mirror of
https://github.com/goreleaser/goreleaser.git
synced 2025-01-10 03:47:03 +02:00
3f54b5eb2f
5208 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
dependabot[bot]
|
3f54b5eb2f
|
chore(deps): bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#4472)
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.2.0 to 3.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's releases</a>.</em></p> <blockquote> <h2>v3.3.0</h2> <h2>What's Changed</h2> <ul> <li>Bump actions/setup-go from 4.1.0 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/152">sigstore/cosign-installer#152</a></li> <li>update action to use latest cosign v2.2.2 by <a href="https://github.com/cpanato"><code>@cpanato</code></a> in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/153">sigstore/cosign-installer#153</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v3.2.0...v3.3.0">https://github.com/sigstore/cosign-installer/compare/v3.2.0...v3.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
52de4ac124
|
feat(deps): bump gocloud.dev from 0.34.0 to 0.35.0 (#4467)
Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.34.0 to 0.35.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/go-cloud/releases">gocloud.dev's releases</a>.</em></p> <blockquote> <h2>v0.35.0</h2> <p><strong>BREAKING CHANGES</strong></p> <p>This release updates the dependency on AWS/S3, which included some breaking changes; see <a href="https://redirect.github.com/google/go-cloud/pull/3342">google/go-cloud#3342</a> for details.</p> <p><strong>blob</strong></p> <ul> <li><em>gcsblob</em>: Fix unauthenticated requests.</li> </ul> <p><strong>runtimevar</strong></p> <ul> <li><em>constantvar</em>: Add support for reading the constant variable value from the environment.</li> </ul> <p><strong>docstore</strong></p> <ul> <li><em>gcpfilestore</em>: Add support for non-default databases.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
f0c4d71b78
|
feat(deps): bump golang from 5c1cabd to feceecc (#4466)
Bumps golang from `5c1cabd` to `feceecc`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
48d4d04c71
|
feat(deps): bump github.com/xanzy/go-gitlab from 0.94.0 to 0.95.1 (#4468)
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.94.0 to 0.95.1. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c6b68aa460
|
feat(deps): bump golang from 1.21.4-alpine to 1.21.5-alpine (#4463)
Bumps golang from 1.21.4-alpine to 1.21.5-alpine. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
d27c755505
|
chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 (#4464)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.1.0 to 5.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <p>In scope of this release, we change Nodejs runtime from node16 to node20 (<a href="https://redirect.github.com/actions/setup-go/pull/421">actions/setup-go#421</a>). Moreover, we update some dependencies to the latest versions (<a href="https://redirect.github.com/actions/setup-go/pull/445">actions/setup-go#445</a>).</p> <p>Besides, this release contains such changes as:</p> <ul> <li>Fix hosted tool cache usage on windows by <a href="https://github.com/galargh"><code>@galargh</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/411">actions/setup-go#411</a></li> <li>Improve documentation regarding dependencies caching by <a href="https://github.com/artemgavrilov"><code>@artemgavrilov</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/417">actions/setup-go#417</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/galargh"><code>@galargh</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/411">actions/setup-go#411</a></li> <li><a href="https://github.com/artemgavrilov"><code>@artemgavrilov</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/417">actions/setup-go#417</a></li> <li><a href="https://github.com/chenrui333"><code>@chenrui333</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/421">actions/setup-go#421</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-go/compare/v4...v5.0.0">https://github.com/actions/setup-go/compare/v4...v5.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
Carlos Alexandro Becker
|
233c4bc26e
|
docs: fix changelog subgroups docs | ||
|
dependabot[bot]
|
8fac823f81
|
chore(deps): bump anchore/sbom-action from 0.15.0 to 0.15.1 (#4458)
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.15.0 to 0.15.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's releases</a>.</em></p> <blockquote> <h2>v0.15.1</h2> <h2>Changes in v0.15.1</h2> <ul> <li>chore(deps): update Syft to v0.98.0 (<a href="https://redirect.github.com/anchore/sbom-action/issues/431">#431</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> <li>Add config input (<a href="https://redirect.github.com/anchore/sbom-action/issues/430">#430</a>) [<a href="https://github.com/eyakubovich">eyakubovich</a>]</li> <li>chore: pin and upgrade gh actions (<a href="https://redirect.github.com/anchore/sbom-action/issues/429">#429</a>) [<a href="https://github.com/willmurphyscode">willmurphyscode</a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
00ea9f97ed
|
feat(deps): bump code.gitea.io/sdk/gitea from 0.16.0 to 0.17.0 (#4459)
Bumps code.gitea.io/sdk/gitea from 0.16.0 to 0.17.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Carlos Alexandro Becker
|
22fa9947c8
|
feat: allow to template builds.gobinary (#4454)
closes #4453 TODO: tests |
||
|
Carlos Alexandro Becker
|
7e481967b3
|
docs: update users, blog posts divider | ||
Jeffrey Cafferata
|
532879ea92
|
docs: Removed the duplicate GoReleaser Pro entry (#4456)
Removed the duplicate GoReleaser Pro entry from the changelog.
|
||
|
dependabot[bot]
|
022243067b
|
feat(deps): bump golang from 30a46e7 to 70afe55 (#4457)
Bumps golang from `30a46e7` to `70afe55`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Carlos Alexandro Becker
|
853275f379
|
feat(deps): update go-github to v57
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com> |
||
|
dependabot[bot]
|
fdf73bda9e
|
feat(deps): bump golang from 110b07a to 30a46e7 (#4455)
Bumps golang from `110b07a` to `30a46e7`. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
3458c7f34e
|
feat(deps): bump github.com/google/go-containerregistry from 0.16.1 to 0.17.0 (#4452)
Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.16.1 to 0.17.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/go-containerregistry/releases">github.com/google/go-containerregistry's releases</a>.</em></p> <blockquote> <h2>v0.17.0</h2> <h2>What's Changed</h2> <ul> <li>🦅 Validate index architectures match children 🦅 by <a href="https://github.com/jonjohnsonjr"><code>@jonjohnsonjr</code></a> in <a href="https://redirect.github.com/google/go-containerregistry/pull/1776">google/go-containerregistry#1776</a></li> <li>Set Content-Length for blob uploads by <a href="https://github.com/jonjohnsonjr"><code>@jonjohnsonjr</code></a> in <a href="https://redirect.github.com/google/go-containerregistry/pull/1781">google/go-containerregistry#1781</a></li> <li>Don't wrap DefaultKeychain with refreshes by <a href="https://github.com/jonjohnsonjr"><code>@jonjohnsonjr</code></a> in <a href="https://redirect.github.com/google/go-containerregistry/pull/1791">google/go-containerregistry#1791</a></li> <li>Build releases with Go 1.21 by <a href="https://github.com/imjasonh"><code>@imjasonh</code></a> in <a href="https://redirect.github.com/google/go-containerregistry/pull/1840">google/go-containerregistry#1840</a></li> <li>fix: mimic oci-layout in diskblobhandler by <a href="https://github.com/thesayyn"><code>@thesayyn</code></a> in <a href="https://redirect.github.com/google/go-containerregistry/pull/1810">google/go-containerregistry#1810</a></li> <li>tag: add command explanation to the long help by <a href="https://github.com/abitrolly"><code>@abitrolly</code></a> in <a href="https://redirect.github.com/google/go-containerregistry/pull/1843">google/go-containerregistry#1843</a></li> <li>feat: implement gc command by <a href="https://github.com/thesayyn"><code>@thesayyn</code></a> in <a href="https://redirect.github.com/google/go-containerregistry/pull/1811">google/go-containerregistry#1811</a></li> <li>feat: allow port and disk path to be overriden by <a href="https://github.com/thesayyn"><code>@thesayyn</code></a> in <a href="https://redirect.github.com/google/go-containerregistry/pull/1848">google/go-containerregistry#1848</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/google/go-containerregistry/compare/v0.16.1...v0.17.0">https://github.com/google/go-containerregistry/compare/v0.16.1...v0.17.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Carlos Alexandro Becker
|
b7be447e0a
|
docs: add flipt to USERS
https://twitter.com/flipt_io/status/1730051244666880427 |
||
|
Carlos Alexandro Becker
|
b682fdf7bb
|
docs: mention that snaps cant be built inside docker
refs https://github.com/goreleaser/goreleaser-cross/issues/59 |
||
|
Carlos Alexandro Becker
|
142b94c533
|
fix: improve chocolatey no archive error handling and docs
closes #4450 |
||
|
Carlos Alexandro Becker
|
6f598dc9b0
|
refactor(brew): use cases.Title instead of strings.Title
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com> |
||
|
Carlos Alexandro Becker
|
c567f15ad7
|
test: improve test | ||
|
Carlos Alexandro Becker
|
a09a0d7018
|
fix(ko): error finishing with . | ||
|
Carlos Alexandro Becker
|
b0bf4eb0cd
|
build: golangci config | ||
|
Carlos Alexandro Becker
|
d0d088dee7
|
test: fix | ||
|
Carlos Alexandro Becker
|
1ec5245f51
|
test: improve brittle tests | ||
|
Carlos Alexandro Becker
|
bd7933d185
|
feat: improve project and build hooks error handling
closes #4451 |
||
|
Carlos Alexandro Becker
|
d89557b277
|
docs: install should say the required Go version
refs https://github.com/orgs/goreleaser/discussions/4443 |
||
|
dependabot[bot]
|
8eccb57161
|
chore(deps): bump cachix/install-nix-action from 23 to 24 (#4448)
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 23 to 24. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cachix/install-nix-action/releases">cachix/install-nix-action's releases</a>.</em></p> <blockquote> <h2>install-nix-action-v24</h2> <ul> <li>Nix 2.19.1</li> <li>enables KVM on linux</li> <li>set <code>TMPDIR</code> to avoid potential disk space issues</li> <li>don't use the default GitHub token for Enterprise</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
ixje
|
149b178094
|
docs: update deprecated --skip-publish release flag (#4449)
Calling `goreleaser release --skip-publish` as according to the [dry run documentation](https://goreleaser.com/quick-start/?h=dry+run#release-flags) gives the following deprecation warning ``` • DEPRECATED: --skip-publish was deprecated in favor of --skip=publish, check https://goreleaser.com/deprecations#-skip for more details ``` This updates the documentation |
||
wrench
|
d2c0e4c6ad
|
docs: fix typo (#4447) | ||
|
dependabot[bot]
|
2f1162a2a4
|
feat(deps): bump golang.org/x/tools from 0.15.0 to 0.16.0 (#4444)
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.15.0 to 0.16.0. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Carlos Alexandro Becker
|
5a74601559
|
build: fix typo | ||
|
dependabot[bot]
|
5587cb2cb7
|
feat(deps): bump golang.org/x/oauth2 from 0.14.0 to 0.15.0 (#4445)
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from
0.14.0 to 0.15.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="
|
||
|
Carlos Alexandro Becker
|
64916314c7
|
docs: update users.md | ||
|
Carlos Alexandro Becker
|
25a054c5e1
|
feat: improve --single-target (#4442)
closes #4437 closes #4426 --------- Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com> |
||
Libor Ondrušek
|
6bce81c0be
|
docs(azblob): correct auth to Azure storage service (#4439)
I corected documentation for upload blobs to azure Storage Service from
[used
library](
|
||
|
Carlos Alexandro Becker
|
9d2162b61c
|
build: report only new lint problems
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com> |
||
John Taylor
|
74e706461b
|
fix: allow homebrew to use tar.xz format (#4441)
<!-- If applied, this commit will... --> In a `brews` section, goreleaser will fail when using `format: tar.xz` even though homebrew supports installing binaries bundled in a `.tar.xz` archive. <!-- Why is this change being made? --> I use `.tar.xz` instead of `.tar.gz` and would like goreleaser to support this when used in conjunction with `brews` sections. With this patch, I created a test [homebrew formulae](https://github.com/jftuga/homebrew-tap/blob/main/awswho.rb) and successfully installed it under macOS. |
||
|
Carlos Alexandro Becker
|
103b54bed5
|
fix(sbom): warn/error on wrong configuration
refs #4425 Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com> |
||
|
Carlos Alexandro Becker
|
1d34568b75
|
feat(sbom): update default command
--file is deprecated Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com> |
||
|
Carlos Alexandro Becker
|
d83243cc28
|
docs(sbom): improve sbom alternative example
previous example was invalid and would hide errors to anyone mindlessly copying it. Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com> |
||
|
Carlos Alexandro Becker
|
a5f767832a
|
SBOM improvements (#4430)
refs https://github.com/orgs/goreleaser/discussions/4425 |
||
|
dependabot[bot]
|
f9203badeb
|
feat(deps): bump github.com/disgoorg/disgo from 0.16.12 to 0.17.0 (#4434)
Bumps [github.com/disgoorg/disgo](https://github.com/disgoorg/disgo) from 0.16.12 to 0.17.0. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
334cb890a5
|
feat(deps): bump github.com/google/ko from 0.15.0 to 0.15.1 (#4435)
Bumps [github.com/google/ko](https://github.com/google/ko) from 0.15.0 to 0.15.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/google/ko/releases">github.com/google/ko's releases</a>.</em></p> <blockquote> <h2>v0.15.1</h2> <h2>What's Changed</h2> <ul> <li>Don't AppendDescriptor until we've written config by <a href="https://github.com/jonjohnsonjr"><code>@jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1175">ko-build/ko#1175</a></li> <li>Add more locking around on-disk image cache by <a href="https://github.com/jonjohnsonjr"><code>@jonjohnsonjr</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1176">ko-build/ko#1176</a></li> <li>Fix "AM" Time Typo by <a href="https://github.com/StephenGrider"><code>@StephenGrider</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1179">ko-build/ko#1179</a></li> <li>docs: add MacPorts install info by <a href="https://github.com/herbygillot"><code>@herbygillot</code></a> in <a href="https://redirect.github.com/ko-build/ko/pull/1180">ko-build/ko#1180</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/StephenGrider"><code>@StephenGrider</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1179">ko-build/ko#1179</a></li> <li><a href="https://github.com/herbygillot"><code>@herbygillot</code></a> made their first contribution in <a href="https://redirect.github.com/ko-build/ko/pull/1180">ko-build/ko#1180</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ko-build/ko/compare/v0.15.0...v0.15.1">https://github.com/ko-build/ko/compare/v0.15.0...v0.15.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
969003ca5f
|
chore(deps): bump actions/github-script from 7.0.0 to 7.0.1 (#4432)
Bumps [actions/github-script](https://github.com/actions/github-script) from 7.0.0 to 7.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/github-script/releases">actions/github-script's releases</a>.</em></p> <blockquote> <h2>v7.0.1</h2> <h2>What's Changed</h2> <ul> <li>Avoid setting <code>baseUrl</code> to undefined when input is not provided by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/439">actions/github-script#439</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v7.0.0...v7.0.1">https://github.com/actions/github-script/compare/v7.0.0...v7.0.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
182e103330
|
feat(deps): bump github.com/xanzy/go-gitlab from 0.93.2 to 0.94.0 (#4433)
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.93.2 to 0.94.0. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
48b49ea2ae
|
chore(deps): bump anchore/sbom-action from 0.14.3 to 0.15.0 (#4436)
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.14.3 to 0.15.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's releases</a>.</em></p> <blockquote> <h2>v0.15.0</h2> <h2>Changes in v0.14.4</h2> <h3>Breaking Changes</h3> <ul> <li>Previously, running on Windows required WSL. Now, running on Windows expects to be run on native windows (<a href="https://redirect.github.com/anchore/sbom-action/issues/426">#426</a>) [<a href="https://github.com/willmurphyscode">willmurphyscode</a>].</li> </ul> <h3>Other Changes</h3> <ul> <li>pin and upgrade actions/checkout (<a href="https://redirect.github.com/anchore/sbom-action/issues/428">#428</a>) [<a href="https://github.com/willmurphyscode">willmurphyscode</a>]</li> <li>chore(deps): update Syft to v0.97.1 (<a href="https://redirect.github.com/anchore/sbom-action/issues/427">#427</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> <li>add oss community board auto-add workflow (<a href="https://redirect.github.com/anchore/sbom-action/issues/421">#421</a>) [<a href="https://github.com/wagoodman">wagoodman</a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
Gabriel Cipriano
|
8f6b16f6b5
|
feat: validate ko's main path (#4429)
closes #4382 |
||
|
dependabot[bot]
|
3c6dcd8dcd
|
feat(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1 (#4419)
Bumps [github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from 2.1.1 to 2.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/releases">github.com/sigstore/cosign/v2's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att & sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign/blob/main/CHANGELOG.md">github.com/sigstore/cosign/v2's changelog</a>.</em></p> <blockquote> <h1>v2.2.1</h1> <p><strong>Note: This release comes with a fix for CVE-2023-46737 described in this <a href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github Security Advisory</a>. Please upgrade to this release ASAP</strong></p> <h2>Enhancements</h2> <ul> <li>feat: Support basic auth and bearer auth login to registry (<a href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li> <li>add support for ignoring certificates with pkcs11 (<a href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li> <li>Support ReplaceOp in Signatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li> <li>feat: added ability to get image digest back via triangulate (<a href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li> <li>feat: add <code>--only</code> flag in <code>cosign copy</code> to copy sign, att & sbom (<a href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li> <li>feat: add support attaching a Rekor bundle to a container (<a href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li> <li>feat: add support outputting rekor response on signing (<a href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li> <li>feat: improve dockerfile verify subcommand (<a href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li> <li>Add guard flag for experimental OCI 1.1 verify. (<a href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li> <li>Deprecate SBOM attachments (<a href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li> <li>feat: dedent line in cosign copy doc (<a href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li> <li>feat: add platform flag to cosign copy command (<a href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li> <li>Add SLSA 1.0 attestation support to cosign. Closes <a href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a> (<a href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li> <li>attest: pass OCI remote opts to att resolver. (<a href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li> </ul> <h2>Bug Fixes</h2> <ul> <li>Merge pull request from GHSA-vfp6-jrw2-99g9</li> <li>fix: allow cosign download sbom when image is absent (<a href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li> <li>ci: add a OCI registry test for referrers support (<a href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li> <li>Fix ReplaceSignatures (<a href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li> <li>Stop using deprecated in_toto.ProvenanceStatement (<a href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li> <li>Fixes <a href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>, disable SCT checking for a cosign verification when usin… (<a href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li> <li>fix: update error in <code>SignedEntity</code> to be more descriptive (<a href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li> <li>Fail timestamp verification if no root is provided (<a href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li> </ul> <h2>Documentation</h2> <ul> <li>Add some docs about verifying in an air-gapped environment (<a href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li> <li>Update CONTRIBUTING.md (<a href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li> <li>docs: improves the Contribution guidelines (<a href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li> <li>Remove security policy (<a href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li> </ul> <h2>Others</h2> <ul> <li>Set go to min 1.21 and update dependencies (<a href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li> <li>Update contact for code of conduct (<a href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li> <li>Update .ko.yaml (<a href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li> </ul> <h2>Contributors</h2> <ul> <li>AdamKorcz</li> <li>Andres Galante</li> <li>Appu</li> <li>Billy Lynch</li> <li>Bob Callaway</li> <li>Caleb Woodbine</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a5ae5cd20a
|
feat(deps): bump github.com/disgoorg/disgo from 0.16.11 to 0.16.12 (#4422)
Bumps [github.com/disgoorg/disgo](https://github.com/disgoorg/disgo) from 0.16.11 to 0.16.12. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/disgoorg/disgo/releases">github.com/disgoorg/disgo's releases</a>.</em></p> <blockquote> <h2>v0.16.12</h2> <h2>What's Changed</h2> <ul> <li>Update subscription objects to match the docs by <a href="https://github.com/mlnrDev"><code>@mlnrDev</code></a> in <a href="https://redirect.github.com/disgoorg/disgo/pull/322">disgoorg/disgo#322</a></li> <li>Fix problem with oauth2 endpoints by <a href="https://github.com/topi314"><code>@topi314</code></a> in <a href="https://redirect.github.com/disgoorg/disgo/pull/323">disgoorg/disgo#323</a></li> <li>Fix incorrect expiration in oauth sessions by <a href="https://github.com/topi314"><code>@topi314</code></a> in <a href=" |