go/goreleaser
go/goreleaser
1
0
Fork 0
mirror of https://github.com/goreleaser/goreleaser.git synced 2025-01-10 03:47:03 +02:00
Code Issues Releases Activity
4,131 Commits 8 Branches 558 Tags 41 MiB
722463d129
Commit Graph

301 Commits

Author SHA1 Message Date
dependabot[bot]
914d3d5941
chore(deps): bump github/codeql-action from 2.1.29 to 2.1.30 (#3526) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.29 to 2.1.30.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.30 - 02 Nov 2022</h2>
<ul>
<li>Improve the error message when using CodeQL bundle version 2.7.2 and
earlier in a workflow that runs on a runner image such as
<code>ubuntu-22.04</code> that uses glibc version 2.34 and later. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1334">#1334</a></li>
</ul>
<h2>2.1.29 - 26 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li>
</ul>
<h2>2.1.28 - 18 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li>
<li>Replace uses of GitHub Actions command <code>set-output</code>
because it is now deprecated. See more information in the <a
href="https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/">GitHub
Changelog</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1301">#1301</a></li>
</ul>
<h2>2.1.27 - 06 Oct 2022</h2>
<ul>
<li>We are rolling out a feature of the CodeQL Action in October 2022
that changes the way that Go code is analyzed to be more consistent with
other compiled languages like C/C++, C#, and Java. You do not need to
alter your code scanning workflows. If you encounter any problems,
please <a href="https://github.com/github/codeql-action/issues">file an
issue</a> or open a private ticket with GitHub Support and request an
escalation to engineering.</li>
</ul>
<h2>2.1.26 - 29 Sep 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li>
</ul>
<h2>2.1.25 - 21 Sep 2022</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
<li>Add support for Python automatic dependency installation with Poetry
1.2 <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.23 - 14 Sep 2022</h2>
<ul>
<li>Allow CodeQL packs to be downloaded from GitHub Enterprise Server
instances, using the new <code>registries</code> input for the
<code>init</code> action. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1221">#1221</a></li>
<li>Update default CodeQL bundle version to 2.10.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1240">#1240</a></li>
</ul>
<h2>2.1.22 - 01 Sep 2022</h2>
<ul>
<li>Downloading CodeQL packs has been moved to the <code>init</code>
step. Previously, CodeQL packs were downloaded during the
<code>analyze</code> step. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li>
<li>Update default CodeQL bundle version to 2.10.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li>
<li>The newly released <a
href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry
1.2</a> is not yet supported. In the most common case where the CodeQL
Action is automatically installing Python dependencies, it will continue
to install and use Poetry 1.1 on its own. However, in certain cases such
as with self-hosted runners, you may need to ensure Poetry 1.1 is
installed yourself.</li>
</ul>
<h2>2.1.21 - 25 Aug 2022</h2>
<ul>
<li>Improve error messages when the code scanning configuration file
includes an invalid <code>queries</code> block or an invalid
<code>query-filters</code> block. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="18fe527fa8"><code>18fe527</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1341">#1341</a>
from github/update-v2.1.30-cd983e71</li>
<li><a
href="f04ca7c11c"><code>f04ca7c</code></a>
Update changelog for v2.1.30</li>
<li><a
href="cd983e71c6"><code>cd983e7</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1334">#1334</a>
from github/henrymercer/better-error-for-glibc</li>
<li><a
href="2ec046b5ac"><code>2ec046b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1328">#1328</a>
from github/angelapwen/add-go-autobuild-comment</li>
<li><a
href="72bd9cbe62"><code>72bd9cb</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1321">#1321</a>
from github/criemen/datadog-tag</li>
<li><a
href="ac0112f7f1"><code>ac0112f</code></a>
Add Go to list of supported languages</li>
<li><a
href="77b1f7e44c"><code>77b1f7e</code></a>
Merge remote-tracking branch 'origin/main' into criemen/datadog-tag</li>
<li><a
href="aa07b3894b"><code>aa07b38</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1340">#1340</a>
from github/henrymercer/fix-proxy-check</li>
<li><a
href="c44e6c6096"><code>c44e6c6</code></a>
Fix missing Docker image in proxy test</li>
<li><a
href="ae0a2603c1"><code>ae0a260</code></a>
Update src/actions-util.ts</li>
<li>Additional commits viewable in <a
href="ec3cf9c605...18fe527fa8">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.29&new-version=2.1.30)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-03 09:34:07 -03:00
Carlos Alexandro Becker
7544f7ab96
feat: update to go 1.19.3 (#3523) 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-11-02 14:19:01 -03:00
dependabot[bot]
f3aea7663f
chore(deps): bump anchore/sbom-action from 0.12.0 to 0.13.0 (#3512) 
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from
0.12.0 to 0.13.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.13.0</h2>
<h2>Changes in v0.13.0</h2>
<ul>
<li>Allow type &quot;file:...&quot; to enable creation of SBOMs from tar
and other package formats (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/357">#357</a>)
[<a href="https://github.com/malt3">malt3</a>]</li>
<li>Update Syft to v0.59.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/371">#371</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
<li>Update dependencies and node version (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/372">#372</a>)
[<a href="https://github.com/kzantow">kzantow</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b7e8507c6a"><code>b7e8507</code></a>
chore: remove dependabot (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/381">#381</a>)</li>
<li><a
href="2424de21c4"><code>2424de2</code></a>
Bump <code>@​types/node</code> from 18.11.2 to 18.11.3 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/373">#373</a>)</li>
<li><a
href="12a03b588c"><code>12a03b5</code></a>
Update Syft to v0.59.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/371">#371</a>)</li>
<li><a
href="563238bdcc"><code>563238b</code></a>
chore: Update dependencies and action node version (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/372">#372</a>)</li>
<li><a
href="eda59434a8"><code>eda5943</code></a>
Update Syft to v0.58.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/354">#354</a>)</li>
<li><a
href="614fe8a3b7"><code>614fe8a</code></a>
feat: Allow type &quot;file:...&quot; (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/357">#357</a>)</li>
<li><a
href="6218d4fbd4"><code>6218d4f</code></a>
Update Syft to v0.57.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/344">#344</a>)</li>
<li><a
href="a173e5341b"><code>a173e53</code></a>
Update Syft to v0.56.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/329">#329</a>)</li>
<li><a
href="2cd5755dcc"><code>2cd5755</code></a>
Add update-deps script (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/322">#322</a>)</li>
<li>See full diff in <a
href="https://github.com/anchore/sbom-action/compare/v0.12.0...v0.13.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.12.0&new-version=0.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-31 11:13:56 -03:00
dependabot[bot]
d73a0116e0
chore(deps): bump github/codeql-action from 2.1.28 to 2.1.29 (#3498) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.28 to 2.1.29.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.29 - 26 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li>
</ul>
<h2>2.1.28 - 18 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li>
<li>Replace uses of GitHub Actions command <code>set-output</code>
because it is now deprecated. See more information in the <a
href="https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/">GitHub
Changelog</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1301">#1301</a></li>
</ul>
<h2>2.1.27 - 06 Oct 2022</h2>
<ul>
<li>We are rolling out a feature of the CodeQL Action in October 2022
that changes the way that Go code is analyzed to be more consistent with
other compiled languages like C/C++, C#, and Java. You do not need to
alter your code scanning workflows. If you encounter any problems,
please <a href="https://github.com/github/codeql-action/issues">file an
issue</a> or open a private ticket with GitHub Support and request an
escalation to engineering.</li>
</ul>
<h2>2.1.26 - 29 Sep 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li>
</ul>
<h2>2.1.25 - 21 Sep 2022</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
<li>Add support for Python automatic dependency installation with Poetry
1.2 <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.23 - 14 Sep 2022</h2>
<ul>
<li>Allow CodeQL packs to be downloaded from GitHub Enterprise Server
instances, using the new <code>registries</code> input for the
<code>init</code> action. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1221">#1221</a></li>
<li>Update default CodeQL bundle version to 2.10.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1240">#1240</a></li>
</ul>
<h2>2.1.22 - 01 Sep 2022</h2>
<ul>
<li>Downloading CodeQL packs has been moved to the <code>init</code>
step. Previously, CodeQL packs were downloaded during the
<code>analyze</code> step. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li>
<li>Update default CodeQL bundle version to 2.10.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li>
<li>The newly released <a
href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry
1.2</a> is not yet supported. In the most common case where the CodeQL
Action is automatically installing Python dependencies, it will continue
to install and use Poetry 1.1 on its own. However, in certain cases such
as with self-hosted runners, you may need to ensure Poetry 1.1 is
installed yourself.</li>
</ul>
<h2>2.1.21 - 25 Aug 2022</h2>
<ul>
<li>Improve error messages when the code scanning configuration file
includes an invalid <code>queries</code> block or an invalid
<code>query-filters</code> block. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li>
<li>Fix a bug where Go build tracing could fail on Windows. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li>
</ul>
<h2>2.1.20 - 22 Aug 2022</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec3cf9c605"><code>ec3cf9c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1323">#1323</a>
from github/update-v2.1.29-4b53723d</li>
<li><a
href="f246f20ec4"><code>f246f20</code></a>
Update changelog for v2.1.29</li>
<li><a
href="4b53723d6b"><code>4b53723</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1320">#1320</a>
from github/edoardo/2.11.2-bump</li>
<li><a
href="de9f112cd1"><code>de9f112</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1318">#1318</a>
from github/aeisenberg/bump-min-version</li>
<li><a
href="f1a4ff53b4"><code>f1a4ff5</code></a>
Bumps the min version for code scanning config in the cli</li>
<li><a
href="624418cb40"><code>624418c</code></a>
Bump default CodeQL version to 2.11.2</li>
<li><a
href="f0a1281661"><code>f0a1281</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1315">#1315</a>
from github/mergeback/v2.1.28-to-main-cc7986c0</li>
<li><a
href="f0b3ef9e9c"><code>f0b3ef9</code></a>
Update checked-in dependencies</li>
<li><a
href="3920e2d8ae"><code>3920e2d</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1313">#1313</a>
from github/criemen/ghes-31-deprecation</li>
<li><a
href="be55631a21"><code>be55631</code></a>
Update changelog and version after v2.1.28</li>
<li>Additional commits viewable in <a
href="cc7986c02b...ec3cf9c605">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.28&new-version=2.1.29)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-27 09:32:34 -03:00
dependabot[bot]
f0b912a708
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.15.2 to 4.15.3 (#3499) 
Bumps
[stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action)
from 4.15.2 to 4.15.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.15.3</h2>
<h2>Changed</h2>
<ul>
<li>Use deprecated set-output syntax if GITHUB_OUTPUT environment is not
available (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/255">#255</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.3...HEAD">Unreleased</a></h2>
<blockquote>
<p>TBD</p>
</blockquote>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.2...v4.15.3">v4.15.3</a>
- 2022-10-26</h2>
<h3>Changed</h3>
<ul>
<li>Use deprecated set-output syntax if GITHUB_OUTPUT environment is not
available (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/255">#255</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.1...v4.15.2">v4.15.2</a>
- 2022-10-22</h2>
<h3>Changed</h3>
<ul>
<li>Replace set-output usage with GITHUB_OUTPUT (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/252">#252</a>)
<a href="https://github.com/amonshiz"><code>@​amonshiz</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.0...v4.15.1">v4.15.1</a>
- 2022-10-10</h2>
<h3>Fixed</h3>
<ul>
<li>Run Action on Node16 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/247">#247</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.1...v4.15.0">v4.15.0</a>
- 2022-09-24</h2>
<h3>Changed</h3>
<ul>
<li>Expand <code>file_pattern</code>-input to an array (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/205">#205</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>String values in README.md extended example are now correct (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/196">#196</a>)
<a
href="https://github.com/@karolswdev"><code>@​karolswdev</code></a></li>
<li>Fix Typos and grammer Errors in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/235">#235</a>)
<a
href="https://github.com/@derrickleemy"><code>@​derrickleemy</code></a></li>
<li>Fix Typo in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/230">#230</a>)
<a href="https://github.com/@fty4"><code>@​fty4</code></a></li>
<li>Add missing links in the CHANGELOG (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/223">#223</a>)
<a
href="https://github.com/@ericcornelissen"><code>@​ericcornelissen</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.0...v4.14.1">v4.14.1</a>
- 2022-04-12</h2>
<h2>Changed</h2>
<ul>
<li>Change Commit User Name from &quot;GitHub Actions&quot; to
&quot;github-actions[bot]&quot; (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
<li>Change Commit User Email from &quot;<a
href="mailto:actions@github.com">actions@github.com</a>&quot; to
&quot;github-actions[bot]<a
href="https://github.com/users"><code>@​users</code></a>.noreply.github.com&quot;
(<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
</ul>
<h2>Fixed</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0049e3fa40"><code>0049e3f</code></a>
Use deprecated set-output syntax if GITHUB_OUTPUT environment is not
availabl...</li>
<li><a
href="f6f7a9c351"><code>f6f7a9c</code></a>
Update CHANGELOG</li>
<li>See full diff in <a
href="2fde6fc18d...0049e3fa40">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stefanzweifel/git-auto-commit-action&package-manager=github_actions&previous-version=4.15.2&new-version=4.15.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-27 09:29:34 -03:00
dependabot[bot]
62361bb6ad
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.15.1 to 4.15.2 (#3492) 
Bumps
[stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action)
from 4.15.1 to 4.15.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.15.2</h2>
<h2>Changed</h2>
<ul>
<li>Replace set-output usage with GITHUB_OUTPUT (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/252">#252</a>)
<a href="https://github.com/amonshiz"><code>@​amonshiz</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.2...HEAD">Unreleased</a></h2>
<blockquote>
<p>TBD</p>
</blockquote>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.1...v4.15.2">v4.15.2</a>
- 2022-10-22</h2>
<h3>Changed</h3>
<ul>
<li>Replace set-output usage with GITHUB_OUTPUT (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/252">#252</a>)
<a href="https://github.com/amonshiz"><code>@​amonshiz</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.0...v4.15.1">v4.15.1</a>
- 2022-10-10</h2>
<h3>Fixed</h3>
<ul>
<li>Run Action on Node16 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/247">#247</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.1...v4.15.0">v4.15.0</a>
- 2022-09-24</h2>
<h3>Changed</h3>
<ul>
<li>Expand <code>file_pattern</code>-input to an array (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/205">#205</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>String values in README.md extended example are now correct (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/196">#196</a>)
<a
href="https://github.com/@karolswdev"><code>@​karolswdev</code></a></li>
<li>Fix Typos and grammer Errors in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/235">#235</a>)
<a
href="https://github.com/@derrickleemy"><code>@​derrickleemy</code></a></li>
<li>Fix Typo in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/230">#230</a>)
<a href="https://github.com/@fty4"><code>@​fty4</code></a></li>
<li>Add missing links in the CHANGELOG (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/223">#223</a>)
<a
href="https://github.com/@ericcornelissen"><code>@​ericcornelissen</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.0...v4.14.1">v4.14.1</a>
- 2022-04-12</h2>
<h2>Changed</h2>
<ul>
<li>Change Commit User Name from &quot;GitHub Actions&quot; to
&quot;github-actions[bot]&quot; (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
<li>Change Commit User Email from &quot;<a
href="mailto:actions@github.com">actions@github.com</a>&quot; to
&quot;github-actions[bot]<a
href="https://github.com/users"><code>@​users</code></a>.noreply.github.com&quot;
(<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>Update doc link to GITHUB_TOKEN not triggering new workflow runs (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/206">#206</a>)
<a href="https://github.com/gapple"><code>@​gapple</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.13.1...v4.14.0">v4.14.0</a>
- 2022-03-18</h2>
<h2>Added</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2fde6fc18d"><code>2fde6fc</code></a>
Replace set-output usage with GITHUB_OUTPUT (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/252">#252</a>)</li>
<li><a
href="faf78595b8"><code>faf7859</code></a>
Update README.md</li>
<li><a
href="a0873a0795"><code>a0873a0</code></a>
Update CHANGELOG</li>
<li>See full diff in <a
href="fd157da78f...2fde6fc18d">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stefanzweifel/git-auto-commit-action&package-manager=github_actions&previous-version=4.15.1&new-version=4.15.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-24 10:45:43 -03:00
Carlos A Becker
f28a70c481
chore: image scan always fails 
the security issues comes from the golang image, which we need to be
using in order to build stuff.

That said, not much we can do either way, so, I'm disabling this check
for now.

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-10-21 08:56:21 -03:00
dependabot[bot]
bc5d4bf97a
chore(deps): bump golangci/golangci-lint-action from 3.2.0 to 3.3.0 (#3486) 
Bumps
[golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action)
from 3.2.0 to 3.3.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="07db5389c9"><code>07db538</code></a>
build(deps): bump <code>@​actions/cache</code> from 3.0.4 to 3.0.5 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/586">#586</a>)</li>
<li><a
href="328c000029"><code>328c000</code></a>
build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.39.0 to 5.40.0 ...</li>
<li><a
href="3a79f8d45a"><code>3a79f8d</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.39.0 to 5.40.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/584">#584</a>)</li>
<li><a
href="43c645b597"><code>43c645b</code></a>
build(deps-dev): bump eslint from 8.24.0 to 8.25.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/582">#582</a>)</li>
<li><a
href="88e5fc6380"><code>88e5fc6</code></a>
build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.38.1 to 5.39.0 ...</li>
<li><a
href="6191de56c9"><code>6191de5</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.38.1 to 5.39.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/580">#580</a>)</li>
<li><a
href="5423639e7b"><code>5423639</code></a>
build(deps): bump <code>@​actions/core</code> from 1.9.1 to 1.10.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/578">#578</a>)</li>
<li><a
href="c225631afd"><code>c225631</code></a>
build(deps): bump <code>@​actions/github</code> from 5.1.0 to 5.1.1 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/576">#576</a>)</li>
<li><a
href="b81d829cdb"><code>b81d829</code></a>
build(deps-dev): bump typescript from 4.8.3 to 4.8.4 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/577">#577</a>)</li>
<li><a
href="5b682fd40b"><code>5b682fd</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.38.0 to 5.38.1 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/575">#575</a>)</li>
<li>Additional commits viewable in <a
href="537aa1903e...07db5389c9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=3.2.0&new-version=3.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-21 08:54:45 -03:00
dependabot[bot]
097baac606
chore(deps): bump actions/setup-go from 3.3.0 to 3.3.1 (#3477) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.3.0
to 3.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>Fix cache issues and update dependencies</h2>
<p>In scope of this release we fixed the issue with the correct
generation of the cache key when the <code>go-version-file</code> input
is set (<a
href="https://github-redirect.dependabot.com/actions/setup-go/pull/267">actions/setup-go#267</a>).
Moreover, we fixed an issue when <a
href="https://github-redirect.dependabot.com/actions/setup-go/pull/264">the
cache folder was not found</a>. Besides, we updated
<code>actions/core</code> to 1.10.0 version (<a
href="https://github-redirect.dependabot.com/actions/setup-go/pull/273">actions/setup-go#273</a>).</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c4a742cab1"><code>c4a742c</code></a>
fix(): cache resolve version input (<a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/267">#267</a>)</li>
<li><a
href="f556e5b7e0"><code>f556e5b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/273">#273</a>
from rentziass/rentziass/update-actions-core</li>
<li><a
href="514ae57904"><code>514ae57</code></a>
Update <code>@​actions/core</code> to 1.10.0</li>
<li><a
href="30b9ddff11"><code>30b9ddf</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/264">#264</a>
from e-korolevskii/258-not-throw-err-no-cache-folders</li>
<li><a
href="c4e169859f"><code>c4e1698</code></a>
prettier format</li>
<li><a
href="db58e98a43"><code>db58e98</code></a>
format</li>
<li><a
href="2905db4069"><code>2905db4</code></a>
update build</li>
<li><a
href="57452eb902"><code>57452eb</code></a>
fix debug lines in test</li>
<li><a
href="5547b9ed8d"><code>5547b9e</code></a>
fix(cache): Not throw err if no cache folders</li>
<li><a
href="be45b2722d"><code>be45b27</code></a>
build</li>
<li>Additional commits viewable in <a
href="268d8c0ca0...c4a742cab1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=3.3.0&new-version=3.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-19 09:54:46 -03:00
dependabot[bot]
a94d809a63
chore(deps): bump sigstore/cosign-installer from 2.8.0 to 2.8.1 (#3478) 
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 2.8.0 to 2.8.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v2.8.1</h2>
<h2>What's Changed</h2>
<ul>
<li>bump cosign install to use release v1.13.1 by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/98">sigstore/cosign-installer#98</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v2...v2.8.1">https://github.com/sigstore/cosign-installer/compare/v2...v2.8.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9becc61764"><code>9becc61</code></a>
bump cosign install to use release v1.13.1 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/98">#98</a>)</li>
<li><a
href="c6d50c2e98"><code>c6d50c2</code></a>
Bump actions/checkout from 3.0.2 to 3.1.0 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/96">#96</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v2.8.0...v2.8.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=2.8.0&new-version=2.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-19 09:54:06 -03:00
dependabot[bot]
7b1ce71351
chore(deps): bump github/codeql-action from 2.1.27 to 2.1.28 (#3479) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.27 to 2.1.28.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.28 - 18 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li>
<li>Replace uses of GitHub Actions command <code>set-output</code>
because it is now deprecated. See more information in the <a
href="https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/">GitHub
Changelog</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1301">#1301</a></li>
</ul>
<h2>2.1.27 - 06 Oct 2022</h2>
<ul>
<li>We are rolling out a feature of the CodeQL Action in October 2022
that changes the way that Go code is analyzed to be more consistent with
other compiled languages like C/C++, C#, and Java. You do not need to
alter your code scanning workflows. If you encounter any problems,
please <a href="https://github.com/github/codeql-action/issues">file an
issue</a> or open a private ticket with GitHub Support and request an
escalation to engineering.</li>
</ul>
<h2>2.1.26 - 29 Sep 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li>
</ul>
<h2>2.1.25 - 21 Sep 2022</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
<li>Add support for Python automatic dependency installation with Poetry
1.2 <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.23 - 14 Sep 2022</h2>
<ul>
<li>Allow CodeQL packs to be downloaded from GitHub Enterprise Server
instances, using the new <code>registries</code> input for the
<code>init</code> action. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1221">#1221</a></li>
<li>Update default CodeQL bundle version to 2.10.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1240">#1240</a></li>
</ul>
<h2>2.1.22 - 01 Sep 2022</h2>
<ul>
<li>Downloading CodeQL packs has been moved to the <code>init</code>
step. Previously, CodeQL packs were downloaded during the
<code>analyze</code> step. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li>
<li>Update default CodeQL bundle version to 2.10.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li>
<li>The newly released <a
href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry
1.2</a> is not yet supported. In the most common case where the CodeQL
Action is automatically installing Python dependencies, it will continue
to install and use Poetry 1.1 on its own. However, in certain cases such
as with self-hosted runners, you may need to ensure Poetry 1.1 is
installed yourself.</li>
</ul>
<h2>2.1.21 - 25 Aug 2022</h2>
<ul>
<li>Improve error messages when the code scanning configuration file
includes an invalid <code>queries</code> block or an invalid
<code>query-filters</code> block. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li>
<li>Fix a bug where Go build tracing could fail on Windows. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li>
</ul>
<h2>2.1.20 - 22 Aug 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.19 - 17 Aug 2022</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cc7986c02b"><code>cc7986c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1311">#1311</a>
from github/update-v2.1.28-96c8872f</li>
<li><a
href="aecd03235b"><code>aecd032</code></a>
Update changelog for v2.1.28</li>
<li><a
href="96c8872f06"><code>96c8872</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1310">#1310</a>
from github/henrymercer/v2-mergeback</li>
<li><a
href="b709139433"><code>b709139</code></a>
Merge branch 'releases/v2' into henrymercer/v2-mergeback</li>
<li><a
href="5dd73678a4"><code>5dd7367</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1308">#1308</a>
from github/aeisenberg/fix-merge</li>
<li><a
href="4c1ccc4a5e"><code>4c1ccc4</code></a>
Fix CHANGELOG</li>
<li><a
href="c2f5185572"><code>c2f5185</code></a>
Merge commit 'e4cc4a2f' into releases/v2</li>
<li><a
href="297ec80a46"><code>297ec80</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1301">#1301</a>
from github/aeisenberg/remove-set-output</li>
<li><a
href="b0f8861cea"><code>b0f8861</code></a>
Update CHANGELOG.md</li>
<li><a
href="2ee8edc7f0"><code>2ee8edc</code></a>
Update changelog</li>
<li>Additional commits viewable in <a
href="807578363a...cc7986c02b">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.27&new-version=2.1.28)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-19 09:53:53 -03:00
dependabot[bot]
97e9bc40f9
chore(deps): bump docker/setup-buildx-action from 2.2.0 to 2.2.1 (#3480) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.2.0 to 2.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Preserve quotes surrounding fields in input list by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/174">#174</a>)</li>
<li>Escape surrounding quotes for <code>platforms</code> input by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/175">#175</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.2.0...v2.2.1">https://github.com/docker/setup-buildx-action/compare/v2.2.0...v2.2.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8c0edbc76e"><code>8c0edbc</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/175">#175</a>
from crazy-max/input-list-quotes</li>
<li><a
href="1fb9cbdb32"><code>1fb9cbd</code></a>
escape surrounding quotes for platforms input</li>
<li><a
href="693fdd6ca6"><code>693fdd6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/174">#174</a>
from crazy-max/input-quote</li>
<li><a
href="fe4c1ac86d"><code>fe4c1ac</code></a>
preserve quotes surrounding fields in input list</li>
<li>See full diff in <a
href="c74574e6c8...8c0edbc76e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.2.0&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-19 09:53:41 -03:00
dependabot[bot]
903713ea0a
chore(deps): bump docker/setup-buildx-action from 2.1.0 to 2.2.0 (#3474) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.1.0 to 2.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Append nodes to builder support by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/165">#165</a>)</li>
<li>Bump csv-parse from 5.3.0 to 5.3.1 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/172">#172</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.1.0...v2.2.0">https://github.com/docker/setup-buildx-action/compare/v2.1.0...v2.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c74574e6c8"><code>c74574e</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/172">#172</a>
from docker/dependabot/npm_and_yarn/csv-parse-5.3.1</li>
<li><a
href="2d0cf98781"><code>2d0cf98</code></a>
update generated content</li>
<li><a
href="5f1d4ea81f"><code>5f1d4ea</code></a>
Bump csv-parse from 5.3.0 to 5.3.1</li>
<li><a
href="59b5ed6124"><code>59b5ed6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/165">#165</a>
from crazy-max/append</li>
<li><a
href="bd61d52837"><code>bd61d52</code></a>
update generated content</li>
<li><a
href="f6efb5fcbb"><code>f6efb5f</code></a>
platforms input</li>
<li><a
href="2dfca373f3"><code>2dfca37</code></a>
append nodes to builder support</li>
<li>See full diff in <a
href="95cb08cb26...c74574e6c8">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.1.0&new-version=2.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-18 09:19:42 -03:00
dependabot[bot]
647262634b
chore(deps): bump actions/cache from 3.0.10 to 3.0.11 (#3465) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.10 to
3.0.11.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.11</h2>
<h2>What's Changed</h2>
<ul>
<li>Call out cache not saved on hit by <a
href="https://github.com/Phantsure"><code>@​Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/946">actions/cache#946</a></li>
<li>Update <code>@​actions/core</code> to 1.10.0 by <a
href="https://github.com/rentziass"><code>@​rentziass</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/950">actions/cache#950</a></li>
<li>Update cache to use <code>@​actions/core</code>@^1.10.0 by <a
href="https://github.com/pdotl"><code>@​pdotl</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/956">actions/cache#956</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/rentziass"><code>@​rentziass</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/950">actions/cache#950</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.0.11">https://github.com/actions/cache/compare/v3...v3.0.11</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MIN</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<h3>3.0.11</h3>
<ul>
<li>Update toolkit version to 3.0.5 to include
<code>@actions/core@^1.10.0</code></li>
<li>Update <code>@actions/cache</code> to use updated
<code>saveState</code> and <code>setOutput</code> functions from
<code>@actions/core@^1.10.0</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9b0c1fce7a"><code>9b0c1fc</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/956">#956</a>
from actions/pdotl-version-bump</li>
<li><a
href="18103f63fe"><code>18103f6</code></a>
Fix licensed status error</li>
<li><a
href="3e383cd9c3"><code>3e383cd</code></a>
Update RELEASES</li>
<li><a
href="43428ea056"><code>43428ea</code></a>
toolkit versioon update and version bump for cache</li>
<li><a
href="1c73980b09"><code>1c73980</code></a>
3.0.11</li>
<li><a
href="a3f5edc237"><code>a3f5edc</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/950">#950</a>
from rentziass/rentziass/update-actions-core</li>
<li><a
href="831ee695a5"><code>831ee69</code></a>
Update licenses</li>
<li><a
href="b9c8bfe442"><code>b9c8bfe</code></a>
Update <code>@​actions/core</code> to 1.10.0</li>
<li><a
href="0f20846208"><code>0f20846</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/946">#946</a>
from actions/Phantsure-patch-2</li>
<li><a
href="862fc14188"><code>862fc14</code></a>
Update README.md</li>
<li>Additional commits viewable in <a
href="56461b9eb0...9b0c1fce7a">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.0.10&new-version=3.0.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-14 10:17:02 -03:00
dependabot[bot]
fcd9b379f5
chore(deps): bump actions/github-script from 6.3.2 to 6.3.3 (#3464) 
Bumps [actions/github-script](https://github.com/actions/github-script)
from 6.3.2 to 6.3.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v6.3.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Update <code>@actions/glob</code> to 0.3.0 by <a
href="https://github.com/nineinchnick"><code>@​nineinchnick</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/279">actions/github-script#279</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/nineinchnick"><code>@​nineinchnick</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/279">actions/github-script#279</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v6.3.2...v6.3.3">https://github.com/actions/github-script/compare/v6.3.2...v6.3.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d556feaca3"><code>d556fea</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/300">#300</a>
from actions/joshmgross/v6.3.3</li>
<li><a
href="01fde8b524"><code>01fde8b</code></a>
Update version to 6.3.3</li>
<li><a
href="633e9fd3a1"><code>633e9fd</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/279">#279</a>
from nineinchnick/update-glob</li>
<li><a
href="ee124b1288"><code>ee124b1</code></a>
Update dist</li>
<li><a
href="ca24d5fb29"><code>ca24d5f</code></a>
Update <code>@actions/glob</code> license version</li>
<li><a
href="c09747ec1a"><code>c09747e</code></a>
Merge branch 'main' into update-glob</li>
<li>See full diff in <a
href="100527700e...d556feaca3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=6.3.2&new-version=6.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-14 10:16:50 -03:00
dependabot[bot]
6a5a3d9f1d
chore(deps): bump docker/setup-qemu-action from 2.0.0 to 2.1.0 (#3458) 
Bumps
[docker/setup-qemu-action](https://github.com/docker/setup-qemu-action)
from 2.0.0 to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Use context for inputs by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/62">#62</a>)</li>
<li>Use built-in <code>getExecOutput</code> by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/61">#61</a>)</li>
<li>Remove workaround for <code>setOutput</code> by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/63">#63</a>)</li>
<li>Bump <code>@​actions/core</code> from 1.6.0 to 1.10.0 (<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/54">#54</a>
<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/58">#58</a>
<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/59">#59</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-qemu-action/compare/v2.0.0...v2.1.0">https://github.com/docker/setup-qemu-action/compare/v2.0.0...v2.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e81a89b173"><code>e81a89b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/63">#63</a>
from crazy-max/setOutput</li>
<li><a
href="2d3efc7878"><code>2d3efc7</code></a>
Remove workaround for setOutput</li>
<li><a
href="bfc44eaf57"><code>bfc44ea</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/62">#62</a>
from crazy-max/context</li>
<li><a
href="25725d8d2e"><code>25725d8</code></a>
Use context for inputs</li>
<li><a
href="8c1e35a8c6"><code>8c1e35a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/61">#61</a>
from crazy-max/exec-output</li>
<li><a
href="f3c51a3313"><code>f3c51a3</code></a>
update README</li>
<li><a
href="c47ad32952"><code>c47ad32</code></a>
Use built-in getExecOutput</li>
<li><a
href="aa087459ac"><code>aa08745</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/59">#59</a>
from docker/dependabot/npm_and_yarn/actions/core-1.10.0</li>
<li><a
href="9443994984"><code>9443994</code></a>
Update generated content</li>
<li><a
href="81a47e15eb"><code>81a47e1</code></a>
Bump <code>@​actions/core</code> from 1.9.1 to 1.10.0</li>
<li>Additional commits viewable in <a
href="8b122486ce...e81a89b173">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-qemu-action&package-manager=github_actions&previous-version=2.0.0&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2022-10-13 10:52:43 -03:00
dependabot[bot]
9ce619ad09
chore(deps): bump docker/setup-buildx-action from 2.0.0 to 2.1.0 (#3459) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.0.0 to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Auth support for tls endpoint by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/164">#164</a>)</li>
<li>Nodes metadata JSON ouput by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/162">#162</a>)
<ul>
<li><code>endpoint</code>, <code>status</code> and <code>flags</code>
outputs are deprecated. Use <code>nodes</code> output instead.</li>
</ul>
</li>
<li>Skip setting buildkitd flags and config for remote driver by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/161">#161</a>)</li>
<li>Move args logic to context module and add tests by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/169">#169</a>)</li>
<li>Remove workaround for <code>setOutput</code> by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/170">#170</a>)</li>
<li>Fix deprecated <code>fs.rmdir</code> by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/171">#171</a>)</li>
<li>Docs: clarify install option by <a
href="https://github.com/rodrigc"><code>@​rodrigc</code></a> in (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/152">#152</a>)</li>
<li>Bump <code>@​actions/core</code> from 1.6.0 to 1.10.0 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/151">#151</a>
<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/157">#157</a>
<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/167">#167</a>)</li>
<li>Bump <code>@​actions/tool-cache</code> from 1.7.2 to 2.0.1 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/150">#150</a>)</li>
<li>Bump <code>@​actions/http-client</code> from 1.0.11 to 2.0.1 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/149">#149</a>)</li>
<li>Bump uuid from 8.3.2 to 9.0.0 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/159">#159</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.0.0...v2.1.0">https://github.com/docker/setup-buildx-action/compare/v2.0.0...v2.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="95cb08cb26"><code>95cb08c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/171">#171</a>
from crazy-max/rmsync</li>
<li><a
href="eb5c2a6eea"><code>eb5c2a6</code></a>
Fix deprecated fs.rmdir</li>
<li><a
href="83612bea36"><code>83612be</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/170">#170</a>
from crazy-max/setOutput</li>
<li><a
href="40fefd8a58"><code>40fefd8</code></a>
Remove workaround for setOutput</li>
<li><a
href="90a1e4619e"><code>90a1e46</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/169">#169</a>
from crazy-max/context-module</li>
<li><a
href="5a9fc40575"><code>5a9fc40</code></a>
move args logic to context module and add tests</li>
<li><a
href="6c48dad5f0"><code>6c48dad</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/159">#159</a>
from docker/dependabot/npm_and_yarn/uuid-9.0.0</li>
<li><a
href="16c2ddbfa7"><code>16c2ddb</code></a>
update generated content</li>
<li><a
href="0fe8589bf4"><code>0fe8589</code></a>
Bump uuid from 8.3.2 to 9.0.0</li>
<li><a
href="f3692cbe43"><code>f3692cb</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/167">#167</a>
from docker/dependabot/npm_and_yarn/actions/core-1.10.0</li>
<li>Additional commits viewable in <a
href="dc7b9719a9...95cb08cb26">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.0.0&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2022-10-13 10:51:29 -03:00
dependabot[bot]
637ffc49a9
chore(deps): bump docker/login-action from 2.0.0 to 2.1.0 (#3451) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [docker/login-action](https://github.com/docker/login-action) from
2.0.0 to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/login-action/releases">docker/login-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Ensure AWS temp credentials are redacted in workflow logs by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/275">#275</a>)</li>
<li>Bump <code>@​actions/core</code> from 1.6.0 to 1.10.0 (<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/252">#252</a>
<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/292">#292</a>)</li>
<li>Bump <code>@​aws-sdk/client-ecr</code> from 3.53.0 to 3.186.0 (<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/298">#298</a>)</li>
<li>Bump <code>@​aws-sdk/client-ecr-public</code> from 3.53.0 to 3.186.0
(<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/299">#299</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/login-action/compare/v2.0.0...v2.1.0">https://github.com/docker/login-action/compare/v2.0.0...v2.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f4ef78c080"><code>f4ef78c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/login-action/issues/299">#299</a>
from docker/dependabot/npm_and_yarn/aws-sdk/client-ec...</li>
<li><a
href="9ad4ce3929"><code>9ad4ce3</code></a>
Update generated content</li>
<li><a
href="884eadd4f8"><code>884eadd</code></a>
Bump <code>@​aws-sdk/client-ecr-public</code> from 3.53.0 to
3.186.0</li>
<li><a
href="a266232f5c"><code>a266232</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/login-action/issues/298">#298</a>
from docker/dependabot/npm_and_yarn/aws-sdk/client-ec...</li>
<li><a
href="f97efcfbf9"><code>f97efcf</code></a>
Update generated content</li>
<li><a
href="5ae789beac"><code>5ae789b</code></a>
Bump <code>@​aws-sdk/client-ecr</code> from 3.53.0 to 3.186.0</li>
<li><a
href="71c23b5b34"><code>71c23b5</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/login-action/issues/292">#292</a>
from docker/dependabot/npm_and_yarn/actions/core-1.10.0</li>
<li><a
href="6401d70aab"><code>6401d70</code></a>
Update generated content</li>
<li><a
href="67e8909cc6"><code>67e8909</code></a>
Bump <code>@​actions/core</code> from 1.9.1 to 1.10.0</li>
<li><a
href="21f251affc"><code>21f251a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/login-action/issues/275">#275</a>
from crazy-max/redact-aws-creds</li>
<li>Additional commits viewable in <a
href="49ed152c8e...f4ef78c080">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/login-action&package-manager=github_actions&previous-version=2.0.0&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-12 19:05:18 -03:00
dependabot[bot]
614cab8586
chore(deps): bump actions/github-script from 6.3.1 to 6.3.2 (#3453) 
Bumps [actions/github-script](https://github.com/actions/github-script)
from 6.3.1 to 6.3.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v6.3.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Update <code>@​actions/core</code> to 1.10.0 by <a
href="https://github.com/rentziass"><code>@​rentziass</code></a> in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/295">actions/github-script#295</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/rentziass"><code>@​rentziass</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/295">actions/github-script#295</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v6.3.1...v6.3.2">https://github.com/actions/github-script/compare/v6.3.1...v6.3.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="100527700e"><code>1005277</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/299">#299</a>
from actions/joshmgross/v6.3.2</li>
<li><a
href="085a7754e8"><code>085a775</code></a>
Bump version to 6.3.2</li>
<li><a
href="6871f0ffce"><code>6871f0f</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/295">#295</a>
from rentziass/rentziass/update-actions-core</li>
<li><a
href="7ed718295b"><code>7ed7182</code></a>
Update <code>@​actions/core</code> to 1.10.0</li>
<li>See full diff in <a
href="7dff1a8764...100527700e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=6.3.1&new-version=6.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-12 19:05:03 -03:00
dependabot[bot]
38c8436863
chore(deps): bump arduino/setup-task from 1.0.1 to 1.0.2 (#3452) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [arduino/setup-task](https://github.com/arduino/setup-task) from
1.0.1 to 1.0.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/arduino/setup-task/releases">arduino/setup-task's
releases</a>.</em></p>
<blockquote>
<h2>1.0.2</h2>
<h2>Release Notes</h2>
<h3>Changelog</h3>
<h4>Enhancement</h4>
<ul>
<li>Run action with Node.js 16 (<a
href="https://github-redirect.dependabot.com/arduino/setup-task/pull/552">arduino/setup-task#552</a>)</li>
<li>Various dependency updates</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a href="https://github.com/kasperg"><code>@​kasperg</code></a></li>
</ul>
<hr />
<p><strong>Full Changeset</strong>: <a
href="https://github.com/arduino/setup-task/compare/1.0.1...1.0.2">https://github.com/arduino/setup-task/compare/1.0.1...1.0.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d665c6beeb"><code>d665c6b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/554">#554</a>
from arduino/dependabot/npm_and_yarn/types/node-16.11.65</li>
<li><a
href="f911dc0bbc"><code>f911dc0</code></a>
build(deps-dev): bump <code>@​types/node</code> from 16.11.64 to
16.11.65</li>
<li><a
href="2cdd1760c6"><code>2cdd176</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/555">#555</a>
from arduino/dependabot/npm_and_yarn/typescript-eslin...</li>
<li><a
href="0238d42112"><code>0238d42</code></a>
build(deps-dev): bump
<code>@​typescript-eslint/eslint-plugin</code></li>
<li><a
href="b592b746bd"><code>b592b74</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/553">#553</a>
from arduino/dependabot/npm_and_yarn/typescript-eslin...</li>
<li><a
href="1b72357a23"><code>1b72357</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.38.1 to 5.40.0</li>
<li><a
href="eea6bc2215"><code>eea6bc2</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/551">#551</a>
from arduino/dependabot/npm_and_yarn/eslint-8.25.0</li>
<li><a
href="c36e056867"><code>c36e056</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/552">#552</a>
from kasperg/patch-1</li>
<li><a
href="ba0113b2fc"><code>ba0113b</code></a>
Bump Node version from 12 to 16</li>
<li><a
href="1bdabdfc86"><code>1bdabdf</code></a>
build(deps-dev): bump eslint from 8.24.0 to 8.25.0</li>
<li>Additional commits viewable in <a
href="ca745e1891...d665c6beeb">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=arduino/setup-task&package-manager=github_actions&previous-version=1.0.1&new-version=1.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-12 19:04:36 -03:00
dependabot[bot]
7cd73510c0
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.15.0 to 4.15.1 (#3450) 
Bumps
[stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action)
from 4.15.0 to 4.15.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.15.1</h2>
<h2>Fixed</h2>
<ul>
<li>Run Action on Node16 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/247">#247</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.1...HEAD">Unreleased</a></h2>
<blockquote>
<p>TBD</p>
</blockquote>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.0...v4.15.1">v4.15.1</a>
- 2022-10-10</h2>
<h3>Fixed</h3>
<ul>
<li>Run Action on Node16 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/247">#247</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.1...v4.15.0">v4.15.0</a>
- 2022-09-24</h2>
<h3>Changed</h3>
<ul>
<li>Expand <code>file_pattern</code>-input to an array (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/205">#205</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>String values in README.md extended example are now correct (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/196">#196</a>)
<a
href="https://github.com/@karolswdev"><code>@​karolswdev</code></a></li>
<li>Fix Typos and grammer Errors in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/235">#235</a>)
<a
href="https://github.com/@derrickleemy"><code>@​derrickleemy</code></a></li>
<li>Fix Typo in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/230">#230</a>)
<a href="https://github.com/@fty4"><code>@​fty4</code></a></li>
<li>Add missing links in the CHANGELOG (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/223">#223</a>)
<a
href="https://github.com/@ericcornelissen"><code>@​ericcornelissen</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.0...v4.14.1">v4.14.1</a>
- 2022-04-12</h2>
<h2>Changed</h2>
<ul>
<li>Change Commit User Name from &quot;GitHub Actions&quot; to
&quot;github-actions[bot]&quot; (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
<li>Change Commit User Email from &quot;<a
href="mailto:actions@github.com">actions@github.com</a>&quot; to
&quot;github-actions[bot]<a
href="https://github.com/users"><code>@​users</code></a>.noreply.github.com&quot;
(<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>Update doc link to GITHUB_TOKEN not triggering new workflow runs (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/206">#206</a>)
<a href="https://github.com/gapple"><code>@​gapple</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.13.1...v4.14.0">v4.14.0</a>
- 2022-03-18</h2>
<h2>Added</h2>
<ul>
<li>Add <code>create_branch</code> option to force create a new branch
(<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/203">#203</a>)
<a
href="https://github.com/stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>README.md: Updates hyperlink to GH docs (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/200">#200</a>)
<a
href="https://github.com/funkyfuture"><code>@​funkyfuture</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fd157da78f"><code>fd157da</code></a>
Run Action on Node16 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/247">#247</a>)</li>
<li><a
href="b208f78c10"><code>b208f78</code></a>
Test that CRLF changes are not picked up</li>
<li><a
href="cef08f2918"><code>cef08f2</code></a>
Update CHANGELOG</li>
<li>See full diff in <a
href="6c32682a40...fd157da78f">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stefanzweifel/git-auto-commit-action&package-manager=github_actions&previous-version=4.15.0&new-version=4.15.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-11 09:54:34 -03:00
dependabot[bot]
dffc068b47
chore(deps): bump github/codeql-action from 2.1.26 to 2.1.27 (#3445) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.26 to 2.1.27.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.27 - 06 Oct 2022</h2>
<ul>
<li>We are rolling out a feature of the CodeQL Action in October 2022
that changes the way that Go code is analyzed to be more consistent with
other compiled languages like C/C++, C#, and Java. You do not need to
alter your code scanning workflows. If you encounter any problems,
please <a href="https://github.com/github/codeql-action/issues">file an
issue</a> or open a private ticket with GitHub Support and request an
escalation to engineering.</li>
</ul>
<h2>2.1.26 - 29 Sep 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li>
</ul>
<h2>2.1.25 - 21 Sep 2022</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
<li>Add support for Python automatic dependency installation with Poetry
1.2 <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.23 - 14 Sep 2022</h2>
<ul>
<li>Allow CodeQL packs to be downloaded from GitHub Enterprise Server
instances, using the new <code>registries</code> input for the
<code>init</code> action. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1221">#1221</a></li>
<li>Update default CodeQL bundle version to 2.10.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1240">#1240</a></li>
</ul>
<h2>2.1.22 - 01 Sep 2022</h2>
<ul>
<li>Downloading CodeQL packs has been moved to the <code>init</code>
step. Previously, CodeQL packs were downloaded during the
<code>analyze</code> step. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li>
<li>Update default CodeQL bundle version to 2.10.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li>
<li>The newly released <a
href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry
1.2</a> is not yet supported. In the most common case where the CodeQL
Action is automatically installing Python dependencies, it will continue
to install and use Poetry 1.1 on its own. However, in certain cases such
as with self-hosted runners, you may need to ensure Poetry 1.1 is
installed yourself.</li>
</ul>
<h2>2.1.21 - 25 Aug 2022</h2>
<ul>
<li>Improve error messages when the code scanning configuration file
includes an invalid <code>queries</code> block or an invalid
<code>query-filters</code> block. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li>
<li>Fix a bug where Go build tracing could fail on Windows. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li>
</ul>
<h2>2.1.20 - 22 Aug 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.19 - 17 Aug 2022</h2>
<ul>
<li>Add the ability to filter queries from a code scanning run by using
the <code>query-filters</code> option in the code scanning configuration
file. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1098">#1098</a></li>
<li>In debug mode, debug artifacts are now uploaded even if a step in
the Actions workflow fails. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1159">#1159</a></li>
<li>Update default CodeQL bundle version to 2.10.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1178">#1178</a></li>
<li>The combination of python2 and Pipenv is no longer supported. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1181">#1181</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="807578363a"><code>8075783</code></a>
Merge main into releases/v2 (<a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1287">#1287</a>)</li>
<li>See full diff in <a
href="e0e5ded33c...807578363a">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.26&new-version=2.1.27)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-10 14:51:49 -03:00
dependabot[bot]
1317be8a7d
chore(deps): bump sigstore/cosign-installer from 2.7.0 to 2.8.0 (#3448) 
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 2.7.0 to 2.8.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v2.8.0</h2>
<h2>What's Changed</h2>
<ul>
<li>bump cosign to v1.13.0 by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/95">sigstore/cosign-installer#95</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v2.7.0...v2.8.0">https://github.com/sigstore/cosign-installer/compare/v2.7.0...v2.8.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7cc35d7fdb"><code>7cc35d7</code></a>
bump cosign to v1.13.0 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/95">#95</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v2.7.0...v2.8.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=2.7.0&new-version=2.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-10 14:50:18 -03:00
Carlos Alexandro Becker
b4159f6377
feat(deps): go 1.19.2 (#3443) 
latest security fixes

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-10-05 21:24:45 -03:00
Carlos A Becker
04162b50fe
chore: always build on main 2022-10-05 10:50:29 -03:00
Carlos A Becker
7c42c807e5
chore: fix fig workflow name 2022-10-05 09:40:12 -03:00
dependabot[bot]
f8da439130
chore(deps): bump actions/checkout from 3.0.2 to 3.1.0 (#3441) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.2
to 3.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v3.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Inject GitHub host to be able to clone from another GitHub instance
by <a
href="https://github.com/peter-murray"><code>@​peter-murray</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/922">actions/checkout#922</a></li>
<li>Bump <code>@​actions/core</code> to 1.10.0 by <a
href="https://github.com/rentziass"><code>@​rentziass</code></a> in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/939">actions/checkout#939</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/peter-murray"><code>@​peter-murray</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/922">actions/checkout#922</a></li>
<li><a href="https://github.com/rentziass"><code>@​rentziass</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/939">actions/checkout#939</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v3.0.2...v3.1.0">https://github.com/actions/checkout/compare/v3.0.2...v3.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v3.1.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/939">Use
<code>@​actions/core</code> <code>saveState</code> and
<code>getState</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/922">Add
<code>github-server-url</code> input</a></li>
</ul>
<h2>v3.0.2</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/770">Add
input <code>set-safe-directory</code></a></li>
</ul>
<h2>v3.0.1</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/762">Fixed
an issue where checkout failed to run in container jobs due to the new
git setting <code>safe.directory</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/744">Bumped
various npm package versions</a></li>
</ul>
<h2>v3.0.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/689">Update
to node 16</a></li>
</ul>
<h2>v2.3.1</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/284">Fix
default branch resolution for .wiki and when using SSH</a></li>
</ul>
<h2>v2.3.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/278">Fallback
to the default branch</a></li>
</ul>
<h2>v2.2.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/258">Fetch
all history for all tags and branches when fetch-depth=0</a></li>
</ul>
<h2>v2.1.1</h2>
<ul>
<li>Changes to support GHES (<a
href="https://github-redirect.dependabot.com/actions/checkout/pull/236">here</a>
and <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/248">here</a>)</li>
</ul>
<h2>v2.1.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/191">Group
output</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/199">Changes
to support GHES alpha release</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/184">Persist
core.sshCommand for submodules</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/163">Add
support ssh</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/179">Convert
submodule SSH URL to HTTPS, when not using SSH</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/157">Add
submodule support</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/144">Follow
proxy settings</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/141">Fix
ref for pr closed event when a pr is merged</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/128">Fix
issue checking detached when git less than 2.22</a></li>
</ul>
<h2>v2.0.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/108">Do
not pass cred on command line</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/107">Add
input persist-credentials</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/104">Fallback
to REST API to download repo</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="93ea575cb5"><code>93ea575</code></a>
Prepare release v3.1.0 (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/940">#940</a>)</li>
<li><a
href="6a84743051"><code>6a84743</code></a>
Bump <code>@​actions/core</code> to 1.10.0 (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/939">#939</a>)</li>
<li><a
href="e6d535c99c"><code>e6d535c</code></a>
Inject GitHub host to be able to clone from another GitHub instance (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/922">#922</a>)</li>
<li>See full diff in <a
href="2541b1294d...93ea575cb5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.0.2&new-version=3.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-05 09:38:34 -03:00
Carlos Alexandro Becker
bb6c53eeda
feat: fig integration (#3437) 
closes #3328

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-10-05 09:33:39 -03:00
Carlos A Becker
e89e2135bd
chore: generate should use go cache 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-10-04 22:05:49 -03:00
dependabot[bot]
6e90e7edba
chore(deps): bump actions/github-script from 6.3.0 to 6.3.1 (#3429) 
Bumps [actions/github-script](https://github.com/actions/github-script)
from 6.3.0 to 6.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v6.3.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix overriding request options from <code>@​actions/github</code> by
<a
href="https://github.com/luketomlinson"><code>@​luketomlinson</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/293">actions/github-script#293</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v6.3.0...v6.3.1">https://github.com/actions/github-script/compare/v6.3.0...v6.3.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7dff1a8764"><code>7dff1a8</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/293">#293</a>
from luketomlinson/main</li>
<li><a
href="8445ca871a"><code>8445ca8</code></a>
Fix overriding request options from <code>@​actions/github</code></li>
<li>See full diff in <a
href="d4560e1570...7dff1a8764">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=6.3.0&new-version=6.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-04 09:27:16 -03:00
dependabot[bot]
c29971bddb
chore(deps): bump actions/cache from 3.0.9 to 3.0.10 (#3433) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.9 to
3.0.10.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.10</h2>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for <code>restore-keys</code> in README.md</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MIN</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="56461b9eb0"><code>56461b9</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/931">#931</a>
from ELHoussineT/patch-1</li>
<li><a
href="f85d12c3b2"><code>f85d12c</code></a>
Merge branch 'main' into patch-1</li>
<li><a
href="98044e486f"><code>98044e4</code></a>
Update README.md</li>
<li><a
href="edc49897ec"><code>edc4989</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/942">#942</a>
from actions/vsvipul/fix-sort</li>
<li><a
href="68d96986b5"><code>68d9698</code></a>
Remove sort logic from inputs</li>
<li><a
href="3238536a48"><code>3238536</code></a>
Update README.md</li>
<li>See full diff in <a
href="ac8075791e...56461b9eb0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.0.9&new-version=3.0.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-04 09:24:28 -03:00
dependabot[bot]
501a677d90
chore(deps): bump github/codeql-action from 2.1.25 to 2.1.26 (#3417) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.25 to 2.1.26.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.26 - 29 Sep 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li>
</ul>
<h2>2.1.25 - 21 Sep 2022</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
<li>Add support for Python automatic dependency installation with Poetry
1.2 <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.23 - 14 Sep 2022</h2>
<ul>
<li>Allow CodeQL packs to be downloaded from GitHub Enterprise Server
instances, using the new <code>registries</code> input for the
<code>init</code> action. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1221">#1221</a></li>
<li>Update default CodeQL bundle version to 2.10.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1240">#1240</a></li>
</ul>
<h2>2.1.22 - 01 Sep 2022</h2>
<ul>
<li>Downloading CodeQL packs has been moved to the <code>init</code>
step. Previously, CodeQL packs were downloaded during the
<code>analyze</code> step. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li>
<li>Update default CodeQL bundle version to 2.10.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li>
<li>The newly released <a
href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry
1.2</a> is not yet supported. In the most common case where the CodeQL
Action is automatically installing Python dependencies, it will continue
to install and use Poetry 1.1 on its own. However, in certain cases such
as with self-hosted runners, you may need to ensure Poetry 1.1 is
installed yourself.</li>
</ul>
<h2>2.1.21 - 25 Aug 2022</h2>
<ul>
<li>Improve error messages when the code scanning configuration file
includes an invalid <code>queries</code> block or an invalid
<code>query-filters</code> block. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li>
<li>Fix a bug where Go build tracing could fail on Windows. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li>
</ul>
<h2>2.1.20 - 22 Aug 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.19 - 17 Aug 2022</h2>
<ul>
<li>Add the ability to filter queries from a code scanning run by using
the <code>query-filters</code> option in the code scanning configuration
file. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1098">#1098</a></li>
<li>In debug mode, debug artifacts are now uploaded even if a step in
the Actions workflow fails. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1159">#1159</a></li>
<li>Update default CodeQL bundle version to 2.10.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1178">#1178</a></li>
<li>The combination of python2 and Pipenv is no longer supported. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1181">#1181</a></li>
</ul>
<h2>2.1.18 - 03 Aug 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.10.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1156">#1156</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e0e5ded33c"><code>e0e5ded</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1276">#1276</a>
from github/update-v2.1.26-97054749</li>
<li><a
href="c60b8543e6"><code>c60b854</code></a>
Update changelog for v2.1.26</li>
<li><a
href="97054749c9"><code>9705474</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1274">#1274</a>
from github/aeisenberg/update-checks-script</li>
<li><a
href="fb0f74784f"><code>fb0f747</code></a>
Update the checks script</li>
<li><a
href="3400e51bc8"><code>3400e51</code></a>
Add dotnet env variable to workflow (<a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1273">#1273</a>)</li>
<li><a
href="74740eef3d"><code>74740ee</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1270">#1270</a>
from github/aeisenberg/cli-config-feature-flag</li>
<li><a
href="1ec8ea99ee"><code>1ec8ea9</code></a>
Merge branch 'main' into aeisenberg/cli-config-feature-flag</li>
<li><a
href="2466f0ce2c"><code>2466f0c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1267">#1267</a>
from github/cklin/codeql-cli-2.11.0</li>
<li><a
href="a711c7623d"><code>a711c76</code></a>
Update default CodeQL version to 2.11.0</li>
<li><a
href="39064e0f9b"><code>39064e0</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1272">#1272</a>
from github/update-supported-enterprise-server-versions</li>
<li>Additional commits viewable in <a
href="86f3159a69...e0e5ded33c">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.25&new-version=2.1.26)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-30 09:47:36 -03:00
dependabot[bot]
16abdfd915
chore(deps): bump actions/cache from 3.0.8 to 3.0.9 (#3416) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.8 to
3.0.9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.9</h2>
<ul>
<li>Enhanced the warning message for cache unavailability in case of
GHES.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MIN</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ac8075791e"><code>ac80757</code></a>
Actions/cache release 3.0.9 (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/930">#930</a>)</li>
<li><a
href="0ff0597934"><code>0ff0597</code></a>
Update examples.md (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/920">#920</a>)</li>
<li><a
href="12681847c6"><code>1268184</code></a>
Update README.md (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/936">#936</a>)</li>
<li><a
href="1a78ace131"><code>1a78ace</code></a>
Updated the GHES warning message (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/925">#925</a>)</li>
<li><a
href="1bc650b06c"><code>1bc650b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/922">#922</a>
from actions/vsvipul/add-anurag</li>
<li><a
href="92e01f4797"><code>92e01f4</code></a>
Add anuragc617 to assignees</li>
<li><a
href="b195c997a4"><code>b195c99</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/912">#912</a>
from actions/pdotl/readme-update-1</li>
<li><a
href="9f98a2f01c"><code>9f98a2f</code></a>
Merge branch 'main' into pdotl/readme-update-1</li>
<li><a
href="471fb0c87e"><code>471fb0c</code></a>
Move workarounds to a different file</li>
<li><a
href="a213d1e898"><code>a213d1e</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/913">#913</a>
from actions/vsvipul-patch-2</li>
<li>Additional commits viewable in <a
href="fd5de65bc8...ac8075791e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.0.8&new-version=3.0.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-30 09:47:28 -03:00
Carlos A Becker
c006c9d208
chore: do not login on snapcraft on snapshots 2022-09-27 21:20:57 -03:00
Carlos A Becker
530764513f
chore: workflows being skipped when they shouldn't 2022-09-27 11:52:35 -03:00
dependabot[bot]
0edfbf02cb
chore(deps): bump actions/github-script from 6.2.0 to 6.3.0 (#3408) 
Bumps [actions/github-script](https://github.com/actions/github-script)
from 6.2.0 to 6.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v6.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add retry plugin and related options by <a
href="https://github.com/luketomlinson"><code>@​luketomlinson</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/288">actions/github-script#288</a>,
see <a
href="https://github.com/actions/github-script/tree/v6.3.0#retries">https://github.com/actions/github-script/tree/v6.3.0#retries</a>
for more information.</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/luketomlinson"><code>@​luketomlinson</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/288">actions/github-script#288</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v6.2.0...v6.3.0">https://github.com/actions/github-script/compare/v6.2.0...v6.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d4560e1570"><code>d4560e1</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/288">#288</a>
from luketomlinson/main</li>
<li><a
href="d742690307"><code>d742690</code></a>
6.3.0</li>
<li><a
href="ac0c7cb50b"><code>ac0c7cb</code></a>
Core.debug</li>
<li><a
href="eb0f407f1a"><code>eb0f407</code></a>
Whitespace</li>
<li><a
href="6b09a22cca"><code>6b09a22</code></a>
cleanup quotes</li>
<li><a
href="e7dbaf0565"><code>e7dbaf0</code></a>
update action.yml</li>
<li><a
href="3faaff918c"><code>3faaff9</code></a>
PR feedback</li>
<li><a
href="3cca041b86"><code>3cca041</code></a>
Fix http-client license</li>
<li><a
href="55053af80a"><code>55053af</code></a>
Update licenses</li>
<li><a
href="977060a05e"><code>977060a</code></a>
Add more info to action.yml</li>
<li>Additional commits viewable in <a
href="c713e510db...d4560e1570">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=6.2.0&new-version=6.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-27 10:58:22 -03:00
Carlos A Becker
20ead77da7
chore: gitleaks only when license present 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-09-27 10:57:08 -03:00
Carlos A Becker
32285bab55
chore: do not run gitleaks on dependabot prs 2022-09-27 10:54:05 -03:00
Carlos A Becker
0a3a76c09e
chore: do not run gitleaks on dependabot prs 2022-09-27 10:21:40 -03:00
dependabot[bot]
ee62a8ec00
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.14.1 to 4.15.0 (#3405) 
Bumps
[stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action)
from 4.14.1 to 4.15.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.15.0</h2>
<h2>Changed</h2>
<ul>
<li>Expand <code>file_pattern</code>-input to an array (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/205">#205</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>String values in README.md extended example are now correct (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/196">#196</a>)
<a
href="https://github.com/@karolswdev"><code>@​karolswdev</code></a></li>
<li>Fix Typos and grammer Errors in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/235">#235</a>)
<a
href="https://github.com/@derrickleemy"><code>@​derrickleemy</code></a></li>
<li>Fix Typo in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/230">#230</a>)
<a href="https://github.com/@fty4"><code>@​fty4</code></a></li>
<li>Add missing links in the CHANGELOG (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/223">#223</a>)
<a
href="https://github.com/@ericcornelissen"><code>@​ericcornelissen</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.0...HEAD">Unreleased</a></h2>
<blockquote>
<p>TBD</p>
</blockquote>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.1...v4.15.0">v4.15.0</a>
- 2022-09-24</h2>
<h3>Changed</h3>
<ul>
<li>Expand <code>file_pattern</code>-input to an array (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/205">#205</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>String values in README.md extended example are now correct (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/196">#196</a>)
<a
href="https://github.com/@karolswdev"><code>@​karolswdev</code></a></li>
<li>Fix Typos and grammer Errors in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/235">#235</a>)
<a
href="https://github.com/@derrickleemy"><code>@​derrickleemy</code></a></li>
<li>Fix Typo in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/230">#230</a>)
<a href="https://github.com/@fty4"><code>@​fty4</code></a></li>
<li>Add missing links in the CHANGELOG (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/223">#223</a>)
<a
href="https://github.com/@ericcornelissen"><code>@​ericcornelissen</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.0...v4.14.1">v4.14.1</a>
- 2022-04-12</h2>
<h2>Changed</h2>
<ul>
<li>Change Commit User Name from &quot;GitHub Actions&quot; to
&quot;github-actions[bot]&quot; (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
<li>Change Commit User Email from &quot;<a
href="mailto:actions@github.com">actions@github.com</a>&quot; to
&quot;github-actions[bot]<a
href="https://github.com/users"><code>@​users</code></a>.noreply.github.com&quot;
(<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>Update doc link to GITHUB_TOKEN not triggering new workflow runs (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/206">#206</a>)
<a href="https://github.com/gapple"><code>@​gapple</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.13.1...v4.14.0">v4.14.0</a>
- 2022-03-18</h2>
<h2>Added</h2>
<ul>
<li>Add <code>create_branch</code> option to force create a new branch
(<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/203">#203</a>)
<a
href="https://github.com/stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>README.md: Updates hyperlink to GH docs (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/200">#200</a>)
<a
href="https://github.com/funkyfuture"><code>@​funkyfuture</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.13.0...v4.13.1">v4.13.1</a>
- 2022-01-13</h2>
<h2>Fixed</h2>
<ul>
<li>Properly disambiguate between branch or file checkout (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/199">#199</a>)
<a
href="https://github.com/kenodegard"><code>@​kenodegard</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6c32682a40"><code>6c32682</code></a>
Add bug label to new issues</li>
<li><a
href="a4a482b6c5"><code>a4a482b</code></a>
Update Issue Templates</li>
<li><a
href="18870f2286"><code>18870f2</code></a>
Add note about line break detection</li>
<li><a
href="52eb0eedc8"><code>52eb0ee</code></a>
Update README</li>
<li><a
href="03246c1cee"><code>03246c1</code></a>
Changed the extended example to correctly use quotes for strings (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/196">#196</a>)</li>
<li><a
href="4d00f10668"><code>4d00f10</code></a>
Expand <code>file_pattern</code>-input to an array (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/205">#205</a>)</li>
<li><a
href="4e7c0d67cd"><code>4e7c0d6</code></a>
Assert throws error when force adding ignored files</li>
<li><a
href="dce7e85096"><code>dce7e85</code></a>
Add Tests to Cover <a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/233">#233</a></li>
<li><a
href="9262405709"><code>9262405</code></a>
Fix Typo in Test</li>
<li><a
href="32807d4f18"><code>32807d4</code></a>
Upgrade Bats</li>
<li>Additional commits viewable in <a
href="49620cd3ed...6c32682a40">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stefanzweifel/git-auto-commit-action&package-manager=github_actions&previous-version=4.14.1&new-version=4.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-26 10:24:48 -03:00
dependabot[bot]
fd8cc43ef3
chore(deps): bump sigstore/cosign-installer from 2.6.0 to 2.7.0 (#3404) 
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 2.6.0 to 2.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v2.7.0</h2>
<h2>What's Changed</h2>
<ul>
<li>bump cosign to v1.12.1 by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/94">sigstore/cosign-installer#94</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v2...v2.7.0">https://github.com/sigstore/cosign-installer/compare/v2...v2.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ced07f21fb"><code>ced07f2</code></a>
bump cosign to v1.12.1 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/94">#94</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v2.6.0...v2.7.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=2.6.0&new-version=2.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-26 10:24:30 -03:00
Carlos A Becker
6aa3f5a724
chore: minor workflows improvements 2022-09-22 16:00:05 -03:00
dependabot[bot]
14884f52c9
chore(deps): bump github/codeql-action from 2.1.24 to 2.1.25 (#3394) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.24 to 2.1.25.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.25 - 21 Sep 2022</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
<li>Add support for Python automatic dependency installation with Poetry
1.2 <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.23 - 14 Sep 2022</h2>
<ul>
<li>Allow CodeQL packs to be downloaded from GitHub Enterprise Server
instances, using the new <code>registries</code> input for the
<code>init</code> action. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1221">#1221</a></li>
<li>Update default CodeQL bundle version to 2.10.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1240">#1240</a></li>
</ul>
<h2>2.1.22 - 01 Sep 2022</h2>
<ul>
<li>Downloading CodeQL packs has been moved to the <code>init</code>
step. Previously, CodeQL packs were downloaded during the
<code>analyze</code> step. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li>
<li>Update default CodeQL bundle version to 2.10.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li>
<li>The newly released <a
href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry
1.2</a> is not yet supported. In the most common case where the CodeQL
Action is automatically installing Python dependencies, it will continue
to install and use Poetry 1.1 on its own. However, in certain cases such
as with self-hosted runners, you may need to ensure Poetry 1.1 is
installed yourself.</li>
</ul>
<h2>2.1.21 - 25 Aug 2022</h2>
<ul>
<li>Improve error messages when the code scanning configuration file
includes an invalid <code>queries</code> block or an invalid
<code>query-filters</code> block. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li>
<li>Fix a bug where Go build tracing could fail on Windows. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li>
</ul>
<h2>2.1.20 - 22 Aug 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.19 - 17 Aug 2022</h2>
<ul>
<li>Add the ability to filter queries from a code scanning run by using
the <code>query-filters</code> option in the code scanning configuration
file. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1098">#1098</a></li>
<li>In debug mode, debug artifacts are now uploaded even if a step in
the Actions workflow fails. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1159">#1159</a></li>
<li>Update default CodeQL bundle version to 2.10.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1178">#1178</a></li>
<li>The combination of python2 and Pipenv is no longer supported. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1181">#1181</a></li>
</ul>
<h2>2.1.18 - 03 Aug 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.10.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1156">#1156</a></li>
</ul>
<h2>2.1.17 - 28 Jul 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.10.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1143">#1143</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="86f3159a69"><code>86f3159</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1261">#1261</a>
from github/update-v2.1.25-ff5ca122</li>
<li><a
href="d1e2e02bee"><code>d1e2e02</code></a>
Update changelog for v2.1.25</li>
<li><a
href="ff5ca122ed"><code>ff5ca12</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1257">#1257</a>
from github/rasmuswl/fix-ubuntu22.04-venv-creation</li>
<li><a
href="32ca2cf500"><code>32ca2cf</code></a>
Apply suggestions from code review</li>
<li><a
href="b2fc1e178e"><code>b2fc1e1</code></a>
python-setup: Disable python2 tests on ubuntu-22.04</li>
<li><a
href="8a893ddf18"><code>8a893dd</code></a>
python-setup: Flush even more</li>
<li><a
href="93ba53f2de"><code>93ba53f</code></a>
add missing spaces</li>
<li><a
href="1fa5d72846"><code>1fa5d72</code></a>
python-setup: Fail early if installing for Python 2, and
<code>python2</code> not available</li>
<li><a
href="417059fdb2"><code>417059f</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1258">#1258</a>
from github/rasmuswl/poetry-v1.2</li>
<li><a
href="ca8a78d5f3"><code>ca8a78d</code></a>
python-setup: flush at the end of <code>_check_call</code></li>
<li>Additional commits viewable in <a
href="904260d7d9...86f3159a69">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.24&new-version=2.1.25)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-22 10:03:52 -03:00
dependabot[bot]
326b588ece
chore(deps): bump codecov/codecov-action from 3.1.0 to 3.1.1 (#3390) 
Bumps
[codecov/codecov-action](https://github.com/codecov/codecov-action) from
3.1.0 to 3.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's
releases</a>.</em></p>
<blockquote>
<h2>3.1.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update deprecation warning by <a
href="https://github.com/slifty"><code>@​slifty</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/661">codecov/codecov-action#661</a></li>
<li>Create codeql-analysis.yml by <a
href="https://github.com/mitchell-codecov"><code>@​mitchell-codecov</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/593">codecov/codecov-action#593</a></li>
<li>build(deps): bump node-fetch from 3.2.3 to 3.2.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/714">codecov/codecov-action#714</a></li>
<li>build(deps-dev): bump typescript from 4.6.3 to 4.6.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/713">codecov/codecov-action#713</a></li>
<li>README: fix typo by <a
href="https://github.com/Evalir"><code>@​Evalir</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/712">codecov/codecov-action#712</a></li>
<li>build(deps): bump github/codeql-action from 1 to 2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/724">codecov/codecov-action#724</a></li>
<li>build(deps-dev): bump <code>@​types/jest</code> from 27.4.1 to
27.5.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/717">codecov/codecov-action#717</a></li>
<li>fix: Remove a blank row by <a
href="https://github.com/johnmanjiro13"><code>@​johnmanjiro13</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/725">codecov/codecov-action#725</a></li>
<li>Update README.md with correct badge version by <a
href="https://github.com/gsheni"><code>@​gsheni</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/726">codecov/codecov-action#726</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 17.0.25 to
17.0.33 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/729">codecov/codecov-action#729</a></li>
<li>build(deps-dev): downgrade <code>@​types/node</code> to 16.11.35 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/734">codecov/codecov-action#734</a></li>
<li>build(deps): bump actions/checkout from 2 to 3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/723">codecov/codecov-action#723</a></li>
<li>build(deps): bump <code>@​actions/github</code> from 5.0.1 to 5.0.3
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/733">codecov/codecov-action#733</a></li>
<li>build(deps): bump <code>@​actions/core</code> from 1.6.0 to 1.8.2 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/732">codecov/codecov-action#732</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 16.11.35 to
16.11.36 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/737">codecov/codecov-action#737</a></li>
<li>Create scorecards-analysis.yml by <a
href="https://github.com/mitchell-codecov"><code>@​mitchell-codecov</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/633">codecov/codecov-action#633</a></li>
<li>build(deps): bump ossf/scorecard-action from 1.0.1 to 1.1.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/749">codecov/codecov-action#749</a></li>
<li>fix: add more verbosity to validation by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/747">codecov/codecov-action#747</a></li>
<li>build(deps-dev): bump typescript from 4.6.4 to 4.7.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/755">codecov/codecov-action#755</a></li>
<li>Regenerate scorecards-analysis.yml by <a
href="https://github.com/mitchell-codecov"><code>@​mitchell-codecov</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/750">codecov/codecov-action#750</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 16.11.36 to
16.11.39 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/759">codecov/codecov-action#759</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 16.11.39 to
16.11.40 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/762">codecov/codecov-action#762</a></li>
<li>build(deps-dev): bump <code>@​vercel/ncc</code> from 0.33.4 to
0.34.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/746">codecov/codecov-action#746</a></li>
<li>build(deps): bump ossf/scorecard-action from 1.1.0 to 1.1.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/757">codecov/codecov-action#757</a></li>
<li>build(deps): bump openpgp from 5.2.1 to 5.3.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/760">codecov/codecov-action#760</a></li>
<li>build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/748">codecov/codecov-action#748</a></li>
<li>build(deps-dev): bump typescript from 4.7.3 to 4.7.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/766">codecov/codecov-action#766</a></li>
<li>Switch to v3 by <a
href="https://github.com/thomasrockhu"><code>@​thomasrockhu</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/774">codecov/codecov-action#774</a></li>
<li>Fix <code>network</code> entry in table by <a
href="https://github.com/kevmoo"><code>@​kevmoo</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/783">codecov/codecov-action#783</a></li>
<li>Trim arguments after splitting them by <a
href="https://github.com/mitchell-codecov"><code>@​mitchell-codecov</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/791">codecov/codecov-action#791</a></li>
<li>build(deps): bump openpgp from 5.3.0 to 5.4.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/799">codecov/codecov-action#799</a></li>
<li>build(deps): bump <code>@​actions/core</code> from 1.8.2 to 1.9.1 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/798">codecov/codecov-action#798</a></li>
<li>Plumb failCi into verification function. by <a
href="https://github.com/RobbieMcKinstry"><code>@​RobbieMcKinstry</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/769">codecov/codecov-action#769</a></li>
<li>release: update changelog and version to 3.1.1 by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/828">codecov/codecov-action#828</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/slifty"><code>@​slifty</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/661">codecov/codecov-action#661</a></li>
<li><a href="https://github.com/Evalir"><code>@​Evalir</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/712">codecov/codecov-action#712</a></li>
<li><a
href="https://github.com/johnmanjiro13"><code>@​johnmanjiro13</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/725">codecov/codecov-action#725</a></li>
<li><a href="https://github.com/gsheni"><code>@​gsheni</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/726">codecov/codecov-action#726</a></li>
<li><a href="https://github.com/kevmoo"><code>@​kevmoo</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/783">codecov/codecov-action#783</a></li>
<li><a
href="https://github.com/RobbieMcKinstry"><code>@​RobbieMcKinstry</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/769">codecov/codecov-action#769</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v3.1.0...v3.1.1">https://github.com/codecov/codecov-action/compare/v3.1.0...v3.1.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md">codecov/codecov-action's
changelog</a>.</em></p>
<blockquote>
<h2>3.1.1</h2>
<h3>Fixes</h3>
<ul>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/661">#661</a>
Update deprecation warning</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/593">#593</a>
Create codeql-analysis.yml</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/712">#712</a>
README: fix typo</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/725">#725</a>
fix: Remove a blank row</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/726">#726</a>
Update README.md with correct badge version</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/633">#633</a>
Create scorecards-analysis.yml</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/747">#747</a>
fix: add more verbosity to validation</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/750">#750</a>
Regenerate scorecards-analysis.yml</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/774">#774</a>
Switch to v3</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/783">#783</a>
Fix network entry in table</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/791">#791</a>
Trim arguments after splitting them</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/769">#769</a>
Plumb failCi into verification function.</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/713">#713</a>
build(deps-dev): bump typescript from 4.6.3 to 4.6.4</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/714">#714</a>
build(deps): bump node-fetch from 3.2.3 to 3.2.4</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/724">#724</a>
build(deps): bump github/codeql-action from 1 to 2</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/717">#717</a>
build(deps-dev): bump <code>@​types/jest</code> from 27.4.1 to
27.5.0</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/729">#729</a>
build(deps-dev): bump <code>@​types/node</code> from 17.0.25 to
17.0.33</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/734">#734</a>
build(deps-dev): downgrade <code>@​types/node</code> to 16.11.35</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/723">#723</a>
build(deps): bump actions/checkout from 2 to 3</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/733">#733</a>
build(deps): bump <code>@​actions/github</code> from 5.0.1 to 5.0.3</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/732">#732</a>
build(deps): bump <code>@​actions/core</code> from 1.6.0 to 1.8.2</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/737">#737</a>
build(deps-dev): bump <code>@​types/node</code> from 16.11.35 to
16.11.36</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/749">#749</a>
build(deps): bump ossf/scorecard-action from 1.0.1 to 1.1.0</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/755">#755</a>
build(deps-dev): bump typescript from 4.6.4 to 4.7.3</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/759">#759</a>
build(deps-dev): bump <code>@​types/node</code> from 16.11.36 to
16.11.39</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/762">#762</a>
build(deps-dev): bump <code>@​types/node</code> from 16.11.39 to
16.11.40</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/746">#746</a>
build(deps-dev): bump <code>@​vercel/ncc</code> from 0.33.4 to
0.34.0</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/757">#757</a>
build(deps): bump ossf/scorecard-action from 1.1.0 to 1.1.1</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/760">#760</a>
build(deps): bump openpgp from 5.2.1 to 5.3.0</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/748">#748</a>
build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/766">#766</a>
build(deps-dev): bump typescript from 4.7.3 to 4.7.4</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/799">#799</a>
build(deps): bump openpgp from 5.3.0 to 5.4.0</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/798">#798</a>
build(deps): bump <code>@​actions/core</code> from 1.8.2 to 1.9.1</li>
</ul>
<h2>3.1.0</h2>
<h3>Features</h3>
<ul>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/699">#699</a>
Incorporate <code>xcode</code> arguments for the Codecov uploader</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/694">#694</a>
build(deps-dev): bump <code>@​vercel/ncc</code> from 0.33.3 to
0.33.4</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/696">#696</a>
build(deps-dev): bump <code>@​types/node</code> from 17.0.23 to
17.0.25</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/698">#698</a>
build(deps-dev): bump jest-junit from 13.0.0 to 13.2.0</li>
</ul>
<h2>3.0.0</h2>
<h3>Breaking Changes</h3>
<ul>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/689">#689</a>
Bump to node16 and small fixes</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d9f34f8cd5"><code>d9f34f8</code></a>
release: update changelog and version to 3.1.1 (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/828">#828</a>)</li>
<li><a
href="0e9e7b4e8a"><code>0e9e7b4</code></a>
Plumb failCi into verification function. (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/769">#769</a>)</li>
<li><a
href="7f20bd4c41"><code>7f20bd4</code></a>
build(deps): bump <code>@​actions/core</code> from 1.8.2 to 1.9.1 (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/798">#798</a>)</li>
<li><a
href="13bc2536ab"><code>13bc253</code></a>
build(deps): bump openpgp from 5.3.0 to 5.4.0 (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/799">#799</a>)</li>
<li><a
href="5c0da1b28f"><code>5c0da1b</code></a>
Trim arguments after splitting them (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/791">#791</a>)</li>
<li><a
href="68d5f6d0be"><code>68d5f6d</code></a>
Fix <code>network</code> entry in table (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/783">#783</a>)</li>
<li><a
href="2a829b95de"><code>2a829b9</code></a>
Switch to v3 (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/774">#774</a>)</li>
<li><a
href="8e09eaf1b4"><code>8e09eaf</code></a>
build(deps-dev): bump typescript from 4.7.3 to 4.7.4 (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/766">#766</a>)</li>
<li><a
href="39e222921f"><code>39e2229</code></a>
build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0 (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/748">#748</a>)</li>
<li><a
href="b2b7703473"><code>b2b7703</code></a>
build(deps): bump openpgp from 5.2.1 to 5.3.0 (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/760">#760</a>)</li>
<li>Additional commits viewable in <a
href="81cd2dc814...d9f34f8cd5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=3.1.0&new-version=3.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-20 10:15:30 -03:00
Carlos Alexandro Becker
445f2e730d
chore: avoid running actions when not needed/possible (#3389) 
- only run the build action when actual go files changed
- only run some actions on the main fork to avoid errors
 2022-09-19 23:48:20 -03:00
dependabot[bot]
b59920c54d
chore(deps): bump github/codeql-action from 2.1.23 to 2.1.24 (#3387) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.23 to 2.1.24.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.23 - 14 Sep 2022</h2>
<ul>
<li>Allow CodeQL packs to be downloaded from GitHub Enterprise Server
instances, using the new <code>registries</code> input for the
<code>init</code> action. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1221">#1221</a></li>
<li>Update default CodeQL bundle version to 2.10.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1240">#1240</a></li>
</ul>
<h2>2.1.22 - 01 Sep 2022</h2>
<ul>
<li>Downloading CodeQL packs has been moved to the <code>init</code>
step. Previously, CodeQL packs were downloaded during the
<code>analyze</code> step. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li>
<li>Update default CodeQL bundle version to 2.10.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li>
<li>The newly released <a
href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry
1.2</a> is not yet supported. In the most common case where the CodeQL
Action is automatically installing Python dependencies, it will continue
to install and use Poetry 1.1 on its own. However, in certain cases such
as with self-hosted runners, you may need to ensure Poetry 1.1 is
installed yourself.</li>
</ul>
<h2>2.1.21 - 25 Aug 2022</h2>
<ul>
<li>Improve error messages when the code scanning configuration file
includes an invalid <code>queries</code> block or an invalid
<code>query-filters</code> block. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li>
<li>Fix a bug where Go build tracing could fail on Windows. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li>
</ul>
<h2>2.1.20 - 22 Aug 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.19 - 17 Aug 2022</h2>
<ul>
<li>Add the ability to filter queries from a code scanning run by using
the <code>query-filters</code> option in the code scanning configuration
file. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1098">#1098</a></li>
<li>In debug mode, debug artifacts are now uploaded even if a step in
the Actions workflow fails. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1159">#1159</a></li>
<li>Update default CodeQL bundle version to 2.10.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1178">#1178</a></li>
<li>The combination of python2 and Pipenv is no longer supported. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1181">#1181</a></li>
</ul>
<h2>2.1.18 - 03 Aug 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.10.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1156">#1156</a></li>
</ul>
<h2>2.1.17 - 28 Jul 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.10.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1143">#1143</a></li>
</ul>
<h2>2.1.16 - 13 Jul 2022</h2>
<ul>
<li>You can now quickly debug a job that uses the CodeQL Action by
re-running the job from the GitHub UI and selecting the &quot;Enable
debug logging&quot; option. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1132">#1132</a></li>
<li>You can now see diagnostic messages produced by the analysis in the
logs of the <code>analyze</code> Action by enabling debug mode. To
enable debug mode, pass <code>debug: true</code> to the
<code>init</code> Action, or <a
href="https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging">enable
step debug logging</a>. This feature is available for CodeQL CLI version
2.10.0 and later. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1133">#1133</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="904260d7d9"><code>904260d</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1250">#1250</a>
from github/update-v2.1.24-34aa5a55</li>
<li><a
href="21c716dd69"><code>21c716d</code></a>
Update changelog for v2.1.24</li>
<li><a
href="34aa5a554b"><code>34aa5a5</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1242">#1242</a>
from github/henrymercer/go-more-backwards-compat</li>
<li><a
href="9207340122"><code>9207340</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1239">#1239</a>
from github/dependabot/npm_and_yarn/uuid-9.0.0</li>
<li><a
href="fefa6f57a4"><code>fefa6f5</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1247">#1247</a>
from github/mergeback/v2.1.23-to-main-6a38b7d4</li>
<li><a
href="e6ad3e0b35"><code>e6ad3e0</code></a>
Update checked-in dependencies</li>
<li><a
href="f84e389feb"><code>f84e389</code></a>
Update changelog and version after v2.1.23</li>
<li><a
href="f32e161cdd"><code>f32e161</code></a>
Improve warning when using autobuild with multi-language builds</li>
<li><a
href="4cc95769d4"><code>4cc9576</code></a>
Improve variable name</li>
<li><a
href="bde5694fb7"><code>bde5694</code></a>
Comment why we don't run multiple autobuilders for other languages</li>
<li>Additional commits viewable in <a
href="6a38b7d4a1...904260d7d9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.23&new-version=2.1.24)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-19 10:28:08 -03:00
Carlos Alexandro Becker
d19ff6eb1e
chore: splitting workflows (#3386) 
split build & release workflows

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-09-18 21:31:33 -03:00
dependabot[bot]
72fad7678b
chore(deps): bump github/codeql-action from 2.1.22 to 2.1.23 (#3382) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.22 to 2.1.23.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6a38b7d4a1"><code>6a38b7d</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1246">#1246</a>
from github/update-v2.1.23-fd4dc5bf</li>
<li><a
href="99d0a6bc15"><code>99d0a6b</code></a>
Update changelog for v2.1.23</li>
<li><a
href="fd4dc5bf31"><code>fd4dc5b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1244">#1244</a>
from github/criemen/remove-lua-tracer-ff</li>
<li><a
href="c2560331fc"><code>c256033</code></a>
Fix runner integration test.</li>
<li><a
href="0a38743d1a"><code>0a38743</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1240">#1240</a>
from github/henrymercer/2.10.5-bump</li>
<li><a
href="3038e979a8"><code>3038e97</code></a>
Remove the lua tracer feature flag check from the codeql-action.</li>
<li><a
href="ff575f231d"><code>ff575f2</code></a>
Add changelog note</li>
<li><a
href="4a8d26e2bd"><code>4a8d26e</code></a>
Bump CodeQL version to 2.10.5</li>
<li><a
href="9ba4d500aa"><code>9ba4d50</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1221">#1221</a>
from github/aeisenberg/ghes-pack-download</li>
<li><a
href="6085805a3a"><code>6085805</code></a>
Append <code>/</code> to end of registries url</li>
<li>Additional commits viewable in <a
href="b398f525a5...6a38b7d4a1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.22&new-version=2.1.23)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-16 23:35:17 -03:00
dependabot[bot]
f7efe9ca2b
chore(deps): bump sigstore/cosign-installer from 2.5.1 to 2.6.0 (#3368) 
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 2.5.1 to 2.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v2.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>update action to default cosign to v1.11.0 release by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/89">sigstore/cosign-installer#89</a></li>
<li>cleanup dependabot by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/90">sigstore/cosign-installer#90</a></li>
<li>default cosign to v1.11.1 by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/91">sigstore/cosign-installer#91</a></li>
<li>Bump actions/setup-go from 3.2.1 to 3.3.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/92">sigstore/cosign-installer#92</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v2.5.1...v2.6.0">https://github.com/sigstore/cosign-installer/compare/v2.5.1...v2.6.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f3c664df7a"><code>f3c664d</code></a>
Bump actions/setup-go from 3.2.1 to 3.3.0 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/92">#92</a>)</li>
<li><a
href="14d43345ff"><code>14d4334</code></a>
default cosign to v1.11.1 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/91">#91</a>)</li>
<li><a
href="8d0fee40fd"><code>8d0fee4</code></a>
cleanup dependabot (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/90">#90</a>)</li>
<li><a
href="716fc02719"><code>716fc02</code></a>
update action to default cosign to v1.11.0 release (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/89">#89</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v2.5.1...v2.6.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=2.5.1&new-version=2.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-12 09:36:39 -03:00
Carlos Alexandro Becker
8cb4eb1654
fix: ruleguard and semgrep scans and fixes (#3364) 
run semgrep-go ruleguard and semgrep scans

https://github.com/dgryski/semgrep-go

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-09-11 15:32:23 -03:00