mirror of
https://github.com/goreleaser/goreleaser.git
synced 2025-01-08 03:31:59 +02:00
530764513f
267 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Carlos A Becker
|
530764513f
|
chore: workflows being skipped when they shouldn't | ||
dependabot[bot]
|
0edfbf02cb
|
chore(deps): bump actions/github-script from 6.2.0 to 6.3.0 (#3408)
Bumps [actions/github-script](https://github.com/actions/github-script) from 6.2.0 to 6.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/github-script/releases">actions/github-script's releases</a>.</em></p> <blockquote> <h2>v6.3.0</h2> <h2>What's Changed</h2> <ul> <li>Add retry plugin and related options by <a href="https://github.com/luketomlinson"><code>@luketomlinson</code></a> in <a href="https://github-redirect.dependabot.com/actions/github-script/pull/288">actions/github-script#288</a>, see <a href="https://github.com/actions/github-script/tree/v6.3.0#retries">https://github.com/actions/github-script/tree/v6.3.0#retries</a> for more information.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/luketomlinson"><code>@luketomlinson</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/github-script/pull/288">actions/github-script#288</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v6.2.0...v6.3.0">https://github.com/actions/github-script/compare/v6.2.0...v6.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Carlos A Becker
|
20ead77da7
|
chore: gitleaks only when license present
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> |
||
|
Carlos A Becker
|
32285bab55
|
chore: do not run gitleaks on dependabot prs | ||
|
Carlos A Becker
|
0a3a76c09e
|
chore: do not run gitleaks on dependabot prs | ||
|
dependabot[bot]
|
ee62a8ec00
|
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.14.1 to 4.15.0 (#3405)
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 4.14.1 to 4.15.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's releases</a>.</em></p> <blockquote> <h2>v4.15.0</h2> <h2>Changed</h2> <ul> <li>Expand <code>file_pattern</code>-input to an array (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/205">#205</a>) <a href="https://github.com/@stefanzweifel"><code>@stefanzweifel</code></a></li> </ul> <h2>Fixed</h2> <ul> <li>String values in README.md extended example are now correct (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/196">#196</a>) <a href="https://github.com/@karolswdev"><code>@karolswdev</code></a></li> <li>Fix Typos and grammer Errors in README (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/235">#235</a>) <a href="https://github.com/@derrickleemy"><code>@derrickleemy</code></a></li> <li>Fix Typo in README (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/230">#230</a>) <a href="https://github.com/@fty4"><code>@fty4</code></a></li> <li>Add missing links in the CHANGELOG (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/223">#223</a>) <a href="https://github.com/@ericcornelissen"><code>@ericcornelissen</code></a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file.</p> <p>The format is based on <a href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a> and this project adheres to <a href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.0...HEAD">Unreleased</a></h2> <blockquote> <p>TBD</p> </blockquote> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.1...v4.15.0">v4.15.0</a> - 2022-09-24</h2> <h3>Changed</h3> <ul> <li>Expand <code>file_pattern</code>-input to an array (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/205">#205</a>) <a href="https://github.com/@stefanzweifel"><code>@stefanzweifel</code></a></li> </ul> <h3>Fixed</h3> <ul> <li>String values in README.md extended example are now correct (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/196">#196</a>) <a href="https://github.com/@karolswdev"><code>@karolswdev</code></a></li> <li>Fix Typos and grammer Errors in README (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/235">#235</a>) <a href="https://github.com/@derrickleemy"><code>@derrickleemy</code></a></li> <li>Fix Typo in README (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/230">#230</a>) <a href="https://github.com/@fty4"><code>@fty4</code></a></li> <li>Add missing links in the CHANGELOG (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/223">#223</a>) <a href="https://github.com/@ericcornelissen"><code>@ericcornelissen</code></a></li> </ul> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.0...v4.14.1">v4.14.1</a> - 2022-04-12</h2> <h2>Changed</h2> <ul> <li>Change Commit User Name from "GitHub Actions" to "github-actions[bot]" (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>) <a href="https://github.com/jooola"><code>@jooola</code></a></li> <li>Change Commit User Email from "<a href="mailto:actions@github.com">actions@github.com</a>" to "github-actions[bot]<a href="https://github.com/users"><code>@users</code></a>.noreply.github.com" (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>) <a href="https://github.com/jooola"><code>@jooola</code></a></li> </ul> <h2>Fixed</h2> <ul> <li>Update doc link to GITHUB_TOKEN not triggering new workflow runs (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/206">#206</a>) <a href="https://github.com/gapple"><code>@gapple</code></a></li> </ul> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.13.1...v4.14.0">v4.14.0</a> - 2022-03-18</h2> <h2>Added</h2> <ul> <li>Add <code>create_branch</code> option to force create a new branch (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/203">#203</a>) <a href="https://github.com/stefanzweifel"><code>@stefanzweifel</code></a></li> </ul> <h2>Fixed</h2> <ul> <li>README.md: Updates hyperlink to GH docs (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/200">#200</a>) <a href="https://github.com/funkyfuture"><code>@funkyfuture</code></a></li> </ul> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.13.0...v4.13.1">v4.13.1</a> - 2022-01-13</h2> <h2>Fixed</h2> <ul> <li>Properly disambiguate between branch or file checkout (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/199">#199</a>) <a href="https://github.com/kenodegard"><code>@kenodegard</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
fd8cc43ef3
|
chore(deps): bump sigstore/cosign-installer from 2.6.0 to 2.7.0 (#3404)
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 2.6.0 to 2.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v2.7.0</h2>
<h2>What's Changed</h2>
<ul>
<li>bump cosign to v1.12.1 by <a
href="https://github.com/cpanato"><code>@cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/94">sigstore/cosign-installer#94</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v2...v2.7.0">https://github.com/sigstore/cosign-installer/compare/v2...v2.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="
|
||
|
Carlos A Becker
|
6aa3f5a724
|
chore: minor workflows improvements | ||
|
dependabot[bot]
|
14884f52c9
|
chore(deps): bump github/codeql-action from 2.1.24 to 2.1.25 (#3394)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.24 to 2.1.25. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.1.25 - 21 Sep 2022</h2> <ul> <li>We will soon be rolling out a feature of the CodeQL Action that stores some information used to make future runs faster in the GitHub Actions cache. Initially, this will only be enabled on JavaScript repositories, but we plan to add more languages to this soon. The new feature can be disabled by passing the <code>trap-caching: false</code> option to your workflow's <code>init</code> step, for example if you are already using the GitHub Actions cache for a different purpose and are near the storage limit for it.</li> <li>Add support for Python automatic dependency installation with Poetry 1.2 <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li> </ul> <h2>2.1.24 - 16 Sep 2022</h2> <p>No user facing changes.</p> <h2>2.1.23 - 14 Sep 2022</h2> <ul> <li>Allow CodeQL packs to be downloaded from GitHub Enterprise Server instances, using the new <code>registries</code> input for the <code>init</code> action. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1221">#1221</a></li> <li>Update default CodeQL bundle version to 2.10.5. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1240">#1240</a></li> </ul> <h2>2.1.22 - 01 Sep 2022</h2> <ul> <li>Downloading CodeQL packs has been moved to the <code>init</code> step. Previously, CodeQL packs were downloaded during the <code>analyze</code> step. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li> <li>Update default CodeQL bundle version to 2.10.4. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li> <li>The newly released <a href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry 1.2</a> is not yet supported. In the most common case where the CodeQL Action is automatically installing Python dependencies, it will continue to install and use Poetry 1.1 on its own. However, in certain cases such as with self-hosted runners, you may need to ensure Poetry 1.1 is installed yourself.</li> </ul> <h2>2.1.21 - 25 Aug 2022</h2> <ul> <li>Improve error messages when the code scanning configuration file includes an invalid <code>queries</code> block or an invalid <code>query-filters</code> block. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li> <li>Fix a bug where Go build tracing could fail on Windows. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li> </ul> <h2>2.1.20 - 22 Aug 2022</h2> <p>No user facing changes.</p> <h2>2.1.19 - 17 Aug 2022</h2> <ul> <li>Add the ability to filter queries from a code scanning run by using the <code>query-filters</code> option in the code scanning configuration file. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1098">#1098</a></li> <li>In debug mode, debug artifacts are now uploaded even if a step in the Actions workflow fails. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1159">#1159</a></li> <li>Update default CodeQL bundle version to 2.10.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1178">#1178</a></li> <li>The combination of python2 and Pipenv is no longer supported. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1181">#1181</a></li> </ul> <h2>2.1.18 - 03 Aug 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.10.2. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1156">#1156</a></li> </ul> <h2>2.1.17 - 28 Jul 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.10.1. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1143">#1143</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
326b588ece
|
chore(deps): bump codecov/codecov-action from 3.1.0 to 3.1.1 (#3390)
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.0 to 3.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's releases</a>.</em></p> <blockquote> <h2>3.1.1</h2> <h2>What's Changed</h2> <ul> <li>Update deprecation warning by <a href="https://github.com/slifty"><code>@slifty</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/661">codecov/codecov-action#661</a></li> <li>Create codeql-analysis.yml by <a href="https://github.com/mitchell-codecov"><code>@mitchell-codecov</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/593">codecov/codecov-action#593</a></li> <li>build(deps): bump node-fetch from 3.2.3 to 3.2.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/714">codecov/codecov-action#714</a></li> <li>build(deps-dev): bump typescript from 4.6.3 to 4.6.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/713">codecov/codecov-action#713</a></li> <li>README: fix typo by <a href="https://github.com/Evalir"><code>@Evalir</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/712">codecov/codecov-action#712</a></li> <li>build(deps): bump github/codeql-action from 1 to 2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/724">codecov/codecov-action#724</a></li> <li>build(deps-dev): bump <code>@types/jest</code> from 27.4.1 to 27.5.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/717">codecov/codecov-action#717</a></li> <li>fix: Remove a blank row by <a href="https://github.com/johnmanjiro13"><code>@johnmanjiro13</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/725">codecov/codecov-action#725</a></li> <li>Update README.md with correct badge version by <a href="https://github.com/gsheni"><code>@gsheni</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/726">codecov/codecov-action#726</a></li> <li>build(deps-dev): bump <code>@types/node</code> from 17.0.25 to 17.0.33 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/729">codecov/codecov-action#729</a></li> <li>build(deps-dev): downgrade <code>@types/node</code> to 16.11.35 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/734">codecov/codecov-action#734</a></li> <li>build(deps): bump actions/checkout from 2 to 3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/723">codecov/codecov-action#723</a></li> <li>build(deps): bump <code>@actions/github</code> from 5.0.1 to 5.0.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/733">codecov/codecov-action#733</a></li> <li>build(deps): bump <code>@actions/core</code> from 1.6.0 to 1.8.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/732">codecov/codecov-action#732</a></li> <li>build(deps-dev): bump <code>@types/node</code> from 16.11.35 to 16.11.36 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/737">codecov/codecov-action#737</a></li> <li>Create scorecards-analysis.yml by <a href="https://github.com/mitchell-codecov"><code>@mitchell-codecov</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/633">codecov/codecov-action#633</a></li> <li>build(deps): bump ossf/scorecard-action from 1.0.1 to 1.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/749">codecov/codecov-action#749</a></li> <li>fix: add more verbosity to validation by <a href="https://github.com/thomasrockhu-codecov"><code>@thomasrockhu-codecov</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/747">codecov/codecov-action#747</a></li> <li>build(deps-dev): bump typescript from 4.6.4 to 4.7.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/755">codecov/codecov-action#755</a></li> <li>Regenerate scorecards-analysis.yml by <a href="https://github.com/mitchell-codecov"><code>@mitchell-codecov</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/750">codecov/codecov-action#750</a></li> <li>build(deps-dev): bump <code>@types/node</code> from 16.11.36 to 16.11.39 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/759">codecov/codecov-action#759</a></li> <li>build(deps-dev): bump <code>@types/node</code> from 16.11.39 to 16.11.40 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/762">codecov/codecov-action#762</a></li> <li>build(deps-dev): bump <code>@vercel/ncc</code> from 0.33.4 to 0.34.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/746">codecov/codecov-action#746</a></li> <li>build(deps): bump ossf/scorecard-action from 1.1.0 to 1.1.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/757">codecov/codecov-action#757</a></li> <li>build(deps): bump openpgp from 5.2.1 to 5.3.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/760">codecov/codecov-action#760</a></li> <li>build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/748">codecov/codecov-action#748</a></li> <li>build(deps-dev): bump typescript from 4.7.3 to 4.7.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/766">codecov/codecov-action#766</a></li> <li>Switch to v3 by <a href="https://github.com/thomasrockhu"><code>@thomasrockhu</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/774">codecov/codecov-action#774</a></li> <li>Fix <code>network</code> entry in table by <a href="https://github.com/kevmoo"><code>@kevmoo</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/783">codecov/codecov-action#783</a></li> <li>Trim arguments after splitting them by <a href="https://github.com/mitchell-codecov"><code>@mitchell-codecov</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/791">codecov/codecov-action#791</a></li> <li>build(deps): bump openpgp from 5.3.0 to 5.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/799">codecov/codecov-action#799</a></li> <li>build(deps): bump <code>@actions/core</code> from 1.8.2 to 1.9.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/798">codecov/codecov-action#798</a></li> <li>Plumb failCi into verification function. by <a href="https://github.com/RobbieMcKinstry"><code>@RobbieMcKinstry</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/769">codecov/codecov-action#769</a></li> <li>release: update changelog and version to 3.1.1 by <a href="https://github.com/thomasrockhu-codecov"><code>@thomasrockhu-codecov</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/828">codecov/codecov-action#828</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/slifty"><code>@slifty</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/661">codecov/codecov-action#661</a></li> <li><a href="https://github.com/Evalir"><code>@Evalir</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/712">codecov/codecov-action#712</a></li> <li><a href="https://github.com/johnmanjiro13"><code>@johnmanjiro13</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/725">codecov/codecov-action#725</a></li> <li><a href="https://github.com/gsheni"><code>@gsheni</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/726">codecov/codecov-action#726</a></li> <li><a href="https://github.com/kevmoo"><code>@kevmoo</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/783">codecov/codecov-action#783</a></li> <li><a href="https://github.com/RobbieMcKinstry"><code>@RobbieMcKinstry</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/769">codecov/codecov-action#769</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/codecov/codecov-action/compare/v3.1.0...v3.1.1">https://github.com/codecov/codecov-action/compare/v3.1.0...v3.1.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md">codecov/codecov-action's changelog</a>.</em></p> <blockquote> <h2>3.1.1</h2> <h3>Fixes</h3> <ul> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/661">#661</a> Update deprecation warning</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/593">#593</a> Create codeql-analysis.yml</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/712">#712</a> README: fix typo</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/725">#725</a> fix: Remove a blank row</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/726">#726</a> Update README.md with correct badge version</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/633">#633</a> Create scorecards-analysis.yml</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/747">#747</a> fix: add more verbosity to validation</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/750">#750</a> Regenerate scorecards-analysis.yml</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/774">#774</a> Switch to v3</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/783">#783</a> Fix network entry in table</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/791">#791</a> Trim arguments after splitting them</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/769">#769</a> Plumb failCi into verification function.</li> </ul> <h3>Dependencies</h3> <ul> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/713">#713</a> build(deps-dev): bump typescript from 4.6.3 to 4.6.4</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/714">#714</a> build(deps): bump node-fetch from 3.2.3 to 3.2.4</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/724">#724</a> build(deps): bump github/codeql-action from 1 to 2</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/717">#717</a> build(deps-dev): bump <code>@types/jest</code> from 27.4.1 to 27.5.0</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/729">#729</a> build(deps-dev): bump <code>@types/node</code> from 17.0.25 to 17.0.33</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/734">#734</a> build(deps-dev): downgrade <code>@types/node</code> to 16.11.35</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/723">#723</a> build(deps): bump actions/checkout from 2 to 3</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/733">#733</a> build(deps): bump <code>@actions/github</code> from 5.0.1 to 5.0.3</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/732">#732</a> build(deps): bump <code>@actions/core</code> from 1.6.0 to 1.8.2</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/737">#737</a> build(deps-dev): bump <code>@types/node</code> from 16.11.35 to 16.11.36</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/749">#749</a> build(deps): bump ossf/scorecard-action from 1.0.1 to 1.1.0</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/755">#755</a> build(deps-dev): bump typescript from 4.6.4 to 4.7.3</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/759">#759</a> build(deps-dev): bump <code>@types/node</code> from 16.11.36 to 16.11.39</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/762">#762</a> build(deps-dev): bump <code>@types/node</code> from 16.11.39 to 16.11.40</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/746">#746</a> build(deps-dev): bump <code>@vercel/ncc</code> from 0.33.4 to 0.34.0</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/757">#757</a> build(deps): bump ossf/scorecard-action from 1.1.0 to 1.1.1</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/760">#760</a> build(deps): bump openpgp from 5.2.1 to 5.3.0</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/748">#748</a> build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/766">#766</a> build(deps-dev): bump typescript from 4.7.3 to 4.7.4</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/799">#799</a> build(deps): bump openpgp from 5.3.0 to 5.4.0</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/798">#798</a> build(deps): bump <code>@actions/core</code> from 1.8.2 to 1.9.1</li> </ul> <h2>3.1.0</h2> <h3>Features</h3> <ul> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/699">#699</a> Incorporate <code>xcode</code> arguments for the Codecov uploader</li> </ul> <h3>Dependencies</h3> <ul> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/694">#694</a> build(deps-dev): bump <code>@vercel/ncc</code> from 0.33.3 to 0.33.4</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/696">#696</a> build(deps-dev): bump <code>@types/node</code> from 17.0.23 to 17.0.25</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/698">#698</a> build(deps-dev): bump jest-junit from 13.0.0 to 13.2.0</li> </ul> <h2>3.0.0</h2> <h3>Breaking Changes</h3> <ul> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/689">#689</a> Bump to node16 and small fixes</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Carlos Alexandro Becker
|
445f2e730d
|
chore: avoid running actions when not needed/possible (#3389)
- only run the build action when actual go files changed - only run some actions on the main fork to avoid errors |
||
|
dependabot[bot]
|
b59920c54d
|
chore(deps): bump github/codeql-action from 2.1.23 to 2.1.24 (#3387)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.23 to 2.1.24. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <ul> <li>We will soon be rolling out a feature of the CodeQL Action that stores some information used to make future runs faster in the GitHub Actions cache. Initially, this will only be enabled on JavaScript repositories, but we plan to add more languages to this soon. The new feature can be disabled by passing the <code>trap-caching: false</code> option to your workflow's <code>init</code> step, for example if you are already using the GitHub Actions cache for a different purpose and are near the storage limit for it.</li> </ul> <h2>2.1.24 - 16 Sep 2022</h2> <p>No user facing changes.</p> <h2>2.1.23 - 14 Sep 2022</h2> <ul> <li>Allow CodeQL packs to be downloaded from GitHub Enterprise Server instances, using the new <code>registries</code> input for the <code>init</code> action. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1221">#1221</a></li> <li>Update default CodeQL bundle version to 2.10.5. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1240">#1240</a></li> </ul> <h2>2.1.22 - 01 Sep 2022</h2> <ul> <li>Downloading CodeQL packs has been moved to the <code>init</code> step. Previously, CodeQL packs were downloaded during the <code>analyze</code> step. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li> <li>Update default CodeQL bundle version to 2.10.4. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li> <li>The newly released <a href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry 1.2</a> is not yet supported. In the most common case where the CodeQL Action is automatically installing Python dependencies, it will continue to install and use Poetry 1.1 on its own. However, in certain cases such as with self-hosted runners, you may need to ensure Poetry 1.1 is installed yourself.</li> </ul> <h2>2.1.21 - 25 Aug 2022</h2> <ul> <li>Improve error messages when the code scanning configuration file includes an invalid <code>queries</code> block or an invalid <code>query-filters</code> block. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li> <li>Fix a bug where Go build tracing could fail on Windows. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li> </ul> <h2>2.1.20 - 22 Aug 2022</h2> <p>No user facing changes.</p> <h2>2.1.19 - 17 Aug 2022</h2> <ul> <li>Add the ability to filter queries from a code scanning run by using the <code>query-filters</code> option in the code scanning configuration file. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1098">#1098</a></li> <li>In debug mode, debug artifacts are now uploaded even if a step in the Actions workflow fails. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1159">#1159</a></li> <li>Update default CodeQL bundle version to 2.10.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1178">#1178</a></li> <li>The combination of python2 and Pipenv is no longer supported. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1181">#1181</a></li> </ul> <h2>2.1.18 - 03 Aug 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.10.2. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1156">#1156</a></li> </ul> <h2>2.1.17 - 28 Jul 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.10.1. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1143">#1143</a></li> </ul> <h2>2.1.16 - 13 Jul 2022</h2> <ul> <li>You can now quickly debug a job that uses the CodeQL Action by re-running the job from the GitHub UI and selecting the "Enable debug logging" option. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1132">#1132</a></li> <li>You can now see diagnostic messages produced by the analysis in the logs of the <code>analyze</code> Action by enabling debug mode. To enable debug mode, pass <code>debug: true</code> to the <code>init</code> Action, or <a href="https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging">enable step debug logging</a>. This feature is available for CodeQL CLI version 2.10.0 and later. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1133">#1133</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Carlos Alexandro Becker
|
d19ff6eb1e
|
chore: splitting workflows (#3386)
split build & release workflows Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> |
||
|
dependabot[bot]
|
72fad7678b
|
chore(deps): bump github/codeql-action from 2.1.22 to 2.1.23 (#3382)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.22 to 2.1.23. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
f7efe9ca2b
|
chore(deps): bump sigstore/cosign-installer from 2.5.1 to 2.6.0 (#3368)
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.5.1 to 2.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's releases</a>.</em></p> <blockquote> <h2>v2.6.0</h2> <h2>What's Changed</h2> <ul> <li>update action to default cosign to v1.11.0 release by <a href="https://github.com/cpanato"><code>@cpanato</code></a> in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/89">sigstore/cosign-installer#89</a></li> <li>cleanup dependabot by <a href="https://github.com/cpanato"><code>@cpanato</code></a> in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/90">sigstore/cosign-installer#90</a></li> <li>default cosign to v1.11.1 by <a href="https://github.com/cpanato"><code>@cpanato</code></a> in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/91">sigstore/cosign-installer#91</a></li> <li>Bump actions/setup-go from 3.2.1 to 3.3.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/92">sigstore/cosign-installer#92</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v2.5.1...v2.6.0">https://github.com/sigstore/cosign-installer/compare/v2.5.1...v2.6.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Carlos Alexandro Becker
|
8cb4eb1654
|
fix: ruleguard and semgrep scans and fixes (#3364)
run semgrep-go ruleguard and semgrep scans https://github.com/dgryski/semgrep-go Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> |
||
|
Carlos Alexandro Becker
|
5185b5b6ed
|
chore(ci): govulncheck (#3362)
check for vulnerabilities Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> |
||
|
dependabot[bot]
|
74abb18d2d
|
chore(deps): bump github/codeql-action from 2.1.21 to 2.1.22 (#3354)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.21 to 2.1.22. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.1.22 - 01 Sep 2022</h2> <ul> <li>Downloading CodeQL packs has been moved to the <code>init</code> step. Previously, CodeQL packs were downloaded during the <code>analyze</code> step. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li> <li>Update default CodeQL bundle version to 2.10.4. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li> <li>The newly released <a href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry 1.2</a> is not yet supported. In the most common case where the CodeQL Action is automatically installing Python dependencies, it will continue to install and use Poetry 1.1 on its own. However, in certain cases such as with self-hosted runners, you may need to ensure Poetry 1.1 is installed yourself.</li> </ul> <h2>2.1.21 - 25 Aug 2022</h2> <ul> <li>Improve error messages when the code scanning configuration file includes an invalid <code>queries</code> block or an invalid <code>query-filters</code> block. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li> <li>Fix a bug where Go build tracing could fail on Windows. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li> </ul> <h2>2.1.20 - 22 Aug 2022</h2> <p>No user facing changes.</p> <h2>2.1.19 - 17 Aug 2022</h2> <ul> <li>Add the ability to filter queries from a code scanning run by using the <code>query-filters</code> option in the code scanning configuration file. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1098">#1098</a></li> <li>In debug mode, debug artifacts are now uploaded even if a step in the Actions workflow fails. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1159">#1159</a></li> <li>Update default CodeQL bundle version to 2.10.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1178">#1178</a></li> <li>The combination of python2 and Pipenv is no longer supported. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1181">#1181</a></li> </ul> <h2>2.1.18 - 03 Aug 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.10.2. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1156">#1156</a></li> </ul> <h2>2.1.17 - 28 Jul 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.10.1. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1143">#1143</a></li> </ul> <h2>2.1.16 - 13 Jul 2022</h2> <ul> <li>You can now quickly debug a job that uses the CodeQL Action by re-running the job from the GitHub UI and selecting the "Enable debug logging" option. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1132">#1132</a></li> <li>You can now see diagnostic messages produced by the analysis in the logs of the <code>analyze</code> Action by enabling debug mode. To enable debug mode, pass <code>debug: true</code> to the <code>init</code> Action, or <a href="https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging">enable step debug logging</a>. This feature is available for CodeQL CLI version 2.10.0 and later. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1133">#1133</a></li> </ul> <h2>2.1.15 - 28 Jun 2022</h2> <ul> <li>CodeQL query packs listed in the <code>packs</code> configuration field will be skipped if their target language is not being analyzed in the current Actions job. Previously, this would throw an error. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1116">#1116</a></li> <li>The combination of python2 and poetry is no longer supported. See <a href="https://github-redirect.dependabot.com/actions/setup-python/issues/374">actions/setup-python#374</a> for more details. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1124">#1124</a></li> <li>Update default CodeQL bundle version to 2.10.0. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1123">#1123</a></li> </ul> <h2>2.1.14 - 22 Jun 2022</h2> <p>No user facing changes.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c812210167
|
chore(deps): bump actions/github-script from 6.1.1 to 6.2.0 (#3346)
Bumps [actions/github-script](https://github.com/actions/github-script) from 6.1.1 to 6.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/github-script/releases">actions/github-script's releases</a>.</em></p> <blockquote> <h2>v6.2.0</h2> <h2>What's Changed</h2> <ul> <li>Update <code>@octokit/plugin-rest-endpoint-methods</code> to version 6.x by <a href="https://github.com/desrosj"><code>@desrosj</code></a> in <a href="https://github-redirect.dependabot.com/actions/github-script/pull/283">actions/github-script#283</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/desrosj"><code>@desrosj</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/github-script/pull/283">actions/github-script#283</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v6.1.1...v6.2.0">https://github.com/actions/github-script/compare/v6.1.1...v6.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
d3d338d34d
|
chore(deps): bump github/codeql-action from 2.1.20 to 2.1.21 (#3345)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.20 to 2.1.21. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.1.21 - 25 Aug 2022</h2> <ul> <li>Improve error messages when the code scanning configuration file includes an invalid <code>queries</code> block or an invalid <code>query-filters</code> block. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li> <li>Fix a bug where Go build tracing could fail on Windows. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li> </ul> <h2>2.1.20 - 22 Aug 2022</h2> <p>No user facing changes.</p> <h2>2.1.19 - 17 Aug 2022</h2> <ul> <li>Add the ability to filter queries from a code scanning run by using the <code>query-filters</code> option in the code scanning configuration file. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1098">#1098</a></li> <li>In debug mode, debug artifacts are now uploaded even if a step in the Actions workflow fails. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1159">#1159</a></li> <li>Update default CodeQL bundle version to 2.10.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1178">#1178</a></li> <li>The combination of python2 and Pipenv is no longer supported. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1181">#1181</a></li> </ul> <h2>2.1.18 - 03 Aug 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.10.2. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1156">#1156</a></li> </ul> <h2>2.1.17 - 28 Jul 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.10.1. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1143">#1143</a></li> </ul> <h2>2.1.16 - 13 Jul 2022</h2> <ul> <li>You can now quickly debug a job that uses the CodeQL Action by re-running the job from the GitHub UI and selecting the "Enable debug logging" option. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1132">#1132</a></li> <li>You can now see diagnostic messages produced by the analysis in the logs of the <code>analyze</code> Action by enabling debug mode. To enable debug mode, pass <code>debug: true</code> to the <code>init</code> Action, or <a href="https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging">enable step debug logging</a>. This feature is available for CodeQL CLI version 2.10.0 and later. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1133">#1133</a></li> </ul> <h2>2.1.15 - 28 Jun 2022</h2> <ul> <li>CodeQL query packs listed in the <code>packs</code> configuration field will be skipped if their target language is not being analyzed in the current Actions job. Previously, this would throw an error. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1116">#1116</a></li> <li>The combination of python2 and poetry is no longer supported. See <a href="https://github-redirect.dependabot.com/actions/setup-python/issues/374">actions/setup-python#374</a> for more details. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1124">#1124</a></li> <li>Update default CodeQL bundle version to 2.10.0. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1123">#1123</a></li> </ul> <h2>2.1.14 - 22 Jun 2022</h2> <p>No user facing changes.</p> <h2>2.1.13 - 21 Jun 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.9.4. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1100">#1100</a></li> </ul> <h2>2.1.12 - 01 Jun 2022</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
6778972ce6
|
chore(deps): bump actions/setup-go from 3.2.1 to 3.3.0 (#3340)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.2.1 to 3.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>Support architecture input and fix Expand-Archive issue</h2> <p>This release introduces support for architecture input for <code>setup-go</code> action <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/253">#253</a>. It also adds support for arm32 architecture for self-hosted runners. If architecture is not provided action will use default runner architecture. Example of usage:</p> <pre lang="yaml"><code>steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v3 with: go-version: '1.16' architecture: arm </code></pre> <p>This release also provides fix for issue <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/241">#241</a>. <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/250">#250</a> adds support for using explicit filename for Windows which is necessary to satisfy Expand-Archive's requirement on .zip extension.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
35f1d7881b
|
chore(deps): bump github/codeql-action from 2.1.19 to 2.1.20 (#3336)
Bumps github/codeql-action from 2.1.19 to 2.1.20. Commits 7fee4ca Merge pull request #1199 from github/update-v2.1.20-f0a1a35a 5259c5e Update changelog for v2.1.20 f0a1a35 Merge pull request #1197 from github/henrymercer/fix-release-when-package-con... a074542 Tweak whitespace in checklist for consistency 53a7a27 Merge pull request #1193 from github/dependabot/npm_and_yarn/actions/core-1.9.1 2927215 Apply suggestions from code review c145823 Make "Update release branch" workflow fail if npm version fails 66bb63a Merge pull request #1194 from github/mergeback/v2.1.19-to-main-f5d217be 0ce8ba5 Update checked-in dependencies 5354fac Update changelog and version after v2.1.19 Additional commits viewable in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
6e85391479
|
chore(deps): bump actions/cache from 3.0.7 to 3.0.8 (#3334)
Bumps actions/cache from 3.0.7 to 3.0.8. Release notes Sourced from actions/cache's releases. v3.0.8 What's Changed Fix zstd not working for windows on gnu tar in issues. Allow users to provide a custom timeout as input for aborting cache segment download using the environment variable SEGMENT_DOWNLOAD_TIMEOUT_MIN. Default is 60 minutes. Changelog Sourced from actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 -> node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files > 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (PR) 3.0.6 Fixed #809 - zstd -d: no such file or directory error Fixed #833 - cache doesn't work with github workspace directory 3.0.7 Fixed #810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues #888 and #891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MIN. Default is 60 minutes. Commits fd5de65 Merge pull request #899 from actions/kotewar/download-and-compression-fix d49b6bb Updated actions/cache toolkit dep to v3.0.4 See full diff in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Carlos Alexandro Becker
|
85cb047cd7
|
fix: run gitleaks and grype on prs (#3332)
Signed-off-by: Carlos A Becker caarlos0@users.noreply.github.com Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> |
||
|
dependabot[bot]
|
9d2206f607
|
chore(deps): bump github/codeql-action from 2.1.18 to 2.1.19 (#3325)
⚠️ Dependabot is rebasing this PR ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. Bumps github/codeql-action from 2.1.18 to 2.1.19. Changelog Sourced from github/codeql-action's changelog. CodeQL Action Changelog [UNRELEASED] No user facing changes. 2.1.19 - 17 Aug 2022 Add the ability to filter queries from a code scanning run by using the query-filters option in the code scanning configuration file. #1098 In debug mode, debug artifacts are now uploaded even if a step in the Actions workflow fails. #1159 Update default CodeQL bundle version to 2.10.3. #1178 The combination of python2 and Pipenv is no longer supported. #1181 2.1.18 - 03 Aug 2022 Update default CodeQL bundle version to 2.10.2. #1156 2.1.17 - 28 Jul 2022 Update default CodeQL bundle version to 2.10.1. #1143 2.1.16 - 13 Jul 2022 You can now quickly debug a job that uses the CodeQL Action by re-running the job from the GitHub UI and selecting the "Enable debug logging" option. #1132 You can now see diagnostic messages produced by the analysis in the logs of the analyze Action by enabling debug mode. To enable debug mode, pass debug: true to the init Action, or enable step debug logging. This feature is available for CodeQL CLI version 2.10.0 and later. #1133 2.1.15 - 28 Jun 2022 CodeQL query packs listed in the packs configuration field will be skipped if their target language is not being analyzed in the current Actions job. Previously, this would throw an error. #1116 The combination of python2 and poetry is no longer supported. See actions/setup-python#374 for more details. #1124 Update default CodeQL bundle version to 2.10.0. #1123 2.1.14 - 22 Jun 2022 No user facing changes. 2.1.13 - 21 Jun 2022 Update default CodeQL bundle version to 2.9.4. #1100 2.1.12 - 01 Jun 2022 Update default CodeQL bundle version to 2.9.3. #1084 2.1.11 - 17 May 2022 Update default CodeQL bundle version to 2.9.2. #1074 2.1.10 - 10 May 2022 ... (truncated) Commits f5d217b Merge pull request #1192 from github/update-v2.1.19-5502fefd 7c3d74c Move changelog note to right release 04ea3b1 Update changelog for v2.1.19 5502fef Merge pull request #1191 from github/edoardo/fix-upload-times 0349bb0 Fix TRAP cache upload timing 3154c4f Merge pull request #1190 from github/henrymercer/fix-debug-artifact-tests-on-... b21cab9 Mock expect-error input to avoid errors in Action integration tests 219a937 Require test mode to be set to use expect-error input ff9d53b Dump GitHub event in debug artifacts failure workflow 5f4cfb0 Merge pull request #1188 from github/edoardo/round-fields Additional commits viewable in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
8b8da0d2d9
|
chore(deps): bump anchore/sbom-action from 0.11.0 to 0.12.0 (#3321)
Bumps anchore/sbom-action from 0.11.0 to 0.12.0. Release notes Sourced from anchore/sbom-action's releases. v0.12.0 Changes in v0.12.0 Update dependencies (#317) kzantow Update Syft to v0.53.4 (#266) anchore-actions-token-generator Expose upload-artifact and upload-release-assets inputs (#277) joshowen Document the dependency-snapshot property (#297) kzantow Commits b5042e9 Update dependencies (#317) ac5a533 Update Syft to v0.53.4 (#266) 0f0f981 Expose upload-artifact and upload-release-assets inputs (#277) 6fb484a Document the dependency-snapshot property (#297) See full diff in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
2eb6f84f5c
|
chore(deps): bump actions/checkout from 3 to 3.0.2 (#3323)
Bumps actions/checkout from 3 to 3.0.2. Release notes Sourced from actions/checkout's releases. v3.0.2 What's Changed Add set-safe-directory input to allow customers to take control. by @TingluoHuang in actions/checkout#770 Prepare changelog for v3.0.2. by @TingluoHuang in actions/checkout#777 Full Changelog: actions/checkout@v3...v3.0.2 v3.0.1 Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory Bumped various npm package versions Changelog Sourced from actions/checkout's changelog. Changelog v3.0.2 Add input set-safe-directory v3.0.1 Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory Bumped various npm package versions v3.0.0 Update to node 16 v2.3.1 Fix default branch resolution for .wiki and when using SSH v2.3.0 Fallback to the default branch v2.2.0 Fetch all history for all tags and branches when fetch-depth=0 v2.1.1 Changes to support GHES (here and here) v2.1.0 Group output Changes to support GHES alpha release Persist core.sshCommand for submodules Add support ssh Convert submodule SSH URL to HTTPS, when not using SSH Add submodule support Follow proxy settings Fix ref for pr closed event when a pr is merged Fix issue checking detached when git less than 2.22 v2.0.0 Do not pass cred on command line Add input persist-credentials Fallback to REST API to download repo v2 (beta) Improved fetch performance ... (truncated) Commits See full diff in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com> |
||
|
dependabot[bot]
|
5fe168e884
|
chore(deps): bump actions/cache from 661fd3eb7f2f20d8c7c84bc2b0509efd7a826628 to 3.0.7 (#3324)
Bumps actions/cache from 661fd3eb7f2f20d8c7c84bc2b0509efd7a826628 to 3.0.7. This release includes the previously tagged commit. Release notes Sourced from actions/cache's releases. v3.0.7 What's Changed Fix for the download stuck problem has been added in actions/cache for users who were intermittently facing the issue. As part of this fix, new timeout has been introduced in the download step to stop the download if it doesn't complete within an hour and run the rest of the workflow without erroring out. Changelog Sourced from actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 -> node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files > 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (PR) 3.0.6 Fixed #809 - zstd -d: no such file or directory error Fixed #833 - cache doesn't work with github workspace directory 3.0.7 Fixed #810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. Commits a7c34ad Merge pull request #894 from actions/kotewar/update-toolkit-version 83394c9 Updated cache version in license file e839c25 Updated actions/cache version to 3.0.3 33a923d Added release information a404368 Updated actions/cache version to 3.0.2 f427802 Merge pull request #887 from actions/pdotl-version-patch 9916fe1 Update cache version in licences 318935e Update README and RELEASES 85efbb5 Update cache npm module to latest 4387dbc Merge pull request #835 from shivamarora1/clojure-lein-example Additional commits viewable in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com> |
||
|
dependabot[bot]
|
4b33f9a850
|
chore(deps): bump actions/github-script from 7f4e771d2b3022fa3b8bac499d4a547619f3ab10 to 6.1.1 (#3322)
Bumps actions/github-script from 7f4e771d2b3022fa3b8bac499d4a547619f3ab10 to 6.1.1. This release includes the previously tagged commit. Release notes Sourced from actions/github-script's releases. v6.1.1 What's Changed Bump shell-quote from 1.7.2 to 1.7.3 by @dependabot in actions/github-script#270 Bump @actions/core to 1.9.1 by @cory-miller in actions/github-script#280 Non-code changes Create codeql-analysis.yml by @joshmgross in actions/github-script#267 Improve grammar by @kevgo in actions/github-script#269 New Contributors @kevgo made their first contribution in actions/github-script#269 @cory-miller made their first contribution in actions/github-script#280 Full Changelog: actions/github-script@v6.1.0...v6.1.1 Commits d50f485 Merge pull request #280 from cory-miller/main 1bdf7b2 Bump @actions/core to 1.9.1 46a476b Merge pull request #269 from kevgo/patch-1 b682e42 Merge pull request #270 from actions/dependabot/npm_and_yarn/shell-quote-1.7.3 0cc15d0 Bump shell-quote from 1.7.2 to 1.7.3 ebee604 Improve grammar 377d38f Merge pull request #267 from actions/joshmgross/add-codeql 174e812 Create codeql-analysis.yml 7a5c598 Merge pull request #263 from smaeda-ks/update-actions-core cb1c1eb Classify http-client licenses Additional commits viewable in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
e661eb430d
|
chore(deps): bump sigstore/cosign-installer from 2.5.0 to 2.5.1 (#3315)
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.5.0 to 2.5.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/v2.5.0...v2.5.1) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Carlos Alexandro Becker
|
ee17c9583d
|
feat(ci): compile with go 1.19 (#3278)
* feat(ci): compile with go 1.19 Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * test: fixing template test Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * test: improve check Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * fix: more test and docs fixes Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * test: fix Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * test: fix * test: fix * fix: lint Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * test: docker templates Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * fix: godoc for RequireTemplateError |
||
|
dependabot[bot]
|
b7687ece3d
|
chore(deps): bump github/codeql-action from 2.1.17 to 2.1.18 (#3285)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.17 to 2.1.18.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](
|
||
|
dependabot[bot]
|
06f03de523
|
chore(deps): bump github/codeql-action from 2.1.16 to 2.1.17 (#3266)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.16 to 2.1.17.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](
|
||
|
dependabot[bot]
|
40164fac9d
|
chore(deps): bump sigstore/cosign-installer from 2.4.1 to 2.5.0 (#3254)
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.4.1 to 2.5.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/v2.4.1...v2.5.0) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Carlos A Becker
|
b52c8e387d
|
chore(ci): fail build if grype fails
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> |
||
|
Carlos A Becker
|
0f7f799efd
|
chore(ci): scan with grype
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> |
||
|
dependabot[bot]
|
3ca8e11779
|
chore(deps): bump github/codeql-action from 2.1.15 to 2.1.16 (#3239)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.15 to 2.1.16.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](
|
||
|
dependabot[bot]
|
dc44ecda4a
|
chore(deps): bump actions/setup-go from 3.2.0 to 3.2.1 (#3235)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](
|
||
|
Carlos A Becker
|
5bcd56bcbd
|
chore(ci): prevent gpl deps
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> |
||
|
dependabot[bot]
|
7bb16e271a
|
chore(deps): bump sigstore/cosign-installer from 2.4.0 to 2.4.1 (#3220)
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.4.0 to 2.4.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/v2.4.0...v2.4.1) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
a535b87b4a
|
chore(deps): bump github/codeql-action from 2.1.14 to 2.1.15 (#3214)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.14 to 2.1.15.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](
|
||
|
Carlos A Becker
|
5aed49bd0a
|
chore(ci): do not run gitleaks on prs
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> |
||
|
Carlos Alexandro Becker
|
d58a3e72c3
|
chore(ci): improve tparse output (#3193)
* chore(ci): improve tparse output Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * chore(ci): improve tparse output Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> |
||
|
dependabot[bot]
|
e16a15929e
|
chore(deps): bump github/codeql-action from 2.1.13 to 2.1.14 (#3186)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.13 to 2.1.14.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](
|
||
|
dependabot[bot]
|
f1c611b21b
|
chore(deps): bump github/codeql-action from 2.1.12 to 2.1.13 (#3179) | ||
|
Carlos Alexandro Becker
|
c51b0f9847
|
fix(ci): gitleaks license (#3177)
* fix(ci): gitleaks license Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * fix: gitleaks config path Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> |
||
|
dependabot[bot]
|
891e50e6a4
|
chore(deps): bump actions/dependency-review-action from 1 to 2 (#3164)
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1 to 2. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/v1...v2) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Carlos A Becker
|
d80f11b98e
|
chore(ci): update sbom and cosign actions
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> |
||
|
Carlos Alexandro Becker
|
500190f36a
|
chore(ci): tparse (#3131)
* chore(ci): tparse Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * fix: always set json Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * fix: nocolor Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * fix: do not need tparse locally Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * fix: build Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> |
||
|
dependabot[bot]
|
ab43561b9c
|
chore(deps): bump github/codeql-action from 2.1.11 to 2.1.12 (#3141)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.11 to 2.1.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](
|