.0...v2.8.0">https://github.com/sigstore/cosign-installer/compare/v2.7.0...v2.8.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7cc35d7fdb"><code>7cc35d7</code></a>
bump cosign to v1.13.0 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/95">#95</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v2.7.0...v2.8.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=2.7.0&new-version=2.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-10 14:50:18 -03:00
Carlos Alexandro Becker
b4159f6377
feat(deps): go 1.19.2 (#3443) 
latest security fixes

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-10-05 21:24:45 -03:00
Carlos A Becker
04162b50fe
chore: always build on main 2022-10-05 10:50:29 -03:00
dependabot[bot]
f8da439130
chore(deps): bump actions/checkout from 3.0.2 to 3.1.0 (#3441) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.2
to 3.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v3.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Inject GitHub host to be able to clone from another GitHub instance
by <a
href="https://github.com/peter-murray"><code>@​peter-murray</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/922">actions/checkout#922</a></li>
<li>Bump <code>@​actions/core</code> to 1.10.0 by <a
href="https://github.com/rentziass"><code>@​rentziass</code></a> in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/939">actions/checkout#939</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/peter-murray"><code>@​peter-murray</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/922">actions/checkout#922</a></li>
<li><a href="https://github.com/rentziass"><code>@​rentziass</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/939">actions/checkout#939</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v3.0.2...v3.1.0">https://github.com/actions/checkout/compare/v3.0.2...v3.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v3.1.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/939">Use
<code>@​actions/core</code> <code>saveState</code> and
<code>getState</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/922">Add
<code>github-server-url</code> input</a></li>
</ul>
<h2>v3.0.2</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/770">Add
input <code>set-safe-directory</code></a></li>
</ul>
<h2>v3.0.1</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/762">Fixed
an issue where checkout failed to run in container jobs due to the new
git setting <code>safe.directory</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/744">Bumped
various npm package versions</a></li>
</ul>
<h2>v3.0.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/689">Update
to node 16</a></li>
</ul>
<h2>v2.3.1</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/284">Fix
default branch resolution for .wiki and when using SSH</a></li>
</ul>
<h2>v2.3.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/278">Fallback
to the default branch</a></li>
</ul>
<h2>v2.2.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/258">Fetch
all history for all tags and branches when fetch-depth=0</a></li>
</ul>
<h2>v2.1.1</h2>
<ul>
<li>Changes to support GHES (<a
href="https://github-redirect.dependabot.com/actions/checkout/pull/236">here</a>
and <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/248">here</a>)</li>
</ul>
<h2>v2.1.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/191">Group
output</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/199">Changes
to support GHES alpha release</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/184">Persist
core.sshCommand for submodules</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/163">Add
support ssh</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/179">Convert
submodule SSH URL to HTTPS, when not using SSH</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/157">Add
submodule support</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/144">Follow
proxy settings</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/141">Fix
ref for pr closed event when a pr is merged</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/128">Fix
issue checking detached when git less than 2.22</a></li>
</ul>
<h2>v2.0.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/108">Do
not pass cred on command line</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/107">Add
input persist-credentials</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/104">Fallback
to REST API to download repo</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="93ea575cb5"><code>93ea575</code></a>
Prepare release v3.1.0 (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/940">#940</a>)</li>
<li><a
href="6a84743051"><code>6a84743</code></a>
Bump <code>@​actions/core</code> to 1.10.0 (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/939">#939</a>)</li>
<li><a
href="e6d535c99c"><code>e6d535c</code></a>
Inject GitHub host to be able to clone from another GitHub instance (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/922">#922</a>)</li>
<li>See full diff in <a
href="2541b1294d...93ea575cb5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.0.2&new-version=3.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-05 09:38:34 -03:00
dependabot[bot]
fd8cc43ef3
chore(deps): bump sigstore/cosign-installer from 2.6.0 to 2.7.0 (#3404) 
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 2.6.0 to 2.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v2.7.0</h2>
<h2>What's Changed</h2>
<ul>
<li>bump cosign to v1.12.1 by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/94">sigstore/cosign-installer#94</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v2...v2.7.0">https://github.com/sigstore/cosign-installer/compare/v2...v2.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ced07f21fb"><code>ced07f2</code></a>
bump cosign to v1.12.1 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/94">#94</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v2.6.0...v2.7.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=2.6.0&new-version=2.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-26 10:24:30 -03:00
Carlos A Becker
6aa3f5a724
chore: minor workflows improvements 2022-09-22 16:00:05 -03:00
dependabot[bot]
326b588ece
chore(deps): bump codecov/codecov-action from 3.1.0 to 3.1.1 (#3390) 
Bumps
[codecov/codecov-action](https://github.com/codecov/codecov-action) from
3.1.0 to 3.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's
releases</a>.</em></p>
<blockquote>
<h2>3.1.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update deprecation warning by <a
href="https://github.com/slifty"><code>@​slifty</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/661">codecov/codecov-action#661</a></li>
<li>Create codeql-analysis.yml by <a
href="https://github.com/mitchell-codecov"><code>@​mitchell-codecov</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/593">codecov/codecov-action#593</a></li>
<li>build(deps): bump node-fetch from 3.2.3 to 3.2.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/714">codecov/codecov-action#714</a></li>
<li>build(deps-dev): bump typescript from 4.6.3 to 4.6.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/713">codecov/codecov-action#713</a></li>
<li>README: fix typo by <a
href="https://github.com/Evalir"><code>@​Evalir</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/712">codecov/codecov-action#712</a></li>
<li>build(deps): bump github/codeql-action from 1 to 2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/724">codecov/codecov-action#724</a></li>
<li>build(deps-dev): bump <code>@​types/jest</code> from 27.4.1 to
27.5.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/717">codecov/codecov-action#717</a></li>
<li>fix: Remove a blank row by <a
href="https://github.com/johnmanjiro13"><code>@​johnmanjiro13</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/725">codecov/codecov-action#725</a></li>
<li>Update README.md with correct badge version by <a
href="https://github.com/gsheni"><code>@​gsheni</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/726">codecov/codecov-action#726</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 17.0.25 to
17.0.33 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/729">codecov/codecov-action#729</a></li>
<li>build(deps-dev): downgrade <code>@​types/node</code> to 16.11.35 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/734">codecov/codecov-action#734</a></li>
<li>build(deps): bump actions/checkout from 2 to 3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/723">codecov/codecov-action#723</a></li>
<li>build(deps): bump <code>@​actions/github</code> from 5.0.1 to 5.0.3
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/733">codecov/codecov-action#733</a></li>
<li>build(deps): bump <code>@​actions/core</code> from 1.6.0 to 1.8.2 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/732">codecov/codecov-action#732</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 16.11.35 to
16.11.36 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/737">codecov/codecov-action#737</a></li>
<li>Create scorecards-analysis.yml by <a
href="https://github.com/mitchell-codecov"><code>@​mitchell-codecov</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/633">codecov/codecov-action#633</a></li>
<li>build(deps): bump ossf/scorecard-action from 1.0.1 to 1.1.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/749">codecov/codecov-action#749</a></li>
<li>fix: add more verbosity to validation by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/747">codecov/codecov-action#747</a></li>
<li>build(deps-dev): bump typescript from 4.6.4 to 4.7.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/755">codecov/codecov-action#755</a></li>
<li>Regenerate scorecards-analysis.yml by <a
href="https://github.com/mitchell-codecov"><code>@​mitchell-codecov</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/750">codecov/codecov-action#750</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 16.11.36 to
16.11.39 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/759">codecov/codecov-action#759</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 16.11.39 to
16.11.40 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/762">codecov/codecov-action#762</a></li>
<li>build(deps-dev): bump <code>@​vercel/ncc</code> from 0.33.4 to
0.34.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/746">codecov/codecov-action#746</a></li>
<li>build(deps): bump ossf/scorecard-action from 1.1.0 to 1.1.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/757">codecov/codecov-action#757</a></li>
<li>build(deps): bump openpgp from 5.2.1 to 5.3.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/760">codecov/codecov-action#760</a></li>
<li>build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/748">codecov/codecov-action#748</a></li>
<li>build(deps-dev): bump typescript from 4.7.3 to 4.7.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/766">codecov/codecov-action#766</a></li>
<li>Switch to v3 by <a
href="https://github.com/thomasrockhu"><code>@​thomasrockhu</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/774">codecov/codecov-action#774</a></li>
<li>Fix <code>network</code> entry in table by <a
href="https://github.com/kevmoo"><code>@​kevmoo</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/783">codecov/codecov-action#783</a></li>
<li>Trim arguments after splitting them by <a
href="https://github.com/mitchell-codecov"><code>@​mitchell-codecov</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/791">codecov/codecov-action#791</a></li>
<li>build(deps): bump openpgp from 5.3.0 to 5.4.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/799">codecov/codecov-action#799</a></li>
<li>build(deps): bump <code>@​actions/core</code> from 1.8.2 to 1.9.1 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/798">codecov/codecov-action#798</a></li>
<li>Plumb failCi into verification function. by <a
href="https://github.com/RobbieMcKinstry"><code>@​RobbieMcKinstry</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/769">codecov/codecov-action#769</a></li>
<li>release: update changelog and version to 3.1.1 by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/828">codecov/codecov-action#828</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/slifty"><code>@​slifty</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/661">codecov/codecov-action#661</a></li>
<li><a href="https://github.com/Evalir"><code>@​Evalir</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/712">codecov/codecov-action#712</a></li>
<li><a
href="https://github.com/johnmanjiro13"><code>@​johnmanjiro13</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/725">codecov/codecov-action#725</a></li>
<li><a href="https://github.com/gsheni"><code>@​gsheni</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/726">codecov/codecov-action#726</a></li>
<li><a href="https://github.com/kevmoo"><code>@​kevmoo</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/783">codecov/codecov-action#783</a></li>
<li><a
href="https://github.com/RobbieMcKinstry"><code>@​RobbieMcKinstry</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/769">codecov/codecov-action#769</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v3.1.0...v3.1.1">https://github.com/codecov/codecov-action/compare/v3.1.0...v3.1.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md">codecov/codecov-action's
changelog</a>.</em></p>
<blockquote>
<h2>3.1.1</h2>
<h3>Fixes</h3>
<ul>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/661">#661</a>
Update deprecation warning</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/593">#593</a>
Create codeql-analysis.yml</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/712">#712</a>
README: fix typo</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/725">#725</a>
fix: Remove a blank row</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/726">#726</a>
Update README.md with correct badge version</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/633">#633</a>
Create scorecards-analysis.yml</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/747">#747</a>
fix: add more verbosity to validation</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/750">#750</a>
Regenerate scorecards-analysis.yml</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/774">#774</a>
Switch to v3</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/783">#783</a>
Fix network entry in table</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/791">#791</a>
Trim arguments after splitting them</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/769">#769</a>
Plumb failCi into verification function.</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/713">#713</a>
build(deps-dev): bump typescript from 4.6.3 to 4.6.4</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/714">#714</a>
build(deps): bump node-fetch from 3.2.3 to 3.2.4</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/724">#724</a>
build(deps): bump github/codeql-action from 1 to 2</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/717">#717</a>
build(deps-dev): bump <code>@​types/jest</code> from 27.4.1 to
27.5.0</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/729">#729</a>
build(deps-dev): bump <code>@​types/node</code> from 17.0.25 to
17.0.33</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/734">#734</a>
build(deps-dev): downgrade <code>@​types/node</code> to 16.11.35</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/723">#723</a>
build(deps): bump actions/checkout from 2 to 3</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/733">#733</a>
build(deps): bump <code>@​actions/github</code> from 5.0.1 to 5.0.3</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/732">#732</a>
build(deps): bump <code>@​actions/core</code> from 1.6.0 to 1.8.2</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/737">#737</a>
build(deps-dev): bump <code>@​types/node</code> from 16.11.35 to
16.11.36</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/749">#749</a>
build(deps): bump ossf/scorecard-action from 1.0.1 to 1.1.0</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/755">#755</a>
build(deps-dev): bump typescript from 4.6.4 to 4.7.3</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/759">#759</a>
build(deps-dev): bump <code>@​types/node</code> from 16.11.36 to
16.11.39</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/762">#762</a>
build(deps-dev): bump <code>@​types/node</code> from 16.11.39 to
16.11.40</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/746">#746</a>
build(deps-dev): bump <code>@​vercel/ncc</code> from 0.33.4 to
0.34.0</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/757">#757</a>
build(deps): bump ossf/scorecard-action from 1.1.0 to 1.1.1</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/760">#760</a>
build(deps): bump openpgp from 5.2.1 to 5.3.0</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/748">#748</a>
build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/766">#766</a>
build(deps-dev): bump typescript from 4.7.3 to 4.7.4</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/799">#799</a>
build(deps): bump openpgp from 5.3.0 to 5.4.0</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/798">#798</a>
build(deps): bump <code>@​actions/core</code> from 1.8.2 to 1.9.1</li>
</ul>
<h2>3.1.0</h2>
<h3>Features</h3>
<ul>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/699">#699</a>
Incorporate <code>xcode</code> arguments for the Codecov uploader</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/694">#694</a>
build(deps-dev): bump <code>@​vercel/ncc</code> from 0.33.3 to
0.33.4</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/696">#696</a>
build(deps-dev): bump <code>@​types/node</code> from 17.0.23 to
17.0.25</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/698">#698</a>
build(deps-dev): bump jest-junit from 13.0.0 to 13.2.0</li>
</ul>
<h2>3.0.0</h2>
<h3>Breaking Changes</h3>
<ul>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/689">#689</a>
Bump to node16 and small fixes</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d9f34f8cd5"><code>d9f34f8</code></a>
release: update changelog and version to 3.1.1 (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/828">#828</a>)</li>
<li><a
href="0e9e7b4e8a"><code>0e9e7b4</code></a>
Plumb failCi into verification function. (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/769">#769</a>)</li>
<li><a
href="7f20bd4c41"><code>7f20bd4</code></a>
build(deps): bump <code>@​actions/core</code> from 1.8.2 to 1.9.1 (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/798">#798</a>)</li>
<li><a
href="13bc2536ab"><code>13bc253</code></a>
build(deps): bump openpgp from 5.3.0 to 5.4.0 (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/799">#799</a>)</li>
<li><a
href="5c0da1b28f"><code>5c0da1b</code></a>
Trim arguments after splitting them (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/791">#791</a>)</li>
<li><a
href="68d5f6d0be"><code>68d5f6d</code></a>
Fix <code>network</code> entry in table (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/783">#783</a>)</li>
<li><a
href="2a829b95de"><code>2a829b9</code></a>
Switch to v3 (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/774">#774</a>)</li>
<li><a
href="8e09eaf1b4"><code>8e09eaf</code></a>
build(deps-dev): bump typescript from 4.7.3 to 4.7.4 (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/766">#766</a>)</li>
<li><a
href="39e222921f"><code>39e2229</code></a>
build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0 (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/748">#748</a>)</li>
<li><a
href="b2b7703473"><code>b2b7703</code></a>
build(deps): bump openpgp from 5.2.1 to 5.3.0 (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/760">#760</a>)</li>
<li>Additional commits viewable in <a
href="81cd2dc814...d9f34f8cd5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=3.1.0&new-version=3.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-20 10:15:30 -03:00
Carlos Alexandro Becker
445f2e730d
chore: avoid running actions when not needed/possible (#3389) 
- only run the build action when actual go files changed
- only run some actions on the main fork to avoid errors
 2022-09-19 23:48:20 -03:00
Carlos Alexandro Becker
d19ff6eb1e
chore: splitting workflows (#3386) 
split build & release workflows

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-09-18 21:31:33 -03:00
dependabot[bot]
f7efe9ca2b
chore(deps): bump sigstore/cosign-installer from 2.5.1 to 2.6.0 (#3368) 
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 2.5.1 to 2.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v2.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>update action to default cosign to v1.11.0 release by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/89">sigstore/cosign-installer#89</a></li>
<li>cleanup dependabot by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/90">sigstore/cosign-installer#90</a></li>
<li>default cosign to v1.11.1 by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/91">sigstore/cosign-installer#91</a></li>
<li>Bump actions/setup-go from 3.2.1 to 3.3.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/92">sigstore/cosign-installer#92</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v2.5.1...v2.6.0">https://github.com/sigstore/cosign-installer/compare/v2.5.1...v2.6.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f3c664df7a"><code>f3c664d</code></a>
Bump actions/setup-go from 3.2.1 to 3.3.0 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/92">#92</a>)</li>
<li><a
href="14d43345ff"><code>14d4334</code></a>
default cosign to v1.11.1 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/91">#91</a>)</li>
<li><a
href="8d0fee40fd"><code>8d0fee4</code></a>
cleanup dependabot (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/90">#90</a>)</li>
<li><a
href="716fc02719"><code>716fc02</code></a>
update action to default cosign to v1.11.0 release (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/89">#89</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v2.5.1...v2.6.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=2.5.1&new-version=2.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-12 09:36:39 -03:00
Carlos Alexandro Becker
8cb4eb1654
fix: ruleguard and semgrep scans and fixes (#3364) 
run semgrep-go ruleguard and semgrep scans

https://github.com/dgryski/semgrep-go

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-09-11 15:32:23 -03:00
Carlos Alexandro Becker
5185b5b6ed
chore(ci): govulncheck (#3362) 
check for vulnerabilities

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-09-09 11:36:15 -03:00
dependabot[bot]
6778972ce6
chore(deps): bump actions/setup-go from 3.2.1 to 3.3.0 (#3340) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.2.1 to 3.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p>
<blockquote>
<h2>Support architecture input and fix Expand-Archive issue</h2>
<p>This release introduces support for architecture input for <code>setup-go</code> action <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/253">#253</a>. It also adds support for arm32 architecture for self-hosted runners. If architecture is not provided action will use default runner architecture.
Example of usage:</p>
<pre lang="yaml"><code>steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
  with:
   go-version: '1.16'
   architecture: arm
</code></pre>
<p>This release also provides fix for issue <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/241">#241</a>. <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/250">#250</a> adds support for using explicit filename for Windows which is necessary to satisfy Expand-Archive's requirement on .zip extension.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="268d8c0ca0"><code>268d8c0</code></a> Add support for arm32 go arch (<a href="https://github-redirect.dependabot.com/actions/setup-go/issues/253">#253</a>)</li>
<li><a href="f279813975"><code>f279813</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/250">#250</a> from jromero/feature/windows-download-filename</li>
<li><a href="1022489cb7"><code>1022489</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/249">#249</a> from e-korolevskii/main</li>
<li><a href="e0dce94eb0"><code>e0dce94</code></a> Use explicit filename when downloading Windows go package</li>
<li><a href="dab57c7c68"><code>dab57c7</code></a> update docs</li>
<li><a href="f2e56d8191"><code>f2e56d8</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/246">#246</a> from e-korolevskii/Update-contributors-guide</li>
<li><a href="edd0aca6b1"><code>edd0aca</code></a> update tests path</li>
<li><a href="f3e3b7c2f2"><code>f3e3b7c</code></a> Update docs/contributors.md</li>
<li><a href="4a0c081511"><code>4a0c081</code></a> Update docs/contributors.md</li>
<li><a href="185e7f2f01"><code>185e7f2</code></a> Update docs/contributors.md</li>
<li>Additional commits viewable in <a href="84cbf80943...268d8c0ca0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=3.2.1&new-version=3.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-24 10:02:10 -03:00
dependabot[bot]
6e85391479
chore(deps): bump actions/cache from 3.0.7 to 3.0.8 (#3334) 
Bumps actions/cache from 3.0.7 to 3.0.8.

Release notes
Sourced from actions/cache's releases.

v3.0.8
What's Changed

Fix zstd not working for windows on gnu tar in issues.
Allow users to provide a custom timeout as input for aborting cache segment download using the environment variable SEGMENT_DOWNLOAD_TIMEOUT_MIN. Default is 60 minutes.




Changelog
Sourced from actions/cache's changelog.

Releases
3.0.0

Updated minimum runner version support from node 12 -> node 16

3.0.1

Added support for caching from GHES 3.5.
Fixed download issue for files > 2GB during restore.

3.0.2

Added support for dynamic cache size cap on GHES.

3.0.3

Fixed avoiding empty cache save when no files are available for caching. (issue)

3.0.4

Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (issue)

3.0.5

Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (PR)

3.0.6

Fixed #809 - zstd -d: no such file or directory error
Fixed #833 - cache doesn't work with github workspace directory

3.0.7

Fixed #810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.

3.0.8

Fix zstd not working for windows on gnu tar in issues #888 and #891.
Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MIN. Default is 60 minutes.




Commits

fd5de65 Merge pull request #899 from actions/kotewar/download-and-compression-fix
d49b6bb Updated actions/cache toolkit dep to v3.0.4
See full diff in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-22 09:29:15 -03:00
dependabot[bot]
8b8da0d2d9
chore(deps): bump anchore/sbom-action from 0.11.0 to 0.12.0 (#3321) 
Bumps anchore/sbom-action from 0.11.0 to 0.12.0.

Release notes
Sourced from anchore/sbom-action's releases.

v0.12.0
Changes in v0.12.0

Update dependencies (#317) kzantow
Update Syft to v0.53.4 (#266) anchore-actions-token-generator
Expose upload-artifact and upload-release-assets inputs (#277) joshowen
Document the dependency-snapshot property (#297) kzantow




Commits

b5042e9 Update dependencies (#317)
ac5a533 Update Syft to v0.53.4 (#266)
0f0f981 Expose upload-artifact and upload-release-assets inputs (#277)
6fb484a Document the dependency-snapshot property (#297)
See full diff in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-19 09:11:54 -03:00
dependabot[bot]
2eb6f84f5c
chore(deps): bump actions/checkout from 3 to 3.0.2 (#3323) 
Bumps actions/checkout from 3 to 3.0.2.

Release notes
Sourced from actions/checkout's releases.

v3.0.2
What's Changed

Add set-safe-directory input to allow customers to take control. by @​TingluoHuang in actions/checkout#770
Prepare changelog for v3.0.2. by @​TingluoHuang in actions/checkout#777

Full Changelog: actions/checkout@v3...v3.0.2
v3.0.1

Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory
Bumped various npm package versions




Changelog
Sourced from actions/checkout's changelog.

Changelog
v3.0.2

Add input set-safe-directory

v3.0.1

Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory
Bumped various npm package versions

v3.0.0

Update to node 16

v2.3.1

Fix default branch resolution for .wiki and when using SSH

v2.3.0

Fallback to the default branch

v2.2.0

Fetch all history for all tags and branches when fetch-depth=0

v2.1.1

Changes to support GHES (here and here)

v2.1.0

Group output
Changes to support GHES alpha release
Persist core.sshCommand for submodules
Add support ssh
Convert submodule SSH URL to HTTPS, when not using SSH
Add submodule support
Follow proxy settings
Fix ref for pr closed event when a pr is merged
Fix issue checking detached when git less than 2.22

v2.0.0

Do not pass cred on command line
Add input persist-credentials
Fallback to REST API to download repo

v2 (beta)

Improved fetch performance



... (truncated)


Commits

See full diff in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2022-08-19 09:11:36 -03:00