Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.32 to 2.1.33.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.33 - 16 Nov 2022</h2>
<ul>
<li>Go is now analyzed in the same way as other compiled languages such
as C/C++, C#, and Java. This completes the rollout of the feature
described in <a
href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL
Action version 2.1.27</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li>
<li>Bump the minimum CodeQL bundle version to 2.6.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li>
</ul>
<h2>2.1.32 - 14 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li>
<li>Update the ML-powered additional query pack for JavaScript to
version 0.4.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li>
</ul>
<h2>2.1.31 - 04 Nov 2022</h2>
<ul>
<li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been
updated to no longer report uses of hash functions such as
<code>MD5</code> and <code>SHA1</code> even if they are known to be
weak. These hash algorithms are used very often in non-sensitive
contexts, making the query too imprecise in practice. For more
information, see the corresponding change in the <a
href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql
repository</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li>
</ul>
<h2>2.1.30 - 02 Nov 2022</h2>
<ul>
<li>Improve the error message when using CodeQL bundle version 2.7.2 and
earlier in a workflow that runs on a runner image such as
<code>ubuntu-22.04</code> that uses glibc version 2.34 and later. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1334">#1334</a></li>
</ul>
<h2>2.1.29 - 26 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li>
</ul>
<h2>2.1.28 - 18 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li>
<li>Replace uses of GitHub Actions command <code>set-output</code>
because it is now deprecated. See more information in the <a
href="https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/">GitHub
Changelog</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1301">#1301</a></li>
</ul>
<h2>2.1.27 - 06 Oct 2022</h2>
<ul>
<li>We are rolling out a feature of the CodeQL Action in October 2022
that changes the way that Go code is analyzed to be more consistent with
other compiled languages like C/C++, C#, and Java. You do not need to
alter your code scanning workflows. If you encounter any problems,
please <a href="https://github.com/github/codeql-action/issues">file an
issue</a> or open a private ticket with GitHub Support and request an
escalation to engineering.</li>
</ul>
<h2>2.1.26 - 29 Sep 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li>
</ul>
<h2>2.1.25 - 21 Sep 2022</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
<li>Add support for Python automatic dependency installation with Poetry
1.2 <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="678fc3afe2"><code>678fc3a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1375">#1375</a>
from github/update-v2.1.33-c939e661</li>
<li><a
href="d13b9b8244"><code>d13b9b8</code></a>
Fix changelog entry</li>
<li><a
href="f2c3e7ca4e"><code>f2c3e7c</code></a>
Update changelog for v2.1.33</li>
<li><a
href="c939e6615d"><code>c939e66</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1372">#1372</a>
from github/marcogario/prioritize_github_ref</li>
<li><a
href="1935d19d61"><code>1935d19</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1358">#1358</a>
from github/henrymercer/require-cli-2.6.3</li>
<li><a
href="7484436e5d"><code>7484436</code></a>
Remove Go extraction feature flags (<a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1371">#1371</a>)</li>
<li><a
href="0a76b97b28"><code>0a76b97</code></a>
Prefer GITHUB_REF to CODE_SCANNING_REF</li>
<li><a
href="f8b607edaa"><code>f8b607e</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1364">#1364</a>
from github/henrymercer/delete-runner-part-2</li>
<li><a
href="d48707ce53"><code>d48707c</code></a>
Merge branch 'henrymercer/delete-runner-part-2' into
henrymercer/require-cli-...</li>
<li><a
href="07b9db6a46"><code>07b9db6</code></a>
Explicitly set up Go 1.13.1 in checks running on old runner images</li>
<li>Additional commits viewable in <a
href="4238421316...678fc3afe2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps golang from `dc4f475` to `d171aa3`.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
this use the digests on the manifest creation.
Another PR will add it to signing too.
refs #3496
refs #3540
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
this drives it home by using the actual images/manifest digests to sign
with cosign by default.
the default signing command is changing in this PR, but since `digest`
should be always there (if not, the pipeline will fail way earlier), it
should be fine.
refs https://github.com/goreleaser/goreleaser/issues/3496
refs https://github.com/goreleaser/goreleaser/pull/3540
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
this should prevent yamlschema from complaining on some fields that
accept an integer or string (goarm) and a bool or string (skip*)
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
Following #3540, output artifacts' checksums to the artifact info.
This addition makes it easier to consume the checksums, especially when
running from e.g. GitHub Actions.
New tests:
1. Add a check for the checksum in the extra field.
2. Add a test for every checksum algorithm (to see that it doesn't break
for any algo's output).
3. Add a case of a binary and an extra file (to see that the logic
doesn't break when there's a mix).
p.s.
While working on that, I noticed that the convention for extra fields is
actually to use UpperCamelCase rather than lower.
I was mistaken because I looked at the subfields of the "DockerConfig"
extra field.
I think it's a good idea to fix it quickly, before the next release
rolls and it becomes a compatibility issue.
I took the liberty to fix it here as an extra commit. Please let me know
if you want it to be in a separate PR.
---
Tests:
```
go test
• refreshing checksums file=binary_bar_checksums.txt
• refreshing checksums file=binary_bar_checksums.txt
• refreshing checksums file=binary_bar_checksums.txt
PASS
ok github.com/goreleaser/goreleaser/internal/pipe/checksums 0.184s
```
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
[Mercure](https://mercure.rocks), an open solution for real-time
communications designed to be fast, reliable and battery-efficient is a
proud user of GoReleaser.
Bumps
[actions/dependency-review-action](https://github.com/actions/dependency-review-action)
from 2 to 3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's
releases</a>.</em></p>
<blockquote>
<h2>3.0.0</h2>
<h2>Breaking Changes</h2>
<p>By default the action now expects <a
href="https://spdx.org/licenses/">SPDX-compliant licenses</a>
everywhere. If you were previously using license names in the allow or
deny lists make sure they're valid!</p>
<h2>What's Changed</h2>
<h3>Support for external configuration files</h3>
<p>You can now specify a <a
href="https://github.com/actions/dependency-review-action/#configuration-file">configuration
file external to your repository</a>. This allows organizations to have
a single configuration file for all their repos.</p>
<h3>Broader license support</h3>
<p>We've added support for a much broader set of project licenses by
using GitHub's <a
href="https://docs.github.com/en/rest/licenses">Licenses API</a>.</p>
<h3>SPDX Compliance</h3>
<p>All of our license-related code now expects <a
href="https://spdx.org/licenses/">SPDX-compliant licenses or
expressions</a>. This allows us to standardize on a license naming
scheme that already supports <code>OR</code>/<code>AND</code>
expressions.</p>
<h3>Disable individual checks</h3>
<p>You can now use the boolean options <code>license-check</code> and
<code>vulnerability-check</code> to disable either one of the checks.
More information in <a
href="https://github.com/actions/dependency-review-action/#configuration-options">our
configuration options</a>.</p>
<h2>Thanks</h2>
<p>Contributors for this release include:</p>
<ul>
<li><a
href="https://github.com/cnagadya"><code>@cnagadya</code></a></li>
<li><a
href="https://github.com/courtneycl"><code>@courtneycl</code></a></li>
<li><a
href="https://github.com/ericcornelissen"><code>@ericcornelissen</code></a></li>
<li><a
href="https://github.com/elireisman"><code>@elireisman</code></a></li>
<li><a href="https://github.com/hmaurer"><code>@hmaurer</code></a></li>
</ul>
<p>Thanks everyone!
<strong>Full Changelog</strong>: <a
href="https://github.com/actions/dependency-review-action/compare/v2...v3.0.0">https://github.com/actions/dependency-review-action/compare/v2...v3.0.0</a></p>
<h2>2.5.1</h2>
<p>Adding some quality-of-life improvements to the local development
experience. You can now pass a flag to the <code>scripts/scan_pr</code>
script using the <code>-c/--config-file</code> flags to use an external
configuration file:</p>
<p>Example:</p>
<pre><code> scripts/scan_pr
https://github.com/actions/dependency-review-action/pull/294
</code></pre>
<h2>2.5.0</h2>
<p>Fallback on GitHub Licenses API data for missing Dependency Review
API Licenses. This should improve our license coverage.</p>
<h2>2.4.1</h2>
<p>This patch release fixes the bugs below:</p>
<ul>
<li>Display the dependency name instead of the manifest name in the
detailed list of dependents.</li>
<li>Fix an issue where undefined GHSAs would remove filter out all
changes.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="30d5821115"><code>30d5821</code></a>
Bumping version number</li>
<li><a
href="6e42c3395a"><code>6e42c33</code></a>
Remove defaults from the recently added fields.</li>
<li><a
href="a3074cd699"><code>a3074cd</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/327">#327</a>
from actions/adding-extra-options</li>
<li><a
href="51a29d6960"><code>51a29d6</code></a>
Updating action.yml to include <code>*-check</code> config</li>
<li><a
href="235a221cf4"><code>235a221</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/324">#324</a>
from actions/readme-update</li>
<li><a
href="9b3a7f61dd"><code>9b3a7f6</code></a>
Minor README tweaks.</li>
<li><a
href="a4761312ac"><code>a476131</code></a>
Add <code>pull_request</code> to the list of events that don't need
refs.</li>
<li><a
href="28c7c8c314"><code>28c7c8c</code></a>
Set the correct default for license-check in README.</li>
<li><a
href="9da0fd4871"><code>9da0fd4</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/325">#325</a>
from actions/dependabot/npm_and_yarn/eslint-plugin-je...</li>
<li><a
href="fe45fd6645"><code>fe45fd6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/326">#326</a>
from actions/dependabot/npm_and_yarn/esbuild-register...</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/dependency-review-action/compare/v2...v3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Extract the digest (sha256) of docker images from the `docker push`
command for dockers published to the docker registry.
Outputting the digest is required to avoid a race condition when
referencing the image, where the image tag is being modified before the
reference is done.
See this [blog
post](https://github.com/goreleaser/goreleaser/issues/3496) for more
info.
This PR fixes https://github.com/goreleaser/goreleaser/issues/3496.
Note that the 'publish' pipe now must run before the 'metadata' pipe, so
that the information extracted during the 'publish' pipe would appear in
the metadata.
Previously, the published docker images metadata wasn't printed (because
of the order). It made sense because the content of the published image
was just a subset of the local one.
Now that it is printed to the metadata, it should have a different name
to avoid confusion.
As I mentioned, it wasn't printed before - so there shouldn't be any
backward-compatibility issues.
---
Local tests:
```
go test -v .
=== RUN TestVersion
=== RUN TestVersion/only_version
=== RUN TestVersion/version_and_date
=== RUN TestVersion/version,_date,_built_by
=== RUN TestVersion/all_empty
=== RUN TestVersion/complete
--- PASS: TestVersion (0.00s)
--- PASS: TestVersion/only_version (0.00s)
--- PASS: TestVersion/version_and_date (0.00s)
--- PASS: TestVersion/version,_date,_built_by (0.00s)
--- PASS: TestVersion/all_empty (0.00s)
--- PASS: TestVersion/complete (0.00s)
PASS
ok github.com/goreleaser/goreleaser 0.764s
```
Output example:
```
{
"name": "gallegit/hello-world:latest",
"path": "gallegit/hello-world:latest",
"goos": "linux",
"goarch": "amd64",
"internal_type": 10,
"type": "Published Docker Image",
"extra": {
"digest": "sha256:c3f7dd196a046dc061236d3c6ae1e2946269e90da30b0a959240ca799750e632"
}
}
```
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
This PR adds support for generating the structure used to pack and push
Chocolatey Packages. And will solve the #3154
Is not ready for merge yet, but has the main structure, and ready for
comments.
Accordingly to Chocolatey, in order to build a package, it's necessary a
`.nuspec` and `chocolateyinstall.ps1` files at least, having these ones,
we could pack and distribute without adding the binary inside the final
package and that was implemented here.
To complete, will be necessary to define the package build and
distribute, however will be required to have Chocolatey installed
(Windows Only). One of alternatives that I thought was, publish the
files like Scoop and Brew in a separate repository, and there we could
use `chocolatey` through
[crazy-max/ghaction-chocolatey](https://github.com/crazy-max/ghaction-chocolatey).
Chocolatey has a lot of good examples of repositories:
https://github.com/chocolatey-community/chocolatey-packages/tree/master/automatic/curl
A final compilation of the missing parts:
- [x] How to pack and push (chocolatey)
- [x] Documentation
Sorry for the long description😄
All feedback very welcome!
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
<!--
Hi, thanks for contributing!
Please make sure you read our CONTRIBUTING guide.
Also, add tests and the respective documentation changes as well.
-->
<!-- If applied, this commit will... -->
This PR improves the handling of shared or static libraries by
GoReleaser. It uses the default behaviour of the Go compiler by
appending the right extension to libraries.
* `.so` and `.a` for Linux shared libraries and static libraries
respectively
* `.dylib` and `.a.` on Darwin
* `.dll` and `.lib` on Windows (pre-existent)
It does not add any configuration option to `.goreleaser.yml`, since it
leverages the existing `buildmode` flag.
Additionally, this PR takes care of adding the generated header file
into the archive.
<!-- Why is this change being made? -->
Personally I would leverage this change to release some software both as
a CLI and as a shared library. I believe others who use CGo or need
interoperability with Go from other languages could benefit from this.
<!-- # Provide links to any relevant tickets, URLs or other resources
-->
This was previously discussed in #3497.
I couldn't quite think of a proper way to add some tests to the header
archiving feature. Any recommendation?
Bumps golang from `8558ae6` to `dc4f475`.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
<!--
Hi, thanks for contributing!
Please make sure you read our CONTRIBUTING guide.
Also, add tests and the respective documentation changes as well.
-->
<!-- If applied, this commit will... -->
Fixes wording in the docs page about Git being in a dirty state.
<!-- Why is this change being made? -->
The goal is to improve the end-user reading of the instructions.
<!-- # Provide links to any relevant tickets, URLs or other resources
-->
...
Bumps
[github.com/invopop/jsonschema](https://github.com/invopop/jsonschema)
from 0.6.0 to 0.7.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9f28aff529"><code>9f28aff</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/invopop/jsonschema/issues/53">#53</a>
from webdestroya/feat/schema-post</li>
<li><a
href="ea9462d7d8"><code>ea9462d</code></a>
fixes</li>
<li><a
href="7ebaf5956b"><code>7ebaf59</code></a>
Merge branch 'main' into feat/schema-post</li>
<li><a
href="b32bc839da"><code>b32bc83</code></a>
Renaming JSONSchemaPost to JSONSchemaExtend</li>
<li><a
href="a7e97159f1"><code>a7e9715</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/invopop/jsonschema/issues/57">#57</a>
from PeterNovotney/allow-equals</li>
<li><a
href="fb292e4c0a"><code>fb292e4</code></a>
Allow for = character in extra property values</li>
<li><a
href="55c890f449"><code>55c890f</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/invopop/jsonschema/issues/46">#46</a>
from deepjyoti30/feat/add-anyof-support</li>
<li><a
href="bd9a931546"><code>bd9a931</code></a>
feat(reflect): Add method to modify the schema after processing</li>
<li><a
href="679d2ebe09"><code>679d2eb</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/invopop/jsonschema/issues/47">#47</a>
from paulcacheux/paulcacheux/inline-ptr</li>
<li><a
href="48f39d6372"><code>48f39d6</code></a>
fix <code>Pointer</code> issue because of recent go version</li>
<li>Additional commits viewable in <a
href="https://github.com/invopop/jsonschema/compare/v0.6.0...v0.7.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Fix the regular expressions used in changelog group processing to valid
golang (RE2) regexps. These previously used PCRE character class `\w`
which is not supported in RE2 which is what golang regexp uses.
Also document that format matches not just title as some may thing but
the format `<abbrev-commit> <title-commit>`.
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.30 to 2.1.31.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c3b6fce4ee"><code>c3b6fce</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1345">#1345</a>
from github/update-v2.1.31-a8cabafa</li>
<li><a
href="8aa42f1f11"><code>8aa42f1</code></a>
Update CHANGELOG.md</li>
<li><a
href="29a5553722"><code>29a5553</code></a>
Update CHANGELOG.md</li>
<li><a
href="e260194d76"><code>e260194</code></a>
Update changelog for v2.1.31</li>
<li><a
href="a8cabafa56"><code>a8cabaf</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1344">#1344</a>
from github/edoardo/prune-ruby</li>
<li><a
href="862a512899"><code>862a512</code></a>
Prune results of Ruby query from SARIF</li>
<li><a
href="71510779c2"><code>7151077</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1342">#1342</a>
from github/mergeback/v2.1.30-to-main-18fe527f</li>
<li><a
href="81a1ec0fb3"><code>81a1ec0</code></a>
Update checked-in dependencies</li>
<li><a
href="60c8cda203"><code>60c8cda</code></a>
Update changelog and version after v2.1.30</li>
<li>See full diff in <a
href="18fe527fa8...c3b6fce4ee">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
