go/goreleaser
go/goreleaser
1
0
Fork 0
mirror of https://github.com/goreleaser/goreleaser.git synced 2025-01-16 03:52:12 +02:00
Code Issues Releases Activity
5,975 Commits 10 Branches 558 Tags 42 MiB
0f87e6f9f7
Commit Graph

581 Commits

Author SHA1 Message Date
dependabot[bot]
0f87e6f9f7
chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13 (#5203) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.12 to 3.26.13.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.26.13 - 14 Oct 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.12 - 07 Oct 2024</h2>
<ul>
<li>
<p><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.14.5 and earlier. These versions of
CodeQL were discontinued on 24 September 2024 alongside GitHub
Enterprise Server 3.10, and will be unsupported by CodeQL Action
versions 3.27.0 and later and versions 2.27.0 and later. <a
href="https://redirect.github.com/github/codeql-action/pull/2520">#2520</a></p>
<ul>
<li>
<p>If you are using one of these versions, please update to CodeQL CLI
version 2.14.6 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</p>
</li>
<li>
<p>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.13.5 and 2.14.5, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.26.11</code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.26.11</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</p>
</li>
</ul>
</li>
</ul>
<h2>3.26.11 - 03 Oct 2024</h2>
<ul>
<li>
<p><em>Upcoming breaking change</em>: Add support for using
<code>actions/download-artifact@v4</code> to programmatically consume
CodeQL Action debug artifacts.</p>
<p>Starting November 30, 2024, GitHub.com customers will <a
href="https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/">no
longer be able to use <code>actions/download-artifact@v3</code></a>.
Therefore, to avoid breakage, customers who programmatically download
the CodeQL Action debug artifacts should set the
<code>CODEQL_ACTION_ARTIFACT_V4_UPGRADE</code> environment variable to
<code>true</code> and bump <code>actions/download-artifact@v3</code> to
<code>actions/download-artifact@v4</code> in their workflows. The CodeQL
Action will enable this behavior by default in early November and
workflows that have not yet bumped to
<code>actions/download-artifact@v3</code> to
<code>actions/download-artifact@v4</code> will begin failing then.</p>
<p>This change is currently unavailable for GitHub Enterprise Server
customers, as <code>actions/upload-artifact@v4</code> and
<code>actions/download-artifact@v4</code> are not yet compatible with
GHES.</p>
</li>
<li>
<p>Update default CodeQL bundle version to 2.19.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2519">#2519</a></p>
</li>
</ul>
<h2>3.26.10 - 30 Sep 2024</h2>
<ul>
<li>We are rolling out a feature in September/October 2024 that sets up
CodeQL using a bundle compressed with <a
href="http://facebook.github.io/zstd/">Zstandard</a>. Our aim is to
improve the performance of setting up CodeQL. <a
href="https://redirect.github.com/github/codeql-action/pull/2502">#2502</a></li>
</ul>
<h2>3.26.9 - 24 Sep 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.8 - 19 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.19.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2483">#2483</a></li>
</ul>
<h2>3.26.7 - 13 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2471">#2471</a></li>
</ul>
<h2>3.26.6 - 29 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2449">#2449</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f779452ac5"><code>f779452</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2539">#2539</a>
from github/update-v3.26.13-0c3e00641</li>
<li><a
href="532932479b"><code>5329324</code></a>
Update CHANGELOG.md</li>
<li><a
href="007ba25648"><code>007ba25</code></a>
Update changelog for v3.26.13</li>
<li><a
href="0c3e006416"><code>0c3e006</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2536">#2536</a>
from yoff/python/ff-std-lib-extraction</li>
<li><a
href="38469af228"><code>38469af</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2537">#2537</a>
from github/henrymercer/no-zstd-windows</li>
<li><a
href="5b6984ee4d"><code>5b6984e</code></a>
Assert that Windows downloads gzip</li>
<li><a
href="eefb943f7e"><code>eefb943</code></a>
Don't use Zstandard bundles on Windows</li>
<li><a
href="201e02efe2"><code>201e02e</code></a>
rebuild the action</li>
<li><a
href="ce5f900bfc"><code>ce5f900</code></a>
formatting</li>
<li><a
href="65dd816de1"><code>65dd816</code></a>
remove unused import</li>
<li>Additional commits viewable in <a
href="c36620d31a...f779452ac5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.26.12&new-version=3.26.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-15 12:58:55 -03:00
dependabot[bot]
617ad4a4ae
chore(deps): bump anchore/scan-action from 4 to 5 (#5198) 
Bumps [anchore/scan-action](https://github.com/anchore/scan-action) from
4 to 5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/scan-action/releases">anchore/scan-action's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>New in scan-action v5.0.0</h2>
<ul>
<li>chore(deps): update Grype to v0.82.0 (<a
href="https://redirect.github.com/anchore/scan-action/issues/383">#383</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
</ul>
<h2>🚀 Features</h2>
<ul>
<li>feat: short-lived grype-db cache (<a
href="https://redirect.github.com/anchore/scan-action/issues/348">#348</a>)
[<a href="https://github.com/kzantow">kzantow</a>]
Note: with this release grype is no longer installed on
<code>$PATH</code>. We suspect the changes here could break a number of
users of the action who have learned to expect Grype be installed on
<code>$PATH</code>.</li>
</ul>
<h2>v4.1.2</h2>
<h2>New in scan-action v4.1.2</h2>
<ul>
<li>Update Grype to v0.80.0 (<a
href="https://redirect.github.com/anchore/scan-action/issues/358">#358</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
</ul>
<h2>v4.1.1</h2>
<h2>New in scan-action v4.1.1</h2>
<ul>
<li>chore(deps): update Grype to v0.79.6 (<a
href="https://redirect.github.com/anchore/scan-action/issues/352">#352</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
<li>Document grype-version parameter (<a
href="https://redirect.github.com/anchore/scan-action/issues/319">#319</a>)
[<a href="https://github.com/vprivat-ads">vprivat-ads</a>]</li>
</ul>
<h2>v4.1.0</h2>
<h2>New in scan-action v4.1.0</h2>
<ul>
<li>chore(deps): update Grype to v0.79.3 (<a
href="https://redirect.github.com/anchore/scan-action/issues/341">#341</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4e08a16a68"><code>4e08a16</code></a>
chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (<a
href="https://redirect.github.com/anchore/scan-action/issues/386">#386</a>)</li>
<li><a
href="a18ff2d1f2"><code>a18ff2d</code></a>
add release docs (<a
href="https://redirect.github.com/anchore/scan-action/issues/388">#388</a>)</li>
<li><a
href="c6c022e588"><code>c6c022e</code></a>
chore: add changelog ignore (<a
href="https://redirect.github.com/anchore/scan-action/issues/387">#387</a>)</li>
<li><a
href="65953694f6"><code>6595369</code></a>
chore: remove blocking workflow (<a
href="https://redirect.github.com/anchore/scan-action/issues/385">#385</a>)</li>
<li><a
href="11237475cc"><code>1123747</code></a>
chore(deps-dev): bump eslint from 9.11.1 to 9.12.0 (<a
href="https://redirect.github.com/anchore/scan-action/issues/381">#381</a>)</li>
<li><a
href="99311beeba"><code>99311be</code></a>
chore: update sha to correct pin for workflow actions (<a
href="https://redirect.github.com/anchore/scan-action/issues/384">#384</a>)</li>
<li><a
href="2491ad68a9"><code>2491ad6</code></a>
chore(deps): update Grype to v0.82.0 (<a
href="https://redirect.github.com/anchore/scan-action/issues/383">#383</a>)</li>
<li><a
href="2a3918e906"><code>2a3918e</code></a>
chore: optionally cache grype-db in actions cache (<a
href="https://redirect.github.com/anchore/scan-action/issues/348">#348</a>)</li>
<li><a
href="a957c8db22"><code>a957c8d</code></a>
feat: update versions for actions (<a
href="https://redirect.github.com/anchore/scan-action/issues/380">#380</a>)</li>
<li><a
href="54efbc6a14"><code>54efbc6</code></a>
chore(deps-dev): bump tslib from 2.6.3 to 2.7.0 (<a
href="https://redirect.github.com/anchore/scan-action/issues/359">#359</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/anchore/scan-action/compare/v4...v5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/scan-action&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-14 09:23:42 -03:00
dependabot[bot]
70ae5bb236
chore(deps): bump anchore/sbom-action from 0.17.2 to 0.17.3 (#5199) 
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from
0.17.2 to 0.17.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.17.3</h2>
<h2>Changes in v0.17.3</h2>
<ul>
<li>chore(deps): update Syft to v1.14.0 (<a
href="https://redirect.github.com/anchore/sbom-action/issues/498">#498</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f5e124a5e5"><code>f5e124a</code></a>
chore(deps): bump peter-evans/create-pull-request from 6.1.0 to 7.0.5
(<a
href="https://redirect.github.com/anchore/sbom-action/issues/493">#493</a>)</li>
<li><a
href="eff08d02ac"><code>eff08d0</code></a>
chore: configure changelog-ignore label (<a
href="https://redirect.github.com/anchore/sbom-action/issues/499">#499</a>)</li>
<li><a
href="18f9bdeed7"><code>18f9bde</code></a>
chore: remove snapshot tests; fix deprecation errors for outdated
packages (#...</li>
<li><a
href="2e8723687b"><code>2e87236</code></a>
add release docs (<a
href="https://redirect.github.com/anchore/sbom-action/issues/500">#500</a>)</li>
<li><a
href="4a914bc36a"><code>4a914bc</code></a>
chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (<a
href="https://redirect.github.com/anchore/sbom-action/issues/497">#497</a>)</li>
<li><a
href="8cb9966eff"><code>8cb9966</code></a>
chore(deps): update Syft to v1.14.0 (<a
href="https://redirect.github.com/anchore/sbom-action/issues/498">#498</a>)</li>
<li><a
href="beb779bf22"><code>beb779b</code></a>
Update README to include bit about permissions near the top (<a
href="https://redirect.github.com/anchore/sbom-action/issues/496">#496</a>)</li>
<li><a
href="87b31375ff"><code>87b3137</code></a>
chore(deps): update Syft to v1.13.0 (<a
href="https://redirect.github.com/anchore/sbom-action/issues/488">#488</a>)</li>
<li><a
href="5cc1a40ded"><code>5cc1a40</code></a>
chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (<a
href="https://redirect.github.com/anchore/sbom-action/issues/495">#495</a>)</li>
<li><a
href="dbef896719"><code>dbef896</code></a>
add awaiting response management (<a
href="https://redirect.github.com/anchore/sbom-action/issues/494">#494</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/anchore/sbom-action/compare/v0.17.2...v0.17.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.17.2&new-version=0.17.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-14 09:23:32 -03:00
dependabot[bot]
8843f09b21
chore(deps): bump dagger/dagger-for-github from 6.12.0 to 6.13.0 (#5193) 
Bumps
[dagger/dagger-for-github](https://github.com/dagger/dagger-for-github)
from 6.12.0 to 6.13.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dagger/dagger-for-github/releases">dagger/dagger-for-github's
releases</a>.</em></p>
<blockquote>
<h2>v6.13.0</h2>
<h2>What's Changed</h2>
<ul>
<li>chore: bump default version to v0.13.5 by <a
href="https://github.com/sipsma"><code>@​sipsma</code></a> in <a
href="https://redirect.github.com/dagger/dagger-for-github/pull/152">dagger/dagger-for-github#152</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dagger/dagger-for-github/compare/v6...v6.13.0">https://github.com/dagger/dagger-for-github/compare/v6...v6.13.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6b6e9832f7"><code>6b6e983</code></a>
chore: bump default version to v0.13.5</li>
<li>See full diff in <a
href="https://github.com/dagger/dagger-for-github/compare/v6.12.0...v6.13.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dagger/dagger-for-github&package-manager=github_actions&previous-version=6.12.0&new-version=6.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-11 12:00:36 -03:00
dependabot[bot]
3a859db169
chore(deps): bump dagger/dagger-for-github from 6.11.0 to 6.12.0 (#5190) 
Bumps
[dagger/dagger-for-github](https://github.com/dagger/dagger-for-github)
from 6.11.0 to 6.12.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dagger/dagger-for-github/releases">dagger/dagger-for-github's
releases</a>.</em></p>
<blockquote>
<h2>v6.12.0</h2>
<h2>What's Changed</h2>
<ul>
<li>chore: bump default dagger version to v0.13.4 by <a
href="https://github.com/jedevc"><code>@​jedevc</code></a> in <a
href="https://redirect.github.com/dagger/dagger-for-github/pull/150">dagger/dagger-for-github#150</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dagger/dagger-for-github/compare/v6...v6.12.0">https://github.com/dagger/dagger-for-github/compare/v6...v6.12.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c697168041"><code>c697168</code></a>
chore: bump default dagger version to v0.13.4 (<a
href="https://redirect.github.com/dagger/dagger-for-github/issues/150">#150</a>)</li>
<li>See full diff in <a
href="https://github.com/dagger/dagger-for-github/compare/v6.11.0...v6.12.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dagger/dagger-for-github&package-manager=github_actions&previous-version=6.11.0&new-version=6.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-10 16:40:48 -03:00
dependabot[bot]
4871e768aa
chore(deps): bump actions/cache from 4.1.0 to 4.1.1 (#5189) 
Bumps [actions/cache](https://github.com/actions/cache) from 4.1.0 to
4.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Restore original behavior of <code>cache-hit</code> output by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1467">actions/cache#1467</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v4.1.0...v4.1.1">https://github.com/actions/cache/compare/v4.1.0...v4.1.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>4.1.1</h3>
<ul>
<li>Restore original behavior of <code>cache-hit</code> output - <a
href="https://redirect.github.com/actions/cache/pull/1467">#1467</a></li>
</ul>
<h3>4.1.0</h3>
<ul>
<li>Ensure <code>cache-hit</code> output is set when a cache is missed -
<a
href="https://redirect.github.com/actions/cache/pull/1404">#1404</a></li>
<li>Deprecate <code>save-always</code> input - <a
href="https://redirect.github.com/actions/cache/pull/1452">#1452</a></li>
</ul>
<h3>4.0.2</h3>
<ul>
<li>Fixed restore <code>fail-on-cache-miss</code> not working.</li>
</ul>
<h3>4.0.1</h3>
<ul>
<li>Updated <code>isGhes</code> check</li>
</ul>
<h3>4.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
20</li>
</ul>
<h3>3.3.3</h3>
<ul>
<li>Updates <code>@​actions/cache</code> to v3.2.3 to fix accidental
mutated path arguments to <code>getCacheVersion</code> <a
href="https://redirect.github.com/actions/toolkit/pull/1378">actions/toolkit#1378</a></li>
<li>Additional audit fixes of npm package(s)</li>
</ul>
<h3>3.3.2</h3>
<ul>
<li>Fixes bug with Azure SDK causing blob downloads to get stuck.</li>
</ul>
<h3>3.3.1</h3>
<ul>
<li>Reduced segment size to 128MB and segment timeout to 10 minutes to
fail fast in case the cache download is stuck.</li>
</ul>
<h3>3.3.0</h3>
<ul>
<li>Added option to lookup cache without downloading it.</li>
</ul>
<h3>3.2.6</h3>
<ul>
<li>Fix zstd not being used after zstd version upgrade to 1.5.4 on
hosted runners.</li>
</ul>
<h3>3.2.5</h3>
<ul>
<li>Added fix to prevent from setting MYSYS environment variable
globally.</li>
</ul>
<h3>3.2.4</h3>
<ul>
<li>Added option to fail job on cache miss.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3624ceb22c"><code>3624ceb</code></a>
Restore original behavior of <code>cache-hit</code> output (<a
href="https://redirect.github.com/actions/cache/issues/1467">#1467</a>)</li>
<li>See full diff in <a
href="2cdf405574...3624ceb22c">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=4.1.0&new-version=4.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-09 10:17:59 -03:00
dependabot[bot]
13f8857c20
chore(deps): bump github/codeql-action from 3.26.11 to 3.26.12 (#5188) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.11 to 3.26.12.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.26.12 - 07 Oct 2024</h2>
<ul>
<li>
<p><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.14.5 and earlier. These versions of
CodeQL were discontinued on 24 September 2024 alongside GitHub
Enterprise Server 3.10, and will be unsupported by CodeQL Action
versions 3.27.0 and later and versions 2.27.0 and later. <a
href="https://redirect.github.com/github/codeql-action/pull/2520">#2520</a></p>
<ul>
<li>
<p>If you are using one of these versions, please update to CodeQL CLI
version 2.14.6 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</p>
</li>
<li>
<p>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.13.5 and 2.14.5, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.26.11</code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.26.11</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</p>
</li>
</ul>
</li>
</ul>
<h2>3.26.11 - 03 Oct 2024</h2>
<ul>
<li>
<p><em>Upcoming breaking change</em>: Add support for using
<code>actions/download-artifact@v4</code> to programmatically consume
CodeQL Action debug artifacts.</p>
<p>Starting November 30, 2024, GitHub.com customers will <a
href="https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/">no
longer be able to use <code>actions/download-artifact@v3</code></a>.
Therefore, to avoid breakage, customers who programmatically download
the CodeQL Action debug artifacts should set the
<code>CODEQL_ACTION_ARTIFACT_V4_UPGRADE</code> environment variable to
<code>true</code> and bump <code>actions/download-artifact@v3</code> to
<code>actions/download-artifact@v4</code> in their workflows. The CodeQL
Action will enable this behavior by default in early November and
workflows that have not yet bumped to
<code>actions/download-artifact@v3</code> to
<code>actions/download-artifact@v4</code> will begin failing then.</p>
<p>This change is currently unavailable for GitHub Enterprise Server
customers, as <code>actions/upload-artifact@v4</code> and
<code>actions/download-artifact@v4</code> are not yet compatible with
GHES.</p>
</li>
<li>
<p>Update default CodeQL bundle version to 2.19.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2519">#2519</a></p>
</li>
</ul>
<h2>3.26.10 - 30 Sep 2024</h2>
<ul>
<li>We are rolling out a feature in September/October 2024 that sets up
CodeQL using a bundle compressed with <a
href="http://facebook.github.io/zstd/">Zstandard</a>. Our aim is to
improve the performance of setting up CodeQL. <a
href="https://redirect.github.com/github/codeql-action/pull/2502">#2502</a></li>
</ul>
<h2>3.26.9 - 24 Sep 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.8 - 19 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.19.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2483">#2483</a></li>
</ul>
<h2>3.26.7 - 13 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2471">#2471</a></li>
</ul>
<h2>3.26.6 - 29 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2449">#2449</a></li>
</ul>
<h2>3.26.5 - 23 Aug 2024</h2>
<ul>
<li>Fix an issue where the <code>csrutil</code> system call used for
telemetry would fail on MacOS ARM machines with System Integrity
Protection disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2441">#2441</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c36620d31a"><code>c36620d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2529">#2529</a>
from github/update-v3.26.12-c9a70ff45</li>
<li><a
href="570aecb95f"><code>570aecb</code></a>
Update changelog for v3.26.12</li>
<li><a
href="c9a70ff45f"><code>c9a70ff</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2526">#2526</a>
from github/henrymercer/check-zstd-on-path</li>
<li><a
href="d65a17605a"><code>d65a176</code></a>
Rebuild</li>
<li><a
href="bf2e624d0b"><code>bf2e624</code></a>
Update src/tar.ts</li>
<li><a
href="56d197570a"><code>56d1975</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2489">#2489</a>
from github/redsun82/rust</li>
<li><a
href="7cf65a5b2e"><code>7cf65a5</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2518">#2518</a>
from github/dependabot/npm_and_yarn/npm-88156698cd</li>
<li><a
href="8a56dd2e53"><code>8a56dd2</code></a>
Update to <code>@​actions/core</code> 1.11.1</li>
<li><a
href="1532671351"><code>1532671</code></a>
Update default bundle to 2.19.1 (<a
href="https://redirect.github.com/github/codeql-action/issues/2519">#2519</a>)</li>
<li><a
href="64871a860c"><code>64871a8</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.19.1</li>
<li>Additional commits viewable in <a
href="6db8d6351f...c36620d31a">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.26.11&new-version=3.26.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-08 09:01:13 -03:00
dependabot[bot]
ec2447f9af
chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#5187) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.0
to 4.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v4.2.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Jcambass"><code>@​Jcambass</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1919">actions/checkout#1919</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4.2.0...v4.2.1">https://github.com/actions/checkout/compare/v4.2.0...v4.2.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v4.2.1</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li>
</ul>
<h2>v4.2.0</h2>
<ul>
<li>Add Ref and Commit outputs by <a
href="https://github.com/lucacome"><code>@​lucacome</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li>
<li>Dependency updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>- <a
href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>,
<a
href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li>
</ul>
<h2>v4.1.7</h2>
<ul>
<li>Bump the minor-npm-dependencies group across 1 directory with 4
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li>
<li>Bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li>
<li>Check out other refs/* by commit by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li>
<li>Pin actions/checkout's own workflows to a known, good, stable
version. by <a href="https://github.com/jww3"><code>@​jww3</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li>
</ul>
<h2>v4.1.6</h2>
<ul>
<li>Check platform to set archive extension appropriately by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li>
</ul>
<h2>v4.1.5</h2>
<ul>
<li>Update NPM dependencies by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li>
<li>Bump github/codeql-action from 2 to 3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li>
<li>Bump actions/setup-node from 1 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li>
<li>Bump actions/upload-artifact from 2 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li>
<li>README: Suggest <code>user.email</code> to be
<code>41898282+github-actions[bot]@users.noreply.github.com</code> by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1707">actions/checkout#1707</a></li>
</ul>
<h2>v4.1.4</h2>
<ul>
<li>Disable <code>extensions.worktreeConfig</code> when disabling
<code>sparse-checkout</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1692">actions/checkout#1692</a></li>
<li>Add dependabot config by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1688">actions/checkout#1688</a></li>
<li>Bump the minor-actions-dependencies group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1693">actions/checkout#1693</a></li>
<li>Bump word-wrap from 1.2.3 to 1.2.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1643">actions/checkout#1643</a></li>
</ul>
<h2>v4.1.3</h2>
<ul>
<li>Check git version before attempting to disable
<code>sparse-checkout</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1656">actions/checkout#1656</a></li>
<li>Add SSH user parameter by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1685">actions/checkout#1685</a></li>
<li>Update <code>actions/checkout</code> version in
<code>update-main-version.yml</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1650">actions/checkout#1650</a></li>
</ul>
<h2>v4.1.2</h2>
<ul>
<li>Fix: Disable sparse checkout whenever <code>sparse-checkout</code>
option is not present <a
href="https://github.com/dscho"><code>@​dscho</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1598">actions/checkout#1598</a></li>
</ul>
<h2>v4.1.1</h2>
<ul>
<li>Correct link to GitHub Docs by <a
href="https://github.com/peterbe"><code>@​peterbe</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1511">actions/checkout#1511</a></li>
<li>Link to release page from what's new section by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1514">actions/checkout#1514</a></li>
</ul>
<h2>v4.1.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1396">Add
support for partial checkout filters</a></li>
</ul>
<h2>v4.0.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1067">Support
fetching without the --progress option</a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1436">Update to
node20</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="eef61447b9"><code>eef6144</code></a>
Prepare 4.2.1 release (<a
href="https://redirect.github.com/actions/checkout/issues/1925">#1925</a>)</li>
<li><a
href="6b42224f41"><code>6b42224</code></a>
Add workflow file for publishing releases to immutable action package
(<a
href="https://redirect.github.com/actions/checkout/issues/1919">#1919</a>)</li>
<li><a
href="de5a000abf"><code>de5a000</code></a>
Check out other refs/* by commit if provided, fall back to ref (<a
href="https://redirect.github.com/actions/checkout/issues/1924">#1924</a>)</li>
<li>See full diff in <a
href="d632683dd7...eef61447b9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=4.2.0&new-version=4.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-08 09:01:00 -03:00
dependabot[bot]
156f49522b
chore(deps): bump sigstore/cosign-installer from 3.6.0 to 3.7.0 (#5183) 2024-10-07 11:44:10 +00:00
dependabot[bot]
42185b6db0
chore(deps): bump actions/cache from 4.0.2 to 4.1.0 (#5184) 2024-10-07 11:34:56 +00:00
dependabot[bot]
10980311a5
chore(deps): bump cachix/install-nix-action from 29 to 30 (#5169) 
Bumps
[cachix/install-nix-action](https://github.com/cachix/install-nix-action)
from 29 to 30.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cachix/install-nix-action/releases">cachix/install-nix-action's
releases</a>.</em></p>
<blockquote>
<h2>v30</h2>
<ul>
<li>Nix: 2.24.7 -&gt; 2.24.9, fixing <a
href="https://github.com/NixOS/nix/security/advisories/GHSA-6fjr-mq49-mm2c">GHSA-6fjr-mq49-mm2c</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="08dcb3a5e6"><code>08dcb3a</code></a>
Merge pull request <a
href="https://redirect.github.com/cachix/install-nix-action/issues/217">#217</a>
from Enzime/bump</li>
<li><a
href="4204e15198"><code>4204e15</code></a>
nix: 2.24.8 -&gt; 2.24.9</li>
<li><a
href="6a10e2e9fd"><code>6a10e2e</code></a>
Merge pull request <a
href="https://redirect.github.com/cachix/install-nix-action/issues/216">#216</a>
from Mic92/nix-bump</li>
<li><a
href="2bb614e91a"><code>2bb614e</code></a>
Nix: 2.24.7 -&gt; 2.24.8</li>
<li>See full diff in <a
href="https://github.com/cachix/install-nix-action/compare/v29...v30">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cachix/install-nix-action&package-manager=github_actions&previous-version=29&new-version=30)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
Dependabot will merge this PR once CI passes on it, as requested by
@caarlos0.

[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-04 13:58:41 -03:00
dependabot[bot]
2841417574
chore(deps): bump docker/setup-buildx-action from 3.7.0 to 3.7.1 (#5170) 2024-10-04 14:52:54 +00:00
dependabot[bot]
e62db3c9ba
chore(deps): bump github/codeql-action from 3.26.9 to 3.26.11 (#5171) 2024-10-04 14:43:41 +00:00
dependabot[bot]
8f1f86a660
chore(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0 (#5163) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[codecov/codecov-action](https://github.com/codecov/codecov-action) from
4.5.0 to 4.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps): bump github/codeql-action from 3.25.8 to 3.25.10 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1481">codecov/codecov-action#1481</a></li>
<li>build(deps): bump actions/checkout from 4.1.6 to 4.1.7 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1480">codecov/codecov-action#1480</a></li>
<li>build(deps-dev): bump ts-jest from 29.1.4 to 29.1.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1479">codecov/codecov-action#1479</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
7.13.0 to 7.13.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1485">codecov/codecov-action#1485</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 7.13.0 to 7.13.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1484">codecov/codecov-action#1484</a></li>
<li>build(deps-dev): bump typescript from 5.4.5 to 5.5.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1490">codecov/codecov-action#1490</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
7.13.1 to 7.14.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1493">codecov/codecov-action#1493</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 7.13.1 to 7.14.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1492">codecov/codecov-action#1492</a></li>
<li>build(deps): bump github/codeql-action from 3.25.10 to 3.25.11 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1496">codecov/codecov-action#1496</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 7.14.1 to 7.15.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1501">codecov/codecov-action#1501</a></li>
<li>build(deps-dev): bump typescript from 5.5.2 to 5.5.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1500">codecov/codecov-action#1500</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
7.14.1 to 7.15.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1499">codecov/codecov-action#1499</a></li>
<li>build(deps): bump actions/upload-artifact from 4.3.3 to 4.3.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1502">codecov/codecov-action#1502</a></li>
<li>build(deps-dev): bump ts-jest from 29.1.5 to 29.2.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1504">codecov/codecov-action#1504</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 7.15.0 to 7.16.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1503">codecov/codecov-action#1503</a></li>
<li>build(deps-dev): bump ts-jest from 29.2.0 to 29.2.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1507">codecov/codecov-action#1507</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
7.15.0 to 7.16.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1505">codecov/codecov-action#1505</a></li>
<li>build(deps): bump github/codeql-action from 3.25.11 to 3.25.12 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1509">codecov/codecov-action#1509</a></li>
<li>chore(ci): restrict scorecards to codecov/codecov-action by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1512">codecov/codecov-action#1512</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 7.16.0 to 7.16.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1514">codecov/codecov-action#1514</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
7.16.0 to 7.16.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1513">codecov/codecov-action#1513</a></li>
<li>test: <code>versionInfo</code> by <a
href="https://github.com/marcobiedermann"><code>@​marcobiedermann</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1407">codecov/codecov-action#1407</a></li>
<li>build(deps-dev): bump ts-jest from 29.2.2 to 29.2.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1515">codecov/codecov-action#1515</a></li>
<li>build(deps): bump github/codeql-action from 3.25.12 to 3.25.13 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1516">codecov/codecov-action#1516</a></li>
<li>build(deps-dev): bump typescript from 5.5.3 to 5.5.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1521">codecov/codecov-action#1521</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
7.16.1 to 7.17.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1520">codecov/codecov-action#1520</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
7.17.0 to 7.18.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1528">codecov/codecov-action#1528</a></li>
<li>build(deps): bump github/codeql-action from 3.25.13 to 3.25.15 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1526">codecov/codecov-action#1526</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1525">codecov/codecov-action#1525</a></li>
<li>build(deps-dev): bump ts-jest from 29.2.3 to 29.2.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1532">codecov/codecov-action#1532</a></li>
<li>build(deps): bump actions/upload-artifact from 4.3.4 to 4.3.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1534">codecov/codecov-action#1534</a></li>
<li>build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1542">codecov/codecov-action#1542</a></li>
<li>build(deps): bump actions/upload-artifact from 4.3.5 to 4.3.6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1541">codecov/codecov-action#1541</a></li>
<li>ref: Tidy up types and remove string coercion by <a
href="https://github.com/nicholas-codecov"><code>@​nicholas-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1536">codecov/codecov-action#1536</a></li>
<li>build(deps-dev): bump <code>@​octokit/webhooks-types</code> from
3.77.1 to 7.5.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1545">codecov/codecov-action#1545</a></li>
<li>build(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1551">codecov/codecov-action#1551</a></li>
<li>feat: pass tokenless value as branch override by <a
href="https://github.com/joseph-sentry"><code>@​joseph-sentry</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1511">codecov/codecov-action#1511</a></li>
<li>build(deps): bump actions/upload-artifact from 4.3.6 to 4.4.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1563">codecov/codecov-action#1563</a></li>
<li>Create makefile.yml by <a
href="https://github.com/Hawthorne001"><code>@​Hawthorne001</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1555">codecov/codecov-action#1555</a></li>
<li>build(deps): bump github/codeql-action from 3.26.2 to 3.26.6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1562">codecov/codecov-action#1562</a></li>
<li>build(deps-dev): bump ts-jest from 29.2.4 to 29.2.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1557">codecov/codecov-action#1557</a></li>
<li>Spell <code>evenName</code> in the logs correctly by <a
href="https://github.com/webknjaz"><code>@​webknjaz</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1560">codecov/codecov-action#1560</a></li>
<li>build(deps-dev): bump typescript from 5.5.4 to 5.6.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1566">codecov/codecov-action#1566</a></li>
<li>build(deps-dev): bump <code>@​types/jest</code> from 29.5.12 to
29.5.13 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1567">codecov/codecov-action#1567</a></li>
<li>build(deps): bump github/codeql-action from 3.26.6 to 3.26.7 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1569">codecov/codecov-action#1569</a></li>
<li>build(deps-dev): bump eslint from 8.57.0 to 8.57.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1571">codecov/codecov-action#1571</a></li>
<li>build(deps): bump github/codeql-action from 3.26.7 to 3.26.8 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1575">codecov/codecov-action#1575</a></li>
<li>build(deps-dev): bump <code>@​vercel/ncc</code> from 0.38.1 to
0.38.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/1577">codecov/codecov-action#1577</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b9fd7d16f6"><code>b9fd7d1</code></a>
chore(release):4.6.0 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1587">#1587</a>)</li>
<li><a
href="6f7612c64d"><code>6f7612c</code></a>
fix: bump eslint parser deps (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1586">#1586</a>)</li>
<li><a
href="26c7e28d7e"><code>26c7e28</code></a>
build(deps): bump actions/checkout from 4.1.7 to 4.2.0 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1583">#1583</a>)</li>
<li><a
href="6f744f78de"><code>6f744f7</code></a>
build(deps): bump github/codeql-action from 3.26.8 to 3.26.9 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1584">#1584</a>)</li>
<li><a
href="543c3d42fc"><code>543c3d4</code></a>
chore: fix typo of OSS (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1578">#1578</a>)</li>
<li><a
href="e379426d37"><code>e379426</code></a>
build(deps-dev): bump <code>@​vercel/ncc</code> from 0.38.1 to 0.38.2
(<a
href="https://redirect.github.com/codecov/codecov-action/issues/1577">#1577</a>)</li>
<li><a
href="42656e4cb1"><code>42656e4</code></a>
build(deps): bump github/codeql-action from 3.26.7 to 3.26.8 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1575">#1575</a>)</li>
<li><a
href="2296b6ba9e"><code>2296b6b</code></a>
build(deps-dev): bump eslint from 8.57.0 to 8.57.1 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1571">#1571</a>)</li>
<li><a
href="bd77bc323c"><code>bd77bc3</code></a>
build(deps): bump github/codeql-action from 3.26.6 to 3.26.7 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/1569">#1569</a>)</li>
<li><a
href="180b964407"><code>180b964</code></a>
build(deps-dev): bump <code>@​types/jest</code> from 29.5.12 to 29.5.13
(<a
href="https://redirect.github.com/codecov/codecov-action/issues/1567">#1567</a>)</li>
<li>Additional commits viewable in <a
href="e28ff129e5...b9fd7d16f6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=4.5.0&new-version=4.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-03 14:38:28 -03:00
dependabot[bot]
747c11d833
chore(deps): bump docker/setup-buildx-action from 3.6.1 to 3.7.0 (#5165) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 3.6.1 to 3.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.7.0</h2>
<ul>
<li>Always set <code>buildkitd-flags</code> if opt-in by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/363">docker/setup-buildx-action#363</a></li>
<li>Remove <code>uuid</code> package and switch to <code>crypto</code>
by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a>
in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/366">docker/setup-buildx-action#366</a></li>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.35.0 to 0.39.0 in
<a
href="https://redirect.github.com/docker/setup-buildx-action/pull/362">docker/setup-buildx-action#362</a></li>
<li>Bump path-to-regexp from 6.2.2 to 6.3.0 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/354">docker/setup-buildx-action#354</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v3.6.1...v3.7.0">https://github.com/docker/setup-buildx-action/compare/v3.6.1...v3.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8026d2bc36"><code>8026d2b</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/362">#362</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="e51aab53e9"><code>e51aab5</code></a>
chore: update generated content</li>
<li><a
href="fd7390e14d"><code>fd7390e</code></a>
build(deps): bump <code>@​docker/actions-toolkit</code> from 0.35.0 to
0.39.0</li>
<li><a
href="910a304005"><code>910a304</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/366">#366</a>
from crazy-max/remove-uuid</li>
<li><a
href="3623ee443e"><code>3623ee4</code></a>
chore: update generated content</li>
<li><a
href="e0e5ecf670"><code>e0e5ecf</code></a>
remove uuid package and switch to crypto</li>
<li><a
href="5334dd0cdd"><code>5334dd0</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/363">#363</a>
from crazy-max/set-buildkitd-flags-optin</li>
<li><a
href="214bb6dac1"><code>214bb6d</code></a>
chore: update generated content</li>
<li><a
href="818c69a4ea"><code>818c69a</code></a>
always set buildkitd-flags if opt-in</li>
<li><a
href="b467d6aa7a"><code>b467d6a</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/354">#354</a>
from docker/dependabot/npm_and_yarn/path-to-regexp-6.3.0</li>
<li>Additional commits viewable in <a
href="988b5a0280...8026d2bc36">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=3.6.1&new-version=3.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-03 14:38:05 -03:00
dependabot[bot]
71e7a63ca1
chore(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 (#5166) 
Bumps
[golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action)
from 6.1.0 to 6.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golangci/golangci-lint-action/releases">golangci/golangci-lint-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.1.1</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<h3>Changes</h3>
<ul>
<li>fix: clean go install output by <a
href="https://github.com/ldez"><code>@​ldez</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1102">golangci/golangci-lint-action#1102</a></li>
</ul>
<h3>Documentation</h3>
<ul>
<li>docs: update README.md to use golangci-lint v1.60 by <a
href="https://github.com/dunglas"><code>@​dunglas</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1087">golangci/golangci-lint-action#1087</a></li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>build(deps-dev): bump the dev-dependencies group with 2 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1082">golangci/golangci-lint-action#1082</a></li>
<li>build(deps): bump <code>@​types/node</code> from 22.0.0 to 22.1.0 in
the dependencies group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1083">golangci/golangci-lint-action#1083</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 2 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1084">golangci/golangci-lint-action#1084</a></li>
<li>build(deps): bump <code>@​types/node</code> from 22.1.0 to 22.2.0 in
the dependencies group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1085">golangci/golangci-lint-action#1085</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 2 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1088">golangci/golangci-lint-action#1088</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 2 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1093">golangci/golangci-lint-action#1093</a></li>
<li>build(deps): bump the dependencies group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1089">golangci/golangci-lint-action#1089</a></li>
<li>build(deps): bump the dependencies group across 1 directory with 2
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1096">golangci/golangci-lint-action#1096</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 2 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1097">golangci/golangci-lint-action#1097</a></li>
<li>build(deps): bump <code>@​types/node</code> from 22.5.1 to 22.5.2 in
the dependencies group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1098">golangci/golangci-lint-action#1098</a></li>
<li>build(deps): bump <code>@​types/node</code> from 22.5.2 to 22.5.4 in
the dependencies group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1100">golangci/golangci-lint-action#1100</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 3 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1099">golangci/golangci-lint-action#1099</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 3 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1103">golangci/golangci-lint-action#1103</a></li>
<li>build(deps): bump <code>@​types/node</code> from 22.5.4 to 22.5.5 in
the dependencies group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1104">golangci/golangci-lint-action#1104</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 3 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1105">golangci/golangci-lint-action#1105</a></li>
<li>build(deps): bump <code>@​types/node</code> from 22.5.5 to 22.7.4 in
the dependencies group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1109">golangci/golangci-lint-action#1109</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 3 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1108">golangci/golangci-lint-action#1108</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/dunglas"><code>@​dunglas</code></a> made
their first contribution in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1087">golangci/golangci-lint-action#1087</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/golangci/golangci-lint-action/compare/v6.1.0...v6.1.1">https://github.com/golangci/golangci-lint-action/compare/v6.1.0...v6.1.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="971e284b60"><code>971e284</code></a>
build(deps-dev): bump the dev-dependencies group with 3 updates (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1108">#1108</a>)</li>
<li><a
href="bbe7eb52aa"><code>bbe7eb5</code></a>
build(deps): bump <code>@​types/node</code> from 22.5.5 to 22.7.4 in the
dependencies group...</li>
<li><a
href="ebae5cee81"><code>ebae5ce</code></a>
build(deps-dev): bump the dev-dependencies group with 3 updates (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1105">#1105</a>)</li>
<li><a
href="06c3f3a551"><code>06c3f3a</code></a>
build(deps): bump <code>@​types/node</code> from 22.5.4 to 22.5.5 in the
dependencies group...</li>
<li><a
href="56689d8f71"><code>56689d8</code></a>
build(deps-dev): bump the dev-dependencies group with 3 updates (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1103">#1103</a>)</li>
<li><a
href="c7bab6f874"><code>c7bab6f</code></a>
fix: clean go install output (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1102">#1102</a>)</li>
<li><a
href="33f56cc1ef"><code>33f56cc</code></a>
build(deps-dev): bump the dev-dependencies group with 3 updates (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1099">#1099</a>)</li>
<li><a
href="e9542245b2"><code>e954224</code></a>
build(deps): bump <code>@​types/node</code> from 22.5.2 to 22.5.4 in the
dependencies group...</li>
<li><a
href="68de804037"><code>68de804</code></a>
build(deps): bump <code>@​types/node</code> from 22.5.1 to 22.5.2 in the
dependencies group...</li>
<li><a
href="22a37566e1"><code>22a3756</code></a>
build(deps-dev): bump the dev-dependencies group with 2 updates (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1097">#1097</a>)</li>
<li>Additional commits viewable in <a
href="aaa42aa062...971e284b60">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=6.1.0&new-version=6.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-03 14:37:57 -03:00
dependabot[bot]
15d54735ab
chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#5158) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7
to 4.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v4.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add Ref and Commit outputs by <a
href="https://github.com/lucacome"><code>@​lucacome</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li>
<li>Dependabot updates in <a
href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>
&amp; <a
href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/yasonk"><code>@​yasonk</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1869">actions/checkout#1869</a></li>
<li><a href="https://github.com/lucacome"><code>@​lucacome</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4.1.7...v4.2.0">https://github.com/actions/checkout/compare/v4.1.7...v4.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v4.2.0</h2>
<ul>
<li>Add Ref and Commit outputs by <a
href="https://github.com/lucacome"><code>@​lucacome</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li>
<li>Dependency updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>- <a
href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>,
<a
href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li>
</ul>
<h2>v4.1.7</h2>
<ul>
<li>Bump the minor-npm-dependencies group across 1 directory with 4
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li>
<li>Bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li>
<li>Check out other refs/* by commit by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li>
<li>Pin actions/checkout's own workflows to a known, good, stable
version. by <a href="https://github.com/jww3"><code>@​jww3</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li>
</ul>
<h2>v4.1.6</h2>
<ul>
<li>Check platform to set archive extension appropriately by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li>
</ul>
<h2>v4.1.5</h2>
<ul>
<li>Update NPM dependencies by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li>
<li>Bump github/codeql-action from 2 to 3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li>
<li>Bump actions/setup-node from 1 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li>
<li>Bump actions/upload-artifact from 2 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li>
<li>README: Suggest <code>user.email</code> to be
<code>41898282+github-actions[bot]@users.noreply.github.com</code> by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1707">actions/checkout#1707</a></li>
</ul>
<h2>v4.1.4</h2>
<ul>
<li>Disable <code>extensions.worktreeConfig</code> when disabling
<code>sparse-checkout</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1692">actions/checkout#1692</a></li>
<li>Add dependabot config by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1688">actions/checkout#1688</a></li>
<li>Bump the minor-actions-dependencies group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1693">actions/checkout#1693</a></li>
<li>Bump word-wrap from 1.2.3 to 1.2.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1643">actions/checkout#1643</a></li>
</ul>
<h2>v4.1.3</h2>
<ul>
<li>Check git version before attempting to disable
<code>sparse-checkout</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1656">actions/checkout#1656</a></li>
<li>Add SSH user parameter by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1685">actions/checkout#1685</a></li>
<li>Update <code>actions/checkout</code> version in
<code>update-main-version.yml</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1650">actions/checkout#1650</a></li>
</ul>
<h2>v4.1.2</h2>
<ul>
<li>Fix: Disable sparse checkout whenever <code>sparse-checkout</code>
option is not present <a
href="https://github.com/dscho"><code>@​dscho</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1598">actions/checkout#1598</a></li>
</ul>
<h2>v4.1.1</h2>
<ul>
<li>Correct link to GitHub Docs by <a
href="https://github.com/peterbe"><code>@​peterbe</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1511">actions/checkout#1511</a></li>
<li>Link to release page from what's new section by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1514">actions/checkout#1514</a></li>
</ul>
<h2>v4.1.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1396">Add
support for partial checkout filters</a></li>
</ul>
<h2>v4.0.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1067">Support
fetching without the --progress option</a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1436">Update to
node20</a></li>
</ul>
<h2>v3.6.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1377">Fix: Mark
test scripts with Bash'isms to be run via Bash</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d632683dd7"><code>d632683</code></a>
Prepare 4.2.0 release (<a
href="https://redirect.github.com/actions/checkout/issues/1878">#1878</a>)</li>
<li><a
href="6d193bf280"><code>6d193bf</code></a>
Bump braces from 3.0.2 to 3.0.3 (<a
href="https://redirect.github.com/actions/checkout/issues/1777">#1777</a>)</li>
<li><a
href="db0cee9a51"><code>db0cee9</code></a>
Bump the minor-npm-dependencies group across 1 directory with 4 updates
(<a
href="https://redirect.github.com/actions/checkout/issues/1872">#1872</a>)</li>
<li><a
href="b684943689"><code>b684943</code></a>
Add Ref and Commit outputs (<a
href="https://redirect.github.com/actions/checkout/issues/1180">#1180</a>)</li>
<li><a
href="2d7d9f7ff5"><code>2d7d9f7</code></a>
Provide explanation for where user email came from (<a
href="https://redirect.github.com/actions/checkout/issues/1869">#1869</a>)</li>
<li><a
href="9a9194f871"><code>9a9194f</code></a>
Bump docker/build-push-action from 5.3.0 to 6.5.0 (<a
href="https://redirect.github.com/actions/checkout/issues/1832">#1832</a>)</li>
<li><a
href="dd960bd3c3"><code>dd960bd</code></a>
Bump docker/login-action in the minor-actions-dependencies group (<a
href="https://redirect.github.com/actions/checkout/issues/1831">#1831</a>)</li>
<li>See full diff in <a
href="692973e3d9...d632683dd7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=4.1.7&new-version=4.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
Dependabot will merge this PR once it's up-to-date and CI passes on it,
as requested by @caarlos0.

[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-27 10:33:30 -03:00
dependabot[bot]
962973441b
chore(deps): bump cachix/install-nix-action from V28 to 29 (#5160) 2024-09-27 13:22:51 +00:00
dependabot[bot]
c8cb976e1b
chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9 (#5156) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.8 to 3.26.9.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.26.9 - 24 Sep 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.8 - 19 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.19.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2483">#2483</a></li>
</ul>
<h2>3.26.7 - 13 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2471">#2471</a></li>
</ul>
<h2>3.26.6 - 29 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2449">#2449</a></li>
</ul>
<h2>3.26.5 - 23 Aug 2024</h2>
<ul>
<li>Fix an issue where the <code>csrutil</code> system call used for
telemetry would fail on MacOS ARM machines with System Integrity
Protection disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2441">#2441</a></li>
</ul>
<h2>3.26.4 - 21 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> The <code>add-snippets</code> input on the
<code>analyze</code> Action is deprecated and will be removed in the
first release in August 2025. <a
href="https://redirect.github.com/github/codeql-action/pull/2436">#2436</a></li>
<li>Fix an issue where the disk usage system call used for telemetry
would fail on MacOS ARM machines with System Integrity Protection
disabled, and then surface a warning. The system call is now disabled
for these machines. <a
href="https://redirect.github.com/github/codeql-action/pull/2434">#2434</a></li>
</ul>
<h2>3.26.3 - 19 Aug 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action could not write diagnostic
messages on Windows. This issue did not impact analysis quality. <a
href="https://redirect.github.com/github/codeql-action/pull/2430">#2430</a></li>
</ul>
<h2>3.26.2 - 14 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2417">#2417</a></li>
</ul>
<h2>3.26.1 - 13 Aug 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.0 - 06 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> Swift analysis on Ubuntu runner images is no
longer supported. Please migrate to a macOS runner if this affects you.
<a
href="https://redirect.github.com/github/codeql-action/pull/2403">#2403</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="461ef6c76d"><code>461ef6c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2503">#2503</a>
from github/update-v3.26.9-f861efb2b</li>
<li><a
href="00b1146c45"><code>00b1146</code></a>
Update changelog for v3.26.9</li>
<li><a
href="f861efb2b3"><code>f861efb</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2498">#2498</a>
from github/dependabot/npm_and_yarn/npm-9874b37b58</li>
<li><a
href="426821d803"><code>426821d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2485">#2485</a>
from github/dependabot/github_actions/actions-a88a8c...</li>
<li><a
href="07e8133971"><code>07e8133</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2501">#2501</a>
from github/henrymercer/missing-autobuild-config-error</li>
<li><a
href="e0a151e64e"><code>e0a151e</code></a>
Fix inconsistency in autobuild error tracking</li>
<li><a
href="6b0ce4e274"><code>6b0ce4e</code></a>
revert eslint-plugin-import to 2.29.1</li>
<li><a
href="07fd497921"><code>07fd497</code></a>
Merge branch 'main' into
dependabot/github_actions/actions-a88a8c5a24</li>
<li><a
href="2cddcb1990"><code>2cddcb1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2499">#2499</a>
from github/aeisenberg/no-upload-sarif</li>
<li><a
href="6225a95822"><code>6225a95</code></a>
Don't upload during cancelled jobs</li>
<li>Additional commits viewable in <a
href="294a9d9291...461ef6c76d">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.26.8&new-version=3.26.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-25 08:12:17 -03:00
dependabot[bot]
d456f7937b
chore(deps): bump dagger/dagger-for-github from 6.9.0 to 6.11.0 (#5150) 
Bumps
[dagger/dagger-for-github](https://github.com/dagger/dagger-for-github)
from 6.9.0 to 6.11.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dagger/dagger-for-github/releases">dagger/dagger-for-github's
releases</a>.</em></p>
<blockquote>
<h2>v6.11.0</h2>
<h2>What's Changed</h2>
<ul>
<li>bump to engine v0.13.3 by <a
href="https://github.com/vito"><code>@​vito</code></a> in <a
href="https://redirect.github.com/dagger/dagger-for-github/pull/149">dagger/dagger-for-github#149</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dagger/dagger-for-github/compare/v6.10.0...v6.11.0">https://github.com/dagger/dagger-for-github/compare/v6.10.0...v6.11.0</a></p>
<h2>v6.10.0</h2>
<h2>What's Changed</h2>
<ul>
<li>bump to engine v0.13.2 by <a
href="https://github.com/vito"><code>@​vito</code></a> in <a
href="https://redirect.github.com/dagger/dagger-for-github/pull/148">dagger/dagger-for-github#148</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dagger/dagger-for-github/compare/v6.9.0...v6.10.0">https://github.com/dagger/dagger-for-github/compare/v6.9.0...v6.10.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fc945fa66f"><code>fc945fa</code></a>
bump to engine v0.13.3 (<a
href="https://redirect.github.com/dagger/dagger-for-github/issues/149">#149</a>)</li>
<li><a
href="501b417bcf"><code>501b417</code></a>
bump to engine v0.13.2 (<a
href="https://redirect.github.com/dagger/dagger-for-github/issues/148">#148</a>)</li>
<li>See full diff in <a
href="https://github.com/dagger/dagger-for-github/compare/v6.9.0...v6.11.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dagger/dagger-for-github&package-manager=github_actions&previous-version=6.9.0&new-version=6.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-23 09:06:26 -03:00
dependabot[bot]
8428a1e481
chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8 (#5143) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.7 to 3.26.8.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.26.8 - 19 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.19.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2483">#2483</a></li>
</ul>
<h2>3.26.7 - 13 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2471">#2471</a></li>
</ul>
<h2>3.26.6 - 29 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2449">#2449</a></li>
</ul>
<h2>3.26.5 - 23 Aug 2024</h2>
<ul>
<li>Fix an issue where the <code>csrutil</code> system call used for
telemetry would fail on MacOS ARM machines with System Integrity
Protection disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2441">#2441</a></li>
</ul>
<h2>3.26.4 - 21 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> The <code>add-snippets</code> input on the
<code>analyze</code> Action is deprecated and will be removed in the
first release in August 2025. <a
href="https://redirect.github.com/github/codeql-action/pull/2436">#2436</a></li>
<li>Fix an issue where the disk usage system call used for telemetry
would fail on MacOS ARM machines with System Integrity Protection
disabled, and then surface a warning. The system call is now disabled
for these machines. <a
href="https://redirect.github.com/github/codeql-action/pull/2434">#2434</a></li>
</ul>
<h2>3.26.3 - 19 Aug 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action could not write diagnostic
messages on Windows. This issue did not impact analysis quality. <a
href="https://redirect.github.com/github/codeql-action/pull/2430">#2430</a></li>
</ul>
<h2>3.26.2 - 14 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2417">#2417</a></li>
</ul>
<h2>3.26.1 - 13 Aug 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.0 - 06 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> Swift analysis on Ubuntu runner images is no
longer supported. Please migrate to a macOS runner if this affects you.
<a
href="https://redirect.github.com/github/codeql-action/pull/2403">#2403</a></li>
<li>Bump the minimum CodeQL bundle version to 2.13.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2408">#2408</a></li>
</ul>
<h2>3.25.15 - 26 Jul 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="294a9d9291"><code>294a9d9</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2490">#2490</a>
from github/update-v3.26.8-64431c66d</li>
<li><a
href="00b3604ce7"><code>00b3604</code></a>
Update changelog for v3.26.8</li>
<li><a
href="64431c66d0"><code>64431c6</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2483">#2483</a>
from github/update-bundle/codeql-bundle-v2.19.0</li>
<li><a
href="e0e2d7557d"><code>e0e2d75</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.19.0</li>
<li><a
href="cb28816228"><code>cb28816</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2487">#2487</a>
from rvermeulen/rvermeulen/uri-errors-as-warnings</li>
<li><a
href="498c508900"><code>498c508</code></a>
Rebuild JavaScript files</li>
<li><a
href="a1a585f2ab"><code>a1a585f</code></a>
Merge branch 'main' into rvermeulen/uri-errors-as-warnings</li>
<li><a
href="34666c10b6"><code>34666c1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2488">#2488</a>
from github/henrymercer/debug-artifacts-better-logging</li>
<li><a
href="6e24973d7a"><code>6e24973</code></a>
Improve logging for combined SARIF debug artifact</li>
<li><a
href="d0a3cf2152"><code>d0a3cf2</code></a>
Improve logging for debug artifacts</li>
<li>Additional commits viewable in <a
href="8214744c54...294a9d9291">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.26.7&new-version=3.26.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-20 09:27:31 -03:00
dependabot[bot]
4021d4389f
chore(deps): bump dagger/dagger-for-github from 6.8.0 to 6.9.0 (#5144) 
Bumps
[dagger/dagger-for-github](https://github.com/dagger/dagger-for-github)
from 6.8.0 to 6.9.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dagger/dagger-for-github/releases">dagger/dagger-for-github's
releases</a>.</em></p>
<blockquote>
<h2>v6.9.0</h2>
<h2>What's Changed</h2>
<ul>
<li>bump dagger version to v0.13.1 by <a
href="https://github.com/sipsma"><code>@​sipsma</code></a> in <a
href="https://redirect.github.com/dagger/dagger-for-github/pull/147">dagger/dagger-for-github#147</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dagger/dagger-for-github/compare/v6...v6.9.0">https://github.com/dagger/dagger-for-github/compare/v6...v6.9.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b6bf6af9f4"><code>b6bf6af</code></a>
bump dagger version to v0.13.1 (<a
href="https://redirect.github.com/dagger/dagger-for-github/issues/147">#147</a>)</li>
<li>See full diff in <a
href="https://github.com/dagger/dagger-for-github/compare/v6.8.0...v6.9.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dagger/dagger-for-github&package-manager=github_actions&previous-version=6.8.0&new-version=6.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-20 09:27:26 -03:00
Kyle Penfound
d594cdd436
ci: daggerize test pipeline (#4969) 
## What is this?

This daggerizes the lint, test, and build pipelines for Goreleaser.

## Why?

For context, the previous pass at this can be found here
https://github.com/goreleaser/goreleaser/pull/4186 . Since that time,
the DX for using Dagger has been considerably improved.

The benefit this brings to the Goreleaser project is that the test
pipeline can be run locally the same as it is run in CI without
requiring contributors to configure additional tools in their developer
environments. Additionally, by codifying the test and build execution
environments, you no longer need to be concerned with changing or
outdated Github Actions runner environments.


## How?

As a contributor, you can simply clone/fork Goreleaser and run:


`dagger functions` to see which commands are available.

To lint local code:

`dagger call --source . lint`

To run tests against local code:

`dagger call --source . test output`

To run tests against local code and get the coverage report:

`dagger call --source . test coverage-report -o ./coverage.txt`

To run tests on the main branch on Github:

`dagger call --source=https://github.com/goreleaser/goreleaser test
output`

To run tests against a PR branch on Github:

`dagger call
--source=https://github.com/goreleaser/goreleaser#pull/4958/head test
output`

To run tests against a PR branch using the dagger pipeline committed to
the main branch, without checking out goreleaser:

`dagger -m github.com/goreleaser/goreleaser call
--source=https://github.com/goreleaser/goreleaser#pull/4958/head test
output`

And so on 😃 

## Also

In addition to the Dagger code, I've updated the build.yml workflow to
use the test pipeline and updated CONTRIBUTING.md with the command to
run tests with Dagger.
Note that I did not update the Taskfile.yml to avoid breaking anything
for contributors comfortable with their existing workflows.

Do you feel that this will benefit the Goreleaser project? Would you
like to see the Dagger functions doing more/less?

---------

Signed-off-by: kpenfound <kyle@dagger.io>
Signed-off-by: Lev Lazinskiy <lev@levlaz.org>
Signed-off-by: Lev Lazinskiy <lev@dagger.io>
Co-authored-by: Lev Lazinskiy <lev@levlaz.org>
Co-authored-by: Lev Lazinskiy <lev@dagger.io>
 2024-09-19 23:21:59 -03:00
dependabot[bot]
7d1063f07d
chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 (#5140) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.6 to 3.26.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.26.7 - 13 Sep 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2471">#2471</a></li>
</ul>
<h2>3.26.6 - 29 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2449">#2449</a></li>
</ul>
<h2>3.26.5 - 23 Aug 2024</h2>
<ul>
<li>Fix an issue where the <code>csrutil</code> system call used for
telemetry would fail on MacOS ARM machines with System Integrity
Protection disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2441">#2441</a></li>
</ul>
<h2>3.26.4 - 21 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> The <code>add-snippets</code> input on the
<code>analyze</code> Action is deprecated and will be removed in the
first release in August 2025. <a
href="https://redirect.github.com/github/codeql-action/pull/2436">#2436</a></li>
<li>Fix an issue where the disk usage system call used for telemetry
would fail on MacOS ARM machines with System Integrity Protection
disabled, and then surface a warning. The system call is now disabled
for these machines. <a
href="https://redirect.github.com/github/codeql-action/pull/2434">#2434</a></li>
</ul>
<h2>3.26.3 - 19 Aug 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action could not write diagnostic
messages on Windows. This issue did not impact analysis quality. <a
href="https://redirect.github.com/github/codeql-action/pull/2430">#2430</a></li>
</ul>
<h2>3.26.2 - 14 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2417">#2417</a></li>
</ul>
<h2>3.26.1 - 13 Aug 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.0 - 06 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> Swift analysis on Ubuntu runner images is no
longer supported. Please migrate to a macOS runner if this affects you.
<a
href="https://redirect.github.com/github/codeql-action/pull/2403">#2403</a></li>
<li>Bump the minimum CodeQL bundle version to 2.13.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2408">#2408</a></li>
</ul>
<h2>3.25.15 - 26 Jul 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2385">#2385</a></li>
</ul>
<h2>3.25.14 - 25 Jul 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8214744c54"><code>8214744</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2478">#2478</a>
from github/update-v3.26.7-4a01ec798</li>
<li><a
href="a3b3e07cec"><code>a3b3e07</code></a>
Update changelog for v3.26.7</li>
<li><a
href="4a01ec7986"><code>4a01ec7</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2474">#2474</a>
from github/aeisenberg/always-upload-eslint-sarif</li>
<li><a
href="762dbaeeb7"><code>762dbae</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2471">#2471</a>
from github/update-bundle/codeql-bundle-v2.18.4</li>
<li><a
href="0d0f998f28"><code>0d0f998</code></a>
Always upload eslint.sarif</li>
<li><a
href="e817992b3d"><code>e817992</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2469">#2469</a>
from github/aeisenberg/upload-eslint-sarif</li>
<li><a
href="49021ad7f5"><code>49021ad</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2472">#2472</a>
from rvermeulen/rvermeulen/update-release-branch-authz</li>
<li><a
href="56b8418884"><code>56b8418</code></a>
Ignore suppressed alerts</li>
<li><a
href="f824adbf9b"><code>f824adb</code></a>
Merge branch 'main' into rvermeulen/update-release-branch-authz</li>
<li><a
href="8d9ed0b40e"><code>8d9ed0b</code></a>
Add changelog note</li>
<li>Additional commits viewable in <a
href="4dd16135b6...8214744c54">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.26.6&new-version=3.26.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-16 08:49:38 -03:00
dependabot[bot]
c16bd53142
chore(deps): bump cachix/install-nix-action from V27 to 28 (#5135) 
Bumps
[cachix/install-nix-action](https://github.com/cachix/install-nix-action)
from V27 to 28. This release includes the previously tagged commit.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cachix/install-nix-action/releases">cachix/install-nix-action's
releases</a>.</em></p>
<blockquote>
<h2>v28</h2>
<p>Nix 2.24.6 - <a
href="https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493">https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3715ab1a11"><code>3715ab1</code></a>
bump channel</li>
<li><a
href="1872f1ff9d"><code>1872f1f</code></a>
Nix: 2.22.1 -&gt; 2.24.6</li>
<li><a
href="e268b7aa05"><code>e268b7a</code></a>
Merge pull request <a
href="https://redirect.github.com/cachix/install-nix-action/issues/213">#213</a>
from phaer/patch-1</li>
<li><a
href="5b8c65d4d7"><code>5b8c65d</code></a>
Update README: hardware accel is available now...</li>
<li><a
href="ba01fffc51"><code>ba01fff</code></a>
Merge pull request <a
href="https://redirect.github.com/cachix/install-nix-action/issues/210">#210</a>
from guoard/patch-1</li>
<li><a
href="474f0a77aa"><code>474f0a7</code></a>
docs(readme): update checkout action version</li>
<li><a
href="725982224c"><code>7259822</code></a>
readme: V27</li>
<li>See full diff in <a
href="https://github.com/cachix/install-nix-action/compare/V27...V28">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-13 13:25:10 -03:00
dependabot[bot]
00f237aa6e
chore(deps): bump github/codeql-action from 3.26.5 to 3.26.6 (#5108) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.5 to 3.26.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.26.6 - 29 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2449">#2449</a></li>
</ul>
<h2>3.26.5 - 23 Aug 2024</h2>
<ul>
<li>Fix an issue where the <code>csrutil</code> system call used for
telemetry would fail on MacOS ARM machines with System Integrity
Protection disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2441">#2441</a></li>
</ul>
<h2>3.26.4 - 21 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> The <code>add-snippets</code> input on the
<code>analyze</code> Action is deprecated and will be removed in the
first release in August 2025. <a
href="https://redirect.github.com/github/codeql-action/pull/2436">#2436</a></li>
<li>Fix an issue where the disk usage system call used for telemetry
would fail on MacOS ARM machines with System Integrity Protection
disabled, and then surface a warning. The system call is now disabled
for these machines. <a
href="https://redirect.github.com/github/codeql-action/pull/2434">#2434</a></li>
</ul>
<h2>3.26.3 - 19 Aug 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action could not write diagnostic
messages on Windows. This issue did not impact analysis quality. <a
href="https://redirect.github.com/github/codeql-action/pull/2430">#2430</a></li>
</ul>
<h2>3.26.2 - 14 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2417">#2417</a></li>
</ul>
<h2>3.26.1 - 13 Aug 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.0 - 06 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> Swift analysis on Ubuntu runner images is no
longer supported. Please migrate to a macOS runner if this affects you.
<a
href="https://redirect.github.com/github/codeql-action/pull/2403">#2403</a></li>
<li>Bump the minimum CodeQL bundle version to 2.13.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2408">#2408</a></li>
</ul>
<h2>3.25.15 - 26 Jul 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2385">#2385</a></li>
</ul>
<h2>3.25.14 - 25 Jul 2024</h2>
<ul>
<li>Experimental: add a new <code>start-proxy</code> action which starts
the same HTTP proxy as used by <a
href="https://github.com/github/dependabot-action"><code>github/dependabot-action</code></a>.
Do not use this in production as it is part of an internal experiment
and subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/2376">#2376</a></li>
</ul>
<h2>3.25.13 - 19 Jul 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4dd16135b6"><code>4dd1613</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2452">#2452</a>
from github/update-v3.26.6-7233ec5e6</li>
<li><a
href="dd9dd2d538"><code>dd9dd2d</code></a>
Update changelog for v3.26.6</li>
<li><a
href="7233ec5e6b"><code>7233ec5</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2449">#2449</a>
from github/update-bundle/codeql-bundle-v2.18.3</li>
<li><a
href="a32c44dba1"><code>a32c44d</code></a>
Add changelog note</li>
<li><a
href="2966897c67"><code>2966897</code></a>
Update default bundle to codeql-bundle-v2.18.3</li>
<li><a
href="b8efe4dc6a"><code>b8efe4d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2435">#2435</a>
from github/update-supported-enterprise-server-versions</li>
<li><a
href="ab408a875b"><code>ab408a8</code></a>
Merge branch 'main' into
update-supported-enterprise-server-versions</li>
<li><a
href="864b979bc3"><code>864b979</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2443">#2443</a>
from github/dbartol/config-file-telemetry</li>
<li><a
href="d36c7aaf6a"><code>d36c7aa</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2448">#2448</a>
from github/dependabot/npm_and_yarn/npm-09b7c43f6b</li>
<li><a
href="b3bf514df4"><code>b3bf514</code></a>
Update checked-in dependencies</li>
<li>Additional commits viewable in <a
href="2c779ab0d0...4dd16135b6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.26.5&new-version=3.26.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-30 17:03:52 -03:00
dependabot[bot]
35c9bdb587
chore(deps): bump github/codeql-action from 3.26.4 to 3.26.5 (#5100) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.4 to 3.26.5.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.26.5 - 23 Aug 2024</h2>
<ul>
<li>Fix an issue where the <code>csrutil</code> system call used for
telemetry would fail on MacOS ARM machines with System Integrity
Protection disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2441">#2441</a></li>
</ul>
<h2>3.26.4 - 21 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> The <code>add-snippets</code> input on the
<code>analyze</code> Action is deprecated and will be removed in the
first release in August 2025. <a
href="https://redirect.github.com/github/codeql-action/pull/2436">#2436</a></li>
<li>Fix an issue where the disk usage system call used for telemetry
would fail on MacOS ARM machines with System Integrity Protection
disabled, and then surface a warning. The system call is now disabled
for these machines. <a
href="https://redirect.github.com/github/codeql-action/pull/2434">#2434</a></li>
</ul>
<h2>3.26.3 - 19 Aug 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action could not write diagnostic
messages on Windows. This issue did not impact analysis quality. <a
href="https://redirect.github.com/github/codeql-action/pull/2430">#2430</a></li>
</ul>
<h2>3.26.2 - 14 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2417">#2417</a></li>
</ul>
<h2>3.26.1 - 13 Aug 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.0 - 06 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> Swift analysis on Ubuntu runner images is no
longer supported. Please migrate to a macOS runner if this affects you.
<a
href="https://redirect.github.com/github/codeql-action/pull/2403">#2403</a></li>
<li>Bump the minimum CodeQL bundle version to 2.13.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2408">#2408</a></li>
</ul>
<h2>3.25.15 - 26 Jul 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2385">#2385</a></li>
</ul>
<h2>3.25.14 - 25 Jul 2024</h2>
<ul>
<li>Experimental: add a new <code>start-proxy</code> action which starts
the same HTTP proxy as used by <a
href="https://github.com/github/dependabot-action"><code>github/dependabot-action</code></a>.
Do not use this in production as it is part of an internal experiment
and subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/2376">#2376</a></li>
</ul>
<h2>3.25.13 - 19 Jul 2024</h2>
<ul>
<li>Add <code>codeql-version</code> to outputs. <a
href="https://redirect.github.com/github/codeql-action/pull/2368">#2368</a></li>
<li>Add a deprecation warning for customers using CodeQL version 2.13.4
and earlier. These versions of CodeQL were discontinued on 9 July 2024
alongside GitHub Enterprise Server 3.9, and will be unsupported by
CodeQL Action versions 3.26.0 and later and versions 2.26.0 and later.
<a
href="https://redirect.github.com/github/codeql-action/pull/2375">#2375</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI
version 2.13.5 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.12.6 and 2.13.4, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.25.13</code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.25.13</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2c779ab0d0"><code>2c779ab</code></a>
Merge main into releases/v3 (<a
href="https://redirect.github.com/github/codeql-action/issues/2444">#2444</a>)</li>
<li><a
href="68cd1f9de3"><code>68cd1f9</code></a>
Update changelog for v3.26.5</li>
<li><a
href="7e27807413"><code>7e27807</code></a>
Only run check SIP enablement once in <code>init</code> step (<a
href="https://redirect.github.com/github/codeql-action/issues/2441">#2441</a>)</li>
<li><a
href="fd5fa130e2"><code>fd5fa13</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2438">#2438</a>
from github/mergeback/v3.26.4-to-main-f0f3afee</li>
<li><a
href="6f10eb0e36"><code>6f10eb0</code></a>
Update checked-in dependencies</li>
<li><a
href="b15a247a6c"><code>b15a247</code></a>
Update changelog and version after v3.26.4</li>
<li>See full diff in <a
href="f0f3afee80...2c779ab0d0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.26.4&new-version=3.26.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-26 09:20:36 -03:00
dependabot[bot]
9ac2794aa3
chore(deps): bump github/codeql-action from 3.26.3 to 3.26.4 (#5097) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.3 to 3.26.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.26.4 - 21 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> The <code>add-snippets</code> input on the
<code>analyze</code> Action is deprecated and will be removed in the
first release in August 2025. <a
href="https://redirect.github.com/github/codeql-action/pull/2436">#2436</a></li>
<li>Fix an issue where the disk usage system call used for telemetry
would fail on MacOS ARM machines with System Integrity Protection
disabled, and then surface a warning. The system call is now disabled
for these machines. <a
href="https://redirect.github.com/github/codeql-action/pull/2434">#2434</a></li>
</ul>
<h2>3.26.3 - 19 Aug 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action could not write diagnostic
messages on Windows. This issue did not impact analysis quality. <a
href="https://redirect.github.com/github/codeql-action/pull/2430">#2430</a></li>
</ul>
<h2>3.26.2 - 14 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2417">#2417</a></li>
</ul>
<h2>3.26.1 - 13 Aug 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.0 - 06 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> Swift analysis on Ubuntu runner images is no
longer supported. Please migrate to a macOS runner if this affects you.
<a
href="https://redirect.github.com/github/codeql-action/pull/2403">#2403</a></li>
<li>Bump the minimum CodeQL bundle version to 2.13.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2408">#2408</a></li>
</ul>
<h2>3.25.15 - 26 Jul 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2385">#2385</a></li>
</ul>
<h2>3.25.14 - 25 Jul 2024</h2>
<ul>
<li>Experimental: add a new <code>start-proxy</code> action which starts
the same HTTP proxy as used by <a
href="https://github.com/github/dependabot-action"><code>github/dependabot-action</code></a>.
Do not use this in production as it is part of an internal experiment
and subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/2376">#2376</a></li>
</ul>
<h2>3.25.13 - 19 Jul 2024</h2>
<ul>
<li>Add <code>codeql-version</code> to outputs. <a
href="https://redirect.github.com/github/codeql-action/pull/2368">#2368</a></li>
<li>Add a deprecation warning for customers using CodeQL version 2.13.4
and earlier. These versions of CodeQL were discontinued on 9 July 2024
alongside GitHub Enterprise Server 3.9, and will be unsupported by
CodeQL Action versions 3.26.0 and later and versions 2.26.0 and later.
<a
href="https://redirect.github.com/github/codeql-action/pull/2375">#2375</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI
version 2.13.5 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.12.6 and 2.13.4, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.25.13</code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.25.13</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</li>
</ul>
</li>
</ul>
<h2>3.25.12 - 12 Jul 2024</h2>
<ul>
<li>Improve the reliability and performance of analyzing code when
analyzing a compiled language with the <code>autobuild</code> <a
href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes">build
mode</a> on GitHub Enterprise Server. This feature is already available
to GitHub.com users. <a
href="https://redirect.github.com/github/codeql-action/pull/2353">#2353</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f0f3afee80"><code>f0f3afe</code></a>
Merge main into releases/v3 (<a
href="https://redirect.github.com/github/codeql-action/issues/2437">#2437</a>)</li>
<li><a
href="e3543591a5"><code>e354359</code></a>
Update changelog for v3.26.4</li>
<li><a
href="ae01f807ca"><code>ae01f80</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2436">#2436</a>
from rvermeulen/rvermeulen/deprecate-add-snippets</li>
<li><a
href="72bc3f7f61"><code>72bc3f7</code></a>
Address incorrect changelog location</li>
<li><a
href="7388c476ae"><code>7388c47</code></a>
Merge branch 'main' into rvermeulen/deprecate-add-snippets</li>
<li><a
href="d7c48ef5a8"><code>d7c48ef</code></a>
Add link to PR deprecating <code>add-snippets</code> to
CHANGELOG.md</li>
<li><a
href="ec21b8f8a4"><code>ec21b8f</code></a>
Update changelog with deprecation.</li>
<li><a
href="4067cdab78"><code>4067cda</code></a>
Add deprecation message to <code>add-snippets</code> input.</li>
<li><a
href="202b3b97bf"><code>202b3b9</code></a>
Stop checking disk usage for MacOS ARM with SIP disabled (<a
href="https://redirect.github.com/github/codeql-action/issues/2434">#2434</a>)</li>
<li><a
href="512e3066dd"><code>512e306</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2404">#2404</a>
from github/marcogario/proxy_64</li>
<li>Additional commits viewable in <a
href="883d8588e5...f0f3afee80">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.26.3&new-version=3.26.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-23 11:05:42 -03:00
dependabot[bot]
23cd3352f7
chore(deps): bump anchore/sbom-action from 0.17.1 to 0.17.2 (#5098) 
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from
0.17.1 to 0.17.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.17.2</h2>
<h2>Changes in v0.17.2</h2>
<ul>
<li>Update Syft to v1.11.1 (<a
href="https://redirect.github.com/anchore/sbom-action/issues/485">#485</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="61119d458a"><code>61119d4</code></a>
chore(deps): update Syft to v1.11.1 (<a
href="https://redirect.github.com/anchore/sbom-action/issues/485">#485</a>)</li>
<li>See full diff in <a
href="https://github.com/anchore/sbom-action/compare/v0.17.1...v0.17.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.17.1&new-version=0.17.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-23 11:05:33 -03:00
dependabot[bot]
3e6d825c80
chore(deps): bump github/codeql-action from 3.26.2 to 3.26.3 (#5094) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.2 to 3.26.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.26.3 - 19 Aug 2024</h2>
<ul>
<li>Fix an issue where the CodeQL Action could not write diagnostic
messages on Windows. This issue did not impact analysis quality. <a
href="https://redirect.github.com/github/codeql-action/pull/2430">#2430</a></li>
</ul>
<h2>3.26.2 - 14 Aug 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2417">#2417</a></li>
</ul>
<h2>3.26.1 - 13 Aug 2024</h2>
<p>No user facing changes.</p>
<h2>3.26.0 - 06 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> Swift analysis on Ubuntu runner images is no
longer supported. Please migrate to a macOS runner if this affects you.
<a
href="https://redirect.github.com/github/codeql-action/pull/2403">#2403</a></li>
<li>Bump the minimum CodeQL bundle version to 2.13.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2408">#2408</a></li>
</ul>
<h2>3.25.15 - 26 Jul 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2385">#2385</a></li>
</ul>
<h2>3.25.14 - 25 Jul 2024</h2>
<ul>
<li>Experimental: add a new <code>start-proxy</code> action which starts
the same HTTP proxy as used by <a
href="https://github.com/github/dependabot-action"><code>github/dependabot-action</code></a>.
Do not use this in production as it is part of an internal experiment
and subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/2376">#2376</a></li>
</ul>
<h2>3.25.13 - 19 Jul 2024</h2>
<ul>
<li>Add <code>codeql-version</code> to outputs. <a
href="https://redirect.github.com/github/codeql-action/pull/2368">#2368</a></li>
<li>Add a deprecation warning for customers using CodeQL version 2.13.4
and earlier. These versions of CodeQL were discontinued on 9 July 2024
alongside GitHub Enterprise Server 3.9, and will be unsupported by
CodeQL Action versions 3.26.0 and later and versions 2.26.0 and later.
<a
href="https://redirect.github.com/github/codeql-action/pull/2375">#2375</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI
version 2.13.5 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.12.6 and 2.13.4, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.25.13</code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.25.13</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</li>
</ul>
</li>
</ul>
<h2>3.25.12 - 12 Jul 2024</h2>
<ul>
<li>Improve the reliability and performance of analyzing code when
analyzing a compiled language with the <code>autobuild</code> <a
href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes">build
mode</a> on GitHub Enterprise Server. This feature is already available
to GitHub.com users. <a
href="https://redirect.github.com/github/codeql-action/pull/2353">#2353</a></li>
<li>Update default CodeQL bundle version to 2.18.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2364">#2364</a></li>
</ul>
<h2>3.25.11 - 28 Jun 2024</h2>
<ul>
<li>Avoid failing the workflow run if there is an error while uploading
debug artifacts. <a
href="https://redirect.github.com/github/codeql-action/pull/2349">#2349</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="883d8588e5"><code>883d858</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2431">#2431</a>
from github/update-v3.26.3-b187c86ce</li>
<li><a
href="e100cebbec"><code>e100ceb</code></a>
Update changelog for v3.26.3</li>
<li><a
href="b187c86ce5"><code>b187c86</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2430">#2430</a>
from github/henrymercer/windows-diagnostics-fix</li>
<li><a
href="e2bb5a2777"><code>e2bb5a2</code></a>
Add changelog note</li>
<li><a
href="e5a65875f9"><code>e5a6587</code></a>
Fix writing diagnostics on Windows</li>
<li><a
href="5c681efc3f"><code>5c681ef</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2426">#2426</a>
from github/mergeback/v3.26.2-to-main-429e1977</li>
<li><a
href="676519a882"><code>676519a</code></a>
Update checked-in dependencies</li>
<li><a
href="25a5b8f08c"><code>25a5b8f</code></a>
Update changelog and version after v3.26.2</li>
<li>See full diff in <a
href="429e197704...883d8588e5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.26.2&new-version=3.26.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-20 08:38:35 -03:00
Carlos Alexandro Becker
d3be3b085d
build: update golangci-lint 2024-08-18 16:04:37 -03:00
Carlos Alexandro Becker
64e8ff1716
chore: issue template config 2024-08-15 15:36:18 -03:00
dependabot[bot]
a1b88757b3
chore(deps): bump github/codeql-action from 3.26.1 to 3.26.2 (#5081) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.1 to 3.26.2.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="429e197704"><code>429e197</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2425">#2425</a>
from github/update-v3.26.2-a93f8c2fd</li>
<li><a
href="9eec338902"><code>9eec338</code></a>
Update changelog for v3.26.2</li>
<li><a
href="a93f8c2fd1"><code>a93f8c2</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2423">#2423</a>
from github/mergeback/v3.26.1-to-main-29d86d22</li>
<li><a
href="af1f2e89e3"><code>af1f2e8</code></a>
Address incorrect CHANGELOG.md</li>
<li><a
href="2bc3b8381e"><code>2bc3b83</code></a>
Update checked-in dependencies</li>
<li><a
href="dd9700c166"><code>dd9700c</code></a>
Reapply &quot;Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2417">#2417</a>
from github/update-bundle/codeql-bundle-v2....</li>
<li><a
href="ece28a826b"><code>ece28a8</code></a>
Update changelog and version after v3.26.1</li>
<li>See full diff in <a
href="29d86d22a3...429e197704">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.26.1&new-version=3.26.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
Dependabot will merge this PR once CI passes on it, as requested by
@caarlos0.

[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-15 10:31:01 -03:00
dependabot[bot]
58838fd1d3
chore(deps): bump github/codeql-action from 3.26.0 to 3.26.1 (#5077) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.26.0 to 3.26.1.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="29d86d22a3"><code>29d86d2</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2422">#2422</a>
from github/update-v3.26.1-0d5982aa3</li>
<li><a
href="5b15b9edeb"><code>5b15b9e</code></a>
Revert &quot;Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2417">#2417</a>
from github/update-bundle/codeql-bundle-v2.1...</li>
<li><a
href="18ac79e766"><code>18ac79e</code></a>
Update changelog for v3.26.1</li>
<li><a
href="0d5982aa33"><code>0d5982a</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2416">#2416</a>
from github/henrymercer/ghes-3.14-compat-info</li>
<li><a
href="da9ecb0f40"><code>da9ecb0</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2421">#2421</a>
from github/henrymercer/log-job-run-uuid</li>
<li><a
href="c4c3c4421f"><code>c4c3c44</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2417">#2417</a>
from github/update-bundle/codeql-bundle-v2.18.2</li>
<li><a
href="41833c77c6"><code>41833c7</code></a>
Log job run UUID</li>
<li><a
href="d620faa0b4"><code>d620faa</code></a>
Bump the npm group with 4 updates (<a
href="https://redirect.github.com/github/codeql-action/issues/2419">#2419</a>)</li>
<li><a
href="25ad3c8e40"><code>25ad3c8</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2418">#2418</a>
from github/henrymercer/extraction-time-telemetry</li>
<li><a
href="44ecae4896"><code>44ecae4</code></a>
Fix matrixing of &quot;submit SARIF after failure&quot; check</li>
<li>Additional commits viewable in <a
href="eb055d739a...29d86d22a3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.26.0&new-version=3.26.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-14 09:44:02 -03:00
dependabot[bot]
1fc1a45e9e
chore(deps): bump anchore/sbom-action from 0.17.0 to 0.17.1 (#5078) 
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from
0.17.0 to 0.17.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.17.1</h2>
<h2>Changes in v0.17.1</h2>
<ul>
<li>chore(deps): update Syft to v1.11.0 (<a
href="https://redirect.github.com/anchore/sbom-action/issues/483">#483</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ab9d16d4b4"><code>ab9d16d</code></a>
chore(deps): update Syft to v1.11.0 (<a
href="https://redirect.github.com/anchore/sbom-action/issues/483">#483</a>)</li>
<li><a
href="fe5e7c313d"><code>fe5e7c3</code></a>
doc: Updates for the Slack to Discourse migration (<a
href="https://redirect.github.com/anchore/sbom-action/issues/484">#484</a>)</li>
<li><a
href="f2d02cbcc3"><code>f2d02cb</code></a>
chore: Create issue template (<a
href="https://redirect.github.com/anchore/sbom-action/issues/481">#481</a>)</li>
<li><a
href="ca15f999af"><code>ca15f99</code></a>
docs: CODE_OF_CONDUCT.md (<a
href="https://redirect.github.com/anchore/sbom-action/issues/480">#480</a>)</li>
<li>See full diff in <a
href="https://github.com/anchore/sbom-action/compare/v0.17.0...v0.17.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.17.0&new-version=0.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-14 09:43:45 -03:00
dependabot[bot]
76d3047763
chore(deps): bump dependabot/fetch-metadata from 1.6.0 to 2.2.0 (#5072) 
Bumps
[dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata)
from 1.6.0 to 2.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dependabot/fetch-metadata/releases">dependabot/fetch-metadata's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump actions/create-github-app-token from 1.9.0 to 1.10.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/523">dependabot/fetch-metadata#523</a></li>
<li>Bump actions/create-github-app-token from 1.10.0 to 1.10.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/534">dependabot/fetch-metadata#534</a></li>
<li>Bump braces from 3.0.2 to 3.0.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/532">dependabot/fetch-metadata#532</a></li>
<li>v2.2.0 by <a
href="https://github.com/fetch-metadata-action-automation"><code>@​fetch-metadata-action-automation</code></a>
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/520">dependabot/fetch-metadata#520</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dependabot/fetch-metadata/compare/v2...v2.2.0">https://github.com/dependabot/fetch-metadata/compare/v2...v2.2.0</a></p>
<h2>v2.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Relax <code>engine-strict=true</code> by <a
href="https://github.com/jeffwidman"><code>@​jeffwidman</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/510">dependabot/fetch-metadata#510</a></li>
<li>Handle branch names containing hyphen separators by <a
href="https://github.com/tspencer244"><code>@​tspencer244</code></a> in
<a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/450">dependabot/fetch-metadata#450</a></li>
<li>Switch to monthly release cadence by <a
href="https://github.com/jeffwidman"><code>@​jeffwidman</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/509">dependabot/fetch-metadata#509</a></li>
<li>v2.1.0 by <a
href="https://github.com/fetch-metadata-action-automation"><code>@​fetch-metadata-action-automation</code></a>
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/518">dependabot/fetch-metadata#518</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/tspencer244"><code>@​tspencer244</code></a>
made their first contribution in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/450">dependabot/fetch-metadata#450</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dependabot/fetch-metadata/compare/v2.0.0...v2.1.0">https://github.com/dependabot/fetch-metadata/compare/v2.0.0...v2.1.0</a></p>
<h2>v2.0.0 - Switch to <code>node20</code></h2>
<h2>What's Changed</h2>
<ul>
<li>Upgrade from node16 to node20 by <a
href="https://github.com/Nishnha"><code>@​Nishnha</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/443">dependabot/fetch-metadata#443</a>
👈 this is a potentially breaking change for some workflows</li>
<li><code>v2</code> is the new tracking tag by <a
href="https://github.com/jeffwidman"><code>@​jeffwidman</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/506">dependabot/fetch-metadata#506</a></li>
<li>v2.0.0 by <a
href="https://github.com/fetch-metadata-action-automation"><code>@​fetch-metadata-action-automation</code></a>
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/508">dependabot/fetch-metadata#508</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dependabot/fetch-metadata/compare/v1.7.0...v2.0.0">https://github.com/dependabot/fetch-metadata/compare/v1.7.0...v2.0.0</a></p>
<h2>v1.7.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump dotenv from 16.0.3 to 16.3.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/404">dependabot/fetch-metadata#404</a></li>
<li>Bump <code>@​types/node</code> from 20.2.3 to 20.3.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/407">dependabot/fetch-metadata#407</a></li>
<li>Bump the eslint-dependencies group with 4 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/409">dependabot/fetch-metadata#409</a></li>
<li>Update dependabot.yml by <a
href="https://github.com/bdragon"><code>@​bdragon</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/410">dependabot/fetch-metadata#410</a></li>
<li>Bump <code>@​types/node</code> from 20.3.3 to 20.4.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/411">dependabot/fetch-metadata#411</a></li>
<li>Bump yaml from 2.2.1 to 2.3.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/390">dependabot/fetch-metadata#390</a></li>
<li>Bump tough-cookie from 4.0.0 to 4.1.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/412">dependabot/fetch-metadata#412</a></li>
<li>Bump <code>@​types/node</code> from 20.4.0 to 20.4.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/413">dependabot/fetch-metadata#413</a></li>
<li>Generate Dependabot PRs on Sundays weekly by <a
href="https://github.com/abdulapopoola"><code>@​abdulapopoola</code></a>
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/417">dependabot/fetch-metadata#417</a></li>
<li>Aggressively group prod and dev dependencies for NPM by <a
href="https://github.com/abdulapopoola"><code>@​abdulapopoola</code></a>
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/420">dependabot/fetch-metadata#420</a></li>
<li>Update .nvmrc to latest node 16 LTS version by <a
href="https://github.com/abdulapopoola"><code>@​abdulapopoola</code></a>
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/422">dependabot/fetch-metadata#422</a></li>
<li>Bump the dev-dependencies group with 9 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/421">dependabot/fetch-metadata#421</a></li>
<li>Bump the dev-dependencies group with 1 update by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/423">dependabot/fetch-metadata#423</a></li>
<li>Check for uncommitted files beyond the <code>diff</code> directory
by <a href="https://github.com/jeffwidman"><code>@​jeffwidman</code></a>
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/278">dependabot/fetch-metadata#278</a></li>
<li>Bump the dev-dependencies group with 6 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/424">dependabot/fetch-metadata#424</a></li>
<li>Bump the dev-dependencies group with 3 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/425">dependabot/fetch-metadata#425</a></li>
<li>Bump the dev-dependencies group with 6 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/428">dependabot/fetch-metadata#428</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="dbb049abf0"><code>dbb049a</code></a>
v2.2.0 (<a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/520">#520</a>)</li>
<li><a
href="36bf1f955e"><code>36bf1f9</code></a>
Merge pull request <a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/532">#532</a>
from dependabot/dependabot/npm_and_yarn/braces-3.0.3</li>
<li><a
href="a3420b5aac"><code>a3420b5</code></a>
Bump braces from 3.0.2 to 3.0.3</li>
<li><a
href="006e43f8a3"><code>006e43f</code></a>
Merge pull request <a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/534">#534</a>
from dependabot/dependabot/github_actions/actions/cre...</li>
<li><a
href="9c55ebe618"><code>9c55ebe</code></a>
Bump actions/create-github-app-token from 1.10.0 to 1.10.2</li>
<li><a
href="325b863556"><code>325b863</code></a>
Merge pull request <a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/523">#523</a>
from dependabot/dependabot/github_actions/actions/cre...</li>
<li><a
href="aec2f3e196"><code>aec2f3e</code></a>
Bump actions/create-github-app-token from 1.9.0 to 1.10.0</li>
<li><a
href="5e5f99653a"><code>5e5f996</code></a>
Merge pull request <a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/518">#518</a>
from dependabot/bump-to-v2.1.0</li>
<li><a
href="63415e5037"><code>63415e5</code></a>
v2.1.0</li>
<li><a
href="76b7fe974e"><code>76b7fe9</code></a>
Merge pull request <a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/509">#509</a>
from dependabot/switch-to-monthly-release-cadence</li>
<li>Additional commits viewable in <a
href="c9c4182bf1...dbb049abf0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dependabot/fetch-metadata&package-manager=github_actions&previous-version=1.6.0&new-version=2.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-13 13:15:58 -03:00
Carlos Alexandro Becker
a624fd3e73
ci: auto approve dependency prs 
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2024-08-12 23:22:21 -03:00
Carlos Alexandro Becker
9e169e47a5
ci: split test and check jobs (#5062) 
just to make the status a bit better...

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2024-08-09 10:17:15 -03:00
dependabot[bot]
c1d2d61f4a
chore(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 (#5058) 
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 3.5.0 to 3.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v3.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump actions/checkout from 4.1.2 to 4.1.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/sigstore/cosign-installer/pull/161">sigstore/cosign-installer#161</a></li>
<li>Bump actions/checkout from 4.1.3 to 4.1.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/sigstore/cosign-installer/pull/162">sigstore/cosign-installer#162</a></li>
<li>Bump actions/setup-go from 5.0.0 to 5.0.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/sigstore/cosign-installer/pull/163">sigstore/cosign-installer#163</a></li>
<li>Bump actions/checkout from 4.1.4 to 4.1.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/sigstore/cosign-installer/pull/164">sigstore/cosign-installer#164</a></li>
<li>Bump actions/checkout from 4.1.5 to 4.1.6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/sigstore/cosign-installer/pull/165">sigstore/cosign-installer#165</a></li>
<li>Bump actions/checkout from 4.1.6 to 4.1.7 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/sigstore/cosign-installer/pull/166">sigstore/cosign-installer#166</a></li>
<li>Bump actions/setup-go from 5.0.1 to 5.0.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/sigstore/cosign-installer/pull/167">sigstore/cosign-installer#167</a></li>
<li>pin public key used for verification by <a
href="https://github.com/bobcallaway"><code>@​bobcallaway</code></a> in
<a
href="https://redirect.github.com/sigstore/cosign-installer/pull/169">sigstore/cosign-installer#169</a></li>
<li>bump default version to v2.4.0 release by <a
href="https://github.com/bobcallaway"><code>@​bobcallaway</code></a> in
<a
href="https://redirect.github.com/sigstore/cosign-installer/pull/168">sigstore/cosign-installer#168</a></li>
<li>update readme for new release by <a
href="https://github.com/bobcallaway"><code>@​bobcallaway</code></a> in
<a
href="https://redirect.github.com/sigstore/cosign-installer/pull/170">sigstore/cosign-installer#170</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v3...v3.6.0">https://github.com/sigstore/cosign-installer/compare/v3...v3.6.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4959ce089c"><code>4959ce0</code></a>
update readme for new release (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/170">#170</a>)</li>
<li><a
href="45ffe83c0b"><code>45ffe83</code></a>
bump default version to v2.4.0 release (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/168">#168</a>)</li>
<li><a
href="7e1d9c1319"><code>7e1d9c1</code></a>
pin public key used for verification (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/169">#169</a>)</li>
<li><a
href="cc23fe1cf0"><code>cc23fe1</code></a>
Bump actions/setup-go from 5.0.1 to 5.0.2 (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/167">#167</a>)</li>
<li><a
href="b235ed95be"><code>b235ed9</code></a>
Bump actions/checkout from 4.1.6 to 4.1.7 (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/166">#166</a>)</li>
<li><a
href="b49ef6b125"><code>b49ef6b</code></a>
Bump actions/checkout from 4.1.5 to 4.1.6 (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/165">#165</a>)</li>
<li><a
href="7a59e5acc8"><code>7a59e5a</code></a>
Bump actions/checkout from 4.1.4 to 4.1.5 (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/164">#164</a>)</li>
<li><a
href="8d927bd1a9"><code>8d927bd</code></a>
Bump actions/setup-go from 5.0.0 to 5.0.1 (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/163">#163</a>)</li>
<li><a
href="8c9caa0770"><code>8c9caa0</code></a>
Bump actions/checkout from 4.1.3 to 4.1.4 (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/162">#162</a>)</li>
<li><a
href="19351d009d"><code>19351d0</code></a>
Bump actions/checkout from 4.1.2 to 4.1.3 (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/161">#161</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v3.5.0...v3.6.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=3.5.0&new-version=3.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-08 10:15:12 -03:00
Carlos Alexandro Becker
607ccc4b84
chore: improv msg 
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2024-08-07 23:45:39 -03:00
Carlos Alexandro Becker
3baffa7296
ci: notify nightly builds on discord 
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2024-08-07 23:43:29 -03:00
dependabot[bot]
ff2daa45d3
chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 (#5053) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.25.15 to 3.26.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.26.0 - 06 Aug 2024</h2>
<ul>
<li><em>Deprecation:</em> Swift analysis on Ubuntu runner images is no
longer supported. Please migrate to a macOS runner if this affects you.
<a
href="https://redirect.github.com/github/codeql-action/pull/2403">#2403</a></li>
<li>Bump the minimum CodeQL bundle version to 2.13.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2408">#2408</a></li>
</ul>
<h2>3.25.15 - 26 Jul 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2385">#2385</a></li>
</ul>
<h2>3.25.14 - 25 Jul 2024</h2>
<ul>
<li>Experimental: add a new <code>start-proxy</code> action which starts
the same HTTP proxy as used by <a
href="https://github.com/github/dependabot-action"><code>github/dependabot-action</code></a>.
Do not use this in production as it is part of an internal experiment
and subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/2376">#2376</a></li>
</ul>
<h2>3.25.13 - 19 Jul 2024</h2>
<ul>
<li>Add <code>codeql-version</code> to outputs. <a
href="https://redirect.github.com/github/codeql-action/pull/2368">#2368</a></li>
<li>Add a deprecation warning for customers using CodeQL version 2.13.4
and earlier. These versions of CodeQL were discontinued on 9 July 2024
alongside GitHub Enterprise Server 3.9, and will be unsupported by
CodeQL Action versions 3.26.0 and later and versions 2.26.0 and later.
<a
href="https://redirect.github.com/github/codeql-action/pull/2375">#2375</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI
version 2.13.5 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.12.6 and 2.13.4, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.25.13</code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.25.13</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</li>
</ul>
</li>
</ul>
<h2>3.25.12 - 12 Jul 2024</h2>
<ul>
<li>Improve the reliability and performance of analyzing code when
analyzing a compiled language with the <code>autobuild</code> <a
href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes">build
mode</a> on GitHub Enterprise Server. This feature is already available
to GitHub.com users. <a
href="https://redirect.github.com/github/codeql-action/pull/2353">#2353</a></li>
<li>Update default CodeQL bundle version to 2.18.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2364">#2364</a></li>
</ul>
<h2>3.25.11 - 28 Jun 2024</h2>
<ul>
<li>Avoid failing the workflow run if there is an error while uploading
debug artifacts. <a
href="https://redirect.github.com/github/codeql-action/pull/2349">#2349</a></li>
<li>Update default CodeQL bundle version to 2.17.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2352">#2352</a></li>
</ul>
<h2>3.25.10 - 13 Jun 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2327">#2327</a></li>
</ul>
<h2>3.25.9 - 12 Jun 2024</h2>
<ul>
<li>Avoid failing database creation if the database folder already
exists and contains some unexpected files. Requires CodeQL 2.18.0 or
higher. <a
href="https://redirect.github.com/github/codeql-action/pull/2330">#2330</a></li>
<li>The init Action will attempt to clean up the database cluster
directory before creating a new database and at the end of the job. This
will help to avoid issues where the database cluster directory is left
in an inconsistent state. <a
href="https://redirect.github.com/github/codeql-action/pull/2332">#2332</a></li>
</ul>
<h2>3.25.8 - 04 Jun 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="eb055d739a"><code>eb055d7</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2410">#2410</a>
from github/update-v3.26.0-c24926b73</li>
<li><a
href="3884d04c11"><code>3884d04</code></a>
Update changelog for v3.26.0</li>
<li><a
href="c24926b734"><code>c24926b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2407">#2407</a>
from github/dependabot/npm_and_yarn/npm-7954a73ad2</li>
<li><a
href="68ba39bacf"><code>68ba39b</code></a>
Merge branch 'main' into dependabot/npm_and_yarn/npm-7954a73ad2</li>
<li><a
href="8dd1773467"><code>8dd1773</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2408">#2408</a>
from github/henrymercer/deprecate-codeql-2.13.4</li>
<li><a
href="441c9d90e4"><code>441c9d9</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2409">#2409</a>
from github/henrymercer/fix-required-checks</li>
<li><a
href="f03da13454"><code>f03da13</code></a>
Exclude push-only unit tests job from required PR checks script</li>
<li><a
href="29a5cfc75d"><code>29a5cfc</code></a>
Bump version to 3.26.0</li>
<li><a
href="9e440ad4c7"><code>9e440ad</code></a>
Add changelog note</li>
<li><a
href="136f5a589b"><code>136f5a5</code></a>
Add CodeQL v2.17.6 to default test versions</li>
<li>Additional commits viewable in <a
href="afb54ba388...eb055d739a">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.25.15&new-version=3.26.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-07 13:20:31 -03:00
dependabot[bot]
15f1f42db2
chore(deps): bump benc-uk/workflow-dispatch from 1.2.3 to 1.2.4 (#5047) 
Bumps
[benc-uk/workflow-dispatch](https://github.com/benc-uk/workflow-dispatch)
from 1.2.3 to 1.2.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/benc-uk/workflow-dispatch/releases">benc-uk/workflow-dispatch's
releases</a>.</em></p>
<blockquote>
<h2>v1.2.4 - Summer 2024</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix issue when a wrong workflowRef is used by <a
href="https://github.com/fffonion"><code>@​fffonion</code></a> in <a
href="https://redirect.github.com/benc-uk/workflow-dispatch/pull/77">benc-uk/workflow-dispatch#77</a>
👍</li>
<li>Internal changes &amp; chores: eslint updated to v9, linting,
prettier etc 🥱</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/fffonion"><code>@​fffonion</code></a>
made their first contribution in <a
href="https://redirect.github.com/benc-uk/workflow-dispatch/pull/77">benc-uk/workflow-dispatch#77</a>
🥳</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/benc-uk/workflow-dispatch/compare/v1.2.3...v1.2.4">https://github.com/benc-uk/workflow-dispatch/compare/v1.2.3...v1.2.4</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e2e5e9a103"><code>e2e5e9a</code></a>
Missing patch version in package.json</li>
<li><a
href="35e3108f51"><code>35e3108</code></a>
Bunch of internal chores, linting etc</li>
<li><a
href="ff8b017b2e"><code>ff8b017</code></a>
Fix issue when a wrong workflowRef is used (<a
href="https://redirect.github.com/benc-uk/workflow-dispatch/issues/77">#77</a>)</li>
<li>See full diff in <a
href="https://github.com/benc-uk/workflow-dispatch/compare/v1.2.3...v1.2.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=benc-uk/workflow-dispatch&package-manager=github_actions&previous-version=1.2.3&new-version=1.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-05 12:04:30 -03:00
dependabot[bot]
f301a10d96
chore(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 (#5036) 
Bumps
[golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action)
from 6.0.1 to 6.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golangci/golangci-lint-action/releases">golangci/golangci-lint-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.1.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<h3>Changes</h3>
<ul>
<li>feat: allow to skip golangci-lint installation by <a
href="https://github.com/ldez"><code>@​ldez</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1079">golangci/golangci-lint-action#1079</a></li>
</ul>
<h3>Documentation</h3>
<ul>
<li>docs: add Go workspace examples by <a
href="https://github.com/ldez"><code>@​ldez</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1064">golangci/golangci-lint-action#1064</a></li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>build(deps): bump <code>@​types/node</code> from 20.12.8 to 20.12.11
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1041">golangci/golangci-lint-action#1041</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 7.8.0 to 7.9.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1042">golangci/golangci-lint-action#1042</a></li>
<li>build(deps): bump <code>@​types/node</code> from 20.12.11 to
20.12.12 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1043">golangci/golangci-lint-action#1043</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
7.8.0 to 7.9.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1044">golangci/golangci-lint-action#1044</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 2 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1047">golangci/golangci-lint-action#1047</a></li>
<li>build(deps): bump <code>@​types/node</code> from 20.12.12 to 20.14.0
in the dependencies group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1051">golangci/golangci-lint-action#1051</a></li>
<li>build(deps-dev): bump the dev-dependencies group across 1 directory
with 3 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1053">golangci/golangci-lint-action#1053</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 3 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1061">golangci/golangci-lint-action#1061</a></li>
<li>build(deps): bump <code>@​types/node</code> from 20.14.0 to 20.14.2
in the dependencies group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1062">golangci/golangci-lint-action#1062</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 3 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1063">golangci/golangci-lint-action#1063</a></li>
<li>build(deps): bump <code>@​types/node</code> from 20.14.2 to 20.14.8
in the dependencies group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1066">golangci/golangci-lint-action#1066</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 3 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1065">golangci/golangci-lint-action#1065</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 2 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1067">golangci/golangci-lint-action#1067</a></li>
<li>build(deps): bump <code>@​types/node</code> from 20.14.8 to 20.14.9
in the dependencies group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1068">golangci/golangci-lint-action#1068</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 4 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1071">golangci/golangci-lint-action#1071</a></li>
<li>build(deps): bump <code>@​types/node</code> from 20.14.9 to 20.14.10
in the dependencies group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1072">golangci/golangci-lint-action#1072</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 3 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1073">golangci/golangci-lint-action#1073</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 3 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1074">golangci/golangci-lint-action#1074</a></li>
<li>build(deps): bump <code>@​types/node</code> from 20.14.10 to
20.14.11 in the dependencies group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1075">golangci/golangci-lint-action#1075</a></li>
<li>build(deps-dev): bump the dev-dependencies group with 3 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1077">golangci/golangci-lint-action#1077</a></li>
<li>build(deps): bump <code>@​types/node</code> from 20.14.11 to 22.0.0
in the dependencies group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1078">golangci/golangci-lint-action#1078</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/golangci/golangci-lint-action/compare/v6.0.1...v6.1.0">https://github.com/golangci/golangci-lint-action/compare/v6.0.1...v6.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="aaa42aa062"><code>aaa42aa</code></a>
feat: allow to skip golangci-lint installation (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1079">#1079</a>)</li>
<li><a
href="9ec89731c3"><code>9ec8973</code></a>
build(deps): bump <code>@​types/node</code> from 20.14.11 to 22.0.0 in
the dependencies gro...</li>
<li><a
href="58838cffc6"><code>58838cf</code></a>
build(deps-dev): bump the dev-dependencies group with 3 updates (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1077">#1077</a>)</li>
<li><a
href="9f3ba2c3a8"><code>9f3ba2c</code></a>
build(deps): bump <code>@​types/node</code> from 20.14.10 to 20.14.11 in
the dependencies g...</li>
<li><a
href="2bd7a04e91"><code>2bd7a04</code></a>
build(deps-dev): bump the dev-dependencies group with 3 updates (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1074">#1074</a>)</li>
<li><a
href="db819a10bd"><code>db819a1</code></a>
build(deps-dev): bump the dev-dependencies group with 3 updates (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1073">#1073</a>)</li>
<li><a
href="d09fb0808a"><code>d09fb08</code></a>
build(deps): bump <code>@​types/node</code> from 20.14.9 to 20.14.10 in
the dependencies gr...</li>
<li><a
href="605617a3e2"><code>605617a</code></a>
build(deps-dev): bump the dev-dependencies group with 4 updates (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1071">#1071</a>)</li>
<li><a
href="66f63c74bb"><code>66f63c7</code></a>
chore: generate</li>
<li><a
href="2c01d264ab"><code>2c01d26</code></a>
fix: home dir on Windows</li>
<li>Additional commits viewable in <a
href="a4f60bb28d...aaa42aa062">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=6.0.1&new-version=6.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-30 08:31:51 -03:00
dependabot[bot]
9c27aabaff
chore(deps): bump docker/setup-buildx-action from 3.5.0 to 3.6.1 (#5037) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 3.5.0 to 3.6.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.6.1</h2>
<ul>
<li>Check for malformed docker context by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/347">docker/setup-buildx-action#347</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v3.6.0...v3.6.1">https://github.com/docker/setup-buildx-action/compare/v3.6.0...v3.6.1</a></p>
<h2>v3.6.0</h2>
<ul>
<li>Create temp docker context if default one has TLS data loaded before
creating a container builder by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/341">docker/setup-buildx-action#341</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v3.5.0...v3.6.0">https://github.com/docker/setup-buildx-action/compare/v3.5.0...v3.6.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="988b5a0280"><code>988b5a0</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/347">#347</a>
from crazy-max/skip-malformed-context</li>
<li><a
href="2c215620b8"><code>2c21562</code></a>
chore: update generated content</li>
<li><a
href="3382292cd5"><code>3382292</code></a>
check for malformed docker context</li>
<li><a
href="3d68780484"><code>3d68780</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/341">#341</a>
from crazy-max/docker-context-tls</li>
<li><a
href="d069e98648"><code>d069e98</code></a>
chore: update generated content</li>
<li><a
href="8b850f86dc"><code>8b850f8</code></a>
create docker context if default one has TLS data loaded</li>
<li>See full diff in <a
href="aa33708b10...988b5a0280">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=3.5.0&new-version=3.6.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-30 08:31:44 -03:00
dependabot[bot]
482a48958f
chore(deps): bump github/codeql-action from 3.25.14 to 3.25.15 (#5032) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.25.14 to 3.25.15.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<p>Note that the only difference between <code>v2</code> and
<code>v3</code> of the CodeQL Action is the node version they support,
with <code>v3</code> running on node 20 while we continue to release
<code>v2</code> to support running on node 16. For example
<code>3.22.11</code> was the first <code>v3</code> release and is
functionally identical to <code>2.22.11</code>. This approach ensures an
easy way to track exactly which features are included in different
versions, indicated by the minor and patch version numbers.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.25.15 - 26 Jul 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.18.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2385">#2385</a></li>
</ul>
<h2>3.25.14 - 25 Jul 2024</h2>
<ul>
<li>Experimental: add a new <code>start-proxy</code> action which starts
the same HTTP proxy as used by <a
href="https://github.com/github/dependabot-action"><code>github/dependabot-action</code></a>.
Do not use this in production as it is part of an internal experiment
and subject to change at any time.</li>
</ul>
<h2>3.25.13 - 19 Jul 2024</h2>
<ul>
<li>Add <code>codeql-version</code> to outputs. <a
href="https://redirect.github.com/github/codeql-action/pull/2368">#2368</a></li>
<li>Add a deprecation warning for customers using CodeQL version 2.13.4
and earlier. These versions of CodeQL were discontinued on 9 July 2024
alongside GitHub Enterprise Server 3.9, and will be unsupported by
CodeQL Action versions 3.26.0 and later and versions 2.26.0 and later.
<a
href="https://redirect.github.com/github/codeql-action/pull/2375">#2375</a>
<ul>
<li>If you are using one of these versions, please update to CodeQL CLI
version 2.13.5 or later. For instance, if you have specified a custom
version of the CLI using the 'tools' input to the 'init' Action, you can
remove this input to use the default version.</li>
<li>Alternatively, if you want to continue using a version of the CodeQL
CLI between 2.12.6 and 2.13.4, you can replace
<code>github/codeql-action/*@v3</code> by
<code>github/codeql-action/*@v3.25.13</code> and
<code>github/codeql-action/*@v2</code> by
<code>github/codeql-action/*@v2.25.13</code> in your code scanning
workflow to ensure you continue using this version of the CodeQL
Action.</li>
</ul>
</li>
</ul>
<h2>3.25.12 - 12 Jul 2024</h2>
<ul>
<li>Improve the reliability and performance of analyzing code when
analyzing a compiled language with the <code>autobuild</code> <a
href="https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes">build
mode</a> on GitHub Enterprise Server. This feature is already available
to GitHub.com users. <a
href="https://redirect.github.com/github/codeql-action/pull/2353">#2353</a></li>
<li>Update default CodeQL bundle version to 2.18.0. <a
href="https://redirect.github.com/github/codeql-action/pull/2364">#2364</a></li>
</ul>
<h2>3.25.11 - 28 Jun 2024</h2>
<ul>
<li>Avoid failing the workflow run if there is an error while uploading
debug artifacts. <a
href="https://redirect.github.com/github/codeql-action/pull/2349">#2349</a></li>
<li>Update default CodeQL bundle version to 2.17.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2352">#2352</a></li>
</ul>
<h2>3.25.10 - 13 Jun 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2327">#2327</a></li>
</ul>
<h2>3.25.9 - 12 Jun 2024</h2>
<ul>
<li>Avoid failing database creation if the database folder already
exists and contains some unexpected files. Requires CodeQL 2.18.0 or
higher. <a
href="https://redirect.github.com/github/codeql-action/pull/2330">#2330</a></li>
<li>The init Action will attempt to clean up the database cluster
directory before creating a new database and at the end of the job. This
will help to avoid issues where the database cluster directory is left
in an inconsistent state. <a
href="https://redirect.github.com/github/codeql-action/pull/2332">#2332</a></li>
</ul>
<h2>3.25.8 - 04 Jun 2024</h2>
<ul>
<li>Update default CodeQL bundle version to 2.17.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2321">#2321</a></li>
</ul>
<h2>3.25.7 - 31 May 2024</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="afb54ba388"><code>afb54ba</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2391">#2391</a>
from github/update-v3.25.15-4b1d7da10</li>
<li><a
href="57a4b22c7d"><code>57a4b22</code></a>
Update changelog for v3.25.15</li>
<li><a
href="4b1d7da102"><code>4b1d7da</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2385">#2385</a>
from github/update-bundle/codeql-bundle-v2.18.1</li>
<li><a
href="97e8f69368"><code>97e8f69</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.18.1</li>
<li><a
href="f8e94f9775"><code>f8e94f9</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2389">#2389</a>
from github/mergeback/v3.25.14-to-main-5cf07d8b</li>
<li><a
href="9e375a8f4f"><code>9e375a8</code></a>
Update checked-in dependencies</li>
<li><a
href="02d73d0544"><code>02d73d0</code></a>
Update changelog and version after v3.25.14</li>
<li><a
href="736528d92f"><code>736528d</code></a>
Add changelog note</li>
<li><a
href="98042e78ca"><code>98042e7</code></a>
Update default bundle to codeql-bundle-v2.18.1</li>
<li>See full diff in <a
href="5cf07d8b70...afb54ba388">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.25.14&new-version=3.25.15)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-29 09:20:40 -03:00
dependabot[bot]
4a0659c958
chore(deps): bump github/codeql-action from 3.25.13 to 3.25.14 (#5026) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.25.13 to 3.25.14.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5cf07d8b70"><code>5cf07d8</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2388">#2388</a>
from github/update-v3.25.14-1b214db07</li>
<li><a
href="ecab108bfb"><code>ecab108</code></a>
Update changelog for v3.25.14</li>
<li><a
href="1b214db077"><code>1b214db</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2387">#2387</a>
from github/aibaars/remove-set-secret</li>
<li><a
href="826b78c018"><code>826b78c</code></a>
Remove setSecret call</li>
<li><a
href="f67c9cd326"><code>f67c9cd</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2376">#2376</a>
from github/aibaars/start-proxy</li>
<li><a
href="77e41720af"><code>77e4172</code></a>
start-proxy: get binary from toolcache</li>
<li><a
href="4733419117"><code>4733419</code></a>
Address comments</li>
<li><a
href="6186179441"><code>6186179</code></a>
Print proxy log when debugging is enabled</li>
<li><a
href="7b43b7c7ca"><code>7b43b7c</code></a>
Add codeql-action/start-proxy</li>
<li><a
href="5669f66a72"><code>5669f66</code></a>
Add node-forge to package.json</li>
<li>Additional commits viewable in <a
href="2d790406f5...5cf07d8b70">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.25.13&new-version=3.25.14)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-25 09:17:54 -04:00
dependabot[bot]
3d3817c57e
chore(deps): bump docker/setup-qemu-action from 3.1.0 to 3.2.0 (#5011) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[docker/setup-qemu-action](https://github.com/docker/setup-qemu-action)
from 3.1.0 to 3.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.31.0 to 0.35.0 in
<a
href="https://redirect.github.com/docker/setup-qemu-action/pull/154">docker/setup-qemu-action#154</a>
<a
href="https://redirect.github.com/docker/setup-qemu-action/pull/155">docker/setup-qemu-action#155</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0">https://github.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="49b3bc8e6b"><code>49b3bc8</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/155">#155</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="9dec05bc9d"><code>9dec05b</code></a>
chore: update generated content</li>
<li><a
href="73387bcb62"><code>73387bc</code></a>
build(deps): bump <code>@​docker/actions-toolkit</code> from 0.34.0 to
0.35.0</li>
<li><a
href="fcfabe0054"><code>fcfabe0</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/154">#154</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="948a838253"><code>948a838</code></a>
chore: update generated content</li>
<li><a
href="31629f69bf"><code>31629f6</code></a>
switch to Docker exec</li>
<li><a
href="6ae1d4dea8"><code>6ae1d4d</code></a>
build(deps): bump <code>@​docker/actions-toolkit</code> from 0.31.0 to
0.34.0</li>
<li>See full diff in <a
href="5927c834f5...49b3bc8e6b">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-qemu-action&package-manager=github_actions&previous-version=3.1.0&new-version=3.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-23 16:39:35 -04:00
dependabot[bot]
e79d262e72
chore(deps): bump docker/setup-buildx-action from 3.4.0 to 3.5.0 (#5012) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 3.4.0 to 3.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.5.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.31.0 to 0.35.0 in
<a
href="https://redirect.github.com/docker/setup-buildx-action/pull/340">docker/setup-buildx-action#340</a>
<a
href="https://redirect.github.com/docker/setup-buildx-action/pull/344">docker/setup-buildx-action#344</a>
<a
href="https://redirect.github.com/docker/setup-buildx-action/pull/345">docker/setup-buildx-action#345</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v3.4.0...v3.5.0">https://github.com/docker/setup-buildx-action/compare/v3.4.0...v3.5.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="aa33708b10"><code>aa33708</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/345">#345</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="2d99e3412d"><code>2d99e34</code></a>
chore: update generated content</li>
<li><a
href="4dab43650b"><code>4dab436</code></a>
build(deps): bump <code>@​docker/actions-toolkit</code> from 0.34.0 to
0.35.0</li>
<li><a
href="49a04d6890"><code>49a04d6</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/344">#344</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="a6ade2e34f"><code>a6ade2e</code></a>
chore: update generated content</li>
<li><a
href="2f2694b8d1"><code>2f2694b</code></a>
switch to Docker exec</li>
<li><a
href="0a4bab6632"><code>0a4bab6</code></a>
build(deps): bump <code>@​docker/actions-toolkit</code> from 0.32.0 to
0.34.0</li>
<li><a
href="2ad185228a"><code>2ad1852</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/340">#340</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="560ac469d6"><code>560ac46</code></a>
chore: update generated content</li>
<li><a
href="b3a341759e"><code>b3a3417</code></a>
build(deps): bump <code>@​docker/actions-toolkit</code> from 0.31.0 to
0.32.0</li>
<li>See full diff in <a
href="4fd812986e...aa33708b10">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=3.4.0&new-version=3.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-23 16:38:40 -04:00
dependabot[bot]
f6bee6f614
chore(deps): bump docker/login-action from 3.2.0 to 3.3.0 (#5013) 
Bumps [docker/login-action](https://github.com/docker/login-action) from
3.2.0 to 3.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/login-action/releases">docker/login-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.3.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.24.0 to 0.35.0 in
<a
href="https://redirect.github.com/docker/login-action/pull/754">docker/login-action#754</a></li>
<li>Bump https-proxy-agent from 7.0.4 to 7.0.5 in <a
href="https://redirect.github.com/docker/login-action/pull/741">docker/login-action#741</a></li>
<li>Bump braces from 3.0.2 to 3.0.3 in <a
href="https://redirect.github.com/docker/login-action/pull/730">docker/login-action#730</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/login-action/compare/v3.2.0...v3.3.0">https://github.com/docker/login-action/compare/v3.2.0...v3.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9780b0c442"><code>9780b0c</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/741">#741</a>
from docker/dependabot/npm_and_yarn/proxy-agent-depen...</li>
<li><a
href="2fa130caf4"><code>2fa130c</code></a>
chore: update generated content</li>
<li><a
href="5e87b2aca7"><code>5e87b2a</code></a>
build(deps): bump https-proxy-agent</li>
<li><a
href="e0394952ce"><code>e039495</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/754">#754</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="9af18aa7d8"><code>9af18aa</code></a>
chore: update generated content</li>
<li><a
href="668190adc5"><code>668190a</code></a>
switch to Docker exec</li>
<li><a
href="be5150d9fe"><code>be5150d</code></a>
build(deps): bump <code>@​docker/actions-toolkit</code> from 0.24.0 to
0.35.0</li>
<li><a
href="e80ebcad71"><code>e80ebca</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/730">#730</a>
from docker/dependabot/npm_and_yarn/braces-3.0.3</li>
<li><a
href="75ee3eaf53"><code>75ee3ea</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/733">#733</a>
from docker/dependabot/github_actions/docker/bake-act...</li>
<li><a
href="793c19c8fc"><code>793c19c</code></a>
build(deps): bump docker/bake-action from 4 to 5</li>
<li>Additional commits viewable in <a
href="0d4c9c5ea7...9780b0c442">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/login-action&package-manager=github_actions&previous-version=3.2.0&new-version=3.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-23 16:38:31 -04:00