[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.2.6 to 2.2.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.2.7 - 15 Mar 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.6 - 10 Mar 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.4.</li>
</ul>
<h2>2.2.5 - 24 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.3. <a
href="https://redirect.github.com/github/codeql-action/pull/1543">#1543</a></li>
</ul>
<h2>2.2.4 - 10 Feb 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.3 - 08 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.2. <a
href="https://redirect.github.com/github/codeql-action/pull/1518">#1518</a></li>
</ul>
<h2>2.2.2 - 06 Feb 2023</h2>
<ul>
<li>Fix an issue where customers using the CodeQL Action with the <a
href="https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access">CodeQL
Action sync tool</a> would not be able to obtain the CodeQL tools. <a
href="https://redirect.github.com/github/codeql-action/pull/1517">#1517</a></li>
</ul>
<h2>2.2.1 - 27 Jan 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.0 - 26 Jan 2023</h2>
<ul>
<li>Improve stability when choosing the default version of CodeQL to use
in code scanning workflow runs on Actions on GitHub.com. <a
href="https://redirect.github.com/github/codeql-action/pull/1475">#1475</a>
<ul>
<li>This change addresses customer reports of code scanning alerts on
GitHub.com being closed and reopened during the rollout of new versions
of CodeQL in the GitHub Actions <a
href="https://github.com/actions/runner-images">runner images</a>.</li>
<li><strong>No change is required for the majority of
workflows</strong>, including:
<ul>
<li>Workflows on GitHub.com hosted runners using the latest version
(<code>v2</code>) of the CodeQL Action.</li>
<li>Workflows on GitHub.com hosted runners that are pinned to specific
versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li>
<li>Workflows on GitHub Enterprise Server.</li>
</ul>
</li>
<li><strong>A change may be required</strong> for workflows on
GitHub.com hosted runners that are pinned to specific versions of the
CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>):
<ul>
<li>Previously, these workflows would obtain the latest version of
CodeQL from the Actions runner image.</li>
<li>Now, these workflows will download an older, compatible version of
CodeQL from GitHub Releases. To use this older version, no change is
required. To use the newest version of CodeQL, please update your
workflows to reference the latest version of the CodeQL Action
(<code>v2</code>).</li>
</ul>
</li>
<li><strong>Internal changes</strong>
<ul>
<li>These changes will not affect the majority of code scanning
workflows. Continue reading only if your workflow uses <a
href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@actions/tool-cache</code></a>
or relies on the precise location of CodeQL within the Actions tool
cache.</li>
<li>The tool cache now contains <strong>two</strong> recent CodeQL
versions (previously <strong>one</strong>).</li>
<li>Each CodeQL version is located under a directory named after the
release date and version number, e.g. CodeQL 2.11.6 is now located under
<code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously
<code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li>
</ul>
</li>
</ul>
</li>
<li>The maximum number of <a
href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF
runs</a> per file has been increased from 15 to 20 for users uploading
SARIF files to GitHub.com. This change will help ensure that Code
Scanning can process SARIF files generated by third-party tools that
have many runs. See the <a
href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub
API documentation</a> for a list of all the limits around uploading
SARIF. This change will be released to GitHub Enterprise Server as part
of GHES 3.9.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="168b99b3c2"><code>168b99b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1581">#1581</a>
from github/update-v2.2.7-433fe88bf</li>
<li><a
href="bc7318da91"><code>bc7318d</code></a>
Update changelog for v2.2.7</li>
<li><a
href="433fe88bf3"><code>433fe88</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1579">#1579</a>
from github/aeisenberg/no-upload-database</li>
<li><a
href="c208575433"><code>c208575</code></a>
Avoid uploading databases after integration tests</li>
<li><a
href="b8ea587211"><code>b8ea587</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1578">#1578</a>
from github/henrymercer/fix-circular-dependency</li>
<li><a
href="65f42e3768"><code>65f42e3</code></a>
Inline minimum version number to avoid circular dependency</li>
<li><a
href="d9ceda3823"><code>d9ceda3</code></a>
Add debug logging for feature flag enablement</li>
<li><a
href="19f00dc212"><code>19f00dc</code></a>
Bump <code>@ava/typescript</code> from 3.0.1 to 4.0.0 (<a
href="https://redirect.github.com/github/codeql-action/issues/1576">#1576</a>)</li>
<li><a
href="ec298233c1"><code>ec29823</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1565">#1565</a>
from github/henrymercer/diagnostics-code-scanning-co...</li>
<li><a
href="a92a14621b"><code>a92a146</code></a>
Prefer <code>core.info</code> to <code>console.log</code></li>
<li>Additional commits viewable in <a
href="16964e90ba...168b99b3c2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.5.0
to 4.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v4.0.0</h2>
<p>In scope of release we enable cache by default. The action won’t
throw an error if the cache can’t be restored or saved. The action will
throw a warning message but it won’t stop a build process. The cache can
be disabled by specifying <code>cache: false</code>.</p>
<pre lang="yaml"><code>steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version: ‘1.19’
- run: go run hello.go
</code></pre>
<p>Besides, we introduce such changes as</p>
<ul>
<li><a
href="https://redirect.github.com/actions/setup-go/pull/305">Allow to
use only GOCACHE for cache</a></li>
<li><a href="https://redirect.github.com/actions/setup-go/pull/315">Bump
json5 from 2.2.1 to 2.2.3</a></li>
<li><a href="https://redirect.github.com/actions/setup-go/pull/323">Use
proper version for primary key in cache</a></li>
<li><a
href="https://redirect.github.com/actions/setup-go/pull/351">Always add
Go bin to the PATH</a></li>
<li><a href="https://redirect.github.com/actions/setup-go/pull/350">Add
step warning if go-version input is empty</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4d34df0c23"><code>4d34df0</code></a>
Update configuration files (<a
href="https://redirect.github.com/actions/setup-go/issues/348">#348</a>)</li>
<li><a
href="fdc0d672a1"><code>fdc0d67</code></a>
Add Go bin if go-version input is empty (<a
href="https://redirect.github.com/actions/setup-go/issues/351">#351</a>)</li>
<li><a
href="ebfdf6ac95"><code>ebfdf6a</code></a>
add warning if go-version is empty (<a
href="https://redirect.github.com/actions/setup-go/issues/350">#350</a>)</li>
<li><a
href="b27d76912e"><code>b27d769</code></a>
fix lockfileVersion (<a
href="https://redirect.github.com/actions/setup-go/issues/349">#349</a>)</li>
<li><a
href="c51a720768"><code>c51a720</code></a>
Enable caching by default with default input (<a
href="https://redirect.github.com/actions/setup-go/issues/332">#332</a>)</li>
<li><a
href="6b848af622"><code>6b848af</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/setup-go/issues/343">#343</a>
from akv-platform/reusable-workflow</li>
<li><a
href="12741cc209"><code>12741cc</code></a>
Format update-config-files.yml</li>
<li><a
href="7a77a6aab6"><code>7a77a6a</code></a>
Merge branch 'main' into reusable-workflow</li>
<li><a
href="42a0cc8e14"><code>42a0cc8</code></a>
Add update-config-files.yml</li>
<li><a
href="7406d654ad"><code>7406d65</code></a>
Add and configure ESLint and update configuration for Prettier (<a
href="https://redirect.github.com/actions/setup-go/issues/341">#341</a>)</li>
<li>Additional commits viewable in <a
href="6edd4406fa...4d34df0c23">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
closes#3844closes#3843closes#3862
---------
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
Co-authored-by: fogfish <dmkolesnikov@gmail.com>
Bumps [actions/cache](https://github.com/actions/cache) from 3.3.0 to
3.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.3.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Reduced download segment size to 128 MB and timeout to 10 minutes by
<a href="https://github.com/kotewar"><code>@kotewar</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1129">actions/cache#1129</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.3.1">https://github.com/actions/cache/compare/v3...v3.3.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -> node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files > 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://redirect.github.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://redirect.github.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://redirect.github.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://redirect.github.com/actions/cache/issues/809">#809</a> -
zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://redirect.github.com/actions/cache/issues/833">#833</a> -
cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://redirect.github.com/actions/cache/issues/810">#810</a> -
download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://redirect.github.com/actions/cache/issues/888">#888</a> and
<a
href="https://redirect.github.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="88522ab9f3"><code>88522ab</code></a>
Reduced download segment size to 128 MB and timeout to 10 minutes (<a
href="https://redirect.github.com/actions/cache/issues/1129">#1129</a>)</li>
<li>See full diff in <a
href="940f3d7cf1...88522ab9f3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.2.5 to 2.2.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.2.6 - 10 Mar 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.4.</li>
</ul>
<h2>2.2.5 - 24 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.3. <a
href="https://redirect.github.com/github/codeql-action/pull/1543">#1543</a></li>
</ul>
<h2>2.2.4 - 10 Feb 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.3 - 08 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.2. <a
href="https://redirect.github.com/github/codeql-action/pull/1518">#1518</a></li>
</ul>
<h2>2.2.2 - 06 Feb 2023</h2>
<ul>
<li>Fix an issue where customers using the CodeQL Action with the <a
href="https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access">CodeQL
Action sync tool</a> would not be able to obtain the CodeQL tools. <a
href="https://redirect.github.com/github/codeql-action/pull/1517">#1517</a></li>
</ul>
<h2>2.2.1 - 27 Jan 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.0 - 26 Jan 2023</h2>
<ul>
<li>Improve stability when choosing the default version of CodeQL to use
in code scanning workflow runs on Actions on GitHub.com. <a
href="https://redirect.github.com/github/codeql-action/pull/1475">#1475</a>
<ul>
<li>This change addresses customer reports of code scanning alerts on
GitHub.com being closed and reopened during the rollout of new versions
of CodeQL in the GitHub Actions <a
href="https://github.com/actions/runner-images">runner images</a>.</li>
<li><strong>No change is required for the majority of
workflows</strong>, including:
<ul>
<li>Workflows on GitHub.com hosted runners using the latest version
(<code>v2</code>) of the CodeQL Action.</li>
<li>Workflows on GitHub.com hosted runners that are pinned to specific
versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li>
<li>Workflows on GitHub Enterprise Server.</li>
</ul>
</li>
<li><strong>A change may be required</strong> for workflows on
GitHub.com hosted runners that are pinned to specific versions of the
CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>):
<ul>
<li>Previously, these workflows would obtain the latest version of
CodeQL from the Actions runner image.</li>
<li>Now, these workflows will download an older, compatible version of
CodeQL from GitHub Releases. To use this older version, no change is
required. To use the newest version of CodeQL, please update your
workflows to reference the latest version of the CodeQL Action
(<code>v2</code>).</li>
</ul>
</li>
<li><strong>Internal changes</strong>
<ul>
<li>These changes will not affect the majority of code scanning
workflows. Continue reading only if your workflow uses <a
href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@actions/tool-cache</code></a>
or relies on the precise location of CodeQL within the Actions tool
cache.</li>
<li>The tool cache now contains <strong>two</strong> recent CodeQL
versions (previously <strong>one</strong>).</li>
<li>Each CodeQL version is located under a directory named after the
release date and version number, e.g. CodeQL 2.11.6 is now located under
<code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously
<code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li>
</ul>
</li>
</ul>
</li>
<li>The maximum number of <a
href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF
runs</a> per file has been increased from 15 to 20 for users uploading
SARIF files to GitHub.com. This change will help ensure that Code
Scanning can process SARIF files generated by third-party tools that
have many runs. See the <a
href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub
API documentation</a> for a list of all the limits around uploading
SARIF. This change will be released to GitHub Enterprise Server as part
of GHES 3.9.</li>
<li>Update default CodeQL bundle version to 2.12.1. <a
href="https://redirect.github.com/github/codeql-action/pull/1498">#1498</a></li>
<li>Fix a bug that forced the <code>init</code> Action to run for at
least two minutes on JavaScript. <a
href="https://redirect.github.com/github/codeql-action/pull/1494">#1494</a></li>
</ul>
<h2>2.1.39 - 18 Jan 2023</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="16964e90ba"><code>16964e9</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1570">#1570</a>
from github/update-v2.2.6-e12a2ecd4</li>
<li><a
href="74cbab4958"><code>74cbab4</code></a>
Update changelog for v2.2.6</li>
<li><a
href="e12a2ecd45"><code>e12a2ec</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1561">#1561</a>
from github/dbartol/bundle-2.12.4</li>
<li><a
href="d47d4c8047"><code>d47d4c8</code></a>
Merge branch 'main' into dbartol/bundle-2.12.4</li>
<li><a
href="f13b180fb8"><code>f13b180</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1567">#1567</a>
from github/aeisenberg/config-parsing-ghes</li>
<li><a
href="a3cf96418e"><code>a3cf964</code></a>
Add <code>security-experimental</code> to <code>codeql-config.yml</code>
(<a
href="https://redirect.github.com/github/codeql-action/issues/1566">#1566</a>)</li>
<li><a
href="0c27d0da4a"><code>0c27d0d</code></a>
Add default values to feature flags</li>
<li><a
href="e4b846c482"><code>e4b846c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1564">#1564</a>
from github/aeisenberg/qlconfig-file</li>
<li><a
href="c310f094dd"><code>c310f09</code></a>
Fix name of qlconfig file argument</li>
<li><a
href="4366485427"><code>4366485</code></a>
Avoid passing an undefined qlconfig arg</li>
<li>Additional commits viewable in <a
href="32dc499307...16964e90ba">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.28.0 to
0.29.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/go-cloud/releases">gocloud.dev's
releases</a>.</em></p>
<blockquote>
<h2>v0.29.0</h2>
<p><strong>BREAKING CHANGES</strong></p>
<ul>
<li>Updated to latest <code>azureblob</code>, which had some
non-backward-compatible changes (again).</li>
</ul>
<p><strong>all</strong></p>
<ul>
<li>Defaulting to <code>go</code> version <code>1.2</code>.</li>
<li><strong>aws</strong>: Added support for custom endpoints for AWS SDK
v2.</li>
<li><strong>gcp</strong>: Updated imports for
<code>credentialspb</code>.</li>
</ul>
<p><strong>blob</strong></p>
<ul>
<li><strong>azureblob</strong>: Updated to latest (breaking
change).</li>
</ul>
<p><strong>pubsub</strong></p>
<ul>
<li><strong>kafkapub</strong>: Fixed nil Options pointer
dereference.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="62397121ec"><code>6239712</code></a>
all: prep for release (<a
href="https://github-redirect.dependabot.com/google/go-cloud/issues/3236">#3236</a>)</li>
<li><a
href="973ec87371"><code>973ec87</code></a>
all: prep for release (<a
href="https://github-redirect.dependabot.com/google/go-cloud/issues/3235">#3235</a>)</li>
<li><a
href="3348a6a4a0"><code>3348a6a</code></a>
aws: fix typo on awssdk=v2 docstring</li>
<li><a
href="ec0a2bbc3f"><code>ec0a2bb</code></a>
pubsub/rabbitpubsub: give rabbitmq more time to come up (<a
href="https://github-redirect.dependabot.com/google/go-cloud/issues/3233">#3233</a>)</li>
<li><a
href="082a495894"><code>082a495</code></a>
docstore/gcpfirestore: update proto import (<a
href="https://github-redirect.dependabot.com/google/go-cloud/issues/3229">#3229</a>)</li>
<li><a
href="53ba9013f0"><code>53ba901</code></a>
pubsub/gcppubsub: update proto import (<a
href="https://github-redirect.dependabot.com/google/go-cloud/issues/3230">#3230</a>)</li>
<li><a
href="b3612581b1"><code>b361258</code></a>
runtimevar/gcpsecretmanager: update proto import (<a
href="https://github-redirect.dependabot.com/google/go-cloud/issues/3231">#3231</a>)</li>
<li><a
href="e5235d85eb"><code>e5235d8</code></a>
blob/gcsblob: update proto import (<a
href="https://github-redirect.dependabot.com/google/go-cloud/issues/3228">#3228</a>)</li>
<li><a
href="7cd8b2b9f6"><code>7cd8b2b</code></a>
secrets/gcpkms: update proto import (<a
href="https://github-redirect.dependabot.com/google/go-cloud/issues/3227">#3227</a>)</li>
<li><a
href="8cddf16323"><code>8cddf16</code></a>
all: update deps BREAKING_CHANGE_OK (<a
href="https://github-redirect.dependabot.com/google/go-cloud/issues/3225">#3225</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/google/go-cloud/compare/v0.28.0...v0.29.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.6.0
to 0.7.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="776e461a4e"><code>776e461</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="ebe92624d1"><code>ebe9262</code></a>
ssh: add support for <a
href="mailto:aes256-gcm@openssh.com">aes256-gcm@openssh.com</a></li>
<li>See full diff in <a
href="https://github.com/golang/crypto/compare/v0.6.0...v0.7.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.7.0 to
0.8.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9db913aaf2"><code>9db913a</code></a>
go.mod: update to newer x/tools</li>
<li><a
href="30dadde318"><code>30dadde</code></a>
all: correct comment typos</li>
<li>See full diff in <a
href="https://github.com/golang/text/compare/v0.7.0...v0.8.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.5.0
to 0.6.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="62b4eedd72"><code>62b4eed</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="885f294722"><code>885f294</code></a>
google: Add support for OAuth2 token exchange over mTLS</li>
<li><a
href="6f9c1a18cc"><code>6f9c1a1</code></a>
google: use Credentials instead of deprecated DefaultCredentials</li>
<li><a
href="c82d0e16dc"><code>c82d0e1</code></a>
google/internal/externalaccount: Removed URL validation for google URLs
in AD...</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.5.0...v0.6.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
here's an idea: `goreleaser healthcheck`
It'll check if the needed dependencies (docker, git, etc) are available
in the path... this way users can preemptively run it before releasing
or to debug issues.
What do you think?
Here's how it looks like:
<img width="1007" alt="CleanShot 2023-03-02 at 23 24 26@2x"
src="https://user-images.githubusercontent.com/245435/222615682-d9cd0733-d900-43d1-9166-23b2be589b3a.png">
---------
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
If all other strategies fail, try to infer the `package_name` property
from the `go.mod` file, using its last segment as the actual package
name.
This is not perfect, but usually this will only be used when running
against a new project, with no git url, empty/default config, etc... so,
in reality, it'll rarely be used.
closes#3825
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
Creating the temp dir for docker builds was required back in the day
because we symlinked the files, so to avoid different filesystems et al,
this was the easier solution.
Since many versions ago, we switched to copying the files instead, which
works a lot better.
This also means we don't need the dist check for extra files anymore, as
long as we create the temp outside dist.
All that said, this PR does 2 things:
- changes the docker pipe to create the dist in the user's tempdir
instead of dist
- removes the dist path check for docker's extra files
closes#3790closes#3791
cosign v2 update!
- need to use `--yes` to auto-approve prompts
cc/ @cpanato anything else I'm missing?
---------
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
Bumps [github.com/disgoorg/disgo](https://github.com/disgoorg/disgo)
from 0.15.1 to 0.15.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/disgoorg/disgo/releases">github.com/disgoorg/disgo's
releases</a>.</em></p>
<blockquote>
<h2>v0.15.2</h2>
<h2>What's Changed</h2>
<ul>
<li>fix voice by <a
href="https://github.com/TopiSenpai"><code>@TopiSenpai</code></a> in <a
href="a3ddd4aaca</a></li>
<li>add helper to sync commands for guilds or globally by <a
href="https://github.com/TopiSenpai"><code>@TopiSenpai</code></a> in <a
href="3dbf6a6c06</a></li>
<li>simplify oauth2 by <a
href="https://github.com/TopiSenpai"><code>@TopiSenpai</code></a> in <a
href="https://github-redirect.dependabot.com/disgoorg/disgo/pull/241">disgoorg/disgo#241</a></li>
<li>add <code>CustomMessage</code> to
<code>AutoModerationActionMetadata</code> by <a
href="https://github.com/caneleex"><code>@caneleex</code></a> in <a
href="https://github-redirect.dependabot.com/disgoorg/disgo/pull/243">disgoorg/disgo#243</a></li>
</ul>
<h1>Breaking Changes</h1>
<ul>
<li>removal of <code>oauth2.SessionController</code></li>
<li><code>oauth2.Session</code> is now a struct instead of
interface</li>
<li>removal of <code>identifier</code> param in
<code>oauth2.Client.StartSession()</code> and
<code>oauth2.Client.RefreshSession()</code></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/disgoorg/disgo/compare/v0.15.1...v0.15.2">https://github.com/disgoorg/disgo/compare/v0.15.1...v0.15.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2ac4b5df9b"><code>2ac4b5d</code></a>
use handler.SyncCommands in handler example</li>
<li><a
href="a3ddd4aaca"><code>a3ddd4a</code></a>
fix voice ip discovery packet size</li>
<li><a
href="3dbf6a6c06"><code>3dbf6a6</code></a>
handler add helper to sync commands for guilds or globally</li>
<li><a
href="2fc89bc438"><code>2fc89bc</code></a>
minor refactor & cleanup of oauth2 suff</li>
<li><a
href="0b775b65f2"><code>0b775b6</code></a>
fix json tag name</li>
<li><a
href="9ab5fbde32"><code>9ab5fbd</code></a>
Bump golang.org/x/sys in /_examples/application_commands/http (<a
href="https://github-redirect.dependabot.com/disgoorg/disgo/issues/244">#244</a>)</li>
<li><a
href="14761a3785"><code>14761a3</code></a>
Bump golang.org/x/sys from 0.0.0-20211019181941-9d821ace8654 to 0.1.0
(<a
href="https://github-redirect.dependabot.com/disgoorg/disgo/issues/245">#245</a>)</li>
<li><a
href="8cb8e68a90"><code>8cb8e68</code></a>
add CustomMessage to AutoModerationActionMetadata (<a
href="https://github-redirect.dependabot.com/disgoorg/disgo/issues/243">#243</a>)</li>
<li><a
href="a32b7f1d36"><code>a32b7f1</code></a>
fix README example (<a
href="https://github-redirect.dependabot.com/disgoorg/disgo/issues/242">#242</a>)</li>
<li><a
href="faa79470af"><code>faa7947</code></a>
simplify oauth2 by removing session controller & converting a
session to a st...</li>
<li>Additional commits viewable in <a
href="https://github.com/disgoorg/disgo/compare/v0.15.1...v0.15.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps golang from `48f336e` to `87d0a33`.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
alternative to #3806
the idea is that both `context.New` and `context.Context{}` are never
used in tests.
not sure yet how much I like it, so far code does look a bit more
readable though.
---------
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
it was forcing to provide the same information as env and yaml.
this should fix it.
---------
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
I have no idea why this never happened before... the lock was
ineffective in `artifacts.List`, which should have caused at least some
race condition at some point.
Anyway, got it once locally while working on another feature, and
couldn't believe my eyes.
Fixed, thank goodness!
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
