go/goreleaser
go/goreleaser
1
0
Fork 0
mirror of https://github.com/goreleaser/goreleaser.git synced 2025-01-06 03:13:48 +02:00
Code Issues Releases Activity
4,202 Commits 8 Branches 558 Tags 40 MiB
541e3dfed9
Commit Graph

310 Commits

Author SHA1 Message Date
Carlos Alexandro Becker
127281131a
fix(ci): codeql use go 1.19 (#3570) 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-11-18 01:02:33 -03:00
Carlos Alexandro Becker
59138b43ce
chore: announce goreleaser releases to mastodon (#3569) 
actually announce goreleaser releases to mastodon as well :)

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-11-17 21:42:43 -03:00
dependabot[bot]
bb1fb9a397
chore(deps): bump github/codeql-action from 2.1.32 to 2.1.33 (#3564) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.32 to 2.1.33.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.33 - 16 Nov 2022</h2>
<ul>
<li>Go is now analyzed in the same way as other compiled languages such
as C/C++, C#, and Java. This completes the rollout of the feature
described in <a
href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL
Action version 2.1.27</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li>
<li>Bump the minimum CodeQL bundle version to 2.6.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li>
</ul>
<h2>2.1.32 - 14 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li>
<li>Update the ML-powered additional query pack for JavaScript to
version 0.4.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li>
</ul>
<h2>2.1.31 - 04 Nov 2022</h2>
<ul>
<li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been
updated to no longer report uses of hash functions such as
<code>MD5</code> and <code>SHA1</code> even if they are known to be
weak. These hash algorithms are used very often in non-sensitive
contexts, making the query too imprecise in practice. For more
information, see the corresponding change in the <a
href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql
repository</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li>
</ul>
<h2>2.1.30 - 02 Nov 2022</h2>
<ul>
<li>Improve the error message when using CodeQL bundle version 2.7.2 and
earlier in a workflow that runs on a runner image such as
<code>ubuntu-22.04</code> that uses glibc version 2.34 and later. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1334">#1334</a></li>
</ul>
<h2>2.1.29 - 26 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li>
</ul>
<h2>2.1.28 - 18 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li>
<li>Replace uses of GitHub Actions command <code>set-output</code>
because it is now deprecated. See more information in the <a
href="https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/">GitHub
Changelog</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1301">#1301</a></li>
</ul>
<h2>2.1.27 - 06 Oct 2022</h2>
<ul>
<li>We are rolling out a feature of the CodeQL Action in October 2022
that changes the way that Go code is analyzed to be more consistent with
other compiled languages like C/C++, C#, and Java. You do not need to
alter your code scanning workflows. If you encounter any problems,
please <a href="https://github.com/github/codeql-action/issues">file an
issue</a> or open a private ticket with GitHub Support and request an
escalation to engineering.</li>
</ul>
<h2>2.1.26 - 29 Sep 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li>
</ul>
<h2>2.1.25 - 21 Sep 2022</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
<li>Add support for Python automatic dependency installation with Poetry
1.2 <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="678fc3afe2"><code>678fc3a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1375">#1375</a>
from github/update-v2.1.33-c939e661</li>
<li><a
href="d13b9b8244"><code>d13b9b8</code></a>
Fix changelog entry</li>
<li><a
href="f2c3e7ca4e"><code>f2c3e7c</code></a>
Update changelog for v2.1.33</li>
<li><a
href="c939e6615d"><code>c939e66</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1372">#1372</a>
from github/marcogario/prioritize_github_ref</li>
<li><a
href="1935d19d61"><code>1935d19</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1358">#1358</a>
from github/henrymercer/require-cli-2.6.3</li>
<li><a
href="7484436e5d"><code>7484436</code></a>
Remove Go extraction feature flags (<a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1371">#1371</a>)</li>
<li><a
href="0a76b97b28"><code>0a76b97</code></a>
Prefer GITHUB_REF to CODE_SCANNING_REF</li>
<li><a
href="f8b607edaa"><code>f8b607e</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1364">#1364</a>
from github/henrymercer/delete-runner-part-2</li>
<li><a
href="d48707ce53"><code>d48707c</code></a>
Merge branch 'henrymercer/delete-runner-part-2' into
henrymercer/require-cli-...</li>
<li><a
href="07b9db6a46"><code>07b9db6</code></a>
Explicitly set up Go 1.13.1 in checks running on old runner images</li>
<li>Additional commits viewable in <a
href="4238421316...678fc3afe2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.32&new-version=2.1.33)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-17 09:50:23 -03:00
dependabot[bot]
2a46d627c7
chore(deps): bump github/codeql-action from 2.1.31 to 2.1.32 (#3557) 2022-11-15 07:58:32 -03:00
dependabot[bot]
79b83a133c
chore(deps): bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 (#3550) 
Bumps
[golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action)
from 3.3.0 to 3.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golangci/golangci-lint-action/releases">golangci/golangci-lint-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.3.1</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.40.0 to 5.40.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/590">golangci/golangci-lint-action#590</a></li>
<li>build(deps-dev): bump eslint from 8.25.0 to 8.26.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/591">golangci/golangci-lint-action#591</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.40.0 to 5.40.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/592">golangci/golangci-lint-action#592</a></li>
<li>build(deps): bump <code>@​actions/cache</code> from 3.0.5 to 3.0.6
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/593">golangci/golangci-lint-action#593</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.40.1 to 5.41.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/594">golangci/golangci-lint-action#594</a></li>
<li>build(deps): bump <code>@​types/semver</code> from 7.3.12 to 7.3.13
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/595">golangci/golangci-lint-action#595</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.40.1 to 5.41.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/596">golangci/golangci-lint-action#596</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.41.0 to 5.42.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/597">golangci/golangci-lint-action#597</a></li>
<li>build(deps-dev): bump eslint from 8.26.0 to 8.27.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/598">golangci/golangci-lint-action#598</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.41.0 to 5.42.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/599">golangci/golangci-lint-action#599</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/golangci/golangci-lint-action/compare/v3...v3.3.1">https://github.com/golangci/golangci-lint-action/compare/v3...v3.3.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0ad9a0988b"><code>0ad9a09</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.41.0 to 5.42.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/599">#599</a>)</li>
<li><a
href="235ea57a8f"><code>235ea57</code></a>
build(deps-dev): bump eslint from 8.26.0 to 8.27.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/598">#598</a>)</li>
<li><a
href="a6ed001163"><code>a6ed001</code></a>
build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.41.0 to 5.42.0 ...</li>
<li><a
href="3a7156a1b4"><code>3a7156a</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.40.1 to 5.41.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/596">#596</a>)</li>
<li><a
href="481f8ba892"><code>481f8ba</code></a>
build(deps): bump <code>@​types/semver</code> from 7.3.12 to 7.3.13 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/595">#595</a>)</li>
<li><a
href="06edb377a6"><code>06edb37</code></a>
build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.40.1 to 5.41.0 ...</li>
<li><a
href="c2f79a722b"><code>c2f79a7</code></a>
build(deps): bump <code>@​actions/cache</code> from 3.0.5 to 3.0.6 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/593">#593</a>)</li>
<li><a
href="d6eac69936"><code>d6eac69</code></a>
build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.40.0 to 5.40.1 ...</li>
<li><a
href="72684341c8"><code>7268434</code></a>
build(deps-dev): bump eslint from 8.25.0 to 8.26.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/591">#591</a>)</li>
<li><a
href="a926e2b3f3"><code>a926e2b</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.40.0 to 5.40.1 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/590">#590</a>)</li>
<li>See full diff in <a
href="07db5389c9...0ad9a0988b">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=3.3.0&new-version=3.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-14 09:38:20 -03:00
dependabot[bot]
4bdf2e9ba6
chore(deps): bump actions/dependency-review-action from 2 to 3 (#3551) 
Bumps
[actions/dependency-review-action](https://github.com/actions/dependency-review-action)
from 2 to 3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's
releases</a>.</em></p>
<blockquote>
<h2>3.0.0</h2>
<h2>Breaking Changes</h2>
<p>By default the action now expects <a
href="https://spdx.org/licenses/">SPDX-compliant licenses</a>
everywhere. If you were previously using license names in the allow or
deny lists make sure they're valid!</p>
<h2>What's Changed</h2>
<h3>Support for external configuration files</h3>
<p>You can now specify a <a
href="https://github.com/actions/dependency-review-action/#configuration-file">configuration
file external to your repository</a>. This allows organizations to have
a single configuration file for all their repos.</p>
<h3>Broader license support</h3>
<p>We've added support for a much broader set of project licenses by
using GitHub's <a
href="https://docs.github.com/en/rest/licenses">Licenses API</a>.</p>
<h3>SPDX Compliance</h3>
<p>All of our license-related code now expects <a
href="https://spdx.org/licenses/">SPDX-compliant licenses or
expressions</a>. This allows us to standardize on a license naming
scheme that already supports <code>OR</code>/<code>AND</code>
expressions.</p>
<h3>Disable individual checks</h3>
<p>You can now use the boolean options <code>license-check</code> and
<code>vulnerability-check</code> to disable either one of the checks.
More information in <a
href="https://github.com/actions/dependency-review-action/#configuration-options">our
configuration options</a>.</p>
<h2>Thanks</h2>
<p>Contributors for this release include:</p>
<ul>
<li><a
href="https://github.com/cnagadya"><code>@​cnagadya</code></a></li>
<li><a
href="https://github.com/courtneycl"><code>@​courtneycl</code></a></li>
<li><a
href="https://github.com/ericcornelissen"><code>@​ericcornelissen</code></a></li>
<li><a
href="https://github.com/elireisman"><code>@​elireisman</code></a></li>
<li><a href="https://github.com/hmaurer"><code>@​hmaurer</code></a></li>
</ul>
<p>Thanks everyone!
<strong>Full Changelog</strong>: <a
href="https://github.com/actions/dependency-review-action/compare/v2...v3.0.0">https://github.com/actions/dependency-review-action/compare/v2...v3.0.0</a></p>
<h2>2.5.1</h2>
<p>Adding some quality-of-life improvements to the local development
experience. You can now pass a flag to the <code>scripts/scan_pr</code>
script using the <code>-c/--config-file</code> flags to use an external
configuration file:</p>
<p>Example:</p>
<pre><code> scripts/scan_pr
https://github.com/actions/dependency-review-action/pull/294
</code></pre>
<h2>2.5.0</h2>
<p>Fallback on GitHub Licenses API data for missing Dependency Review
API Licenses. This should improve our license coverage.</p>
<h2>2.4.1</h2>
<p>This patch release fixes the bugs below:</p>
<ul>
<li>Display the dependency name instead of the manifest name in the
detailed list of dependents.</li>
<li>Fix an issue where undefined GHSAs would remove filter out all
changes.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="30d5821115"><code>30d5821</code></a>
Bumping version number</li>
<li><a
href="6e42c3395a"><code>6e42c33</code></a>
Remove defaults from the recently added fields.</li>
<li><a
href="a3074cd699"><code>a3074cd</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/327">#327</a>
from actions/adding-extra-options</li>
<li><a
href="51a29d6960"><code>51a29d6</code></a>
Updating action.yml to include <code>*-check</code> config</li>
<li><a
href="235a221cf4"><code>235a221</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/324">#324</a>
from actions/readme-update</li>
<li><a
href="9b3a7f61dd"><code>9b3a7f6</code></a>
Minor README tweaks.</li>
<li><a
href="a4761312ac"><code>a476131</code></a>
Add <code>pull_request</code> to the list of events that don't need
refs.</li>
<li><a
href="28c7c8c314"><code>28c7c8c</code></a>
Set the correct default for license-check in README.</li>
<li><a
href="9da0fd4871"><code>9da0fd4</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/325">#325</a>
from actions/dependabot/npm_and_yarn/eslint-plugin-je...</li>
<li><a
href="fe45fd6645"><code>fe45fd6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/326">#326</a>
from actions/dependabot/npm_and_yarn/esbuild-register...</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/dependency-review-action/compare/v2...v3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/dependency-review-action&package-manager=github_actions&previous-version=2&new-version=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-14 09:38:04 -03:00
dependabot[bot]
53fa4773c6
chore(deps): bump github/codeql-action from 2.1.30 to 2.1.31 (#3534) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.30 to 2.1.31.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c3b6fce4ee"><code>c3b6fce</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1345">#1345</a>
from github/update-v2.1.31-a8cabafa</li>
<li><a
href="8aa42f1f11"><code>8aa42f1</code></a>
Update CHANGELOG.md</li>
<li><a
href="29a5553722"><code>29a5553</code></a>
Update CHANGELOG.md</li>
<li><a
href="e260194d76"><code>e260194</code></a>
Update changelog for v2.1.31</li>
<li><a
href="a8cabafa56"><code>a8cabaf</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1344">#1344</a>
from github/edoardo/prune-ruby</li>
<li><a
href="862a512899"><code>862a512</code></a>
Prune results of Ruby query from SARIF</li>
<li><a
href="71510779c2"><code>7151077</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1342">#1342</a>
from github/mergeback/v2.1.30-to-main-18fe527f</li>
<li><a
href="81a1ec0fb3"><code>81a1ec0</code></a>
Update checked-in dependencies</li>
<li><a
href="60c8cda203"><code>60c8cda</code></a>
Update changelog and version after v2.1.30</li>
<li>See full diff in <a
href="18fe527fa8...c3b6fce4ee">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.30&new-version=2.1.31)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-07 09:12:17 -03:00
dependabot[bot]
2e0e5c259e
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.15.3 to 4.15.4 (#3535) 
Bumps
[stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action)
from 4.15.3 to 4.15.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.15.4</h2>
<h2>Fixed</h2>
<ul>
<li>Let Action fail if git binary can't be located (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/261">#261</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2>Dependency Updates</h2>
<ul>
<li>Bump github/super-linter from 3 to 4 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/258">#258</a>)
<a
href="https://github.com/@dependabot"><code>@​dependabot</code></a></li>
<li>Bump bats from 1.7.0 to 1.8.2 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/259">#259</a>)
<a
href="https://github.com/@dependabot"><code>@​dependabot</code></a></li>
<li>Bump actions/checkout from 2 to 3 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/257">#257</a>)
<a
href="https://github.com/@dependabot"><code>@​dependabot</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.4...HEAD">Unreleased</a></h2>
<blockquote>
<p>TBD</p>
</blockquote>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.3...v4.15.4">v4.15.4</a>
- 2022-11-05</h2>
<h3>Fixed</h3>
<ul>
<li>Let Action fail if git binary can't be located (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/261">#261</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h3>Dependency Updates</h3>
<ul>
<li>Bump github/super-linter from 3 to 4 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/258">#258</a>)
<a
href="https://github.com/@dependabot"><code>@​dependabot</code></a></li>
<li>Bump bats from 1.7.0 to 1.8.2 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/259">#259</a>)
<a
href="https://github.com/@dependabot"><code>@​dependabot</code></a></li>
<li>Bump actions/checkout from 2 to 3 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/257">#257</a>)
<a
href="https://github.com/@dependabot"><code>@​dependabot</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.2...v4.15.3">v4.15.3</a>
- 2022-10-26</h2>
<h3>Changed</h3>
<ul>
<li>Use deprecated set-output syntax if GITHUB_OUTPUT environment is not
available (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/255">#255</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.1...v4.15.2">v4.15.2</a>
- 2022-10-22</h2>
<h3>Changed</h3>
<ul>
<li>Replace set-output usage with GITHUB_OUTPUT (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/252">#252</a>)
<a href="https://github.com/amonshiz"><code>@​amonshiz</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.0...v4.15.1">v4.15.1</a>
- 2022-10-10</h2>
<h3>Fixed</h3>
<ul>
<li>Run Action on Node16 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/247">#247</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.1...v4.15.0">v4.15.0</a>
- 2022-09-24</h2>
<h3>Changed</h3>
<ul>
<li>Expand <code>file_pattern</code>-input to an array (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/205">#205</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>String values in README.md extended example are now correct (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/196">#196</a>)
<a
href="https://github.com/@karolswdev"><code>@​karolswdev</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0b007fbd11"><code>0b007fb</code></a>
Let Action fail if git binary can't be located (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/261">#261</a>)</li>
<li><a
href="7106b2184a"><code>7106b21</code></a>
Bump github/super-linter from 3 to 4 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/258">#258</a>)</li>
<li><a
href="f166130208"><code>f166130</code></a>
Bump bats from 1.7.0 to 1.8.2 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/259">#259</a>)</li>
<li><a
href="021a6363fa"><code>021a636</code></a>
Bump actions/checkout from 2 to 3 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/257">#257</a>)</li>
<li><a
href="38864a638f"><code>38864a6</code></a>
Create dependabot.yml</li>
<li><a
href="393fea59ef"><code>393fea5</code></a>
Update CHANGELOG</li>
<li>See full diff in <a
href="0049e3fa40...0b007fbd11">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stefanzweifel/git-auto-commit-action&package-manager=github_actions&previous-version=4.15.3&new-version=4.15.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-07 09:11:56 -03:00
dependabot[bot]
bd4d497c99
chore(deps): bump anchore/sbom-action from 0.13.0 to 0.13.1 (#3533) 
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from
0.13.0 to 0.13.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.13.1</h2>
<h2>Changes in v0.13.1</h2>
<ul>
<li>File input not being passed properly to Syft invocation (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/385">#385</a>)
[<a href="https://github.com/kzantow">kzantow</a>]</li>
<li>Update Syft to v0.60.3 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/386">#386</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="06e109483e"><code>06e1094</code></a>
fix: file input not being passed properly to syft invocation (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/385">#385</a>)</li>
<li><a
href="f4e264e189"><code>f4e264e</code></a>
Update Syft to v0.60.3 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/386">#386</a>)</li>
<li><a
href="faa694c549"><code>faa694c</code></a>
chore: update dependencies (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/384">#384</a>)</li>
<li>See full diff in <a
href="https://github.com/anchore/sbom-action/compare/v0.13.0...v0.13.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.13.0&new-version=0.13.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-07 09:11:22 -03:00
dependabot[bot]
914d3d5941
chore(deps): bump github/codeql-action from 2.1.29 to 2.1.30 (#3526) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.29 to 2.1.30.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.30 - 02 Nov 2022</h2>
<ul>
<li>Improve the error message when using CodeQL bundle version 2.7.2 and
earlier in a workflow that runs on a runner image such as
<code>ubuntu-22.04</code> that uses glibc version 2.34 and later. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1334">#1334</a></li>
</ul>
<h2>2.1.29 - 26 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li>
</ul>
<h2>2.1.28 - 18 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li>
<li>Replace uses of GitHub Actions command <code>set-output</code>
because it is now deprecated. See more information in the <a
href="https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/">GitHub
Changelog</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1301">#1301</a></li>
</ul>
<h2>2.1.27 - 06 Oct 2022</h2>
<ul>
<li>We are rolling out a feature of the CodeQL Action in October 2022
that changes the way that Go code is analyzed to be more consistent with
other compiled languages like C/C++, C#, and Java. You do not need to
alter your code scanning workflows. If you encounter any problems,
please <a href="https://github.com/github/codeql-action/issues">file an
issue</a> or open a private ticket with GitHub Support and request an
escalation to engineering.</li>
</ul>
<h2>2.1.26 - 29 Sep 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li>
</ul>
<h2>2.1.25 - 21 Sep 2022</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
<li>Add support for Python automatic dependency installation with Poetry
1.2 <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.23 - 14 Sep 2022</h2>
<ul>
<li>Allow CodeQL packs to be downloaded from GitHub Enterprise Server
instances, using the new <code>registries</code> input for the
<code>init</code> action. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1221">#1221</a></li>
<li>Update default CodeQL bundle version to 2.10.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1240">#1240</a></li>
</ul>
<h2>2.1.22 - 01 Sep 2022</h2>
<ul>
<li>Downloading CodeQL packs has been moved to the <code>init</code>
step. Previously, CodeQL packs were downloaded during the
<code>analyze</code> step. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li>
<li>Update default CodeQL bundle version to 2.10.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li>
<li>The newly released <a
href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry
1.2</a> is not yet supported. In the most common case where the CodeQL
Action is automatically installing Python dependencies, it will continue
to install and use Poetry 1.1 on its own. However, in certain cases such
as with self-hosted runners, you may need to ensure Poetry 1.1 is
installed yourself.</li>
</ul>
<h2>2.1.21 - 25 Aug 2022</h2>
<ul>
<li>Improve error messages when the code scanning configuration file
includes an invalid <code>queries</code> block or an invalid
<code>query-filters</code> block. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="18fe527fa8"><code>18fe527</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1341">#1341</a>
from github/update-v2.1.30-cd983e71</li>
<li><a
href="f04ca7c11c"><code>f04ca7c</code></a>
Update changelog for v2.1.30</li>
<li><a
href="cd983e71c6"><code>cd983e7</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1334">#1334</a>
from github/henrymercer/better-error-for-glibc</li>
<li><a
href="2ec046b5ac"><code>2ec046b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1328">#1328</a>
from github/angelapwen/add-go-autobuild-comment</li>
<li><a
href="72bd9cbe62"><code>72bd9cb</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1321">#1321</a>
from github/criemen/datadog-tag</li>
<li><a
href="ac0112f7f1"><code>ac0112f</code></a>
Add Go to list of supported languages</li>
<li><a
href="77b1f7e44c"><code>77b1f7e</code></a>
Merge remote-tracking branch 'origin/main' into criemen/datadog-tag</li>
<li><a
href="aa07b3894b"><code>aa07b38</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1340">#1340</a>
from github/henrymercer/fix-proxy-check</li>
<li><a
href="c44e6c6096"><code>c44e6c6</code></a>
Fix missing Docker image in proxy test</li>
<li><a
href="ae0a2603c1"><code>ae0a260</code></a>
Update src/actions-util.ts</li>
<li>Additional commits viewable in <a
href="ec3cf9c605...18fe527fa8">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.29&new-version=2.1.30)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-03 09:34:07 -03:00
Carlos Alexandro Becker
7544f7ab96
feat: update to go 1.19.3 (#3523) 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-11-02 14:19:01 -03:00
dependabot[bot]
f3aea7663f
chore(deps): bump anchore/sbom-action from 0.12.0 to 0.13.0 (#3512) 
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from
0.12.0 to 0.13.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.13.0</h2>
<h2>Changes in v0.13.0</h2>
<ul>
<li>Allow type &quot;file:...&quot; to enable creation of SBOMs from tar
and other package formats (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/357">#357</a>)
[<a href="https://github.com/malt3">malt3</a>]</li>
<li>Update Syft to v0.59.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/371">#371</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
<li>Update dependencies and node version (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/372">#372</a>)
[<a href="https://github.com/kzantow">kzantow</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b7e8507c6a"><code>b7e8507</code></a>
chore: remove dependabot (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/381">#381</a>)</li>
<li><a
href="2424de21c4"><code>2424de2</code></a>
Bump <code>@​types/node</code> from 18.11.2 to 18.11.3 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/373">#373</a>)</li>
<li><a
href="12a03b588c"><code>12a03b5</code></a>
Update Syft to v0.59.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/371">#371</a>)</li>
<li><a
href="563238bdcc"><code>563238b</code></a>
chore: Update dependencies and action node version (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/372">#372</a>)</li>
<li><a
href="eda59434a8"><code>eda5943</code></a>
Update Syft to v0.58.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/354">#354</a>)</li>
<li><a
href="614fe8a3b7"><code>614fe8a</code></a>
feat: Allow type &quot;file:...&quot; (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/357">#357</a>)</li>
<li><a
href="6218d4fbd4"><code>6218d4f</code></a>
Update Syft to v0.57.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/344">#344</a>)</li>
<li><a
href="a173e5341b"><code>a173e53</code></a>
Update Syft to v0.56.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/329">#329</a>)</li>
<li><a
href="2cd5755dcc"><code>2cd5755</code></a>
Add update-deps script (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/322">#322</a>)</li>
<li>See full diff in <a
href="https://github.com/anchore/sbom-action/compare/v0.12.0...v0.13.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.12.0&new-version=0.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-31 11:13:56 -03:00
dependabot[bot]
d73a0116e0
chore(deps): bump github/codeql-action from 2.1.28 to 2.1.29 (#3498) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.28 to 2.1.29.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.29 - 26 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li>
</ul>
<h2>2.1.28 - 18 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li>
<li>Replace uses of GitHub Actions command <code>set-output</code>
because it is now deprecated. See more information in the <a
href="https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/">GitHub
Changelog</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1301">#1301</a></li>
</ul>
<h2>2.1.27 - 06 Oct 2022</h2>
<ul>
<li>We are rolling out a feature of the CodeQL Action in October 2022
that changes the way that Go code is analyzed to be more consistent with
other compiled languages like C/C++, C#, and Java. You do not need to
alter your code scanning workflows. If you encounter any problems,
please <a href="https://github.com/github/codeql-action/issues">file an
issue</a> or open a private ticket with GitHub Support and request an
escalation to engineering.</li>
</ul>
<h2>2.1.26 - 29 Sep 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li>
</ul>
<h2>2.1.25 - 21 Sep 2022</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
<li>Add support for Python automatic dependency installation with Poetry
1.2 <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.23 - 14 Sep 2022</h2>
<ul>
<li>Allow CodeQL packs to be downloaded from GitHub Enterprise Server
instances, using the new <code>registries</code> input for the
<code>init</code> action. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1221">#1221</a></li>
<li>Update default CodeQL bundle version to 2.10.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1240">#1240</a></li>
</ul>
<h2>2.1.22 - 01 Sep 2022</h2>
<ul>
<li>Downloading CodeQL packs has been moved to the <code>init</code>
step. Previously, CodeQL packs were downloaded during the
<code>analyze</code> step. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li>
<li>Update default CodeQL bundle version to 2.10.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li>
<li>The newly released <a
href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry
1.2</a> is not yet supported. In the most common case where the CodeQL
Action is automatically installing Python dependencies, it will continue
to install and use Poetry 1.1 on its own. However, in certain cases such
as with self-hosted runners, you may need to ensure Poetry 1.1 is
installed yourself.</li>
</ul>
<h2>2.1.21 - 25 Aug 2022</h2>
<ul>
<li>Improve error messages when the code scanning configuration file
includes an invalid <code>queries</code> block or an invalid
<code>query-filters</code> block. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li>
<li>Fix a bug where Go build tracing could fail on Windows. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li>
</ul>
<h2>2.1.20 - 22 Aug 2022</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec3cf9c605"><code>ec3cf9c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1323">#1323</a>
from github/update-v2.1.29-4b53723d</li>
<li><a
href="f246f20ec4"><code>f246f20</code></a>
Update changelog for v2.1.29</li>
<li><a
href="4b53723d6b"><code>4b53723</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1320">#1320</a>
from github/edoardo/2.11.2-bump</li>
<li><a
href="de9f112cd1"><code>de9f112</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1318">#1318</a>
from github/aeisenberg/bump-min-version</li>
<li><a
href="f1a4ff53b4"><code>f1a4ff5</code></a>
Bumps the min version for code scanning config in the cli</li>
<li><a
href="624418cb40"><code>624418c</code></a>
Bump default CodeQL version to 2.11.2</li>
<li><a
href="f0a1281661"><code>f0a1281</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1315">#1315</a>
from github/mergeback/v2.1.28-to-main-cc7986c0</li>
<li><a
href="f0b3ef9e9c"><code>f0b3ef9</code></a>
Update checked-in dependencies</li>
<li><a
href="3920e2d8ae"><code>3920e2d</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1313">#1313</a>
from github/criemen/ghes-31-deprecation</li>
<li><a
href="be55631a21"><code>be55631</code></a>
Update changelog and version after v2.1.28</li>
<li>Additional commits viewable in <a
href="cc7986c02b...ec3cf9c605">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.28&new-version=2.1.29)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-27 09:32:34 -03:00
dependabot[bot]
f0b912a708
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.15.2 to 4.15.3 (#3499) 
Bumps
[stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action)
from 4.15.2 to 4.15.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.15.3</h2>
<h2>Changed</h2>
<ul>
<li>Use deprecated set-output syntax if GITHUB_OUTPUT environment is not
available (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/255">#255</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.3...HEAD">Unreleased</a></h2>
<blockquote>
<p>TBD</p>
</blockquote>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.2...v4.15.3">v4.15.3</a>
- 2022-10-26</h2>
<h3>Changed</h3>
<ul>
<li>Use deprecated set-output syntax if GITHUB_OUTPUT environment is not
available (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/255">#255</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.1...v4.15.2">v4.15.2</a>
- 2022-10-22</h2>
<h3>Changed</h3>
<ul>
<li>Replace set-output usage with GITHUB_OUTPUT (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/252">#252</a>)
<a href="https://github.com/amonshiz"><code>@​amonshiz</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.0...v4.15.1">v4.15.1</a>
- 2022-10-10</h2>
<h3>Fixed</h3>
<ul>
<li>Run Action on Node16 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/247">#247</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.1...v4.15.0">v4.15.0</a>
- 2022-09-24</h2>
<h3>Changed</h3>
<ul>
<li>Expand <code>file_pattern</code>-input to an array (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/205">#205</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>String values in README.md extended example are now correct (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/196">#196</a>)
<a
href="https://github.com/@karolswdev"><code>@​karolswdev</code></a></li>
<li>Fix Typos and grammer Errors in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/235">#235</a>)
<a
href="https://github.com/@derrickleemy"><code>@​derrickleemy</code></a></li>
<li>Fix Typo in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/230">#230</a>)
<a href="https://github.com/@fty4"><code>@​fty4</code></a></li>
<li>Add missing links in the CHANGELOG (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/223">#223</a>)
<a
href="https://github.com/@ericcornelissen"><code>@​ericcornelissen</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.0...v4.14.1">v4.14.1</a>
- 2022-04-12</h2>
<h2>Changed</h2>
<ul>
<li>Change Commit User Name from &quot;GitHub Actions&quot; to
&quot;github-actions[bot]&quot; (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
<li>Change Commit User Email from &quot;<a
href="mailto:actions@github.com">actions@github.com</a>&quot; to
&quot;github-actions[bot]<a
href="https://github.com/users"><code>@​users</code></a>.noreply.github.com&quot;
(<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
</ul>
<h2>Fixed</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0049e3fa40"><code>0049e3f</code></a>
Use deprecated set-output syntax if GITHUB_OUTPUT environment is not
availabl...</li>
<li><a
href="f6f7a9c351"><code>f6f7a9c</code></a>
Update CHANGELOG</li>
<li>See full diff in <a
href="2fde6fc18d...0049e3fa40">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stefanzweifel/git-auto-commit-action&package-manager=github_actions&previous-version=4.15.2&new-version=4.15.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-27 09:29:34 -03:00
dependabot[bot]
62361bb6ad
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.15.1 to 4.15.2 (#3492) 
Bumps
[stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action)
from 4.15.1 to 4.15.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.15.2</h2>
<h2>Changed</h2>
<ul>
<li>Replace set-output usage with GITHUB_OUTPUT (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/252">#252</a>)
<a href="https://github.com/amonshiz"><code>@​amonshiz</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.2...HEAD">Unreleased</a></h2>
<blockquote>
<p>TBD</p>
</blockquote>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.1...v4.15.2">v4.15.2</a>
- 2022-10-22</h2>
<h3>Changed</h3>
<ul>
<li>Replace set-output usage with GITHUB_OUTPUT (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/252">#252</a>)
<a href="https://github.com/amonshiz"><code>@​amonshiz</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.0...v4.15.1">v4.15.1</a>
- 2022-10-10</h2>
<h3>Fixed</h3>
<ul>
<li>Run Action on Node16 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/247">#247</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.1...v4.15.0">v4.15.0</a>
- 2022-09-24</h2>
<h3>Changed</h3>
<ul>
<li>Expand <code>file_pattern</code>-input to an array (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/205">#205</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>String values in README.md extended example are now correct (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/196">#196</a>)
<a
href="https://github.com/@karolswdev"><code>@​karolswdev</code></a></li>
<li>Fix Typos and grammer Errors in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/235">#235</a>)
<a
href="https://github.com/@derrickleemy"><code>@​derrickleemy</code></a></li>
<li>Fix Typo in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/230">#230</a>)
<a href="https://github.com/@fty4"><code>@​fty4</code></a></li>
<li>Add missing links in the CHANGELOG (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/223">#223</a>)
<a
href="https://github.com/@ericcornelissen"><code>@​ericcornelissen</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.0...v4.14.1">v4.14.1</a>
- 2022-04-12</h2>
<h2>Changed</h2>
<ul>
<li>Change Commit User Name from &quot;GitHub Actions&quot; to
&quot;github-actions[bot]&quot; (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
<li>Change Commit User Email from &quot;<a
href="mailto:actions@github.com">actions@github.com</a>&quot; to
&quot;github-actions[bot]<a
href="https://github.com/users"><code>@​users</code></a>.noreply.github.com&quot;
(<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>Update doc link to GITHUB_TOKEN not triggering new workflow runs (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/206">#206</a>)
<a href="https://github.com/gapple"><code>@​gapple</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.13.1...v4.14.0">v4.14.0</a>
- 2022-03-18</h2>
<h2>Added</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2fde6fc18d"><code>2fde6fc</code></a>
Replace set-output usage with GITHUB_OUTPUT (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/252">#252</a>)</li>
<li><a
href="faf78595b8"><code>faf7859</code></a>
Update README.md</li>
<li><a
href="a0873a0795"><code>a0873a0</code></a>
Update CHANGELOG</li>
<li>See full diff in <a
href="fd157da78f...2fde6fc18d">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stefanzweifel/git-auto-commit-action&package-manager=github_actions&previous-version=4.15.1&new-version=4.15.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-24 10:45:43 -03:00
Carlos A Becker
f28a70c481
chore: image scan always fails 
the security issues comes from the golang image, which we need to be
using in order to build stuff.

That said, not much we can do either way, so, I'm disabling this check
for now.

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-10-21 08:56:21 -03:00
dependabot[bot]
bc5d4bf97a
chore(deps): bump golangci/golangci-lint-action from 3.2.0 to 3.3.0 (#3486) 
Bumps
[golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action)
from 3.2.0 to 3.3.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="07db5389c9"><code>07db538</code></a>
build(deps): bump <code>@​actions/cache</code> from 3.0.4 to 3.0.5 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/586">#586</a>)</li>
<li><a
href="328c000029"><code>328c000</code></a>
build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.39.0 to 5.40.0 ...</li>
<li><a
href="3a79f8d45a"><code>3a79f8d</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.39.0 to 5.40.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/584">#584</a>)</li>
<li><a
href="43c645b597"><code>43c645b</code></a>
build(deps-dev): bump eslint from 8.24.0 to 8.25.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/582">#582</a>)</li>
<li><a
href="88e5fc6380"><code>88e5fc6</code></a>
build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.38.1 to 5.39.0 ...</li>
<li><a
href="6191de56c9"><code>6191de5</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.38.1 to 5.39.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/580">#580</a>)</li>
<li><a
href="5423639e7b"><code>5423639</code></a>
build(deps): bump <code>@​actions/core</code> from 1.9.1 to 1.10.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/578">#578</a>)</li>
<li><a
href="c225631afd"><code>c225631</code></a>
build(deps): bump <code>@​actions/github</code> from 5.1.0 to 5.1.1 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/576">#576</a>)</li>
<li><a
href="b81d829cdb"><code>b81d829</code></a>
build(deps-dev): bump typescript from 4.8.3 to 4.8.4 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/577">#577</a>)</li>
<li><a
href="5b682fd40b"><code>5b682fd</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.38.0 to 5.38.1 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/575">#575</a>)</li>
<li>Additional commits viewable in <a
href="537aa1903e...07db5389c9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=3.2.0&new-version=3.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-21 08:54:45 -03:00
dependabot[bot]
097baac606
chore(deps): bump actions/setup-go from 3.3.0 to 3.3.1 (#3477) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.3.0
to 3.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>Fix cache issues and update dependencies</h2>
<p>In scope of this release we fixed the issue with the correct
generation of the cache key when the <code>go-version-file</code> input
is set (<a
href="https://github-redirect.dependabot.com/actions/setup-go/pull/267">actions/setup-go#267</a>).
Moreover, we fixed an issue when <a
href="https://github-redirect.dependabot.com/actions/setup-go/pull/264">the
cache folder was not found</a>. Besides, we updated
<code>actions/core</code> to 1.10.0 version (<a
href="https://github-redirect.dependabot.com/actions/setup-go/pull/273">actions/setup-go#273</a>).</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c4a742cab1"><code>c4a742c</code></a>
fix(): cache resolve version input (<a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/267">#267</a>)</li>
<li><a
href="f556e5b7e0"><code>f556e5b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/273">#273</a>
from rentziass/rentziass/update-actions-core</li>
<li><a
href="514ae57904"><code>514ae57</code></a>
Update <code>@​actions/core</code> to 1.10.0</li>
<li><a
href="30b9ddff11"><code>30b9ddf</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/264">#264</a>
from e-korolevskii/258-not-throw-err-no-cache-folders</li>
<li><a
href="c4e169859f"><code>c4e1698</code></a>
prettier format</li>
<li><a
href="db58e98a43"><code>db58e98</code></a>
format</li>
<li><a
href="2905db4069"><code>2905db4</code></a>
update build</li>
<li><a
href="57452eb902"><code>57452eb</code></a>
fix debug lines in test</li>
<li><a
href="5547b9ed8d"><code>5547b9e</code></a>
fix(cache): Not throw err if no cache folders</li>
<li><a
href="be45b2722d"><code>be45b27</code></a>
build</li>
<li>Additional commits viewable in <a
href="268d8c0ca0...c4a742cab1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=3.3.0&new-version=3.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-19 09:54:46 -03:00
dependabot[bot]
a94d809a63
chore(deps): bump sigstore/cosign-installer from 2.8.0 to 2.8.1 (#3478) 
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 2.8.0 to 2.8.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v2.8.1</h2>
<h2>What's Changed</h2>
<ul>
<li>bump cosign install to use release v1.13.1 by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/98">sigstore/cosign-installer#98</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v2...v2.8.1">https://github.com/sigstore/cosign-installer/compare/v2...v2.8.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9becc61764"><code>9becc61</code></a>
bump cosign install to use release v1.13.1 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/98">#98</a>)</li>
<li><a
href="c6d50c2e98"><code>c6d50c2</code></a>
Bump actions/checkout from 3.0.2 to 3.1.0 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/96">#96</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v2.8.0...v2.8.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=2.8.0&new-version=2.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-19 09:54:06 -03:00
dependabot[bot]
7b1ce71351
chore(deps): bump github/codeql-action from 2.1.27 to 2.1.28 (#3479) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.27 to 2.1.28.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.28 - 18 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li>
<li>Replace uses of GitHub Actions command <code>set-output</code>
because it is now deprecated. See more information in the <a
href="https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/">GitHub
Changelog</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1301">#1301</a></li>
</ul>
<h2>2.1.27 - 06 Oct 2022</h2>
<ul>
<li>We are rolling out a feature of the CodeQL Action in October 2022
that changes the way that Go code is analyzed to be more consistent with
other compiled languages like C/C++, C#, and Java. You do not need to
alter your code scanning workflows. If you encounter any problems,
please <a href="https://github.com/github/codeql-action/issues">file an
issue</a> or open a private ticket with GitHub Support and request an
escalation to engineering.</li>
</ul>
<h2>2.1.26 - 29 Sep 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li>
</ul>
<h2>2.1.25 - 21 Sep 2022</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
<li>Add support for Python automatic dependency installation with Poetry
1.2 <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.23 - 14 Sep 2022</h2>
<ul>
<li>Allow CodeQL packs to be downloaded from GitHub Enterprise Server
instances, using the new <code>registries</code> input for the
<code>init</code> action. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1221">#1221</a></li>
<li>Update default CodeQL bundle version to 2.10.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1240">#1240</a></li>
</ul>
<h2>2.1.22 - 01 Sep 2022</h2>
<ul>
<li>Downloading CodeQL packs has been moved to the <code>init</code>
step. Previously, CodeQL packs were downloaded during the
<code>analyze</code> step. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li>
<li>Update default CodeQL bundle version to 2.10.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li>
<li>The newly released <a
href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry
1.2</a> is not yet supported. In the most common case where the CodeQL
Action is automatically installing Python dependencies, it will continue
to install and use Poetry 1.1 on its own. However, in certain cases such
as with self-hosted runners, you may need to ensure Poetry 1.1 is
installed yourself.</li>
</ul>
<h2>2.1.21 - 25 Aug 2022</h2>
<ul>
<li>Improve error messages when the code scanning configuration file
includes an invalid <code>queries</code> block or an invalid
<code>query-filters</code> block. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li>
<li>Fix a bug where Go build tracing could fail on Windows. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li>
</ul>
<h2>2.1.20 - 22 Aug 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.19 - 17 Aug 2022</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cc7986c02b"><code>cc7986c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1311">#1311</a>
from github/update-v2.1.28-96c8872f</li>
<li><a
href="aecd03235b"><code>aecd032</code></a>
Update changelog for v2.1.28</li>
<li><a
href="96c8872f06"><code>96c8872</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1310">#1310</a>
from github/henrymercer/v2-mergeback</li>
<li><a
href="b709139433"><code>b709139</code></a>
Merge branch 'releases/v2' into henrymercer/v2-mergeback</li>
<li><a
href="5dd73678a4"><code>5dd7367</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1308">#1308</a>
from github/aeisenberg/fix-merge</li>
<li><a
href="4c1ccc4a5e"><code>4c1ccc4</code></a>
Fix CHANGELOG</li>
<li><a
href="c2f5185572"><code>c2f5185</code></a>
Merge commit 'e4cc4a2f' into releases/v2</li>
<li><a
href="297ec80a46"><code>297ec80</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1301">#1301</a>
from github/aeisenberg/remove-set-output</li>
<li><a
href="b0f8861cea"><code>b0f8861</code></a>
Update CHANGELOG.md</li>
<li><a
href="2ee8edc7f0"><code>2ee8edc</code></a>
Update changelog</li>
<li>Additional commits viewable in <a
href="807578363a...cc7986c02b">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.27&new-version=2.1.28)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-19 09:53:53 -03:00
dependabot[bot]
97e9bc40f9
chore(deps): bump docker/setup-buildx-action from 2.2.0 to 2.2.1 (#3480) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.2.0 to 2.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Preserve quotes surrounding fields in input list by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/174">#174</a>)</li>
<li>Escape surrounding quotes for <code>platforms</code> input by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/175">#175</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.2.0...v2.2.1">https://github.com/docker/setup-buildx-action/compare/v2.2.0...v2.2.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8c0edbc76e"><code>8c0edbc</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/175">#175</a>
from crazy-max/input-list-quotes</li>
<li><a
href="1fb9cbdb32"><code>1fb9cbd</code></a>
escape surrounding quotes for platforms input</li>
<li><a
href="693fdd6ca6"><code>693fdd6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/174">#174</a>
from crazy-max/input-quote</li>
<li><a
href="fe4c1ac86d"><code>fe4c1ac</code></a>
preserve quotes surrounding fields in input list</li>
<li>See full diff in <a
href="c74574e6c8...8c0edbc76e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.2.0&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-19 09:53:41 -03:00
dependabot[bot]
903713ea0a
chore(deps): bump docker/setup-buildx-action from 2.1.0 to 2.2.0 (#3474) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.1.0 to 2.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Append nodes to builder support by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/165">#165</a>)</li>
<li>Bump csv-parse from 5.3.0 to 5.3.1 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/172">#172</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.1.0...v2.2.0">https://github.com/docker/setup-buildx-action/compare/v2.1.0...v2.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c74574e6c8"><code>c74574e</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/172">#172</a>
from docker/dependabot/npm_and_yarn/csv-parse-5.3.1</li>
<li><a
href="2d0cf98781"><code>2d0cf98</code></a>
update generated content</li>
<li><a
href="5f1d4ea81f"><code>5f1d4ea</code></a>
Bump csv-parse from 5.3.0 to 5.3.1</li>
<li><a
href="59b5ed6124"><code>59b5ed6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/165">#165</a>
from crazy-max/append</li>
<li><a
href="bd61d52837"><code>bd61d52</code></a>
update generated content</li>
<li><a
href="f6efb5fcbb"><code>f6efb5f</code></a>
platforms input</li>
<li><a
href="2dfca373f3"><code>2dfca37</code></a>
append nodes to builder support</li>
<li>See full diff in <a
href="95cb08cb26...c74574e6c8">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.1.0&new-version=2.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-18 09:19:42 -03:00
dependabot[bot]
647262634b
chore(deps): bump actions/cache from 3.0.10 to 3.0.11 (#3465) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.10 to
3.0.11.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.11</h2>
<h2>What's Changed</h2>
<ul>
<li>Call out cache not saved on hit by <a
href="https://github.com/Phantsure"><code>@​Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/946">actions/cache#946</a></li>
<li>Update <code>@​actions/core</code> to 1.10.0 by <a
href="https://github.com/rentziass"><code>@​rentziass</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/950">actions/cache#950</a></li>
<li>Update cache to use <code>@​actions/core</code>@^1.10.0 by <a
href="https://github.com/pdotl"><code>@​pdotl</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/956">actions/cache#956</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/rentziass"><code>@​rentziass</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/950">actions/cache#950</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.0.11">https://github.com/actions/cache/compare/v3...v3.0.11</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MIN</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<h3>3.0.11</h3>
<ul>
<li>Update toolkit version to 3.0.5 to include
<code>@actions/core@^1.10.0</code></li>
<li>Update <code>@actions/cache</code> to use updated
<code>saveState</code> and <code>setOutput</code> functions from
<code>@actions/core@^1.10.0</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9b0c1fce7a"><code>9b0c1fc</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/956">#956</a>
from actions/pdotl-version-bump</li>
<li><a
href="18103f63fe"><code>18103f6</code></a>
Fix licensed status error</li>
<li><a
href="3e383cd9c3"><code>3e383cd</code></a>
Update RELEASES</li>
<li><a
href="43428ea056"><code>43428ea</code></a>
toolkit versioon update and version bump for cache</li>
<li><a
href="1c73980b09"><code>1c73980</code></a>
3.0.11</li>
<li><a
href="a3f5edc237"><code>a3f5edc</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/950">#950</a>
from rentziass/rentziass/update-actions-core</li>
<li><a
href="831ee695a5"><code>831ee69</code></a>
Update licenses</li>
<li><a
href="b9c8bfe442"><code>b9c8bfe</code></a>
Update <code>@​actions/core</code> to 1.10.0</li>
<li><a
href="0f20846208"><code>0f20846</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/946">#946</a>
from actions/Phantsure-patch-2</li>
<li><a
href="862fc14188"><code>862fc14</code></a>
Update README.md</li>
<li>Additional commits viewable in <a
href="56461b9eb0...9b0c1fce7a">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.0.10&new-version=3.0.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-14 10:17:02 -03:00
dependabot[bot]
fcd9b379f5
chore(deps): bump actions/github-script from 6.3.2 to 6.3.3 (#3464) 
Bumps [actions/github-script](https://github.com/actions/github-script)
from 6.3.2 to 6.3.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v6.3.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Update <code>@actions/glob</code> to 0.3.0 by <a
href="https://github.com/nineinchnick"><code>@​nineinchnick</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/279">actions/github-script#279</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/nineinchnick"><code>@​nineinchnick</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/279">actions/github-script#279</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v6.3.2...v6.3.3">https://github.com/actions/github-script/compare/v6.3.2...v6.3.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d556feaca3"><code>d556fea</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/300">#300</a>
from actions/joshmgross/v6.3.3</li>
<li><a
href="01fde8b524"><code>01fde8b</code></a>
Update version to 6.3.3</li>
<li><a
href="633e9fd3a1"><code>633e9fd</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/279">#279</a>
from nineinchnick/update-glob</li>
<li><a
href="ee124b1288"><code>ee124b1</code></a>
Update dist</li>
<li><a
href="ca24d5fb29"><code>ca24d5f</code></a>
Update <code>@actions/glob</code> license version</li>
<li><a
href="c09747ec1a"><code>c09747e</code></a>
Merge branch 'main' into update-glob</li>
<li>See full diff in <a
href="100527700e...d556feaca3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=6.3.2&new-version=6.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-14 10:16:50 -03:00
dependabot[bot]
6a5a3d9f1d
chore(deps): bump docker/setup-qemu-action from 2.0.0 to 2.1.0 (#3458) 
Bumps
[docker/setup-qemu-action](https://github.com/docker/setup-qemu-action)
from 2.0.0 to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Use context for inputs by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/62">#62</a>)</li>
<li>Use built-in <code>getExecOutput</code> by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/61">#61</a>)</li>
<li>Remove workaround for <code>setOutput</code> by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/63">#63</a>)</li>
<li>Bump <code>@​actions/core</code> from 1.6.0 to 1.10.0 (<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/54">#54</a>
<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/58">#58</a>
<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/59">#59</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-qemu-action/compare/v2.0.0...v2.1.0">https://github.com/docker/setup-qemu-action/compare/v2.0.0...v2.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e81a89b173"><code>e81a89b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/63">#63</a>
from crazy-max/setOutput</li>
<li><a
href="2d3efc7878"><code>2d3efc7</code></a>
Remove workaround for setOutput</li>
<li><a
href="bfc44eaf57"><code>bfc44ea</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/62">#62</a>
from crazy-max/context</li>
<li><a
href="25725d8d2e"><code>25725d8</code></a>
Use context for inputs</li>
<li><a
href="8c1e35a8c6"><code>8c1e35a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/61">#61</a>
from crazy-max/exec-output</li>
<li><a
href="f3c51a3313"><code>f3c51a3</code></a>
update README</li>
<li><a
href="c47ad32952"><code>c47ad32</code></a>
Use built-in getExecOutput</li>
<li><a
href="aa087459ac"><code>aa08745</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/59">#59</a>
from docker/dependabot/npm_and_yarn/actions/core-1.10.0</li>
<li><a
href="9443994984"><code>9443994</code></a>
Update generated content</li>
<li><a
href="81a47e15eb"><code>81a47e1</code></a>
Bump <code>@​actions/core</code> from 1.9.1 to 1.10.0</li>
<li>Additional commits viewable in <a
href="8b122486ce...e81a89b173">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-qemu-action&package-manager=github_actions&previous-version=2.0.0&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2022-10-13 10:52:43 -03:00
dependabot[bot]
9ce619ad09
chore(deps): bump docker/setup-buildx-action from 2.0.0 to 2.1.0 (#3459) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.0.0 to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Auth support for tls endpoint by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/164">#164</a>)</li>
<li>Nodes metadata JSON ouput by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/162">#162</a>)
<ul>
<li><code>endpoint</code>, <code>status</code> and <code>flags</code>
outputs are deprecated. Use <code>nodes</code> output instead.</li>
</ul>
</li>
<li>Skip setting buildkitd flags and config for remote driver by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/161">#161</a>)</li>
<li>Move args logic to context module and add tests by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/169">#169</a>)</li>
<li>Remove workaround for <code>setOutput</code> by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/170">#170</a>)</li>
<li>Fix deprecated <code>fs.rmdir</code> by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/171">#171</a>)</li>
<li>Docs: clarify install option by <a
href="https://github.com/rodrigc"><code>@​rodrigc</code></a> in (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/152">#152</a>)</li>
<li>Bump <code>@​actions/core</code> from 1.6.0 to 1.10.0 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/151">#151</a>
<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/157">#157</a>
<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/167">#167</a>)</li>
<li>Bump <code>@​actions/tool-cache</code> from 1.7.2 to 2.0.1 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/150">#150</a>)</li>
<li>Bump <code>@​actions/http-client</code> from 1.0.11 to 2.0.1 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/149">#149</a>)</li>
<li>Bump uuid from 8.3.2 to 9.0.0 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/159">#159</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.0.0...v2.1.0">https://github.com/docker/setup-buildx-action/compare/v2.0.0...v2.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="95cb08cb26"><code>95cb08c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/171">#171</a>
from crazy-max/rmsync</li>
<li><a
href="eb5c2a6eea"><code>eb5c2a6</code></a>
Fix deprecated fs.rmdir</li>
<li><a
href="83612bea36"><code>83612be</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/170">#170</a>
from crazy-max/setOutput</li>
<li><a
href="40fefd8a58"><code>40fefd8</code></a>
Remove workaround for setOutput</li>
<li><a
href="90a1e4619e"><code>90a1e46</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/169">#169</a>
from crazy-max/context-module</li>
<li><a
href="5a9fc40575"><code>5a9fc40</code></a>
move args logic to context module and add tests</li>
<li><a
href="6c48dad5f0"><code>6c48dad</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/159">#159</a>
from docker/dependabot/npm_and_yarn/uuid-9.0.0</li>
<li><a
href="16c2ddbfa7"><code>16c2ddb</code></a>
update generated content</li>
<li><a
href="0fe8589bf4"><code>0fe8589</code></a>
Bump uuid from 8.3.2 to 9.0.0</li>
<li><a
href="f3692cbe43"><code>f3692cb</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/167">#167</a>
from docker/dependabot/npm_and_yarn/actions/core-1.10.0</li>
<li>Additional commits viewable in <a
href="dc7b9719a9...95cb08cb26">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.0.0&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2022-10-13 10:51:29 -03:00
dependabot[bot]
637ffc49a9
chore(deps): bump docker/login-action from 2.0.0 to 2.1.0 (#3451) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [docker/login-action](https://github.com/docker/login-action) from
2.0.0 to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/login-action/releases">docker/login-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Ensure AWS temp credentials are redacted in workflow logs by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/275">#275</a>)</li>
<li>Bump <code>@​actions/core</code> from 1.6.0 to 1.10.0 (<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/252">#252</a>
<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/292">#292</a>)</li>
<li>Bump <code>@​aws-sdk/client-ecr</code> from 3.53.0 to 3.186.0 (<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/298">#298</a>)</li>
<li>Bump <code>@​aws-sdk/client-ecr-public</code> from 3.53.0 to 3.186.0
(<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/299">#299</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/login-action/compare/v2.0.0...v2.1.0">https://github.com/docker/login-action/compare/v2.0.0...v2.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f4ef78c080"><code>f4ef78c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/login-action/issues/299">#299</a>
from docker/dependabot/npm_and_yarn/aws-sdk/client-ec...</li>
<li><a
href="9ad4ce3929"><code>9ad4ce3</code></a>
Update generated content</li>
<li><a
href="884eadd4f8"><code>884eadd</code></a>
Bump <code>@​aws-sdk/client-ecr-public</code> from 3.53.0 to
3.186.0</li>
<li><a
href="a266232f5c"><code>a266232</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/login-action/issues/298">#298</a>
from docker/dependabot/npm_and_yarn/aws-sdk/client-ec...</li>
<li><a
href="f97efcfbf9"><code>f97efcf</code></a>
Update generated content</li>
<li><a
href="5ae789beac"><code>5ae789b</code></a>
Bump <code>@​aws-sdk/client-ecr</code> from 3.53.0 to 3.186.0</li>
<li><a
href="71c23b5b34"><code>71c23b5</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/login-action/issues/292">#292</a>
from docker/dependabot/npm_and_yarn/actions/core-1.10.0</li>
<li><a
href="6401d70aab"><code>6401d70</code></a>
Update generated content</li>
<li><a
href="67e8909cc6"><code>67e8909</code></a>
Bump <code>@​actions/core</code> from 1.9.1 to 1.10.0</li>
<li><a
href="21f251affc"><code>21f251a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/login-action/issues/275">#275</a>
from crazy-max/redact-aws-creds</li>
<li>Additional commits viewable in <a
href="49ed152c8e...f4ef78c080">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/login-action&package-manager=github_actions&previous-version=2.0.0&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-12 19:05:18 -03:00
dependabot[bot]
614cab8586
chore(deps): bump actions/github-script from 6.3.1 to 6.3.2 (#3453) 
Bumps [actions/github-script](https://github.com/actions/github-script)
from 6.3.1 to 6.3.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v6.3.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Update <code>@​actions/core</code> to 1.10.0 by <a
href="https://github.com/rentziass"><code>@​rentziass</code></a> in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/295">actions/github-script#295</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/rentziass"><code>@​rentziass</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/295">actions/github-script#295</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v6.3.1...v6.3.2">https://github.com/actions/github-script/compare/v6.3.1...v6.3.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="100527700e"><code>1005277</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/299">#299</a>
from actions/joshmgross/v6.3.2</li>
<li><a
href="085a7754e8"><code>085a775</code></a>
Bump version to 6.3.2</li>
<li><a
href="6871f0ffce"><code>6871f0f</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/295">#295</a>
from rentziass/rentziass/update-actions-core</li>
<li><a
href="7ed718295b"><code>7ed7182</code></a>
Update <code>@​actions/core</code> to 1.10.0</li>
<li>See full diff in <a
href="7dff1a8764...100527700e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=6.3.1&new-version=6.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-12 19:05:03 -03:00
dependabot[bot]
38c8436863
chore(deps): bump arduino/setup-task from 1.0.1 to 1.0.2 (#3452) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [arduino/setup-task](https://github.com/arduino/setup-task) from
1.0.1 to 1.0.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/arduino/setup-task/releases">arduino/setup-task's
releases</a>.</em></p>
<blockquote>
<h2>1.0.2</h2>
<h2>Release Notes</h2>
<h3>Changelog</h3>
<h4>Enhancement</h4>
<ul>
<li>Run action with Node.js 16 (<a
href="https://github-redirect.dependabot.com/arduino/setup-task/pull/552">arduino/setup-task#552</a>)</li>
<li>Various dependency updates</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a href="https://github.com/kasperg"><code>@​kasperg</code></a></li>
</ul>
<hr />
<p><strong>Full Changeset</strong>: <a
href="https://github.com/arduino/setup-task/compare/1.0.1...1.0.2">https://github.com/arduino/setup-task/compare/1.0.1...1.0.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d665c6beeb"><code>d665c6b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/554">#554</a>
from arduino/dependabot/npm_and_yarn/types/node-16.11.65</li>
<li><a
href="f911dc0bbc"><code>f911dc0</code></a>
build(deps-dev): bump <code>@​types/node</code> from 16.11.64 to
16.11.65</li>
<li><a
href="2cdd1760c6"><code>2cdd176</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/555">#555</a>
from arduino/dependabot/npm_and_yarn/typescript-eslin...</li>
<li><a
href="0238d42112"><code>0238d42</code></a>
build(deps-dev): bump
<code>@​typescript-eslint/eslint-plugin</code></li>
<li><a
href="b592b746bd"><code>b592b74</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/553">#553</a>
from arduino/dependabot/npm_and_yarn/typescript-eslin...</li>
<li><a
href="1b72357a23"><code>1b72357</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.38.1 to 5.40.0</li>
<li><a
href="eea6bc2215"><code>eea6bc2</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/551">#551</a>
from arduino/dependabot/npm_and_yarn/eslint-8.25.0</li>
<li><a
href="c36e056867"><code>c36e056</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/552">#552</a>
from kasperg/patch-1</li>
<li><a
href="ba0113b2fc"><code>ba0113b</code></a>
Bump Node version from 12 to 16</li>
<li><a
href="1bdabdfc86"><code>1bdabdf</code></a>
build(deps-dev): bump eslint from 8.24.0 to 8.25.0</li>
<li>Additional commits viewable in <a
href="ca745e1891...d665c6beeb">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=arduino/setup-task&package-manager=github_actions&previous-version=1.0.1&new-version=1.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-12 19:04:36 -03:00
dependabot[bot]
7cd73510c0
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.15.0 to 4.15.1 (#3450) 
Bumps
[stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action)
from 4.15.0 to 4.15.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.15.1</h2>
<h2>Fixed</h2>
<ul>
<li>Run Action on Node16 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/247">#247</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.1...HEAD">Unreleased</a></h2>
<blockquote>
<p>TBD</p>
</blockquote>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.0...v4.15.1">v4.15.1</a>
- 2022-10-10</h2>
<h3>Fixed</h3>
<ul>
<li>Run Action on Node16 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/247">#247</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.1...v4.15.0">v4.15.0</a>
- 2022-09-24</h2>
<h3>Changed</h3>
<ul>
<li>Expand <code>file_pattern</code>-input to an array (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/205">#205</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>String values in README.md extended example are now correct (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/196">#196</a>)
<a
href="https://github.com/@karolswdev"><code>@​karolswdev</code></a></li>
<li>Fix Typos and grammer Errors in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/235">#235</a>)
<a
href="https://github.com/@derrickleemy"><code>@​derrickleemy</code></a></li>
<li>Fix Typo in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/230">#230</a>)
<a href="https://github.com/@fty4"><code>@​fty4</code></a></li>
<li>Add missing links in the CHANGELOG (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/223">#223</a>)
<a
href="https://github.com/@ericcornelissen"><code>@​ericcornelissen</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.0...v4.14.1">v4.14.1</a>
- 2022-04-12</h2>
<h2>Changed</h2>
<ul>
<li>Change Commit User Name from &quot;GitHub Actions&quot; to
&quot;github-actions[bot]&quot; (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
<li>Change Commit User Email from &quot;<a
href="mailto:actions@github.com">actions@github.com</a>&quot; to
&quot;github-actions[bot]<a
href="https://github.com/users"><code>@​users</code></a>.noreply.github.com&quot;
(<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>Update doc link to GITHUB_TOKEN not triggering new workflow runs (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/206">#206</a>)
<a href="https://github.com/gapple"><code>@​gapple</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.13.1...v4.14.0">v4.14.0</a>
- 2022-03-18</h2>
<h2>Added</h2>
<ul>
<li>Add <code>create_branch</code> option to force create a new branch
(<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/203">#203</a>)
<a
href="https://github.com/stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>README.md: Updates hyperlink to GH docs (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/200">#200</a>)
<a
href="https://github.com/funkyfuture"><code>@​funkyfuture</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fd157da78f"><code>fd157da</code></a>
Run Action on Node16 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/247">#247</a>)</li>
<li><a
href="b208f78c10"><code>b208f78</code></a>
Test that CRLF changes are not picked up</li>
<li><a
href="cef08f2918"><code>cef08f2</code></a>
Update CHANGELOG</li>
<li>See full diff in <a
href="6c32682a40...fd157da78f">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stefanzweifel/git-auto-commit-action&package-manager=github_actions&previous-version=4.15.0&new-version=4.15.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-11 09:54:34 -03:00
dependabot[bot]
dffc068b47
chore(deps): bump github/codeql-action from 2.1.26 to 2.1.27 (#3445) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.26 to 2.1.27.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.27 - 06 Oct 2022</h2>
<ul>
<li>We are rolling out a feature of the CodeQL Action in October 2022
that changes the way that Go code is analyzed to be more consistent with
other compiled languages like C/C++, C#, and Java. You do not need to
alter your code scanning workflows. If you encounter any problems,
please <a href="https://github.com/github/codeql-action/issues">file an
issue</a> or open a private ticket with GitHub Support and request an
escalation to engineering.</li>
</ul>
<h2>2.1.26 - 29 Sep 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li>
</ul>
<h2>2.1.25 - 21 Sep 2022</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
<li>Add support for Python automatic dependency installation with Poetry
1.2 <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.23 - 14 Sep 2022</h2>
<ul>
<li>Allow CodeQL packs to be downloaded from GitHub Enterprise Server
instances, using the new <code>registries</code> input for the
<code>init</code> action. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1221">#1221</a></li>
<li>Update default CodeQL bundle version to 2.10.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1240">#1240</a></li>
</ul>
<h2>2.1.22 - 01 Sep 2022</h2>
<ul>
<li>Downloading CodeQL packs has been moved to the <code>init</code>
step. Previously, CodeQL packs were downloaded during the
<code>analyze</code> step. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li>
<li>Update default CodeQL bundle version to 2.10.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li>
<li>The newly released <a
href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry
1.2</a> is not yet supported. In the most common case where the CodeQL
Action is automatically installing Python dependencies, it will continue
to install and use Poetry 1.1 on its own. However, in certain cases such
as with self-hosted runners, you may need to ensure Poetry 1.1 is
installed yourself.</li>
</ul>
<h2>2.1.21 - 25 Aug 2022</h2>
<ul>
<li>Improve error messages when the code scanning configuration file
includes an invalid <code>queries</code> block or an invalid
<code>query-filters</code> block. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li>
<li>Fix a bug where Go build tracing could fail on Windows. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li>
</ul>
<h2>2.1.20 - 22 Aug 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.19 - 17 Aug 2022</h2>
<ul>
<li>Add the ability to filter queries from a code scanning run by using
the <code>query-filters</code> option in the code scanning configuration
file. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1098">#1098</a></li>
<li>In debug mode, debug artifacts are now uploaded even if a step in
the Actions workflow fails. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1159">#1159</a></li>
<li>Update default CodeQL bundle version to 2.10.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1178">#1178</a></li>
<li>The combination of python2 and Pipenv is no longer supported. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1181">#1181</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="807578363a"><code>8075783</code></a>
Merge main into releases/v2 (<a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1287">#1287</a>)</li>
<li>See full diff in <a
href="e0e5ded33c...807578363a">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.26&new-version=2.1.27)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-10 14:51:49 -03:00
dependabot[bot]
1317be8a7d
chore(deps): bump sigstore/cosign-installer from 2.7.0 to 2.8.0 (#3448) 
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 2.7.0 to 2.8.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v2.8.0</h2>
<h2>What's Changed</h2>
<ul>
<li>bump cosign to v1.13.0 by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/95">sigstore/cosign-installer#95</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v2.7.0...v2.8.0">https://github.com/sigstore/cosign-installer/compare/v2.7.0...v2.8.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7cc35d7fdb"><code>7cc35d7</code></a>
bump cosign to v1.13.0 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/95">#95</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v2.7.0...v2.8.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=2.7.0&new-version=2.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-10 14:50:18 -03:00
Carlos Alexandro Becker
b4159f6377
feat(deps): go 1.19.2 (#3443) 
latest security fixes

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-10-05 21:24:45 -03:00
Carlos A Becker
04162b50fe
chore: always build on main 2022-10-05 10:50:29 -03:00
Carlos A Becker
7c42c807e5
chore: fix fig workflow name 2022-10-05 09:40:12 -03:00
dependabot[bot]
f8da439130
chore(deps): bump actions/checkout from 3.0.2 to 3.1.0 (#3441) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.2
to 3.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v3.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Inject GitHub host to be able to clone from another GitHub instance
by <a
href="https://github.com/peter-murray"><code>@​peter-murray</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/922">actions/checkout#922</a></li>
<li>Bump <code>@​actions/core</code> to 1.10.0 by <a
href="https://github.com/rentziass"><code>@​rentziass</code></a> in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/939">actions/checkout#939</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/peter-murray"><code>@​peter-murray</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/922">actions/checkout#922</a></li>
<li><a href="https://github.com/rentziass"><code>@​rentziass</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/939">actions/checkout#939</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v3.0.2...v3.1.0">https://github.com/actions/checkout/compare/v3.0.2...v3.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v3.1.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/939">Use
<code>@​actions/core</code> <code>saveState</code> and
<code>getState</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/922">Add
<code>github-server-url</code> input</a></li>
</ul>
<h2>v3.0.2</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/770">Add
input <code>set-safe-directory</code></a></li>
</ul>
<h2>v3.0.1</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/762">Fixed
an issue where checkout failed to run in container jobs due to the new
git setting <code>safe.directory</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/744">Bumped
various npm package versions</a></li>
</ul>
<h2>v3.0.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/689">Update
to node 16</a></li>
</ul>
<h2>v2.3.1</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/284">Fix
default branch resolution for .wiki and when using SSH</a></li>
</ul>
<h2>v2.3.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/278">Fallback
to the default branch</a></li>
</ul>
<h2>v2.2.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/258">Fetch
all history for all tags and branches when fetch-depth=0</a></li>
</ul>
<h2>v2.1.1</h2>
<ul>
<li>Changes to support GHES (<a
href="https://github-redirect.dependabot.com/actions/checkout/pull/236">here</a>
and <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/248">here</a>)</li>
</ul>
<h2>v2.1.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/191">Group
output</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/199">Changes
to support GHES alpha release</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/184">Persist
core.sshCommand for submodules</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/163">Add
support ssh</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/179">Convert
submodule SSH URL to HTTPS, when not using SSH</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/157">Add
submodule support</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/144">Follow
proxy settings</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/141">Fix
ref for pr closed event when a pr is merged</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/128">Fix
issue checking detached when git less than 2.22</a></li>
</ul>
<h2>v2.0.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/108">Do
not pass cred on command line</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/107">Add
input persist-credentials</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/104">Fallback
to REST API to download repo</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="93ea575cb5"><code>93ea575</code></a>
Prepare release v3.1.0 (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/940">#940</a>)</li>
<li><a
href="6a84743051"><code>6a84743</code></a>
Bump <code>@​actions/core</code> to 1.10.0 (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/939">#939</a>)</li>
<li><a
href="e6d535c99c"><code>e6d535c</code></a>
Inject GitHub host to be able to clone from another GitHub instance (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/922">#922</a>)</li>
<li>See full diff in <a
href="2541b1294d...93ea575cb5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.0.2&new-version=3.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-05 09:38:34 -03:00
Carlos Alexandro Becker
bb6c53eeda
feat: fig integration (#3437) 
closes #3328

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-10-05 09:33:39 -03:00
Carlos A Becker
e89e2135bd
chore: generate should use go cache 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-10-04 22:05:49 -03:00
dependabot[bot]
6e90e7edba
chore(deps): bump actions/github-script from 6.3.0 to 6.3.1 (#3429) 
Bumps [actions/github-script](https://github.com/actions/github-script)
from 6.3.0 to 6.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v6.3.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix overriding request options from <code>@​actions/github</code> by
<a
href="https://github.com/luketomlinson"><code>@​luketomlinson</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/293">actions/github-script#293</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v6.3.0...v6.3.1">https://github.com/actions/github-script/compare/v6.3.0...v6.3.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7dff1a8764"><code>7dff1a8</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/293">#293</a>
from luketomlinson/main</li>
<li><a
href="8445ca871a"><code>8445ca8</code></a>
Fix overriding request options from <code>@​actions/github</code></li>
<li>See full diff in <a
href="d4560e1570...7dff1a8764">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=6.3.0&new-version=6.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-04 09:27:16 -03:00
dependabot[bot]
c29971bddb
chore(deps): bump actions/cache from 3.0.9 to 3.0.10 (#3433) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.9 to
3.0.10.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.10</h2>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for <code>restore-keys</code> in README.md</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MIN</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="56461b9eb0"><code>56461b9</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/931">#931</a>
from ELHoussineT/patch-1</li>
<li><a
href="f85d12c3b2"><code>f85d12c</code></a>
Merge branch 'main' into patch-1</li>
<li><a
href="98044e486f"><code>98044e4</code></a>
Update README.md</li>
<li><a
href="edc49897ec"><code>edc4989</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/942">#942</a>
from actions/vsvipul/fix-sort</li>
<li><a
href="68d96986b5"><code>68d9698</code></a>
Remove sort logic from inputs</li>
<li><a
href="3238536a48"><code>3238536</code></a>
Update README.md</li>
<li>See full diff in <a
href="ac8075791e...56461b9eb0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.0.9&new-version=3.0.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-04 09:24:28 -03:00
dependabot[bot]
501a677d90
chore(deps): bump github/codeql-action from 2.1.25 to 2.1.26 (#3417) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.25 to 2.1.26.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.26 - 29 Sep 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li>
</ul>
<h2>2.1.25 - 21 Sep 2022</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
<li>Add support for Python automatic dependency installation with Poetry
1.2 <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.23 - 14 Sep 2022</h2>
<ul>
<li>Allow CodeQL packs to be downloaded from GitHub Enterprise Server
instances, using the new <code>registries</code> input for the
<code>init</code> action. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1221">#1221</a></li>
<li>Update default CodeQL bundle version to 2.10.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1240">#1240</a></li>
</ul>
<h2>2.1.22 - 01 Sep 2022</h2>
<ul>
<li>Downloading CodeQL packs has been moved to the <code>init</code>
step. Previously, CodeQL packs were downloaded during the
<code>analyze</code> step. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li>
<li>Update default CodeQL bundle version to 2.10.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li>
<li>The newly released <a
href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry
1.2</a> is not yet supported. In the most common case where the CodeQL
Action is automatically installing Python dependencies, it will continue
to install and use Poetry 1.1 on its own. However, in certain cases such
as with self-hosted runners, you may need to ensure Poetry 1.1 is
installed yourself.</li>
</ul>
<h2>2.1.21 - 25 Aug 2022</h2>
<ul>
<li>Improve error messages when the code scanning configuration file
includes an invalid <code>queries</code> block or an invalid
<code>query-filters</code> block. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li>
<li>Fix a bug where Go build tracing could fail on Windows. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li>
</ul>
<h2>2.1.20 - 22 Aug 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.19 - 17 Aug 2022</h2>
<ul>
<li>Add the ability to filter queries from a code scanning run by using
the <code>query-filters</code> option in the code scanning configuration
file. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1098">#1098</a></li>
<li>In debug mode, debug artifacts are now uploaded even if a step in
the Actions workflow fails. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1159">#1159</a></li>
<li>Update default CodeQL bundle version to 2.10.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1178">#1178</a></li>
<li>The combination of python2 and Pipenv is no longer supported. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1181">#1181</a></li>
</ul>
<h2>2.1.18 - 03 Aug 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.10.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1156">#1156</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e0e5ded33c"><code>e0e5ded</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1276">#1276</a>
from github/update-v2.1.26-97054749</li>
<li><a
href="c60b8543e6"><code>c60b854</code></a>
Update changelog for v2.1.26</li>
<li><a
href="97054749c9"><code>9705474</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1274">#1274</a>
from github/aeisenberg/update-checks-script</li>
<li><a
href="fb0f74784f"><code>fb0f747</code></a>
Update the checks script</li>
<li><a
href="3400e51bc8"><code>3400e51</code></a>
Add dotnet env variable to workflow (<a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1273">#1273</a>)</li>
<li><a
href="74740eef3d"><code>74740ee</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1270">#1270</a>
from github/aeisenberg/cli-config-feature-flag</li>
<li><a
href="1ec8ea99ee"><code>1ec8ea9</code></a>
Merge branch 'main' into aeisenberg/cli-config-feature-flag</li>
<li><a
href="2466f0ce2c"><code>2466f0c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1267">#1267</a>
from github/cklin/codeql-cli-2.11.0</li>
<li><a
href="a711c7623d"><code>a711c76</code></a>
Update default CodeQL version to 2.11.0</li>
<li><a
href="39064e0f9b"><code>39064e0</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1272">#1272</a>
from github/update-supported-enterprise-server-versions</li>
<li>Additional commits viewable in <a
href="86f3159a69...e0e5ded33c">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.25&new-version=2.1.26)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-30 09:47:36 -03:00
dependabot[bot]
16abdfd915
chore(deps): bump actions/cache from 3.0.8 to 3.0.9 (#3416) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.8 to
3.0.9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.9</h2>
<ul>
<li>Enhanced the warning message for cache unavailability in case of
GHES.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MIN</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ac8075791e"><code>ac80757</code></a>
Actions/cache release 3.0.9 (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/930">#930</a>)</li>
<li><a
href="0ff0597934"><code>0ff0597</code></a>
Update examples.md (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/920">#920</a>)</li>
<li><a
href="12681847c6"><code>1268184</code></a>
Update README.md (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/936">#936</a>)</li>
<li><a
href="1a78ace131"><code>1a78ace</code></a>
Updated the GHES warning message (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/925">#925</a>)</li>
<li><a
href="1bc650b06c"><code>1bc650b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/922">#922</a>
from actions/vsvipul/add-anurag</li>
<li><a
href="92e01f4797"><code>92e01f4</code></a>
Add anuragc617 to assignees</li>
<li><a
href="b195c997a4"><code>b195c99</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/912">#912</a>
from actions/pdotl/readme-update-1</li>
<li><a
href="9f98a2f01c"><code>9f98a2f</code></a>
Merge branch 'main' into pdotl/readme-update-1</li>
<li><a
href="471fb0c87e"><code>471fb0c</code></a>
Move workarounds to a different file</li>
<li><a
href="a213d1e898"><code>a213d1e</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/913">#913</a>
from actions/vsvipul-patch-2</li>
<li>Additional commits viewable in <a
href="fd5de65bc8...ac8075791e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.0.8&new-version=3.0.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-30 09:47:28 -03:00
Carlos A Becker
c006c9d208
chore: do not login on snapcraft on snapshots 2022-09-27 21:20:57 -03:00
Carlos A Becker
530764513f
chore: workflows being skipped when they shouldn't 2022-09-27 11:52:35 -03:00
dependabot[bot]
0edfbf02cb
chore(deps): bump actions/github-script from 6.2.0 to 6.3.0 (#3408) 
Bumps [actions/github-script](https://github.com/actions/github-script)
from 6.2.0 to 6.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v6.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add retry plugin and related options by <a
href="https://github.com/luketomlinson"><code>@​luketomlinson</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/288">actions/github-script#288</a>,
see <a
href="https://github.com/actions/github-script/tree/v6.3.0#retries">https://github.com/actions/github-script/tree/v6.3.0#retries</a>
for more information.</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/luketomlinson"><code>@​luketomlinson</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/288">actions/github-script#288</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v6.2.0...v6.3.0">https://github.com/actions/github-script/compare/v6.2.0...v6.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d4560e1570"><code>d4560e1</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/288">#288</a>
from luketomlinson/main</li>
<li><a
href="d742690307"><code>d742690</code></a>
6.3.0</li>
<li><a
href="ac0c7cb50b"><code>ac0c7cb</code></a>
Core.debug</li>
<li><a
href="eb0f407f1a"><code>eb0f407</code></a>
Whitespace</li>
<li><a
href="6b09a22cca"><code>6b09a22</code></a>
cleanup quotes</li>
<li><a
href="e7dbaf0565"><code>e7dbaf0</code></a>
update action.yml</li>
<li><a
href="3faaff918c"><code>3faaff9</code></a>
PR feedback</li>
<li><a
href="3cca041b86"><code>3cca041</code></a>
Fix http-client license</li>
<li><a
href="55053af80a"><code>55053af</code></a>
Update licenses</li>
<li><a
href="977060a05e"><code>977060a</code></a>
Add more info to action.yml</li>
<li>Additional commits viewable in <a
href="c713e510db...d4560e1570">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=6.2.0&new-version=6.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-27 10:58:22 -03:00
Carlos A Becker
20ead77da7
chore: gitleaks only when license present 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-09-27 10:57:08 -03:00
Carlos A Becker
32285bab55
chore: do not run gitleaks on dependabot prs 2022-09-27 10:54:05 -03:00
Carlos A Becker
0a3a76c09e
chore: do not run gitleaks on dependabot prs 2022-09-27 10:21:40 -03:00
dependabot[bot]
ee62a8ec00
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.14.1 to 4.15.0 (#3405) 
Bumps
[stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action)
from 4.14.1 to 4.15.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.15.0</h2>
<h2>Changed</h2>
<ul>
<li>Expand <code>file_pattern</code>-input to an array (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/205">#205</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>String values in README.md extended example are now correct (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/196">#196</a>)
<a
href="https://github.com/@karolswdev"><code>@​karolswdev</code></a></li>
<li>Fix Typos and grammer Errors in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/235">#235</a>)
<a
href="https://github.com/@derrickleemy"><code>@​derrickleemy</code></a></li>
<li>Fix Typo in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/230">#230</a>)
<a href="https://github.com/@fty4"><code>@​fty4</code></a></li>
<li>Add missing links in the CHANGELOG (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/223">#223</a>)
<a
href="https://github.com/@ericcornelissen"><code>@​ericcornelissen</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.0...HEAD">Unreleased</a></h2>
<blockquote>
<p>TBD</p>
</blockquote>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.1...v4.15.0">v4.15.0</a>
- 2022-09-24</h2>
<h3>Changed</h3>
<ul>
<li>Expand <code>file_pattern</code>-input to an array (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/205">#205</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>String values in README.md extended example are now correct (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/196">#196</a>)
<a
href="https://github.com/@karolswdev"><code>@​karolswdev</code></a></li>
<li>Fix Typos and grammer Errors in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/235">#235</a>)
<a
href="https://github.com/@derrickleemy"><code>@​derrickleemy</code></a></li>
<li>Fix Typo in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/230">#230</a>)
<a href="https://github.com/@fty4"><code>@​fty4</code></a></li>
<li>Add missing links in the CHANGELOG (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/223">#223</a>)
<a
href="https://github.com/@ericcornelissen"><code>@​ericcornelissen</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.0...v4.14.1">v4.14.1</a>
- 2022-04-12</h2>
<h2>Changed</h2>
<ul>
<li>Change Commit User Name from &quot;GitHub Actions&quot; to
&quot;github-actions[bot]&quot; (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
<li>Change Commit User Email from &quot;<a
href="mailto:actions@github.com">actions@github.com</a>&quot; to
&quot;github-actions[bot]<a
href="https://github.com/users"><code>@​users</code></a>.noreply.github.com&quot;
(<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>Update doc link to GITHUB_TOKEN not triggering new workflow runs (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/206">#206</a>)
<a href="https://github.com/gapple"><code>@​gapple</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.13.1...v4.14.0">v4.14.0</a>
- 2022-03-18</h2>
<h2>Added</h2>
<ul>
<li>Add <code>create_branch</code> option to force create a new branch
(<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/203">#203</a>)
<a
href="https://github.com/stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>README.md: Updates hyperlink to GH docs (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/200">#200</a>)
<a
href="https://github.com/funkyfuture"><code>@​funkyfuture</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.13.0...v4.13.1">v4.13.1</a>
- 2022-01-13</h2>
<h2>Fixed</h2>
<ul>
<li>Properly disambiguate between branch or file checkout (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/199">#199</a>)
<a
href="https://github.com/kenodegard"><code>@​kenodegard</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6c32682a40"><code>6c32682</code></a>
Add bug label to new issues</li>
<li><a
href="a4a482b6c5"><code>a4a482b</code></a>
Update Issue Templates</li>
<li><a
href="18870f2286"><code>18870f2</code></a>
Add note about line break detection</li>
<li><a
href="52eb0eedc8"><code>52eb0ee</code></a>
Update README</li>
<li><a
href="03246c1cee"><code>03246c1</code></a>
Changed the extended example to correctly use quotes for strings (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/196">#196</a>)</li>
<li><a
href="4d00f10668"><code>4d00f10</code></a>
Expand <code>file_pattern</code>-input to an array (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/205">#205</a>)</li>
<li><a
href="4e7c0d67cd"><code>4e7c0d6</code></a>
Assert throws error when force adding ignored files</li>
<li><a
href="dce7e85096"><code>dce7e85</code></a>
Add Tests to Cover <a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/233">#233</a></li>
<li><a
href="9262405709"><code>9262405</code></a>
Fix Typo in Test</li>
<li><a
href="32807d4f18"><code>32807d4</code></a>
Upgrade Bats</li>
<li>Additional commits viewable in <a
href="49620cd3ed...6c32682a40">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stefanzweifel/git-auto-commit-action&package-manager=github_actions&previous-version=4.14.1&new-version=4.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-26 10:24:48 -03:00
dependabot[bot]
fd8cc43ef3
chore(deps): bump sigstore/cosign-installer from 2.6.0 to 2.7.0 (#3404) 
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 2.6.0 to 2.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v2.7.0</h2>
<h2>What's Changed</h2>
<ul>
<li>bump cosign to v1.12.1 by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/94">sigstore/cosign-installer#94</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v2...v2.7.0">https://github.com/sigstore/cosign-installer/compare/v2...v2.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ced07f21fb"><code>ced07f2</code></a>
bump cosign to v1.12.1 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/94">#94</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v2.6.0...v2.7.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=2.6.0&new-version=2.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-26 10:24:30 -03:00