151 Commits

Author	SHA1	Message	Date
dependabot[bot]	71bc3f9ba1	chore(deps): bump anchore/sbom-action from 0.13.2 to 0.13.3 (#3724) ... Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.13.2 to 0.13.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's releases</a>.</em></p> <blockquote> <h2>v0.13.3</h2> <h2>Changes in v0.13.3</h2> <ul> <li>Update Syft to v0.68.1 (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/391">#391</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="07978da4bd"><code>07978da</code></a> Update Syft to v0.68.1 (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/391">#391</a>)</li> <li>See full diff in <a href="https://github.com/anchore/sbom-action/compare/v0.13.2...v0.13.3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-27 08:55:18 -03:00
dependabot[bot]	d120e4dd36	chore(deps): bump anchore/sbom-action from 0.13.1 to 0.13.2 (#3720) ... Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.13.1 to 0.13.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's releases</a>.</em></p> <blockquote> <h2>v0.13.2</h2> <h2>Changes in v0.13.2</h2> <ul> <li>Update Syft to v0.68.0 (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/387">#387</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="54e36e45f3"><code>54e36e4</code></a> feat: update Syft to v0.68.0 (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/387">#387</a>)</li> <li>See full diff in <a href="https://github.com/anchore/sbom-action/compare/v0.13.1...v0.13.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-26 09:48:38 -03:00
Carlos A Becker	17cd672149	build: use go 1.19.5 ... Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2023-01-11 09:18:25 -03:00
dependabot[bot]	d80b937827	chore(deps): bump actions/checkout from 3.2.0 to 3.3.0 (#3683) ... Bumps [actions/checkout](https://github.com/actions/checkout) from 3.2.0 to 3.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v3.3.0</h2> <h2>What's Changed</h2> <ul> <li>Implement branch list using callbacks from exec function by <a href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1045">actions/checkout#1045</a></li> <li>Add in explicit reference to private checkout options by <a href="https://github.com/vanZeben"><code>@​vanZeben</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1050">actions/checkout#1050</a></li> <li>Fix comment typos (that got added in <a href="https://github-redirect.dependabot.com/actions/checkout/issues/770">#770</a>) by <a href="https://github.com/lurch"><code>@​lurch</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1057">actions/checkout#1057</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/vanZeben"><code>@​vanZeben</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1050">actions/checkout#1050</a></li> <li><a href="https://github.com/lurch"><code>@​lurch</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1057">actions/checkout#1057</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.2.0...v3.3.0">https://github.com/actions/checkout/compare/v3.2.0...v3.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="ac59398561"><code>ac59398</code></a> Fix comment typos (that got added in <a href="https://github-redirect.dependabot.com/actions/checkout/issues/770">#770</a>) (<a href="https://github-redirect.dependabot.com/actions/checkout/issues/1057">#1057</a>)</li> <li><a href="3ba5ee6fac"><code>3ba5ee6</code></a> Add in explicit reference to private checkout options (<a href="https://github-redirect.dependabot.com/actions/checkout/issues/1050">#1050</a>)</li> <li><a href="8856415920"><code>8856415</code></a> Implement branch list using callbacks from exec function (<a href="https://github-redirect.dependabot.com/actions/checkout/issues/1045">#1045</a>)</li> <li>See full diff in <a href="755da8c3cf...ac59398561">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-06 09:20:17 -03:00
Carlos Alexandro Becker	cac3f17562	feat(deps): build with go 1.19.4 (#3644) ... latest and greatest Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2022-12-14 15:23:40 -03:00
dependabot[bot]	f05b211b61	chore(deps): bump actions/setup-go from 3.4.0 to 3.5.0 (#3643) ... Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.4.0 to 3.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>Add support for stable and oldstable aliases</h2> <p>In scope of this release we introduce aliases for the <code>go-version</code> input. The <code>stable</code> alias instals the latest stable version of Go. The <code>oldstable</code> alias installs previous latest minor release (the stable is 1.19.x -&gt; the oldstable is 1.18.x).</p> <h3>Stable</h3> <pre lang="yaml"><code>steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v3 with: go-version: 'stable' - run: go run hello.go </code></pre> <h3>OldStable</h3> <pre lang="yaml"><code>steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v3 with: go-version: 'oldstable' - run: go run hello.go </code></pre> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="6edd4406fa"><code>6edd440</code></a> fix log for stable aliases (<a href="https://github-redirect.dependabot.com/actions/setup-go/issues/303">#303</a>)</li> <li><a href="38dbe75f81"><code>38dbe75</code></a> Add stable and oldstable aliases (<a href="https://github-redirect.dependabot.com/actions/setup-go/issues/300">#300</a>)</li> <li><a href="30c39bfe0c"><code>30c39bf</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/301">#301</a> from jongwooo/chore/use-cache-in-check-dist</li> <li><a href="8377b69a56"><code>8377b69</code></a> Use cache in check-dist.yml</li> <li>See full diff in <a href="d0a58c1c4d...6edd4406fa">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-14 12:09:30 -03:00
dependabot[bot]	43e2b3bf69	chore(deps): bump actions/checkout from 3.1.0 to 3.2.0 (#3636) ... Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v3.2.0</h2> <h2>What's Changed</h2> <ul> <li>Add GitHub Action to perform release by <a href="https://github.com/rentziass"><code>@​rentziass</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/942">actions/checkout#942</a></li> <li>Fix status badge by <a href="https://github.com/ScottBrenner"><code>@​ScottBrenner</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/967">actions/checkout#967</a></li> <li>Replace datadog/squid with ubuntu/squid Docker image by <a href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1002">actions/checkout#1002</a></li> <li>Wrap pipeline commands for submoduleForeach in quotes by <a href="https://github.com/jokreliable"><code>@​jokreliable</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/964">actions/checkout#964</a></li> <li>Update <code>@​actions/io</code> to 1.1.2 by <a href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1029">actions/checkout#1029</a></li> <li>Upgrading version to 3.2.0 by <a href="https://github.com/vmjoseph"><code>@​vmjoseph</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1039">actions/checkout#1039</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ScottBrenner"><code>@​ScottBrenner</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/967">actions/checkout#967</a></li> <li><a href="https://github.com/cory-miller"><code>@​cory-miller</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1002">actions/checkout#1002</a></li> <li><a href="https://github.com/jokreliable"><code>@​jokreliable</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/964">actions/checkout#964</a></li> <li><a href="https://github.com/vmjoseph"><code>@​vmjoseph</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1039">actions/checkout#1039</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3...v3.2.0">https://github.com/actions/checkout/compare/v3...v3.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="755da8c3cf"><code>755da8c</code></a> 3.2.0 (<a href="https://github-redirect.dependabot.com/actions/checkout/issues/1039">#1039</a>)</li> <li><a href="26d48e8ea1"><code>26d48e8</code></a> Update <code>@​actions/io</code> to 1.1.2 (<a href="https://github-redirect.dependabot.com/actions/checkout/issues/1029">#1029</a>)</li> <li><a href="bf085276ce"><code>bf08527</code></a> wrap pipeline commands for submoduleForeach in quotes (<a href="https://github-redirect.dependabot.com/actions/checkout/issues/964">#964</a>)</li> <li><a href="5c3ccc22eb"><code>5c3ccc2</code></a> Replace datadog/squid with ubuntu/squid Docker image (<a href="https://github-redirect.dependabot.com/actions/checkout/issues/1002">#1002</a>)</li> <li><a href="1f9a0c22da"><code>1f9a0c2</code></a> README - fix status badge (<a href="https://github-redirect.dependabot.com/actions/checkout/issues/967">#967</a>)</li> <li><a href="8230315d06"><code>8230315</code></a> Add workflow to update a main version (<a href="https://github-redirect.dependabot.com/actions/checkout/issues/942">#942</a>)</li> <li>See full diff in <a href="93ea575cb5...755da8c3cf">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-13 09:44:45 -03:00
dependabot[bot]	2228edc406	chore(deps): bump actions/setup-go from 3.3.1 to 3.4.0 (#3616) ... [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.3.1 to 3.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>Add support for go.work and pass the token input through on GHES</h2> <p>In scope of this release we added <a href="https://github-redirect.dependabot.com/actions/setup-go/pull/283">support for go.work file to pass it in go-version-file input</a>.</p> <pre lang="yaml"><code>steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v3 with: go-version-file: go.work - run: go run hello.go </code></pre> <p>Besides, we added support to <a href="https://github-redirect.dependabot.com/actions/setup-go/pull/277">pass the token input through on GHES</a>.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="d0a58c1c4d"><code>d0a58c1</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/294">#294</a> from JamesMGreene/patch-1</li> <li><a href="3dcd9d6eb3"><code>3dcd9d6</code></a> Update to latest <code>actions/publish-action</code></li> <li><a href="e983b65a44"><code>e983b65</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/283">#283</a> from koba1t/add_support_gowork_for_go-version-file</li> <li><a href="27b43e1b0d"><code>27b43e1</code></a> Pass the token input through on GHES (<a href="https://github-redirect.dependabot.com/actions/setup-go/issues/277">#277</a>)</li> <li><a href="7678c83214"><code>7678c83</code></a> add support gowork for go-version-file</li> <li>See full diff in <a href="c4a742cab1...d0a58c1c4d">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-02 09:09:52 -03:00
dependabot[bot]	bd4d497c99	chore(deps): bump anchore/sbom-action from 0.13.0 to 0.13.1 (#3533) ... Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.13.0 to 0.13.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's releases</a>.</em></p> <blockquote> <h2>v0.13.1</h2> <h2>Changes in v0.13.1</h2> <ul> <li>File input not being passed properly to Syft invocation (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/385">#385</a>) [<a href="https://github.com/kzantow">kzantow</a>]</li> <li>Update Syft to v0.60.3 (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/386">#386</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="06e109483e"><code>06e1094</code></a> fix: file input not being passed properly to syft invocation (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/385">#385</a>)</li> <li><a href="f4e264e189"><code>f4e264e</code></a> Update Syft to v0.60.3 (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/386">#386</a>)</li> <li><a href="faa694c549"><code>faa694c</code></a> chore: update dependencies (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/384">#384</a>)</li> <li>See full diff in <a href="https://github.com/anchore/sbom-action/compare/v0.13.0...v0.13.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-11-07 09:11:22 -03:00
Carlos Alexandro Becker	7544f7ab96	feat: update to go 1.19.3 (#3523) ... Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2022-11-02 14:19:01 -03:00
dependabot[bot]	f3aea7663f	chore(deps): bump anchore/sbom-action from 0.12.0 to 0.13.0 (#3512) ... Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.12.0 to 0.13.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's releases</a>.</em></p> <blockquote> <h2>v0.13.0</h2> <h2>Changes in v0.13.0</h2> <ul> <li>Allow type &quot;file:...&quot; to enable creation of SBOMs from tar and other package formats (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/357">#357</a>) [<a href="https://github.com/malt3">malt3</a>]</li> <li>Update Syft to v0.59.0 (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/371">#371</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> <li>Update dependencies and node version (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/372">#372</a>) [<a href="https://github.com/kzantow">kzantow</a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="b7e8507c6a"><code>b7e8507</code></a> chore: remove dependabot (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/381">#381</a>)</li> <li><a href="2424de21c4"><code>2424de2</code></a> Bump <code>@​types/node</code> from 18.11.2 to 18.11.3 (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/373">#373</a>)</li> <li><a href="12a03b588c"><code>12a03b5</code></a> Update Syft to v0.59.0 (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/371">#371</a>)</li> <li><a href="563238bdcc"><code>563238b</code></a> chore: Update dependencies and action node version (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/372">#372</a>)</li> <li><a href="eda59434a8"><code>eda5943</code></a> Update Syft to v0.58.0 (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/354">#354</a>)</li> <li><a href="614fe8a3b7"><code>614fe8a</code></a> feat: Allow type &quot;file:...&quot; (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/357">#357</a>)</li> <li><a href="6218d4fbd4"><code>6218d4f</code></a> Update Syft to v0.57.0 (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/344">#344</a>)</li> <li><a href="a173e5341b"><code>a173e53</code></a> Update Syft to v0.56.0 (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/329">#329</a>)</li> <li><a href="2cd5755dcc"><code>2cd5755</code></a> Add update-deps script (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/322">#322</a>)</li> <li>See full diff in <a href="https://github.com/anchore/sbom-action/compare/v0.12.0...v0.13.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-10-31 11:13:56 -03:00
dependabot[bot]	097baac606	chore(deps): bump actions/setup-go from 3.3.0 to 3.3.1 (#3477) ... Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.3.0 to 3.3.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>Fix cache issues and update dependencies</h2> <p>In scope of this release we fixed the issue with the correct generation of the cache key when the <code>go-version-file</code> input is set (<a href="https://github-redirect.dependabot.com/actions/setup-go/pull/267">actions/setup-go#267</a>). Moreover, we fixed an issue when <a href="https://github-redirect.dependabot.com/actions/setup-go/pull/264">the cache folder was not found</a>. Besides, we updated <code>actions/core</code> to 1.10.0 version (<a href="https://github-redirect.dependabot.com/actions/setup-go/pull/273">actions/setup-go#273</a>).</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="c4a742cab1"><code>c4a742c</code></a> fix(): cache resolve version input (<a href="https://github-redirect.dependabot.com/actions/setup-go/issues/267">#267</a>)</li> <li><a href="f556e5b7e0"><code>f556e5b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/273">#273</a> from rentziass/rentziass/update-actions-core</li> <li><a href="514ae57904"><code>514ae57</code></a> Update <code>@​actions/core</code> to 1.10.0</li> <li><a href="30b9ddff11"><code>30b9ddf</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/264">#264</a> from e-korolevskii/258-not-throw-err-no-cache-folders</li> <li><a href="c4e169859f"><code>c4e1698</code></a> prettier format</li> <li><a href="db58e98a43"><code>db58e98</code></a> format</li> <li><a href="2905db4069"><code>2905db4</code></a> update build</li> <li><a href="57452eb902"><code>57452eb</code></a> fix debug lines in test</li> <li><a href="5547b9ed8d"><code>5547b9e</code></a> fix(cache): Not throw err if no cache folders</li> <li><a href="be45b2722d"><code>be45b27</code></a> build</li> <li>Additional commits viewable in <a href="268d8c0ca0...c4a742cab1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-10-19 09:54:46 -03:00
dependabot[bot]	a94d809a63	chore(deps): bump sigstore/cosign-installer from 2.8.0 to 2.8.1 (#3478) ... Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.8.0 to 2.8.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's releases</a>.</em></p> <blockquote> <h2>v2.8.1</h2> <h2>What's Changed</h2> <ul> <li>bump cosign install to use release v1.13.1 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/98">sigstore/cosign-installer#98</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v2...v2.8.1">https://github.com/sigstore/cosign-installer/compare/v2...v2.8.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="9becc61764"><code>9becc61</code></a> bump cosign install to use release v1.13.1 (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/98">#98</a>)</li> <li><a href="c6d50c2e98"><code>c6d50c2</code></a> Bump actions/checkout from 3.0.2 to 3.1.0 (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/96">#96</a>)</li> <li>See full diff in <a href="https://github.com/sigstore/cosign-installer/compare/v2.8.0...v2.8.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-10-19 09:54:06 -03:00
dependabot[bot]	97e9bc40f9	chore(deps): bump docker/setup-buildx-action from 2.2.0 to 2.2.1 (#3480) ... Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.2.0 to 2.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <h2>What's Changed</h2> <ul> <li>Preserve quotes surrounding fields in input list by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/174">#174</a>)</li> <li>Escape surrounding quotes for <code>platforms</code> input by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/175">#175</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v2.2.0...v2.2.1">https://github.com/docker/setup-buildx-action/compare/v2.2.0...v2.2.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="8c0edbc76e"><code>8c0edbc</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/175">#175</a> from crazy-max/input-list-quotes</li> <li><a href="1fb9cbdb32"><code>1fb9cbd</code></a> escape surrounding quotes for platforms input</li> <li><a href="693fdd6ca6"><code>693fdd6</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/174">#174</a> from crazy-max/input-quote</li> <li><a href="fe4c1ac86d"><code>fe4c1ac</code></a> preserve quotes surrounding fields in input list</li> <li>See full diff in <a href="c74574e6c8...8c0edbc76e">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-10-19 09:53:41 -03:00
dependabot[bot]	903713ea0a	chore(deps): bump docker/setup-buildx-action from 2.1.0 to 2.2.0 (#3474) ... Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.1.0 to 2.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v2.2.0</h2> <h2>What's Changed</h2> <ul> <li>Append nodes to builder support by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/165">#165</a>)</li> <li>Bump csv-parse from 5.3.0 to 5.3.1 (<a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/172">#172</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v2.1.0...v2.2.0">https://github.com/docker/setup-buildx-action/compare/v2.1.0...v2.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="c74574e6c8"><code>c74574e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/172">#172</a> from docker/dependabot/npm_and_yarn/csv-parse-5.3.1</li> <li><a href="2d0cf98781"><code>2d0cf98</code></a> update generated content</li> <li><a href="5f1d4ea81f"><code>5f1d4ea</code></a> Bump csv-parse from 5.3.0 to 5.3.1</li> <li><a href="59b5ed6124"><code>59b5ed6</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/165">#165</a> from crazy-max/append</li> <li><a href="bd61d52837"><code>bd61d52</code></a> update generated content</li> <li><a href="f6efb5fcbb"><code>f6efb5f</code></a> platforms input</li> <li><a href="2dfca373f3"><code>2dfca37</code></a> append nodes to builder support</li> <li>See full diff in <a href="95cb08cb26...c74574e6c8">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-10-18 09:19:42 -03:00
dependabot[bot]	6a5a3d9f1d	chore(deps): bump docker/setup-qemu-action from 2.0.0 to 2.1.0 (#3458) ... Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2.0.0 to 2.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's releases</a>.</em></p> <blockquote> <h2>v2.1.0</h2> <h2>What's Changed</h2> <ul> <li>Use context for inputs by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/62">#62</a>)</li> <li>Use built-in <code>getExecOutput</code> by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/61">#61</a>)</li> <li>Remove workaround for <code>setOutput</code> by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/63">#63</a>)</li> <li>Bump <code>@​actions/core</code> from 1.6.0 to 1.10.0 (<a href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/54">#54</a> <a href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/58">#58</a> <a href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/59">#59</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-qemu-action/compare/v2.0.0...v2.1.0">https://github.com/docker/setup-qemu-action/compare/v2.0.0...v2.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="e81a89b173"><code>e81a89b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/63">#63</a> from crazy-max/setOutput</li> <li><a href="2d3efc7878"><code>2d3efc7</code></a> Remove workaround for setOutput</li> <li><a href="bfc44eaf57"><code>bfc44ea</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/62">#62</a> from crazy-max/context</li> <li><a href="25725d8d2e"><code>25725d8</code></a> Use context for inputs</li> <li><a href="8c1e35a8c6"><code>8c1e35a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/61">#61</a> from crazy-max/exec-output</li> <li><a href="f3c51a3313"><code>f3c51a3</code></a> update README</li> <li><a href="c47ad32952"><code>c47ad32</code></a> Use built-in getExecOutput</li> <li><a href="aa087459ac"><code>aa08745</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/59">#59</a> from docker/dependabot/npm_and_yarn/actions/core-1.10.0</li> <li><a href="9443994984"><code>9443994</code></a> Update generated content</li> <li><a href="81a47e15eb"><code>81a47e1</code></a> Bump <code>@​actions/core</code> from 1.9.1 to 1.10.0</li> <li>Additional commits viewable in <a href="8b122486ce...e81a89b173">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>	2022-10-13 10:52:43 -03:00
dependabot[bot]	9ce619ad09	chore(deps): bump docker/setup-buildx-action from 2.0.0 to 2.1.0 (#3459) ... Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.0.0 to 2.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v2.1.0</h2> <h2>What's Changed</h2> <ul> <li>Auth support for tls endpoint by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/164">#164</a>)</li> <li>Nodes metadata JSON ouput by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/162">#162</a>) <ul> <li><code>endpoint</code>, <code>status</code> and <code>flags</code> outputs are deprecated. Use <code>nodes</code> output instead.</li> </ul> </li> <li>Skip setting buildkitd flags and config for remote driver by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/161">#161</a>)</li> <li>Move args logic to context module and add tests by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/169">#169</a>)</li> <li>Remove workaround for <code>setOutput</code> by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/170">#170</a>)</li> <li>Fix deprecated <code>fs.rmdir</code> by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/171">#171</a>)</li> <li>Docs: clarify install option by <a href="https://github.com/rodrigc"><code>@​rodrigc</code></a> in (<a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/152">#152</a>)</li> <li>Bump <code>@​actions/core</code> from 1.6.0 to 1.10.0 (<a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/151">#151</a> <a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/157">#157</a> <a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/167">#167</a>)</li> <li>Bump <code>@​actions/tool-cache</code> from 1.7.2 to 2.0.1 (<a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/150">#150</a>)</li> <li>Bump <code>@​actions/http-client</code> from 1.0.11 to 2.0.1 (<a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/149">#149</a>)</li> <li>Bump uuid from 8.3.2 to 9.0.0 (<a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/159">#159</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v2.0.0...v2.1.0">https://github.com/docker/setup-buildx-action/compare/v2.0.0...v2.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="95cb08cb26"><code>95cb08c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/171">#171</a> from crazy-max/rmsync</li> <li><a href="eb5c2a6eea"><code>eb5c2a6</code></a> Fix deprecated fs.rmdir</li> <li><a href="83612bea36"><code>83612be</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/170">#170</a> from crazy-max/setOutput</li> <li><a href="40fefd8a58"><code>40fefd8</code></a> Remove workaround for setOutput</li> <li><a href="90a1e4619e"><code>90a1e46</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/169">#169</a> from crazy-max/context-module</li> <li><a href="5a9fc40575"><code>5a9fc40</code></a> move args logic to context module and add tests</li> <li><a href="6c48dad5f0"><code>6c48dad</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/159">#159</a> from docker/dependabot/npm_and_yarn/uuid-9.0.0</li> <li><a href="16c2ddbfa7"><code>16c2ddb</code></a> update generated content</li> <li><a href="0fe8589bf4"><code>0fe8589</code></a> Bump uuid from 8.3.2 to 9.0.0</li> <li><a href="f3692cbe43"><code>f3692cb</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/167">#167</a> from docker/dependabot/npm_and_yarn/actions/core-1.10.0</li> <li>Additional commits viewable in <a href="dc7b9719a9...95cb08cb26">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>	2022-10-13 10:51:29 -03:00
dependabot[bot]	38c8436863	chore(deps): bump arduino/setup-task from 1.0.1 to 1.0.2 (#3452) ... [//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [arduino/setup-task](https://github.com/arduino/setup-task) from 1.0.1 to 1.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/arduino/setup-task/releases">arduino/setup-task's releases</a>.</em></p> <blockquote> <h2>1.0.2</h2> <h2>Release Notes</h2> <h3>Changelog</h3> <h4>Enhancement</h4> <ul> <li>Run action with Node.js 16 (<a href="https://github-redirect.dependabot.com/arduino/setup-task/pull/552">arduino/setup-task#552</a>)</li> <li>Various dependency updates</li> </ul> <h3>Contributors</h3> <ul> <li><a href="https://github.com/kasperg"><code>@​kasperg</code></a></li> </ul> <hr /> <p><strong>Full Changeset</strong>: <a href="https://github.com/arduino/setup-task/compare/1.0.1...1.0.2">https://github.com/arduino/setup-task/compare/1.0.1...1.0.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="d665c6beeb"><code>d665c6b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/arduino/setup-task/issues/554">#554</a> from arduino/dependabot/npm_and_yarn/types/node-16.11.65</li> <li><a href="f911dc0bbc"><code>f911dc0</code></a> build(deps-dev): bump <code>@​types/node</code> from 16.11.64 to 16.11.65</li> <li><a href="2cdd1760c6"><code>2cdd176</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/arduino/setup-task/issues/555">#555</a> from arduino/dependabot/npm_and_yarn/typescript-eslin...</li> <li><a href="0238d42112"><code>0238d42</code></a> build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code></li> <li><a href="b592b746bd"><code>b592b74</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/arduino/setup-task/issues/553">#553</a> from arduino/dependabot/npm_and_yarn/typescript-eslin...</li> <li><a href="1b72357a23"><code>1b72357</code></a> build(deps-dev): bump <code>@​typescript-eslint/parser</code> from 5.38.1 to 5.40.0</li> <li><a href="eea6bc2215"><code>eea6bc2</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/arduino/setup-task/issues/551">#551</a> from arduino/dependabot/npm_and_yarn/eslint-8.25.0</li> <li><a href="c36e056867"><code>c36e056</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/arduino/setup-task/issues/552">#552</a> from kasperg/patch-1</li> <li><a href="ba0113b2fc"><code>ba0113b</code></a> Bump Node version from 12 to 16</li> <li><a href="1bdabdfc86"><code>1bdabdf</code></a> build(deps-dev): bump eslint from 8.24.0 to 8.25.0</li> <li>Additional commits viewable in <a href="ca745e1891...d665c6beeb">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-10-12 19:04:36 -03:00
dependabot[bot]	1317be8a7d	chore(deps): bump sigstore/cosign-installer from 2.7.0 to 2.8.0 (#3448) ... Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.7.0 to 2.8.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's releases</a>.</em></p> <blockquote> <h2>v2.8.0</h2> <h2>What's Changed</h2> <ul> <li>bump cosign to v1.13.0 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/95">sigstore/cosign-installer#95</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v2.7.0...v2.8.0">https://github.com/sigstore/cosign-installer/compare/v2.7.0...v2.8.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="7cc35d7fdb"><code>7cc35d7</code></a> bump cosign to v1.13.0 (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/95">#95</a>)</li> <li>See full diff in <a href="https://github.com/sigstore/cosign-installer/compare/v2.7.0...v2.8.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-10-10 14:50:18 -03:00
Carlos Alexandro Becker	b4159f6377	feat(deps): go 1.19.2 (#3443) ... latest security fixes Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2022-10-05 21:24:45 -03:00
Carlos A Becker	04162b50fe	chore: always build on main	2022-10-05 10:50:29 -03:00
dependabot[bot]	f8da439130	chore(deps): bump actions/checkout from 3.0.2 to 3.1.0 (#3441) ... Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.2 to 3.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v3.1.0</h2> <h2>What's Changed</h2> <ul> <li>Inject GitHub host to be able to clone from another GitHub instance by <a href="https://github.com/peter-murray"><code>@​peter-murray</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/922">actions/checkout#922</a></li> <li>Bump <code>@​actions/core</code> to 1.10.0 by <a href="https://github.com/rentziass"><code>@​rentziass</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/939">actions/checkout#939</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/peter-murray"><code>@​peter-murray</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/922">actions/checkout#922</a></li> <li><a href="https://github.com/rentziass"><code>@​rentziass</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/939">actions/checkout#939</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.0.2...v3.1.0">https://github.com/actions/checkout/compare/v3.0.2...v3.1.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v3.1.0</h2> <ul> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/939">Use <code>@​actions/core</code> <code>saveState</code> and <code>getState</code></a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/922">Add <code>github-server-url</code> input</a></li> </ul> <h2>v3.0.2</h2> <ul> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/770">Add input <code>set-safe-directory</code></a></li> </ul> <h2>v3.0.1</h2> <ul> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/762">Fixed an issue where checkout failed to run in container jobs due to the new git setting <code>safe.directory</code></a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/744">Bumped various npm package versions</a></li> </ul> <h2>v3.0.0</h2> <ul> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/689">Update to node 16</a></li> </ul> <h2>v2.3.1</h2> <ul> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/284">Fix default branch resolution for .wiki and when using SSH</a></li> </ul> <h2>v2.3.0</h2> <ul> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/278">Fallback to the default branch</a></li> </ul> <h2>v2.2.0</h2> <ul> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/258">Fetch all history for all tags and branches when fetch-depth=0</a></li> </ul> <h2>v2.1.1</h2> <ul> <li>Changes to support GHES (<a href="https://github-redirect.dependabot.com/actions/checkout/pull/236">here</a> and <a href="https://github-redirect.dependabot.com/actions/checkout/pull/248">here</a>)</li> </ul> <h2>v2.1.0</h2> <ul> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/191">Group output</a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/199">Changes to support GHES alpha release</a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/184">Persist core.sshCommand for submodules</a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/163">Add support ssh</a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/179">Convert submodule SSH URL to HTTPS, when not using SSH</a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/157">Add submodule support</a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/144">Follow proxy settings</a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/141">Fix ref for pr closed event when a pr is merged</a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/128">Fix issue checking detached when git less than 2.22</a></li> </ul> <h2>v2.0.0</h2> <ul> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/108">Do not pass cred on command line</a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/107">Add input persist-credentials</a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/104">Fallback to REST API to download repo</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="93ea575cb5"><code>93ea575</code></a> Prepare release v3.1.0 (<a href="https://github-redirect.dependabot.com/actions/checkout/issues/940">#940</a>)</li> <li><a href="6a84743051"><code>6a84743</code></a> Bump <code>@​actions/core</code> to 1.10.0 (<a href="https://github-redirect.dependabot.com/actions/checkout/issues/939">#939</a>)</li> <li><a href="e6d535c99c"><code>e6d535c</code></a> Inject GitHub host to be able to clone from another GitHub instance (<a href="https://github-redirect.dependabot.com/actions/checkout/issues/922">#922</a>)</li> <li>See full diff in <a href="2541b1294d...93ea575cb5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-10-05 09:38:34 -03:00
dependabot[bot]	fd8cc43ef3	chore(deps): bump sigstore/cosign-installer from 2.6.0 to 2.7.0 (#3404) ... Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.6.0 to 2.7.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's releases</a>.</em></p> <blockquote> <h2>v2.7.0</h2> <h2>What's Changed</h2> <ul> <li>bump cosign to v1.12.1 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/94">sigstore/cosign-installer#94</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v2...v2.7.0">https://github.com/sigstore/cosign-installer/compare/v2...v2.7.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="ced07f21fb"><code>ced07f2</code></a> bump cosign to v1.12.1 (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/94">#94</a>)</li> <li>See full diff in <a href="https://github.com/sigstore/cosign-installer/compare/v2.6.0...v2.7.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-09-26 10:24:30 -03:00
Carlos A Becker	6aa3f5a724	chore: minor workflows improvements	2022-09-22 16:00:05 -03:00
dependabot[bot]	326b588ece	chore(deps): bump codecov/codecov-action from 3.1.0 to 3.1.1 (#3390) ... Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.0 to 3.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's releases</a>.</em></p> <blockquote> <h2>3.1.1</h2> <h2>What's Changed</h2> <ul> <li>Update deprecation warning by <a href="https://github.com/slifty"><code>@​slifty</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/661">codecov/codecov-action#661</a></li> <li>Create codeql-analysis.yml by <a href="https://github.com/mitchell-codecov"><code>@​mitchell-codecov</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/593">codecov/codecov-action#593</a></li> <li>build(deps): bump node-fetch from 3.2.3 to 3.2.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/714">codecov/codecov-action#714</a></li> <li>build(deps-dev): bump typescript from 4.6.3 to 4.6.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/713">codecov/codecov-action#713</a></li> <li>README: fix typo by <a href="https://github.com/Evalir"><code>@​Evalir</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/712">codecov/codecov-action#712</a></li> <li>build(deps): bump github/codeql-action from 1 to 2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/724">codecov/codecov-action#724</a></li> <li>build(deps-dev): bump <code>@​types/jest</code> from 27.4.1 to 27.5.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/717">codecov/codecov-action#717</a></li> <li>fix: Remove a blank row by <a href="https://github.com/johnmanjiro13"><code>@​johnmanjiro13</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/725">codecov/codecov-action#725</a></li> <li>Update README.md with correct badge version by <a href="https://github.com/gsheni"><code>@​gsheni</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/726">codecov/codecov-action#726</a></li> <li>build(deps-dev): bump <code>@​types/node</code> from 17.0.25 to 17.0.33 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/729">codecov/codecov-action#729</a></li> <li>build(deps-dev): downgrade <code>@​types/node</code> to 16.11.35 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/734">codecov/codecov-action#734</a></li> <li>build(deps): bump actions/checkout from 2 to 3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/723">codecov/codecov-action#723</a></li> <li>build(deps): bump <code>@​actions/github</code> from 5.0.1 to 5.0.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/733">codecov/codecov-action#733</a></li> <li>build(deps): bump <code>@​actions/core</code> from 1.6.0 to 1.8.2 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/732">codecov/codecov-action#732</a></li> <li>build(deps-dev): bump <code>@​types/node</code> from 16.11.35 to 16.11.36 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/737">codecov/codecov-action#737</a></li> <li>Create scorecards-analysis.yml by <a href="https://github.com/mitchell-codecov"><code>@​mitchell-codecov</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/633">codecov/codecov-action#633</a></li> <li>build(deps): bump ossf/scorecard-action from 1.0.1 to 1.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/749">codecov/codecov-action#749</a></li> <li>fix: add more verbosity to validation by <a href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/747">codecov/codecov-action#747</a></li> <li>build(deps-dev): bump typescript from 4.6.4 to 4.7.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/755">codecov/codecov-action#755</a></li> <li>Regenerate scorecards-analysis.yml by <a href="https://github.com/mitchell-codecov"><code>@​mitchell-codecov</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/750">codecov/codecov-action#750</a></li> <li>build(deps-dev): bump <code>@​types/node</code> from 16.11.36 to 16.11.39 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/759">codecov/codecov-action#759</a></li> <li>build(deps-dev): bump <code>@​types/node</code> from 16.11.39 to 16.11.40 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/762">codecov/codecov-action#762</a></li> <li>build(deps-dev): bump <code>@​vercel/ncc</code> from 0.33.4 to 0.34.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/746">codecov/codecov-action#746</a></li> <li>build(deps): bump ossf/scorecard-action from 1.1.0 to 1.1.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/757">codecov/codecov-action#757</a></li> <li>build(deps): bump openpgp from 5.2.1 to 5.3.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/760">codecov/codecov-action#760</a></li> <li>build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/748">codecov/codecov-action#748</a></li> <li>build(deps-dev): bump typescript from 4.7.3 to 4.7.4 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/766">codecov/codecov-action#766</a></li> <li>Switch to v3 by <a href="https://github.com/thomasrockhu"><code>@​thomasrockhu</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/774">codecov/codecov-action#774</a></li> <li>Fix <code>network</code> entry in table by <a href="https://github.com/kevmoo"><code>@​kevmoo</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/783">codecov/codecov-action#783</a></li> <li>Trim arguments after splitting them by <a href="https://github.com/mitchell-codecov"><code>@​mitchell-codecov</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/791">codecov/codecov-action#791</a></li> <li>build(deps): bump openpgp from 5.3.0 to 5.4.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/799">codecov/codecov-action#799</a></li> <li>build(deps): bump <code>@​actions/core</code> from 1.8.2 to 1.9.1 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/798">codecov/codecov-action#798</a></li> <li>Plumb failCi into verification function. by <a href="https://github.com/RobbieMcKinstry"><code>@​RobbieMcKinstry</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/769">codecov/codecov-action#769</a></li> <li>release: update changelog and version to 3.1.1 by <a href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a> in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/828">codecov/codecov-action#828</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/slifty"><code>@​slifty</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/661">codecov/codecov-action#661</a></li> <li><a href="https://github.com/Evalir"><code>@​Evalir</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/712">codecov/codecov-action#712</a></li> <li><a href="https://github.com/johnmanjiro13"><code>@​johnmanjiro13</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/725">codecov/codecov-action#725</a></li> <li><a href="https://github.com/gsheni"><code>@​gsheni</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/726">codecov/codecov-action#726</a></li> <li><a href="https://github.com/kevmoo"><code>@​kevmoo</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/783">codecov/codecov-action#783</a></li> <li><a href="https://github.com/RobbieMcKinstry"><code>@​RobbieMcKinstry</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/769">codecov/codecov-action#769</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/codecov/codecov-action/compare/v3.1.0...v3.1.1">https://github.com/codecov/codecov-action/compare/v3.1.0...v3.1.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md">codecov/codecov-action's changelog</a>.</em></p> <blockquote> <h2>3.1.1</h2> <h3>Fixes</h3> <ul> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/661">#661</a> Update deprecation warning</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/593">#593</a> Create codeql-analysis.yml</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/712">#712</a> README: fix typo</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/725">#725</a> fix: Remove a blank row</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/726">#726</a> Update README.md with correct badge version</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/633">#633</a> Create scorecards-analysis.yml</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/747">#747</a> fix: add more verbosity to validation</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/750">#750</a> Regenerate scorecards-analysis.yml</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/774">#774</a> Switch to v3</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/783">#783</a> Fix network entry in table</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/791">#791</a> Trim arguments after splitting them</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/769">#769</a> Plumb failCi into verification function.</li> </ul> <h3>Dependencies</h3> <ul> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/713">#713</a> build(deps-dev): bump typescript from 4.6.3 to 4.6.4</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/714">#714</a> build(deps): bump node-fetch from 3.2.3 to 3.2.4</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/724">#724</a> build(deps): bump github/codeql-action from 1 to 2</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/717">#717</a> build(deps-dev): bump <code>@​types/jest</code> from 27.4.1 to 27.5.0</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/729">#729</a> build(deps-dev): bump <code>@​types/node</code> from 17.0.25 to 17.0.33</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/734">#734</a> build(deps-dev): downgrade <code>@​types/node</code> to 16.11.35</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/723">#723</a> build(deps): bump actions/checkout from 2 to 3</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/733">#733</a> build(deps): bump <code>@​actions/github</code> from 5.0.1 to 5.0.3</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/732">#732</a> build(deps): bump <code>@​actions/core</code> from 1.6.0 to 1.8.2</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/737">#737</a> build(deps-dev): bump <code>@​types/node</code> from 16.11.35 to 16.11.36</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/749">#749</a> build(deps): bump ossf/scorecard-action from 1.0.1 to 1.1.0</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/755">#755</a> build(deps-dev): bump typescript from 4.6.4 to 4.7.3</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/759">#759</a> build(deps-dev): bump <code>@​types/node</code> from 16.11.36 to 16.11.39</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/762">#762</a> build(deps-dev): bump <code>@​types/node</code> from 16.11.39 to 16.11.40</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/746">#746</a> build(deps-dev): bump <code>@​vercel/ncc</code> from 0.33.4 to 0.34.0</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/757">#757</a> build(deps): bump ossf/scorecard-action from 1.1.0 to 1.1.1</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/760">#760</a> build(deps): bump openpgp from 5.2.1 to 5.3.0</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/748">#748</a> build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/766">#766</a> build(deps-dev): bump typescript from 4.7.3 to 4.7.4</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/799">#799</a> build(deps): bump openpgp from 5.3.0 to 5.4.0</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/798">#798</a> build(deps): bump <code>@​actions/core</code> from 1.8.2 to 1.9.1</li> </ul> <h2>3.1.0</h2> <h3>Features</h3> <ul> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/699">#699</a> Incorporate <code>xcode</code> arguments for the Codecov uploader</li> </ul> <h3>Dependencies</h3> <ul> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/694">#694</a> build(deps-dev): bump <code>@​vercel/ncc</code> from 0.33.3 to 0.33.4</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/696">#696</a> build(deps-dev): bump <code>@​types/node</code> from 17.0.23 to 17.0.25</li> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/698">#698</a> build(deps-dev): bump jest-junit from 13.0.0 to 13.2.0</li> </ul> <h2>3.0.0</h2> <h3>Breaking Changes</h3> <ul> <li><a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/689">#689</a> Bump to node16 and small fixes</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="d9f34f8cd5"><code>d9f34f8</code></a> release: update changelog and version to 3.1.1 (<a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/828">#828</a>)</li> <li><a href="0e9e7b4e8a"><code>0e9e7b4</code></a> Plumb failCi into verification function. (<a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/769">#769</a>)</li> <li><a href="7f20bd4c41"><code>7f20bd4</code></a> build(deps): bump <code>@​actions/core</code> from 1.8.2 to 1.9.1 (<a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/798">#798</a>)</li> <li><a href="13bc2536ab"><code>13bc253</code></a> build(deps): bump openpgp from 5.3.0 to 5.4.0 (<a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/799">#799</a>)</li> <li><a href="5c0da1b28f"><code>5c0da1b</code></a> Trim arguments after splitting them (<a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/791">#791</a>)</li> <li><a href="68d5f6d0be"><code>68d5f6d</code></a> Fix <code>network</code> entry in table (<a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/783">#783</a>)</li> <li><a href="2a829b95de"><code>2a829b9</code></a> Switch to v3 (<a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/774">#774</a>)</li> <li><a href="8e09eaf1b4"><code>8e09eaf</code></a> build(deps-dev): bump typescript from 4.7.3 to 4.7.4 (<a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/766">#766</a>)</li> <li><a href="39e222921f"><code>39e2229</code></a> build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0 (<a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/748">#748</a>)</li> <li><a href="b2b7703473"><code>b2b7703</code></a> build(deps): bump openpgp from 5.2.1 to 5.3.0 (<a href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/760">#760</a>)</li> <li>Additional commits viewable in <a href="81cd2dc814...d9f34f8cd5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-09-20 10:15:30 -03:00
Carlos Alexandro Becker	445f2e730d	chore: avoid running actions when not needed/possible (#3389) ... - only run the build action when actual go files changed - only run some actions on the main fork to avoid errors	2022-09-19 23:48:20 -03:00
Carlos Alexandro Becker	d19ff6eb1e	chore: splitting workflows (#3386) ... split build & release workflows Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2022-09-18 21:31:33 -03:00
dependabot[bot]	f7efe9ca2b	chore(deps): bump sigstore/cosign-installer from 2.5.1 to 2.6.0 (#3368) ... Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.5.1 to 2.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's releases</a>.</em></p> <blockquote> <h2>v2.6.0</h2> <h2>What's Changed</h2> <ul> <li>update action to default cosign to v1.11.0 release by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/89">sigstore/cosign-installer#89</a></li> <li>cleanup dependabot by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/90">sigstore/cosign-installer#90</a></li> <li>default cosign to v1.11.1 by <a href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/91">sigstore/cosign-installer#91</a></li> <li>Bump actions/setup-go from 3.2.1 to 3.3.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/92">sigstore/cosign-installer#92</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v2.5.1...v2.6.0">https://github.com/sigstore/cosign-installer/compare/v2.5.1...v2.6.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="f3c664df7a"><code>f3c664d</code></a> Bump actions/setup-go from 3.2.1 to 3.3.0 (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/92">#92</a>)</li> <li><a href="14d43345ff"><code>14d4334</code></a> default cosign to v1.11.1 (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/91">#91</a>)</li> <li><a href="8d0fee40fd"><code>8d0fee4</code></a> cleanup dependabot (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/90">#90</a>)</li> <li><a href="716fc02719"><code>716fc02</code></a> update action to default cosign to v1.11.0 release (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/89">#89</a>)</li> <li>See full diff in <a href="https://github.com/sigstore/cosign-installer/compare/v2.5.1...v2.6.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-09-12 09:36:39 -03:00
Carlos Alexandro Becker	8cb4eb1654	fix: ruleguard and semgrep scans and fixes (#3364) ... run semgrep-go ruleguard and semgrep scans https://github.com/dgryski/semgrep-go Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2022-09-11 15:32:23 -03:00
Carlos Alexandro Becker	5185b5b6ed	chore(ci): govulncheck (#3362) ... check for vulnerabilities Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2022-09-09 11:36:15 -03:00
dependabot[bot]	6778972ce6	chore(deps): bump actions/setup-go from 3.2.1 to 3.3.0 (#3340) ... Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.2.1 to 3.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>Support architecture input and fix Expand-Archive issue</h2> <p>This release introduces support for architecture input for <code>setup-go</code> action <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/253">#253</a>. It also adds support for arm32 architecture for self-hosted runners. If architecture is not provided action will use default runner architecture. Example of usage:</p> <pre lang="yaml"><code>steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v3 with: go-version: '1.16' architecture: arm </code></pre> <p>This release also provides fix for issue <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/241">#241</a>. <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/250">#250</a> adds support for using explicit filename for Windows which is necessary to satisfy Expand-Archive's requirement on .zip extension.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="268d8c0ca0"><code>268d8c0</code></a> Add support for arm32 go arch (<a href="https://github-redirect.dependabot.com/actions/setup-go/issues/253">#253</a>)</li> <li><a href="f279813975"><code>f279813</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/250">#250</a> from jromero/feature/windows-download-filename</li> <li><a href="1022489cb7"><code>1022489</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/249">#249</a> from e-korolevskii/main</li> <li><a href="e0dce94eb0"><code>e0dce94</code></a> Use explicit filename when downloading Windows go package</li> <li><a href="dab57c7c68"><code>dab57c7</code></a> update docs</li> <li><a href="f2e56d8191"><code>f2e56d8</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/246">#246</a> from e-korolevskii/Update-contributors-guide</li> <li><a href="edd0aca6b1"><code>edd0aca</code></a> update tests path</li> <li><a href="f3e3b7c2f2"><code>f3e3b7c</code></a> Update docs/contributors.md</li> <li><a href="4a0c081511"><code>4a0c081</code></a> Update docs/contributors.md</li> <li><a href="185e7f2f01"><code>185e7f2</code></a> Update docs/contributors.md</li> <li>Additional commits viewable in <a href="84cbf80943...268d8c0ca0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-08-24 10:02:10 -03:00
dependabot[bot]	6e85391479	chore(deps): bump actions/cache from 3.0.7 to 3.0.8 (#3334) ... Bumps actions/cache from 3.0.7 to 3.0.8. Release notes Sourced from actions/cache's releases. v3.0.8 What's Changed Fix zstd not working for windows on gnu tar in issues. Allow users to provide a custom timeout as input for aborting cache segment download using the environment variable SEGMENT_DOWNLOAD_TIMEOUT_MIN. Default is 60 minutes. Changelog Sourced from actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 -> node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files > 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (PR) 3.0.6 Fixed #809 - zstd -d: no such file or directory error Fixed #833 - cache doesn't work with github workspace directory 3.0.7 Fixed #810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. 3.0.8 Fix zstd not working for windows on gnu tar in issues #888 and #891. Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MIN. Default is 60 minutes. Commits fd5de65 Merge pull request #899 from actions/kotewar/download-and-compression-fix d49b6bb Updated actions/cache toolkit dep to v3.0.4 See full diff in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-08-22 09:29:15 -03:00
dependabot[bot]	8b8da0d2d9	chore(deps): bump anchore/sbom-action from 0.11.0 to 0.12.0 (#3321) ... Bumps anchore/sbom-action from 0.11.0 to 0.12.0. Release notes Sourced from anchore/sbom-action's releases. v0.12.0 Changes in v0.12.0 Update dependencies (#317) kzantow Update Syft to v0.53.4 (#266) anchore-actions-token-generator Expose upload-artifact and upload-release-assets inputs (#277) joshowen Document the dependency-snapshot property (#297) kzantow Commits b5042e9 Update dependencies (#317) ac5a533 Update Syft to v0.53.4 (#266) 0f0f981 Expose upload-artifact and upload-release-assets inputs (#277) 6fb484a Document the dependency-snapshot property (#297) See full diff in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-08-19 09:11:54 -03:00
dependabot[bot]	2eb6f84f5c	chore(deps): bump actions/checkout from 3 to 3.0.2 (#3323) ... Bumps actions/checkout from 3 to 3.0.2. Release notes Sourced from actions/checkout's releases. v3.0.2 What's Changed Add set-safe-directory input to allow customers to take control. by @​TingluoHuang in actions/checkout#770 Prepare changelog for v3.0.2. by @​TingluoHuang in actions/checkout#777 Full Changelog: actions/checkout@v3...v3.0.2 v3.0.1 Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory Bumped various npm package versions Changelog Sourced from actions/checkout's changelog. Changelog v3.0.2 Add input set-safe-directory v3.0.1 Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory Bumped various npm package versions v3.0.0 Update to node 16 v2.3.1 Fix default branch resolution for .wiki and when using SSH v2.3.0 Fallback to the default branch v2.2.0 Fetch all history for all tags and branches when fetch-depth=0 v2.1.1 Changes to support GHES (here and here) v2.1.0 Group output Changes to support GHES alpha release Persist core.sshCommand for submodules Add support ssh Convert submodule SSH URL to HTTPS, when not using SSH Add submodule support Follow proxy settings Fix ref for pr closed event when a pr is merged Fix issue checking detached when git less than 2.22 v2.0.0 Do not pass cred on command line Add input persist-credentials Fallback to REST API to download repo v2 (beta) Improved fetch performance ... (truncated) Commits See full diff in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>	2022-08-19 09:11:36 -03:00
dependabot[bot]	5fe168e884	chore(deps): bump actions/cache from 661fd3eb7f2f20d8c7c84bc2b0509efd7a826628 to 3.0.7 (#3324) ... Bumps actions/cache from 661fd3eb7f2f20d8c7c84bc2b0509efd7a826628 to 3.0.7. This release includes the previously tagged commit. Release notes Sourced from actions/cache's releases. v3.0.7 What's Changed Fix for the download stuck problem has been added in actions/cache for users who were intermittently facing the issue. As part of this fix, new timeout has been introduced in the download step to stop the download if it doesn't complete within an hour and run the rest of the workflow without erroring out. Changelog Sourced from actions/cache's changelog. Releases 3.0.0 Updated minimum runner version support from node 12 -> node 16 3.0.1 Added support for caching from GHES 3.5. Fixed download issue for files > 2GB during restore. 3.0.2 Added support for dynamic cache size cap on GHES. 3.0.3 Fixed avoiding empty cache save when no files are available for caching. (issue) 3.0.4 Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (issue) 3.0.5 Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (PR) 3.0.6 Fixed #809 - zstd -d: no such file or directory error Fixed #833 - cache doesn't work with github workspace directory 3.0.7 Fixed #810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour. Commits a7c34ad Merge pull request #894 from actions/kotewar/update-toolkit-version 83394c9 Updated cache version in license file e839c25 Updated actions/cache version to 3.0.3 33a923d Added release information a404368 Updated actions/cache version to 3.0.2 f427802 Merge pull request #887 from actions/pdotl-version-patch 9916fe1 Update cache version in licences 318935e Update README and RELEASES 85efbb5 Update cache npm module to latest 4387dbc Merge pull request #835 from shivamarora1/clojure-lein-example Additional commits viewable in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>	2022-08-19 09:10:01 -03:00
dependabot[bot]	e661eb430d	chore(deps): bump sigstore/cosign-installer from 2.5.0 to 2.5.1 (#3315) ... Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.5.0 to 2.5.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/v2.5.0...v2.5.1) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-08-17 10:58:06 -03:00
Carlos Alexandro Becker	ee17c9583d	feat(ci): compile with go 1.19 (#3278) ... * feat(ci): compile with go 1.19 Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * test: fixing template test Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * test: improve check Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * fix: more test and docs fixes Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * test: fix Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * test: fix * test: fix * fix: lint Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * test: docker templates Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * fix: godoc for RequireTemplateError	2022-08-06 18:44:23 -03:00
dependabot[bot]	40164fac9d	chore(deps): bump sigstore/cosign-installer from 2.4.1 to 2.5.0 (#3254) ... Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.4.1 to 2.5.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/v2.4.1...v2.5.0) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-07-26 09:04:54 -03:00
dependabot[bot]	dc44ecda4a	chore(deps): bump actions/setup-go from 3.2.0 to 3.2.1 (#3235) ... Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.2.0 to 3.2.1. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](b22fbbc292...84cbf80943) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-07-12 09:56:52 -03:00
dependabot[bot]	7bb16e271a	chore(deps): bump sigstore/cosign-installer from 2.4.0 to 2.4.1 (#3220) ... Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.4.0 to 2.4.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/v2.4.0...v2.4.1) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-07-04 10:37:54 -03:00
Carlos Alexandro Becker	d58a3e72c3	chore(ci): improve tparse output (#3193) ... * chore(ci): improve tparse output Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * chore(ci): improve tparse output Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2022-06-24 09:33:34 -03:00
Carlos A Becker	d80f11b98e	chore(ci): update sbom and cosign actions ... Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2022-06-13 14:28:08 -03:00
Carlos Alexandro Becker	500190f36a	chore(ci): tparse (#3131) ... * chore(ci): tparse Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * fix: always set json Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * fix: nocolor Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * fix: do not need tparse locally Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> * fix: build Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2022-06-11 23:25:04 -03:00
dependabot[bot]	b869ea44b7	chore(deps): bump actions/setup-go from 3.1.0 to 3.2.0 (#3133) ... * chore(deps): bump actions/setup-go from 3.1.0 to 3.2.0 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](fcdc43634a...b22fbbc292) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Apply suggestions from code review Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>	2022-05-27 13:26:29 -03:00
dependabot[bot]	82f5785fd7	chore(deps): bump actions/setup-go from 3.0.0 to 3.1.0 (#3108) ... Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](f6164bd8c8...fcdc43634a) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-05-13 09:47:56 -03:00
dependabot[bot]	70975ed684	chore(deps): bump docker/setup-qemu-action from 1.2.0 to 2 (#3084) ... Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 1.2.0 to 2. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](27d0a4f181...8b122486ce) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-05-06 15:58:34 -03:00
dependabot[bot]	66d264bdd1	chore(deps): bump docker/login-action from 1.14.1 to 2 (#3082) ... Bumps [docker/login-action](https://github.com/docker/login-action) from 1.14.1 to 2. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](dd4fa0671b...49ed152c8e) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-05-06 15:56:44 -03:00
dependabot[bot]	313718a8e5	chore(deps): bump docker/setup-buildx-action from 1.7.0 to 2 (#3083) ... Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 1.7.0 to 2. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](f211e3e9de...dc7b9719a9) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-05-06 14:37:18 -03:00
dependabot[bot]	546325d912	chore(deps): bump docker/setup-buildx-action from 1.6.0 to 1.7.0 (#3071) ... Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 1.6.0 to 1.7.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](94ab11c41e...f211e3e9de) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-04-28 10:23:24 -03:00
dependabot[bot]	41f7c3ade5	chore(deps): bump codecov/codecov-action from 3.0.0 to 3.1.0 (#3059) ... Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md) - [Commits](e3c560433a...81cd2dc814) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-04-22 09:36:20 -03:00