go/goreleaser
go/goreleaser
1
0
Fork 0
mirror of https://github.com/goreleaser/goreleaser.git synced 2025-03-25 21:29:14 +02:00
Code Issues Releases Activity
4,546 Commits 15 Branches 563 Tags
Commit Graph

4546 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
30f543c853
feat(deps): bump golang.org/x/tools from 0.7.0 to 0.8.0 (#3918) 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.7.0
to 0.8.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.8.0</h2>
<h2>Go version support</h2>
<h3>Support for Go 1.18</h3>
<p>Version 0.8.0 of gopls supports features added to Go 1.18,
specifically:</p>
<ul>
<li>Support for multi-module workspaces using <code>go.work</code>
files.</li>
<li>Diagnostics for Fuzz tests.</li>
<li>Improved support for generics.</li>
</ul>
<p>To use these features, gopls must be installed using Go 1.18. See <a
href="https://go.dev/dl/">go.dev/dl</a> for the latest status of Go 1.18
-- as of writing Go 1.18 is not yet released, but Go 1.18 RC1 may be
used.</p>
<h3>Dropped support for Go 1.12</h3>
<p>Version 0.8.0 of gopls no longer supports building at Go 1.12. See <a
href="https://redirect.github.com/golang/go/issues/50827">golang/go#50827</a>
for more details.</p>
<h2>New Features</h2>
<h3><code>go.work</code> integration</h3>
<p>Gopls now supports multi-module workspaces using <code>go.work</code>
files. To use this feature, create a <code>go.work</code> file that
includes the modules you want to work on, and then open your editor to
the directory containing <code>go.work</code>. For more information, see
the <a href="https://go.dev/ref/mod#workspaces"><code>go.work</code>
reference</a>, or the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/workspace.md">gopls
documentation</a> for multi-module workspaces.</p>
<h3>Diagnostics for Fuzz tests</h3>
<p>When writing <a href="https://go.dev/doc/fuzz/">Fuzz tests</a>, gopls
provides diagnostics for invalid arguments to <code>Fuzz</code>.
<img
src="https://user-images.githubusercontent.com/57144380/156475335-0a277e11-c113-460a-837b-d066b42898a6.png"
alt="image" /></p>
<h3>Improved support for generics</h3>
<h4>Honor the language version configured in <code>go.mod</code></h4>
<p>gopls now provides diagnostics for language features based on the <a
href="https://go.dev/ref/mod#go-mod-file-go"><code>go</code>
directive</a> in the applicable <code>go.mod</code> file for a
package.</p>
<p>For some errors related to incompatible language versions, gopls
offers a quick-fix to update the <code>go.mod</code> Go version. (note
that if the <code>go.mod</code> file is open, it may need to be saved in
order for language version changes to take effect)
<img
src="https://user-images.githubusercontent.com/57144380/156476752-7aacf34b-2835-41cb-b80d-7bf5103a43a0.gif"
alt="gomodedit" /></p>
<h4>Improved completion with type parameters</h4>
<p>Gopls autocompletion is improved in several contexts when using
generic types.</p>
<p><img
src="https://user-images.githubusercontent.com/57144380/156477933-a1aab4c7-06cd-4cac-85e6-a847b6515b91.gif"
alt="genericvarcompl" /></p>
<h3>New code action to add missing method stubs</h3>
<p>Gopls now provides a code action to implement missing methods.</p>
<p><img
src="https://user-images.githubusercontent.com/57144380/156479262-482958e2-69a3-4a97-81a5-5dd27ac250ba.gif"
alt="implementiface" /></p>
<h3>Improved performance and accuracy for workspace symbol requests</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5ef3193183"><code>5ef3193</code></a>
gopls/internal/lsp/source/typerefs: reexpress tests wrt
ExternalRefs</li>
<li><a
href="c5f768a46c"><code>c5f768a</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="7c33a56129"><code>7c33a56</code></a>
gopls/internal/lsp/source: show both the original declaration and the
value o...</li>
<li><a
href="4d205d81b5"><code>4d205d8</code></a>
gopls/doc: add instructions for using go.work with the Go
distribution</li>
<li><a
href="d5076cc64d"><code>d5076cc</code></a>
gopls/internal/lsp/cache: don't trace a region for MetadataForFile</li>
<li><a
href="f79636135d"><code>f796361</code></a>
gopls/internal/lsp: add tracing instrumentation for all Server
methods</li>
<li><a
href="e10450195e"><code>e104501</code></a>
gopls/internal/astutil: TestPurgeFuncBodies requires source code for
std</li>
<li><a
href="6520870190"><code>6520870</code></a>
gopls/internal/lsp/source/typerefs: allow for duplicate decls</li>
<li><a
href="902fdcadc1"><code>902fdca</code></a>
gopls/internal/lsp/source/typerefs: purge func bodies before
parsing</li>
<li><a
href="58c9a6328c"><code>58c9a63</code></a>
go/packages/internal/nodecount: count ast.Node frequency</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.7.0...v0.8.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.7.0&new-version=0.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-07 11:52:48 -03:00
Carlos Alexandro Becker
282c42164e
feat: allow to pr scoop manifests (#3916) 
follow up of https://github.com/goreleaser/goreleaser/pull/3903

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-04-07 11:48:49 -03:00
Carlos Alexandro Becker
5805c5d608
feat: allow to pr krew plugin manifests (#3915) 
following up on #3903

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-04-07 11:48:35 -03:00
dependabot[bot]
01b14f9b7a
feat(deps): bump golang.org/x/oauth2 from 0.6.0 to 0.7.0 (#3919) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.6.0
to 0.7.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="36075149c5"><code>3607514</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="4abfd87339"><code>4abfd87</code></a>
google: add CredentialsParams.EarlyTokenRefresh</li>
<li><a
href="1e7f329364"><code>1e7f329</code></a>
oauth2: add ReuseTokenSourceWithExpiry</li>
<li><a
href="86850e0723"><code>86850e0</code></a>
oauth2: fix typo</li>
<li><a
href="a6e37e7441"><code>a6e37e7</code></a>
google: Updating 3pi documentation</li>
<li><a
href="54b70c833f"><code>54b70c8</code></a>
google: update missing auth help URL</li>
<li><a
href="2fc4ef5a6f"><code>2fc4ef5</code></a>
README: encourage issues and proposals before changes</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.6.0...v0.7.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/oauth2&package-manager=go_modules&previous-version=0.6.0&new-version=0.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-07 11:48:13 -03:00
dependabot[bot]
6565383ef2
feat(deps): bump golang.org/x/text from 0.8.0 to 0.9.0 (#3917) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.8.0 to
0.9.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="48e4a4a957"><code>48e4a4a</code></a>
all: fix some comments</li>
<li>See full diff in <a
href="https://github.com/golang/text/compare/v0.8.0...v0.9.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/text&package-manager=go_modules&previous-version=0.8.0&new-version=0.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-07 11:47:50 -03:00
Carlos A Becker
cc584c8ab8
docs: add since 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-04-07 03:52:53 +00:00
Carlos Alexandro Becker
8b1c4ead60
feat: allow to PR homebrew taps (#3903) 
closes #3485

also fixed a bug in file creation for github: it was always searching
for the file in the default branch

also, we don't need to create the file first, update does both create
and update.

TODO: implement the for krew, scoop, etc...

---------

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-04-06 22:58:06 -03:00
dependabot[bot]
ed2e378c87
feat(deps): bump github.com/xanzy/go-gitlab from 0.81.0 to 0.82.0 (#3911) 
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab)
from 0.81.0 to 0.82.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="20cdbe7f77"><code>20cdbe7</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1682">#1682</a>
from timofurrer/variables-raw</li>
<li><a
href="197113e10b"><code>197113e</code></a>
Implement raw field for instance variables API</li>
<li><a
href="b88a1b2a51"><code>b88a1b2</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1680">#1680</a>
from bmsareias/fix-UptadeProtectedBranch</li>
<li><a
href="71bce5a6b6"><code>71bce5a</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1673">#1673</a>
from chenggui53/update-project-event-struct</li>
<li><a
href="34980c231f"><code>34980c2</code></a>
Fix tests</li>
<li><a
href="cb40c20b4a"><code>cb40c20</code></a>
add push data</li>
<li><a
href="febd628d67"><code>febd628</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1678">#1678</a>
from MakingPRs/issue-field</li>
<li><a
href="295e7008ab"><code>295e700</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1677">#1677</a>
from MakingPRs/master</li>
<li><a
href="c70482aa21"><code>c70482a</code></a>
Change order of Epic fields to reflect docs</li>
<li><a
href="3f5e72f6f5"><code>3f5e72f</code></a>
Change order of Issue fields to reflect docs</li>
<li>Additional commits viewable in <a
href="https://github.com/xanzy/go-gitlab/compare/v0.81.0...v0.82.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/xanzy/go-gitlab&package-manager=go_modules&previous-version=0.81.0&new-version=0.82.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-06 22:57:19 -03:00
Carlos A Becker
137ed3be74
feat(deps): update caarlos0/env to v8 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-04-07 01:50:09 +00:00
Carlos Alexandro Becker
bf2e163ce4
docs: fix install's cosign steps (#3913) 
updated to the cosign v2

cc/ @cpanato

---------

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-04-06 14:16:16 -03:00
Carlos A Becker
e9e392d371
feat(deps): update nfpm to v2.28.0 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-04-06 03:51:14 +00:00
Carlos Alexandro Becker
dc6a4e7e2f
feat: allow to forcefully use a token when multiple are set (#3910) 
This would allow to, when multiple tokens are set in the environment,
force which one you want to use.

The need for this comes from the fact gitea sets both `GITHUB_TOKEN` and
`GITEA_TOKEN`, and doesn't allow to easily disable either.

With this, users can add a `GORELEASER_FORCE_TOKEN=gitea` to force the
gitea client to be used.

I'm not sure what's the best name for this env yet, happy to hear
suggestions.

Also improved the `env_test.go` file a bit, as it was kinda messy with
env vars...

refs https://github.com/orgs/goreleaser/discussions/3900

---------

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-04-05 16:33:22 -03:00
dependabot[bot]
00b2175855
feat(deps): bump github.com/docker/docker from 23.0.1+incompatible to 23.0.3+incompatible (#3909) 
Bumps [github.com/docker/docker](https://github.com/docker/docker) from
23.0.1+incompatible to 23.0.3+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/docker/releases">github.com/docker/docker's
releases</a>.</em></p>
<blockquote>
<h2>v23.0.3</h2>
<h2>23.0.3</h2>
<blockquote>
<p><strong>Note</strong></p>
<p>Due to an issue with CentOS 9 Stream's package repositories, packages
for
CentOS 9 are currently unavailable. Packages for CentOS 9 may be added
later,
or as part of the next (23.0.4) patch release.</p>
</blockquote>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>Fixed a number of issues that can cause Swarm encrypted overlay
networks
to fail to uphold their guarantees, addressing <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28841">CVE-2023-28841</a>,
<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28840">CVE-2023-28840</a>,
and
<a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28842">CVE-2023-28842</a>.
<ul>
<li>A lack of kernel support for encrypted overlay networks now reports
as an error.</li>
<li>Encrypted overlay networks are eagerly set up, rather than waiting
for
multiple nodes to attach.</li>
<li>Encrypted overlay networks are now usable on Red Hat Enterprise
Linux 9
through the use of the <code>xt_bpf</code> kernel module.</li>
<li>Users of Swarm overlay networks should review <a
href="https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw">GHSA-vwm3-crmr-xfxw</a>
to ensure that unintentional exposure has not occurred.</li>
</ul>
</li>
</ul>
<h3>Packaging Updates</h3>
<ul>
<li>Update containerd to <a
href="https://github.com/containerd/containerd/releases/tag/v1.6.20">v1.6.20</a>.</li>
<li>Update runc to <a
href="https://github.com/opencontainers/runc/releases/tag/v1.1.5">v1.1.5</a>.</li>
</ul>
<h2>v23.0.2</h2>
<h2>23.0.2</h2>
<p>For a full list of pull requests and changes in this release, refer
to the relevant GitHub milestones:</p>
<ul>
<li><a
href="https://github.com/docker/cli/milestone/75?closed=1">docker/cli,
23.0.2 milestone</a></li>
<li><a
href="https://github.com/moby/moby/milestone/114?closed=1">moby/moby,
23.0.2 milestone</a></li>
</ul>
<h3>Bug fixes and enhancements</h3>
<ul>
<li>Fully resolve missing checks for <code>apparmor_parser</code> when
an AppArmor enabled kernel is detected. <a
href="https://redirect.github.com/containerd/containerd/pull/8087">containerd/containerd#8087</a>,
<a
href="https://redirect.github.com/moby/moby/pull/45043">moby/moby#45043</a></li>
<li>Ensure that credentials are redacted from Git URLs when generating
BuildKit buildinfo. Fixes <a
href="https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc">CVE-2023-26054</a>.
<a
href="https://redirect.github.com/moby/moby/pull/45110">moby/moby#45110</a></li>
<li>Fix anonymous volumes created by a <code>VOLUME</code> line in a
Dockerfile being excluded from volume prune. <a
href="https://redirect.github.com/moby/moby/pull/45159">moby/moby#45159</a></li>
<li>Fix a failure to properly propagate errors during removal of volumes
on a Swarm node. <a
href="https://redirect.github.com/moby/moby/pull/45155">moby/moby#45155</a></li>
<li>Temporarily work around a bug in BuildKit <code>COPY --link</code>
by disabling mergeop/diffop optimization. <a
href="https://redirect.github.com/moby/moby/pull/45112">moby/moby#45112</a></li>
<li>Properly clean up child tasks when a parent Swarm job is removed. <a
href="https://redirect.github.com/moby/swarmkit/pull/3112">moby/swarmkit#3112</a>,
<a
href="https://redirect.github.com/moby/moby/pull/45107">moby/moby#45107</a></li>
<li>Fix Swarm service creation logic so that both a GenericResource and
a non-default network can be used together. <a
href="https://redirect.github.com/moby/swarmkit/pull/3082">moby/swarmkit#3082</a>,
<a
href="https://redirect.github.com/moby/moby/pull/45107">moby/moby#45107</a></li>
<li>Fix Swarm CSI support requiring the CSI plugin to offer staging
endpoints in order to publish a volume. <a
href="https://redirect.github.com/moby/swarmkit/pull/3116">moby/swarmkit#3116</a>,
<a
href="https://redirect.github.com/moby/moby/pull/45107">moby/moby#45107</a></li>
<li>Fix a panic caused by log buffering in some configurations. <a
href="https://redirect.github.com/containerd/fifo/pull/47">containerd/fifo#47</a>,
<a
href="https://redirect.github.com/moby/moby/pull/45051">moby/moby#45051</a></li>
<li>Log errors in the REST to Swarm gRPC API translation layer at the
debug level to reduce redundancy and noise. <a
href="https://redirect.github.com/moby/moby/pull/45016">moby/moby#45016</a></li>
<li>Fix a DNS resolution issue affecting containers created with
<code>--dns-opt</code> or <code>--dns-search</code> when
<code>systemd-resolved</code> is used outside the container. <a
href="https://redirect.github.com/moby/moby/pull/45000">moby/moby#45000</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="59118bff50"><code>59118bf</code></a>
Merge pull request from GHSA-232p-vwff-86mp</li>
<li><a
href="219f21bf07"><code>219f21b</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/45196">#45196</a>
from vvoland/integration-restart-race-23</li>
<li><a
href="b87f7f18b8"><code>b87f7f1</code></a>
libnet/d/overlay: insert the input-drop rule</li>
<li><a
href="c6bf3071fe"><code>c6bf307</code></a>
StartWithLogFile: Fix d.cmd race</li>
<li><a
href="7f49ca259b"><code>7f49ca2</code></a>
TestDaemonRestartKillContainers: Fix loop capture</li>
<li><a
href="98cbcb8003"><code>98cbcb8</code></a>
libnet/d/overlay: add BPF-powered VNI matcher</li>
<li><a
href="5c5fac2374"><code>5c5fac2</code></a>
libnet/d/overlay: extract VNI match rule builder</li>
<li><a
href="c492a22287"><code>c492a22</code></a>
libn/d/overlay: enforce encryption on sandbox init</li>
<li><a
href="018edb0284"><code>018edb0</code></a>
libnet/d/overlay: document some encryption code</li>
<li><a
href="a1fd2f22f6"><code>a1fd2f2</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/docker/issues/45157">#45157</a>
from thaJeztah/23.0_backport_update_shfmt</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/docker/compare/v23.0.1...v23.0.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=23.0.1+incompatible&new-version=23.0.3+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/goreleaser/goreleaser/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-05 10:17:59 -03:00
dependabot[bot]
7579e70442
feat(deps): bump golang from 1.20.2-alpine to 1.20.3-alpine (#3907) 
Bumps golang from 1.20.2-alpine to 1.20.3-alpine.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang&package-manager=docker&previous-version=1.20.2-alpine&new-version=1.20.3-alpine)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-05 09:21:50 -03:00
dependabot[bot]
c4d5cf96d9
feat(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 (#3908) 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from
1.6.1 to 1.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spf13/cobra/releases">github.com/spf13/cobra's
releases</a>.</em></p>
<blockquote>
<h2>v1.7.0</h2>
<h3> Features</h3>
<ul>
<li>Allow to preserve ordering of completions in <code>bash</code>,
<code>zsh</code>, <code>pwsh</code>, &amp; <code>fish</code>: <a
href="https://github.com/h4ck3rk3y"><code>@​h4ck3rk3y</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1903">#1903</a></li>
<li>Add support for PowerShell 7.2+ in completions: <a
href="https://github.com/oldium"><code>@​oldium</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1916">#1916</a></li>
<li>Allow sourcing zsh completion script: <a
href="https://github.com/marckhouzam"><code>@​marckhouzam</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1917">#1917</a></li>
</ul>
<h3>🐛 Bug fixes</h3>
<ul>
<li>Don't remove flag values that match sub-command name: <a
href="https://github.com/brianpursley"><code>@​brianpursley</code></a>
<a
href="https://redirect.github.com/spf13/cobra/issues/1781">#1781</a></li>
<li>Fix powershell completions not returning single word: <a
href="https://github.com/totkeks"><code>@​totkeks</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1850">#1850</a></li>
<li>Remove masked <code>template</code> import variable name: <a
href="https://github.com/yashLadha"><code>@​yashLadha</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1879">#1879</a></li>
<li>Correctly detect completions with dash in argument: <a
href="https://github.com/oncilla"><code>@​oncilla</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1817">#1817</a></li>
</ul>
<h3>🧪 Testing &amp; CI/CD</h3>
<ul>
<li>Deprecate Go 1.15 in CI: <a
href="https://github.com/umarcor"><code>@​umarcor</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1866">#1866</a></li>
<li>Deprecate Go 1.16 in CI: <a
href="https://github.com/umarcor"><code>@​umarcor</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1926">#1926</a></li>
<li>Add testing for Go 1.20 in CI: <a
href="https://github.com/umarcor"><code>@​umarcor</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1925">#1925</a></li>
<li>Add tests to illustrate unknown flag bug: <a
href="https://github.com/brianpursley"><code>@​brianpursley</code></a>
<a
href="https://redirect.github.com/spf13/cobra/issues/1854">#1854</a></li>
</ul>
<h3>🔧 Maintenance</h3>
<ul>
<li>Update main image to better handle dark backgrounds: <a
href="https://github.com/Deleplace"><code>@​Deleplace</code></a> and <a
href="https://github.com/marckhouzam"><code>@​marckhouzam</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1883">#1883</a></li>
<li>Fix <code>stale.yaml</code> mispellings: <a
href="https://github.com/enrichman"><code>@​enrichman</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1863">#1863</a></li>
<li>Remove stale bot from GitHub actions: <a
href="https://github.com/jpmcb"><code>@​jpmcb</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1908">#1908</a></li>
<li>Add makefile target for installing dependencies: <a
href="https://github.com/umarcor"><code>@​umarcor</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1865">#1865</a></li>
<li>Add Sia to projects using Cobra: <a
href="https://github.com/mike76-dev"><code>@​mike76-dev</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1844">#1844</a></li>
<li>Add <code>Vitess</code> and <code>Arewefastyet</code> to projects
using cobra: <a
href="https://github.com/frouioui"><code>@​frouioui</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1932">#1932</a></li>
<li>Fixup for Kubescape github org: <a
href="https://github.com/dwertent"><code>@​dwertent</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1874">#1874</a></li>
<li>Fix route for GitHub workflows badge: <a
href="https://github.com/sh-cho"><code>@​sh-cho</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1884">#1884</a></li>
<li>Fixup for GoDoc style documentation: <a
href="https://github.com/yashLadha"><code>@​yashLadha</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1885">#1885</a></li>
<li>Various bash scripting improvements for completion: <a
href="https://github.com/scop"><code>@​scop</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1702">#1702</a></li>
<li>Add Constellation to projects using Cobra: <a
href="https://github.com/datosh"><code>@​datosh</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1829">#1829</a></li>
</ul>
<h3>✏️ Documentation</h3>
<ul>
<li>Add documentation about disabling completion descriptions: <a
href="https://github.com/Shihta"><code>@​Shihta</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1901">#1901</a></li>
<li>Improve <code>MarkFlagsMutuallyExclusive</code> example in user
guide: <a href="https://github.com/janhn"><code>@​janhn</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1904">#1904</a></li>
<li>Update <code>shell_completions.md</code>: <a
href="https://github.com/gusega"><code>@​gusega</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1907">#1907</a></li>
<li>Update copywrite year: <a
href="https://github.com/umarcor"><code>@​umarcor</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1927">#1927</a></li>
<li>Document suggested layout of subcommands: <a
href="https://github.com/lcarva"><code>@​lcarva</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1930">#1930</a></li>
<li>Replace deprecated ExactValidArgs with MatchAll in doc: <a
href="https://github.com/doniacld"><code>@​doniacld</code></a> <a
href="https://redirect.github.com/spf13/cobra/issues/1836">#1836</a></li>
</ul>
<hr />
<p>This release contains several long running fixes, improvements to
powershell completions, and further optimizations for completions.</p>
<p>Thank you everyone who contributed to this release and all your hard
work! Cobra and this community would never be possible without all of
you! 🐍</p>
<p>Full changelog: <a
href="https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0">https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4dd4b25de3"><code>4dd4b25</code></a>
Update main image to better handle dark background (<a
href="https://redirect.github.com/spf13/cobra/issues/1883">#1883</a>)</li>
<li><a
href="45360a55cc"><code>45360a5</code></a>
Allow sourcing zsh completion script (<a
href="https://redirect.github.com/spf13/cobra/issues/1917">#1917</a>)</li>
<li><a
href="c8a20a16ba"><code>c8a20a1</code></a>
Document suggested layout for subcommands (<a
href="https://redirect.github.com/spf13/cobra/issues/1930">#1930</a>)</li>
<li><a
href="b197a24504"><code>b197a24</code></a>
Update projects_using_cobra.md (<a
href="https://redirect.github.com/spf13/cobra/issues/1932">#1932</a>)</li>
<li><a
href="9e6b58afc7"><code>9e6b58a</code></a>
update copyright year (<a
href="https://redirect.github.com/spf13/cobra/issues/1927">#1927</a>)</li>
<li><a
href="fb3652402b"><code>fb36524</code></a>
ci: test Golang 1.20 (<a
href="https://redirect.github.com/spf13/cobra/issues/1925">#1925</a>)</li>
<li><a
href="c7300f0bdd"><code>c7300f0</code></a>
ci: deprecate go 1.16 (<a
href="https://redirect.github.com/spf13/cobra/issues/1926">#1926</a>)</li>
<li><a
href="567ea8ebc9"><code>567ea8e</code></a>
Add support for PowerShell 7.2+ (<a
href="https://redirect.github.com/spf13/cobra/issues/1916">#1916</a>)</li>
<li><a
href="3daa4b9c36"><code>3daa4b9</code></a>
Add keeporder to shell completion (<a
href="https://redirect.github.com/spf13/cobra/issues/1903">#1903</a>)</li>
<li><a
href="a516d4132c"><code>a516d41</code></a>
Removes stale bot from GitHub action (<a
href="https://redirect.github.com/spf13/cobra/issues/1908">#1908</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/spf13/cobra/compare/v1.6.1...v1.7.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/spf13/cobra&package-manager=go_modules&previous-version=1.6.1&new-version=1.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-04-05 09:21:25 -03:00
dependabot[bot]
ecf77c948f
feat(deps): bump github.com/disgoorg/disgo from 0.15.3 to 0.16.0 (#3905) 2023-04-04 08:25:49 -03:00
Carlos A Becker
62bd21ce8d
docs: improve docs on scoop.folder 
refs #3899
 2023-04-04 01:33:04 +00:00
Carlos Alexandro Becker
9dcc63c60e
build: create scoop manifests inside a bucket folder 
refs https://github.com/goreleaser/goreleaser/issues/3899

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-04-03 09:05:31 -03:00
Kazuki Matsumaru
b495c905d5
fix: set parallelism to match Linux container CPU (#3901) 
<!--

Hi, thanks for contributing!

Please make sure you read our CONTRIBUTING guide.

Also, add tests and the respective documentation changes as well.

-->

Currently Goreleaser uses `runtime.NumCPU()` as the default value if
`--parallelism` is not set.
However, this will get the number of CPUs on the host even when
Goreleaser is run in a container with a limit on the maximum number of
CPUs that can be used (typically in a Kubernetes pod).
Actually, `docker run --cpus=1 goreleaser/goreleaser --debug` shows
`parallelism: 4` on my machine.
This behavior causes CPU throttling, which increases execution time and,
in the worst case, terminates with an error.
I ran into this problem with Jenkins where the agent runs on pod
([Kubernetes plugin for
Jenkins](https://plugins.jenkins.io/kubernetes/)).

This commit introduces
[automaxprocs](https://github.com/uber-go/automaxprocs) to fix this
issue.
This library sets `GOMAXPROCS` to match Linux container CPU quota.
I have also looked for a library that can get CPU quota more directly,
but this seems to be the best I could find.
The reason it is set in a different notation from the automaxprocs
README is to prevent logs from being displayed
([comment](https://github.com/uber-go/automaxprocs/issues/18#issuecomment-511330567)).

I would have liked to write a test, but this change is dependent on the
number of CPUs in the execution environment, so I could not.
Instead, I wrote a Dockerfile for testing

```Dockerfile
FROM golang:1.20.2

WORKDIR /go/app
RUN sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b /usr/local/bin
COPY . .
RUN task build
```

and confirmed built binary shows expected parallelism by following
commands:

```sh
docker build --file Dockerfile.test . -t test-goreleaser
docker run --cpus=1 test-goreleaser ./goreleaser build --snapshot --debug # parallelism: 1
docker run test-goreleaser ./goreleaser build --snapshot --debug # parallelism: 4
```

I also ran the built binary on my Macbook and it was fine.
 2023-04-02 17:16:41 -03:00
Carlos Alexandro Becker
d524d93086
docs: standarizing docs defaults, since, etc (#3898) 
- [x] if the default is the zero-value for the field, do not specify
- [ ] TODO: add a "how to read this docs" section somewhere explaining
that
- [x] if the change was introduced in a v1.x.0, say only v1.x
- [x] drop trail ending `.` from Since, Default, etc
- [x] wording: always use `Default: ` instead of `Defaults to` and
others
- [x] add a note to templateable fields
- [x] default value of a field, if its a string, always between single
quotes `'`

---------

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-04-02 17:16:21 -03:00
Carlos A Becker
6ae7b08188
docs: improve page on partial builds 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-03-31 17:38:04 +00:00
Carlos A Becker
f33a36f01f
docs: fix typo 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-03-30 13:26:03 -03:00
Lars Lehtonen
5af2c31c7a
refactor: fix redundant net/http import (#3897) 
This fixes a redundant import of `net/http` in `internal/pipe/upload`.

Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>
 2023-03-30 08:54:52 -03:00
Carlos A Becker
f5bcdff445
docs: update 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-03-29 22:23:53 -03:00
Carlos A Becker
4ba418265e
chore: go mod tidy 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-03-29 14:39:27 -03:00
dependabot[bot]
43731e252c
feat(deps): bump github.com/google/ko from 0.12.0 to 0.13.0 (#3880) 
Bumps [github.com/google/ko](https://github.com/google/ko) from 0.12.0
to 0.13.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/ko/releases">github.com/google/ko's
releases</a>.</em></p>
<blockquote>
<h2>v0.13.0</h2>
<h2>What's Changed</h2>
<ul>
<li>SPDX: Fix package manager label by <a
href="https://github.com/puerco"><code>@​puerco</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/801">ko-build/ko#801</a></li>
<li>SPDX 2.3 support by <a
href="https://github.com/puerco"><code>@​puerco</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/803">ko-build/ko#803</a></li>
<li>ci: build and test using 1.18 and 1.19 (drop 1.17) by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/812">ko-build/ko#812</a></li>
<li>removes repo move message by <a
href="https://github.com/mchmarny"><code>@​mchmarny</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/814">ko-build/ko#814</a></li>
<li>feat: write sbom result to disk by <a
href="https://github.com/developer-guy"><code>@​developer-guy</code></a>
in <a
href="https://redirect.github.com/ko-build/ko/pull/822">ko-build/ko#822</a></li>
<li>feat: adding support for using multiple keychain for sending sbom
results to a different repository by <a
href="https://github.com/developer-guy"><code>@​developer-guy</code></a>
in <a
href="https://redirect.github.com/ko-build/ko/pull/821">ko-build/ko#821</a></li>
<li>Move docs to ko.build by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/749">ko-build/ko#749</a></li>
<li>Update setup-ko version by <a
href="https://github.com/ianlewis"><code>@​ianlewis</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/836">ko-build/ko#836</a></li>
<li>Add -- usage in readme by <a
href="https://github.com/jwcesign"><code>@​jwcesign</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/840">ko-build/ko#840</a></li>
<li>add CONTRIBUTING, code of conduct, roadmap by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/837">ko-build/ko#837</a></li>
<li>attempt to fix GH Pages publishing by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/843">ko-build/ko#843</a></li>
<li>doc: fix link to Installation page in Getting Started by <a
href="https://github.com/antoineco"><code>@​antoineco</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/846">ko-build/ko#846</a></li>
<li>.ko.yaml: bump golang 1.18 -&gt; 1.19 by <a
href="https://github.com/srenatus"><code>@​srenatus</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/848">ko-build/ko#848</a></li>
<li>truncate -image-refs file by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/855">ko-build/ko#855</a></li>
<li>update docs: fix broken links, align with README by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/854">ko-build/ko#854</a></li>
<li>Handle KO_DOCKER_REPO=ko.local/repo and --bare correctly by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/820">ko-build/ko#820</a></li>
<li>another docs update by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/856">ko-build/ko#856</a></li>
<li>ko.build: support some common shortlinks by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/872">ko-build/ko#872</a></li>
<li>install: fail with 404 instead of gzip error when url was wrong by
<a href="https://github.com/grosser"><code>@​grosser</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/879">ko-build/ko#879</a></li>
<li>feat: deduplicate tags by <a
href="https://github.com/bluebrown"><code>@​bluebrown</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/884">ko-build/ko#884</a></li>
<li>install mkdocs-redirect when publishing site by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/873">ko-build/ko#873</a></li>
<li>nit: replace one-item slice with const by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/885">ko-build/ko#885</a></li>
<li>Temp fix for SLSA generators by <a
href="https://github.com/laurentsimon"><code>@​laurentsimon</code></a>
in <a
href="https://redirect.github.com/ko-build/ko/pull/886">ko-build/ko#886</a></li>
<li>Fix verifier by <a
href="https://github.com/laurentsimon"><code>@​laurentsimon</code></a>
in <a
href="https://redirect.github.com/ko-build/ko/pull/891">ko-build/ko#891</a></li>
<li>Fix link in static-assets.md by <a
href="https://github.com/yuryu"><code>@​yuryu</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/893">ko-build/ko#893</a></li>
<li>add KO_DEFAULTBASEIMAGE usage to docs by <a
href="https://github.com/developer-guy"><code>@​developer-guy</code></a>
in <a
href="https://redirect.github.com/ko-build/ko/pull/895">ko-build/ko#895</a></li>
<li>Publish an tagged image on release by <a
href="https://github.com/vdemeester"><code>@​vdemeester</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/868">ko-build/ko#868</a></li>
<li>Add option to configure default platforms by <a
href="https://github.com/ReToCode"><code>@​ReToCode</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/897">ko-build/ko#897</a></li>
<li>Fix broken SLSA link by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/899">ko-build/ko#899</a></li>
<li>add MAINTAINERS.md by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/905">ko-build/ko#905</a></li>
<li>fix: possible race condition when applying templates to
flags/ldflags by <a
href="https://github.com/caarlos0"><code>@​caarlos0</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/913">ko-build/ko#913</a></li>
<li>update docs to reflect actual default base image by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/903">ko-build/ko#903</a></li>
<li>remove repeated error message on failure by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/921">ko-build/ko#921</a></li>
<li>website: update CNCF announcement by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/920">ko-build/ko#920</a></li>
<li>fix KO_CONFIG_PATH pointing to a file by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/923">ko-build/ko#923</a></li>
<li>upgrade to cosign v2.0.0-rc.0 by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/933">ko-build/ko#933</a></li>
<li>Feature: Add ECR presubmit testing. by <a
href="https://github.com/mattmoor"><code>@​mattmoor</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/934">ko-build/ko#934</a></li>
<li>remove 'ko deps' by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/937">ko-build/ko#937</a></li>
<li>feat: Add KO_GO_PATH env var by <a
href="https://github.com/embano1"><code>@​embano1</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/930">ko-build/ko#930</a></li>
<li>add ko.build/slack short link by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/945">ko-build/ko#945</a></li>
<li>update link to ko goreleaser docs by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/936">ko-build/ko#936</a></li>
<li>add ko community meeting details by <a
href="https://github.com/developer-guy"><code>@​developer-guy</code></a>
in <a
href="https://redirect.github.com/ko-build/ko/pull/938">ko-build/ko#938</a></li>
<li>fix cosign by adding --yes by <a
href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/973">ko-build/ko#973</a></li>
<li>fix: handle docker's unknown/unknown platform in index manifests by
<a href="https://github.com/imjasonh"><code>@​imjasonh</code></a> in <a
href="https://redirect.github.com/ko-build/ko/pull/975">ko-build/ko#975</a></li>
<li>fix file extension for cyclonedx by <a
href="https://github.com/developer-guy"><code>@​developer-guy</code></a>
in <a
href="https://redirect.github.com/ko-build/ko/pull/974">ko-build/ko#974</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/ianlewis"><code>@​ianlewis</code></a>
made their first contribution in <a
href="https://redirect.github.com/ko-build/ko/pull/836">ko-build/ko#836</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e22e7a15ff"><code>e22e7a1</code></a>
bump ggcr dep to <a
href="https://github.com/main"><code>@​main</code></a> (<a
href="https://redirect.github.com/google/ko/issues/976">#976</a>)</li>
<li><a
href="8e075ae1f1"><code>8e075ae</code></a>
fix file extension for cyclonedx (<a
href="https://redirect.github.com/google/ko/issues/974">#974</a>)</li>
<li><a
href="11670b7498"><code>11670b7</code></a>
fix: handle docker's unknown/unknown platform in index manifests (<a
href="https://redirect.github.com/google/ko/issues/975">#975</a>)</li>
<li><a
href="7ce947817e"><code>7ce9478</code></a>
fix cosign by adding --yes (<a
href="https://redirect.github.com/google/ko/issues/973">#973</a>)</li>
<li><a
href="9302da78dc"><code>9302da7</code></a>
Bump k8s.io/apimachinery from 0.26.1 to 0.26.2 (<a
href="https://redirect.github.com/google/ko/issues/972">#972</a>)</li>
<li><a
href="a1588838ba"><code>a158883</code></a>
Bump sigstore/cosign-installer from 2.8.1 to 3.0.1 (<a
href="https://redirect.github.com/google/ko/issues/971">#971</a>)</li>
<li><a
href="86b6c2854f"><code>86b6c28</code></a>
Bump actions/checkout from 2 to 3 (<a
href="https://redirect.github.com/google/ko/issues/966">#966</a>)</li>
<li><a
href="0bd12fb106"><code>0bd12fb</code></a>
Bump slsa-framework/slsa-github-generator from 1.2.1 to 1.5.0 (<a
href="https://redirect.github.com/google/ko/issues/967">#967</a>)</li>
<li><a
href="d5125daacd"><code>d5125da</code></a>
Bump github.com/sigstore/cosign/v2 from 2.0.0-rc.2 to 2.0.0 (<a
href="https://redirect.github.com/google/ko/issues/965">#965</a>)</li>
<li><a
href="03f4aed682"><code>03f4aed</code></a>
add ko community meeting details (<a
href="https://redirect.github.com/google/ko/issues/938">#938</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/google/ko/compare/v0.12.0...v0.13.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.12.0&new-version=0.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-03-29 14:38:57 -03:00
dependabot[bot]
c7a2818e2d
feat(deps): bump github.com/opencontainers/runc from 1.1.2 to 1.1.5 (#3896) 
Bumps
[github.com/opencontainers/runc](https://github.com/opencontainers/runc)
from 1.1.2 to 1.1.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/opencontainers/runc/releases">github.com/opencontainers/runc's
releases</a>.</em></p>
<blockquote>
<h2>runc 1.1.5 -- &quot;囚われた屈辱は 反撃の嚆矢だ&quot;</h2>
<p>This is the fifth patch release in the 1.1.z series of runc, which
fixes
three CVEs found in runc.</p>
<ul>
<li>
<p>CVE-2023-25809 is a vulnerability involving rootless containers where
(under specific configurations), the container would have write access
to the /sys/fs/cgroup/user.slice/... cgroup hierarchy. No other
hierarchies on the host were affected. This vulnerability was
discovered by Akihiro Suda.
<a
href="https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc">https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc</a></p>
</li>
<li>
<p>CVE-2023-27561 was a regression which effectively re-introduced
CVE-2019-19921. This bug was present from v1.0.0-rc95 to v1.1.4. This
regression was discovered by <a
href="https://github.com/Beuc"><code>@​Beuc</code></a>.
<a
href="https://github.com/advisories/GHSA-vpvm-3wq2-2wvm">https://github.com/advisories/GHSA-vpvm-3wq2-2wvm</a></p>
</li>
<li>
<p>CVE-2023-28642 is a variant of CVE-2023-27561 and was fixed by the
same
patch. This variant of the above vulnerability was reported by Lei
Wang.
<a
href="https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c">https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c</a></p>
</li>
</ul>
<p>In addition, the following other fixes are included in this
release:</p>
<ul>
<li>Fix the inability to use <code>/dev/null</code> when inside a
container. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3620">#3620</a>)</li>
<li>Fix changing the ownership of host's <code>/dev/null</code> caused
by fd redirection
(a regression in 1.1.1). (<a
href="https://redirect.github.com/opencontainers/runc/issues/3674">#3674</a>,
<a
href="https://redirect.github.com/opencontainers/runc/issues/3731">#3731</a>)</li>
<li>Fix rare runc exec/enter unshare error on older kernels, including
CentOS &lt; 7.7. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3776">#3776</a>)</li>
<li>nsexec: Check for errors in <code>write_log()</code>. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3721">#3721</a>)</li>
</ul>
<h3>Static Linking Notices</h3>
<p>The <code>runc</code> binary distributed with this release are
<em>statically linked</em> with
the following <a
href="https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html">GNU
LGPL-2.1</a> licensed libraries, with <code>runc</code> acting
as a &quot;work that uses the Library&quot;:</p>
<ul>
<li><a href="https://github.com/seccomp/libseccomp">libseccomp</a></li>
</ul>
<p>The versions of these libraries were not modified from their upstream
versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the
attached
runc source code) may be used to exercise your rights under the
LGPL-2.1.</p>
<p>However we strongly suggest that you make use of your distribution's
packages
or download them from the authoritative upstream sources, especially
since
these libraries are related to the security of your containers.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/opencontainers/runc/blob/v1.1.5/CHANGELOG.md">github.com/opencontainers/runc's
changelog</a>.</em></p>
<blockquote>
<h2>[1.1.5] - 2023-03-29</h2>
<blockquote>
<p>囚われた屈辱は
反撃の嚆矢だ</p>
</blockquote>
<h3>Fixed</h3>
<ul>
<li>Prohibit container's <code>/proc</code> and <code>/sys</code> to be
symlinks (CVE-2019-19921,
CVE-2023-27561, CVE-2023-28642, <a
href="https://redirect.github.com/opencontainers/runc/issues/3785">#3785</a>)</li>
<li>rootless: rework /sys/fs/cgroup mounts to avoid exposing the host's
cgroup
hierarchy into the container. (CVE-2023-25809)</li>
<li>Fix the inability to use <code>/dev/null</code> when inside a
container. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3620">#3620</a>)</li>
<li>Fix changing the ownership of host's <code>/dev/null</code> caused
by fd redirection
(a regression in 1.1.1). (<a
href="https://redirect.github.com/opencontainers/runc/issues/3674">#3674</a>,
<a
href="https://redirect.github.com/opencontainers/runc/issues/3731">#3731</a>)</li>
<li>Fix rare runc exec/enter unshare error on older kernels, inlcuding
CentOS &lt; 7.7. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3776">#3776</a>)</li>
<li>nsexec: Check for errors in <code>write_log()</code>. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3721">#3721</a>)</li>
<li>Various CI fixes and updates. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3618">#3618</a>,
<a
href="https://redirect.github.com/opencontainers/runc/issues/3630">#3630</a>,
<a
href="https://redirect.github.com/opencontainers/runc/issues/3640">#3640</a>,
<a
href="https://redirect.github.com/opencontainers/runc/issues/3729">#3729</a>)</li>
</ul>
<h2>[1.1.4] - 2022-08-24</h2>
<blockquote>
<p>If you look for perfection, you'll never be content.</p>
</blockquote>
<h3>Fixed</h3>
<ul>
<li>Fix mounting via wrong proc fd.
When the user and mount namespaces are used, and the bind mount is
followed by
the cgroup mount in the spec, the cgroup was mounted using the bind
mount's
mount fd. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3511">#3511</a>)</li>
<li>Switch <code>kill()</code> in <code>libcontainer/nsenter</code> to
<code>sane_kill()</code>. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3536">#3536</a>)</li>
<li>Fix &quot;permission denied&quot; error from <code>runc run</code>
on <code>noexec</code> fs. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3541">#3541</a>)</li>
<li>Fix failed exec after <code>systemctl daemon-reload</code>.
Due to a regression in v1.1.3, the <code>DeviceAllow=char-pts rwm</code>
rule was no
longer added and was causing an error <code>open /dev/pts/0: operation
not permitted: unknown</code>
when systemd was reloaded. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3554">#3554</a>)</li>
<li>Various CI fixes. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3538">#3538</a>,
<a
href="https://redirect.github.com/opencontainers/runc/issues/3558">#3558</a>,
<a
href="https://redirect.github.com/opencontainers/runc/issues/3562">#3562</a>)</li>
</ul>
<h2>[1.1.3] - 2022-06-09</h2>
<blockquote>
<p>In the beginning there was nothing, which exploded.</p>
</blockquote>
<h3>Fixed</h3>
<ul>
<li>Our seccomp <code>-ENOSYS</code> stub now correctly handles
multiplexed syscalls on
s390 and s390x. This solves the issue where syscalls the host kernel did
not
support would return <code>-EPERM</code> despite the existence of the
<code>-ENOSYS</code> stub
code (this was due to how s390x does syscall multiplexing). (<a
href="https://redirect.github.com/opencontainers/runc/issues/3478">#3478</a>)</li>
<li>Retry on dbus disconnect logic in libcontainer/cgroups/systemd now
works as
intended; this fix does not affect runc binary itself but is important
for
libcontainer users such as Kubernetes. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3476">#3476</a>)</li>
<li>Inability to compile with recent clang due to an issue with
duplicate</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f19387a6be"><code>f19387a</code></a>
VERSION: release v1.1.5</li>
<li><a
href="58a9abee21"><code>58a9abe</code></a>
Merge pull request from GHSA-m8cg-xc2p-r3fc</li>
<li><a
href="27fb72c7ff"><code>27fb72c</code></a>
merge branch 'pr-3776' into release-1.1</li>
<li><a
href="8ec02ea1b1"><code>8ec02ea</code></a>
nsexec: retry unshare on EINVAL</li>
<li><a
href="059d7730fc"><code>059d773</code></a>
merge branch 'pr-3785' into release-1.1</li>
<li><a
href="0abab45c9b"><code>0abab45</code></a>
Prohibit /proc and /sys to be symlinks</li>
<li><a
href="0e6b818a2b"><code>0e6b818</code></a>
rootless: fix /sys/fs/cgroup mounts</li>
<li><a
href="c6781d100a"><code>c6781d1</code></a>
Merge pull request <a
href="https://redirect.github.com/opencontainers/runc/issues/3721">#3721</a>
from kinvolk/rata/nsfixes-backport</li>
<li><a
href="f6e2cd3baf"><code>f6e2cd3</code></a>
nsexec: Check for errors in write_log()</li>
<li><a
href="3775df9fcb"><code>3775df9</code></a>
Merge pull request <a
href="https://redirect.github.com/opencontainers/runc/issues/3731">#3731</a>
from kolyshkin/1.1-fix-dev-null</li>
<li>Additional commits viewable in <a
href="https://github.com/opencontainers/runc/compare/v1.1.2...v1.1.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/opencontainers/runc&package-manager=go_modules&previous-version=1.1.2&new-version=1.1.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/goreleaser/goreleaser/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-29 14:37:12 -03:00
Carlos A Becker
4ada24b6a8
refactor: remove unused function 
refs f4fad65471e037a6b76353106ebb6a38fd5ebda4
refs #3891

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-03-29 13:25:26 -03:00
Carlos A Becker
f4fad65471
fix: improve gpg.program detection, add more tests 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-03-29 13:23:23 -03:00
Carlos Alexandro Becker
9a97aaae99
fix: improve brew no archive error (#3895) 
similar to #3894, but for homebrew

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-03-29 10:24:53 -03:00
Carlos Alexandro Becker
37e92ce2f1
fix: clarify scoop no windows error (#3894) 
improve error message and related docs

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-03-29 10:18:40 -03:00
Carlos A Becker
1b86abcfc6
chore: update schema 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-03-29 10:03:19 -03:00
dependabot[bot]
55154b9aea
feat(deps): bump github.com/imdario/mergo from 0.3.14 to 0.3.15 (#3892) 
Bumps [github.com/imdario/mergo](https://github.com/imdario/mergo) from
0.3.14 to 0.3.15.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fb3c082091"><code>fb3c082</code></a>
Update stackaid dependencies for imdario/mergo</li>
<li><a
href="c9e40b59db"><code>c9e40b5</code></a>
Merge pull request <a
href="https://redirect.github.com/imdario/mergo/issues/227">#227</a>
from eh-steve/should-not-dereference</li>
<li><a
href="acd16ec124"><code>acd16ec</code></a>
Merge branch 'master' into should-not-dereference</li>
<li><a
href="62d1cf2897"><code>62d1cf2</code></a>
Update stackaid dependencies for imdario/mergo</li>
<li><a
href="dcef160919"><code>dcef160</code></a>
Merge pull request <a
href="https://redirect.github.com/imdario/mergo/issues/226">#226</a>
from ronaudinho/fix/202</li>
<li><a
href="404749e66d"><code>404749e</code></a>
Update stackaid dependencies for imdario/mergo</li>
<li><a
href="bd316d34ac"><code>bd316d3</code></a>
Merge pull request <a
href="https://redirect.github.com/imdario/mergo/issues/221">#221</a>
from zhiyu0729/issue220</li>
<li><a
href="5b9bbdb8b6"><code>5b9bbdb</code></a>
Update stackaid dependencies for imdario/mergo</li>
<li><a
href="90db0ad2f4"><code>90db0ad</code></a>
Merge pull request <a
href="https://redirect.github.com/imdario/mergo/issues/170">#170</a>
from mdeltour/fix/naming-typo</li>
<li><a
href="0e73161ca2"><code>0e73161</code></a>
Add WithoutDereference config to prevent incorrect bool pointer
merges</li>
<li>Additional commits viewable in <a
href="https://github.com/imdario/mergo/compare/v0.3.14...v0.3.15">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/imdario/mergo&package-manager=go_modules&previous-version=0.3.14&new-version=0.3.15)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-03-27 13:53:18 -03:00
Go Compile
d83d362b96
fix(sign): use gpg path from git config by default if it is set (#3891) 
Fixes issue #3890 by checking the user's git `gpg.program`
configuration. If the user didn't set this value it will use the default
"gpg", just like before this PR.

No need to add a additional unit test as your existing tests cover it
(mostly); however, a comment has been added to that check, informing the
reader that the test environment assumes `git config gpg.program` is not
be set.
 2023-03-27 12:00:24 -03:00
Carlos Alexandro Becker
723484d157
fix: do not skip scoop on draft releases (#3889) 
all other pipes don't, not sure why scoop was doing it.

closes #3887
 2023-03-24 00:02:15 -03:00
Carlos Alexandro Becker
44f8fae305
feat: IsDraft template variable (#3888) 
allows to use `{{ .IsDraft }}` in templates.

---------

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-03-24 00:01:48 -03:00
Carlos Alexandro Becker
f82a32cd3a
feat: blobs.disable (#3884) 
Allows to template-disable specific blob configurations.

Closes #3883
 2023-03-23 08:59:04 -03:00
Carlos A Becker
7229a0dab0
refactor: pipe.Skipf 2023-03-22 23:49:48 -03:00
Carlos A Becker
ede2ff90e4
Merge remote-tracking branch 'origin/main' 2023-03-22 23:39:36 -03:00
dependabot[bot]
34fd422742
feat(deps): bump github.com/disgoorg/disgo from 0.15.2 to 0.15.3 (#3882) 
Bumps [github.com/disgoorg/disgo](https://github.com/disgoorg/disgo)
from 0.15.2 to 0.15.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/disgoorg/disgo/releases">github.com/disgoorg/disgo's
releases</a>.</em></p>
<blockquote>
<h2>v0.15.3</h2>
<h2>What's Changed</h2>
<ul>
<li>fix goroutine leaks from reconnects &amp; resumes by <a
href="https://github.com/TopiSenpai"><code>@​TopiSenpai</code></a> in <a
href="https://redirect.github.com/disgoorg/disgo/pull/246">disgoorg/disgo#246</a></li>
<li>Added Len func to each XCache interface by <a
href="https://github.com/TisLeo"><code>@​TisLeo</code></a> in <a
href="https://redirect.github.com/disgoorg/disgo/pull/248">disgoorg/disgo#248</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/TisLeo"><code>@​TisLeo</code></a> made
their first contribution in <a
href="https://redirect.github.com/disgoorg/disgo/pull/248">disgoorg/disgo#248</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/disgoorg/disgo/compare/v0.15.2...v0.15.3">https://github.com/disgoorg/disgo/compare/v0.15.2...v0.15.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8369a3b972"><code>8369a3b</code></a>
Added Len func to each XCache interface (<a
href="https://redirect.github.com/disgoorg/disgo/issues/248">#248</a>)</li>
<li><a
href="381f278234"><code>381f278</code></a>
maybe fix goroutine leaks from reconnects &amp; resumes (<a
href="https://redirect.github.com/disgoorg/disgo/issues/246">#246</a>)</li>
<li>See full diff in <a
href="https://github.com/disgoorg/disgo/compare/v0.15.2...v0.15.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/disgoorg/disgo&package-manager=go_modules&previous-version=0.15.2&new-version=0.15.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-21 14:35:33 -03:00
actions-user
21b594d009 chore: docs auto-update 2023-03-20 19:07:44 +00:00
Maxime Brunet
c47315fead
feat(ko): support labels and creation times (#3852) 
* Add a `labels` key-value map to the `kos` config.
My interest is to be able to label the built images:
https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#labelling-container-images
* Add creation times to allow using the commit timestamp as meaningful
creation time
 2023-03-20 16:05:44 -03:00
dependabot[bot]
b96dba0333
feat(deps): bump github.com/google/go-containerregistry from 0.13.0 to 0.14.0 (#3878) 
Bumps
[github.com/google/go-containerregistry](https://github.com/google/go-containerregistry)
from 0.13.0 to 0.14.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/go-containerregistry/releases">github.com/google/go-containerregistry's
releases</a>.</em></p>
<blockquote>
<h2>v0.14.0</h2>
<h2>Changelog</h2>
<ul>
<li>9306ebad Allow crane edit to generate non-image artifacts (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1545">#1545</a>)</li>
<li>de35f0f7 Allow setting Content-Type in crane edit manifest (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1551">#1551</a>)</li>
<li>4b081f80 Avoid v1.Manifest in crane edit config (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1583">#1583</a>)</li>
<li>1cfe1fc2 Bump aws-actions/configure-aws-credentials from 1.7.0 to
2.0.0 (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1593">#1593</a>)</li>
<li>da1008fb Bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1548">#1548</a>)</li>
<li>86be45fb Bump goreleaser/goreleaser-action from 4.1.0 to 4.1.1 (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1547">#1547</a>)</li>
<li>62f183e5 Bump goreleaser/goreleaser-action from 4.1.1 to 4.2.0 (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1556">#1556</a>)</li>
<li>1b8dc2ba Bump slsa-framework/slsa-github-generator from 1.2.2 to
1.5.0 (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1580">#1580</a>)</li>
<li>11843ba2 Enforce proper sha256 usage (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1544">#1544</a>)</li>
<li>2ceebaaf Implement crane index subcommand (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1561">#1561</a>)</li>
<li>9f42e028 Set mediaType for empty.ImageIndex in RawManifest (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1562">#1562</a>)</li>
<li>759b19f7 Support artifactType, for images whose config.mediaType is
not a config (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1541">#1541</a>)</li>
<li>b3c23b4c Support for OCI 1.1+ referrers via API (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1546">#1546</a>)</li>
<li>061ee6bf Support for OCI 1.1+ referrers via fallback tag (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1543">#1543</a>)</li>
<li>67703048 Update descriptor &quot;data&quot; field (when valid)
during &quot;crane edit config&quot; (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1584">#1584</a>)</li>
<li>76bac933 Update release.yml (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1540">#1540</a>)</li>
<li>eb7d746c authn: also read mount secrets (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1560">#1560</a>)</li>
<li>e94d4089 bump deps using ./hack/bump-deps.sh (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1592">#1592</a>)</li>
<li>4e95ae2b crane: add --flatten for index append (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1566">#1566</a>)</li>
<li>ff810c18 crane: add serve subcommand (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1586">#1586</a>)</li>
<li>8ea5e0e8 crane: support --omit-digest-tags in crane ls (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1528">#1528</a>)</li>
<li>824efc77 fix(mutate): also set timestamps only present in some
formats (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1550">#1550</a>)</li>
<li>e04520bc fix: Fix the crane release url and add more steps (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1532">#1532</a>)</li>
<li>d8722327 hash: use generic instantiation (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1538">#1538</a>)</li>
<li>57f010d2 replace manual slsa-verifier installation with action (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1585">#1585</a>)</li>
<li>9cd098e3 skip tls verification if default transport is used with
insecure option (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1559">#1559</a>)</li>
<li>36249683 tarball: pass imageToTags (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1563">#1563</a>)</li>
</ul>
<h3>Container Images</h3>
<p><a
href="https://gcr.io/go-containerregistry/crane:v0.14.0">https://gcr.io/go-containerregistry/crane:v0.14.0</a>
<a
href="https://gcr.io/go-containerregistry/gcrane:v0.14.0">https://gcr.io/go-containerregistry/gcrane:v0.14.0</a></p>
<p>For example:</p>
<pre><code>docker pull gcr.io/go-containerregistry/crane:v0.14.0
docker pull gcr.io/go-containerregistry/gcrane:v0.14.0
</code></pre>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4b081f801f"><code>4b081f8</code></a>
Avoid v1.Manifest in crane edit config (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1583">#1583</a>)</li>
<li><a
href="1cfe1fc25f"><code>1cfe1fc</code></a>
Bump aws-actions/configure-aws-credentials from 1.7.0 to 2.0.0 (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1593">#1593</a>)</li>
<li><a
href="e94d40893b"><code>e94d408</code></a>
bump deps using ./hack/bump-deps.sh (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1592">#1592</a>)</li>
<li><a
href="ff810c186c"><code>ff810c1</code></a>
crane: add serve subcommand (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1586">#1586</a>)</li>
<li><a
href="57f010d26a"><code>57f010d</code></a>
replace manual slsa-verifier installation with action (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1585">#1585</a>)</li>
<li><a
href="6770304899"><code>6770304</code></a>
Update descriptor &quot;data&quot; field (when valid) during &quot;crane
edit config&quot; (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1584">#1584</a>)</li>
<li><a
href="1b8dc2babc"><code>1b8dc2b</code></a>
Bump slsa-framework/slsa-github-generator from 1.2.2 to 1.5.0 (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1580">#1580</a>)</li>
<li><a
href="8ea5e0e8f0"><code>8ea5e0e</code></a>
crane: support --omit-digest-tags in crane ls (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1528">#1528</a>)</li>
<li><a
href="4e95ae2b72"><code>4e95ae2</code></a>
crane: add --flatten for index append (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1566">#1566</a>)</li>
<li><a
href="4a0e0af4bf"><code>4a0e0af</code></a>
docs: Update crane installation and verification instructions (<a
href="https://redirect.github.com/google/go-containerregistry/issues/1567">#1567</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/google/go-containerregistry/compare/v0.13.0...v0.14.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/go-containerregistry&package-manager=go_modules&previous-version=0.13.0&new-version=0.14.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-20 09:58:29 -03:00
Carlos A Becker
98eb6a2e98
test: fix gitlab test 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-03-20 09:29:14 -03:00
Carlos A Becker
a66fdd0718
test: fix deprecate test 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-03-20 09:29:14 -03:00
actions-user
ec8134b500 chore: docs auto-update 2023-03-20 12:23:36 +00:00
howieyuen
1f56d8e088
feat: scoop shortcuts (#3846) 
close: https://github.com/goreleaser/goreleaser/issues/3845
 2023-03-20 09:21:44 -03:00
Carlos A Becker
98bb4ba23a
chore: schema update 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-03-19 23:34:22 -03:00
Carlos A Becker
88f3aea086
refactor: improve tmpl mergeability with pro 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-03-19 23:32:33 -03:00
dependabot[bot]
f62a2e48ce
feat(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 (#3877) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go)
from 1.29.0 to 1.29.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/protocolbuffers/protobuf-go/releases">google.golang.org/protobuf's
releases</a>.</em></p>
<blockquote>
<h2>v1.29.1</h2>
<ul>
<li><a
href="https://github.com/protocolbuffers/protobuf-go/blob/HEAD/#v1.29.1-notable-changes">Notable
changes</a></li>
</ul>
<h2>Notable changes <!-- raw HTML omitted --><!-- raw HTML omitted
--></h2>
<p><strong>Bug fixes</strong></p>
<ul>
<li><a href="https://go.dev/cl/475995">CL/475995</a>:
internal/encoding/text: fix parsing of incomplete numbers</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="095a62b71f"><code>095a62b</code></a>
all: release v1.29.1</li>
<li><a
href="edaf511a7a"><code>edaf511</code></a>
internal/encoding/text: fix parsing of incomplete numbers</li>
<li><a
href="fe5bc54041"><code>fe5bc54</code></a>
all: start v1.29.0-devel</li>
<li><a
href="d3c9826520"><code>d3c9826</code></a>
all: release v1.29.0</li>
<li>See full diff in <a
href="https://github.com/protocolbuffers/protobuf-go/compare/v1.29.0...v1.29.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=google.golang.org/protobuf&package-manager=go_modules&previous-version=1.29.0&new-version=1.29.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/goreleaser/goreleaser/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-19 23:20:13 -03:00