Bumps golang from 1.20.2-alpine to 1.20.3-alpine.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
<!--
Hi, thanks for contributing!
Please make sure you read our CONTRIBUTING guide.
Also, add tests and the respective documentation changes as well.
-->
Currently Goreleaser uses `runtime.NumCPU()` as the default value if
`--parallelism` is not set.
However, this will get the number of CPUs on the host even when
Goreleaser is run in a container with a limit on the maximum number of
CPUs that can be used (typically in a Kubernetes pod).
Actually, `docker run --cpus=1 goreleaser/goreleaser --debug` shows
`parallelism: 4` on my machine.
This behavior causes CPU throttling, which increases execution time and,
in the worst case, terminates with an error.
I ran into this problem with Jenkins where the agent runs on pod
([Kubernetes plugin for
Jenkins](https://plugins.jenkins.io/kubernetes/)).
This commit introduces
[automaxprocs](https://github.com/uber-go/automaxprocs) to fix this
issue.
This library sets `GOMAXPROCS` to match Linux container CPU quota.
I have also looked for a library that can get CPU quota more directly,
but this seems to be the best I could find.
The reason it is set in a different notation from the automaxprocs
README is to prevent logs from being displayed
([comment](https://github.com/uber-go/automaxprocs/issues/18#issuecomment-511330567)).
I would have liked to write a test, but this change is dependent on the
number of CPUs in the execution environment, so I could not.
Instead, I wrote a Dockerfile for testing
```Dockerfile
FROM golang:1.20.2
WORKDIR /go/app
RUN sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b /usr/local/bin
COPY . .
RUN task build
```
and confirmed built binary shows expected parallelism by following
commands:
```sh
docker build --file Dockerfile.test . -t test-goreleaser
docker run --cpus=1 test-goreleaser ./goreleaser build --snapshot --debug # parallelism: 1
docker run test-goreleaser ./goreleaser build --snapshot --debug # parallelism: 4
```
I also ran the built binary on my Macbook and it was fine.
- [x] if the default is the zero-value for the field, do not specify
- [ ] TODO: add a "how to read this docs" section somewhere explaining
that
- [x] if the change was introduced in a v1.x.0, say only v1.x
- [x] drop trail ending `.` from Since, Default, etc
- [x] wording: always use `Default: ` instead of `Defaults to` and
others
- [x] add a note to templateable fields
- [x] default value of a field, if its a string, always between single
quotes `'`
---------
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
Bumps
[github.com/opencontainers/runc](https://github.com/opencontainers/runc)
from 1.1.2 to 1.1.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/opencontainers/runc/releases">github.com/opencontainers/runc's
releases</a>.</em></p>
<blockquote>
<h2>runc 1.1.5 -- "囚われた屈辱は 反撃の嚆矢だ"</h2>
<p>This is the fifth patch release in the 1.1.z series of runc, which
fixes
three CVEs found in runc.</p>
<ul>
<li>
<p>CVE-2023-25809 is a vulnerability involving rootless containers where
(under specific configurations), the container would have write access
to the /sys/fs/cgroup/user.slice/... cgroup hierarchy. No other
hierarchies on the host were affected. This vulnerability was
discovered by Akihiro Suda.
<a
href="https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc">https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc</a></p>
</li>
<li>
<p>CVE-2023-27561 was a regression which effectively re-introduced
CVE-2019-19921. This bug was present from v1.0.0-rc95 to v1.1.4. This
regression was discovered by <a
href="https://github.com/Beuc"><code>@Beuc</code></a>.
<a
href="https://github.com/advisories/GHSA-vpvm-3wq2-2wvm">https://github.com/advisories/GHSA-vpvm-3wq2-2wvm</a></p>
</li>
<li>
<p>CVE-2023-28642 is a variant of CVE-2023-27561 and was fixed by the
same
patch. This variant of the above vulnerability was reported by Lei
Wang.
<a
href="https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c">https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c</a></p>
</li>
</ul>
<p>In addition, the following other fixes are included in this
release:</p>
<ul>
<li>Fix the inability to use <code>/dev/null</code> when inside a
container. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3620">#3620</a>)</li>
<li>Fix changing the ownership of host's <code>/dev/null</code> caused
by fd redirection
(a regression in 1.1.1). (<a
href="https://redirect.github.com/opencontainers/runc/issues/3674">#3674</a>,
<a
href="https://redirect.github.com/opencontainers/runc/issues/3731">#3731</a>)</li>
<li>Fix rare runc exec/enter unshare error on older kernels, including
CentOS < 7.7. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3776">#3776</a>)</li>
<li>nsexec: Check for errors in <code>write_log()</code>. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3721">#3721</a>)</li>
</ul>
<h3>Static Linking Notices</h3>
<p>The <code>runc</code> binary distributed with this release are
<em>statically linked</em> with
the following <a
href="https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html">GNU
LGPL-2.1</a> licensed libraries, with <code>runc</code> acting
as a "work that uses the Library":</p>
<ul>
<li><a href="https://github.com/seccomp/libseccomp">libseccomp</a></li>
</ul>
<p>The versions of these libraries were not modified from their upstream
versions,
but in order to comply with the LGPL-2.1 (§6(a)), we have attached the
complete source code for those libraries which (when combined with the
attached
runc source code) may be used to exercise your rights under the
LGPL-2.1.</p>
<p>However we strongly suggest that you make use of your distribution's
packages
or download them from the authoritative upstream sources, especially
since
these libraries are related to the security of your containers.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/opencontainers/runc/blob/v1.1.5/CHANGELOG.md">github.com/opencontainers/runc's
changelog</a>.</em></p>
<blockquote>
<h2>[1.1.5] - 2023-03-29</h2>
<blockquote>
<p>囚われた屈辱は
反撃の嚆矢だ</p>
</blockquote>
<h3>Fixed</h3>
<ul>
<li>Prohibit container's <code>/proc</code> and <code>/sys</code> to be
symlinks (CVE-2019-19921,
CVE-2023-27561, CVE-2023-28642, <a
href="https://redirect.github.com/opencontainers/runc/issues/3785">#3785</a>)</li>
<li>rootless: rework /sys/fs/cgroup mounts to avoid exposing the host's
cgroup
hierarchy into the container. (CVE-2023-25809)</li>
<li>Fix the inability to use <code>/dev/null</code> when inside a
container. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3620">#3620</a>)</li>
<li>Fix changing the ownership of host's <code>/dev/null</code> caused
by fd redirection
(a regression in 1.1.1). (<a
href="https://redirect.github.com/opencontainers/runc/issues/3674">#3674</a>,
<a
href="https://redirect.github.com/opencontainers/runc/issues/3731">#3731</a>)</li>
<li>Fix rare runc exec/enter unshare error on older kernels, inlcuding
CentOS < 7.7. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3776">#3776</a>)</li>
<li>nsexec: Check for errors in <code>write_log()</code>. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3721">#3721</a>)</li>
<li>Various CI fixes and updates. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3618">#3618</a>,
<a
href="https://redirect.github.com/opencontainers/runc/issues/3630">#3630</a>,
<a
href="https://redirect.github.com/opencontainers/runc/issues/3640">#3640</a>,
<a
href="https://redirect.github.com/opencontainers/runc/issues/3729">#3729</a>)</li>
</ul>
<h2>[1.1.4] - 2022-08-24</h2>
<blockquote>
<p>If you look for perfection, you'll never be content.</p>
</blockquote>
<h3>Fixed</h3>
<ul>
<li>Fix mounting via wrong proc fd.
When the user and mount namespaces are used, and the bind mount is
followed by
the cgroup mount in the spec, the cgroup was mounted using the bind
mount's
mount fd. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3511">#3511</a>)</li>
<li>Switch <code>kill()</code> in <code>libcontainer/nsenter</code> to
<code>sane_kill()</code>. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3536">#3536</a>)</li>
<li>Fix "permission denied" error from <code>runc run</code>
on <code>noexec</code> fs. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3541">#3541</a>)</li>
<li>Fix failed exec after <code>systemctl daemon-reload</code>.
Due to a regression in v1.1.3, the <code>DeviceAllow=char-pts rwm</code>
rule was no
longer added and was causing an error <code>open /dev/pts/0: operation
not permitted: unknown</code>
when systemd was reloaded. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3554">#3554</a>)</li>
<li>Various CI fixes. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3538">#3538</a>,
<a
href="https://redirect.github.com/opencontainers/runc/issues/3558">#3558</a>,
<a
href="https://redirect.github.com/opencontainers/runc/issues/3562">#3562</a>)</li>
</ul>
<h2>[1.1.3] - 2022-06-09</h2>
<blockquote>
<p>In the beginning there was nothing, which exploded.</p>
</blockquote>
<h3>Fixed</h3>
<ul>
<li>Our seccomp <code>-ENOSYS</code> stub now correctly handles
multiplexed syscalls on
s390 and s390x. This solves the issue where syscalls the host kernel did
not
support would return <code>-EPERM</code> despite the existence of the
<code>-ENOSYS</code> stub
code (this was due to how s390x does syscall multiplexing). (<a
href="https://redirect.github.com/opencontainers/runc/issues/3478">#3478</a>)</li>
<li>Retry on dbus disconnect logic in libcontainer/cgroups/systemd now
works as
intended; this fix does not affect runc binary itself but is important
for
libcontainer users such as Kubernetes. (<a
href="https://redirect.github.com/opencontainers/runc/issues/3476">#3476</a>)</li>
<li>Inability to compile with recent clang due to an issue with
duplicate</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f19387a6be"><code>f19387a</code></a>
VERSION: release v1.1.5</li>
<li><a
href="58a9abee21"><code>58a9abe</code></a>
Merge pull request from GHSA-m8cg-xc2p-r3fc</li>
<li><a
href="27fb72c7ff"><code>27fb72c</code></a>
merge branch 'pr-3776' into release-1.1</li>
<li><a
href="8ec02ea1b1"><code>8ec02ea</code></a>
nsexec: retry unshare on EINVAL</li>
<li><a
href="059d7730fc"><code>059d773</code></a>
merge branch 'pr-3785' into release-1.1</li>
<li><a
href="0abab45c9b"><code>0abab45</code></a>
Prohibit /proc and /sys to be symlinks</li>
<li><a
href="0e6b818a2b"><code>0e6b818</code></a>
rootless: fix /sys/fs/cgroup mounts</li>
<li><a
href="c6781d100a"><code>c6781d1</code></a>
Merge pull request <a
href="https://redirect.github.com/opencontainers/runc/issues/3721">#3721</a>
from kinvolk/rata/nsfixes-backport</li>
<li><a
href="f6e2cd3baf"><code>f6e2cd3</code></a>
nsexec: Check for errors in write_log()</li>
<li><a
href="3775df9fcb"><code>3775df9</code></a>
Merge pull request <a
href="https://redirect.github.com/opencontainers/runc/issues/3731">#3731</a>
from kolyshkin/1.1-fix-dev-null</li>
<li>Additional commits viewable in <a
href="https://github.com/opencontainers/runc/compare/v1.1.2...v1.1.5">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/goreleaser/goreleaser/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/imdario/mergo](https://github.com/imdario/mergo) from
0.3.14 to 0.3.15.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fb3c082091"><code>fb3c082</code></a>
Update stackaid dependencies for imdario/mergo</li>
<li><a
href="c9e40b59db"><code>c9e40b5</code></a>
Merge pull request <a
href="https://redirect.github.com/imdario/mergo/issues/227">#227</a>
from eh-steve/should-not-dereference</li>
<li><a
href="acd16ec124"><code>acd16ec</code></a>
Merge branch 'master' into should-not-dereference</li>
<li><a
href="62d1cf2897"><code>62d1cf2</code></a>
Update stackaid dependencies for imdario/mergo</li>
<li><a
href="dcef160919"><code>dcef160</code></a>
Merge pull request <a
href="https://redirect.github.com/imdario/mergo/issues/226">#226</a>
from ronaudinho/fix/202</li>
<li><a
href="404749e66d"><code>404749e</code></a>
Update stackaid dependencies for imdario/mergo</li>
<li><a
href="bd316d34ac"><code>bd316d3</code></a>
Merge pull request <a
href="https://redirect.github.com/imdario/mergo/issues/221">#221</a>
from zhiyu0729/issue220</li>
<li><a
href="5b9bbdb8b6"><code>5b9bbdb</code></a>
Update stackaid dependencies for imdario/mergo</li>
<li><a
href="90db0ad2f4"><code>90db0ad</code></a>
Merge pull request <a
href="https://redirect.github.com/imdario/mergo/issues/170">#170</a>
from mdeltour/fix/naming-typo</li>
<li><a
href="0e73161ca2"><code>0e73161</code></a>
Add WithoutDereference config to prevent incorrect bool pointer
merges</li>
<li>Additional commits viewable in <a
href="https://github.com/imdario/mergo/compare/v0.3.14...v0.3.15">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Fixes issue #3890 by checking the user's git `gpg.program`
configuration. If the user didn't set this value it will use the default
"gpg", just like before this PR.
No need to add a additional unit test as your existing tests cover it
(mostly); however, a comment has been added to that check, informing the
reader that the test environment assumes `git config gpg.program` is not
be set.
Bumps [github.com/disgoorg/disgo](https://github.com/disgoorg/disgo)
from 0.15.2 to 0.15.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/disgoorg/disgo/releases">github.com/disgoorg/disgo's
releases</a>.</em></p>
<blockquote>
<h2>v0.15.3</h2>
<h2>What's Changed</h2>
<ul>
<li>fix goroutine leaks from reconnects & resumes by <a
href="https://github.com/TopiSenpai"><code>@TopiSenpai</code></a> in <a
href="https://redirect.github.com/disgoorg/disgo/pull/246">disgoorg/disgo#246</a></li>
<li>Added Len func to each XCache interface by <a
href="https://github.com/TisLeo"><code>@TisLeo</code></a> in <a
href="https://redirect.github.com/disgoorg/disgo/pull/248">disgoorg/disgo#248</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/TisLeo"><code>@TisLeo</code></a> made
their first contribution in <a
href="https://redirect.github.com/disgoorg/disgo/pull/248">disgoorg/disgo#248</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/disgoorg/disgo/compare/v0.15.2...v0.15.3">https://github.com/disgoorg/disgo/compare/v0.15.2...v0.15.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8369a3b972"><code>8369a3b</code></a>
Added Len func to each XCache interface (<a
href="https://redirect.github.com/disgoorg/disgo/issues/248">#248</a>)</li>
<li><a
href="381f278234"><code>381f278</code></a>
maybe fix goroutine leaks from reconnects & resumes (<a
href="https://redirect.github.com/disgoorg/disgo/issues/246">#246</a>)</li>
<li>See full diff in <a
href="https://github.com/disgoorg/disgo/compare/v0.15.2...v0.15.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps
[google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go)
from 1.29.0 to 1.29.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/protocolbuffers/protobuf-go/releases">google.golang.org/protobuf's
releases</a>.</em></p>
<blockquote>
<h2>v1.29.1</h2>
<ul>
<li><a
href="https://github.com/protocolbuffers/protobuf-go/blob/HEAD/#v1.29.1-notable-changes">Notable
changes</a></li>
</ul>
<h2>Notable changes <!-- raw HTML omitted --><!-- raw HTML omitted
--></h2>
<p><strong>Bug fixes</strong></p>
<ul>
<li><a href="https://go.dev/cl/475995">CL/475995</a>:
internal/encoding/text: fix parsing of incomplete numbers</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="095a62b71f"><code>095a62b</code></a>
all: release v1.29.1</li>
<li><a
href="edaf511a7a"><code>edaf511</code></a>
internal/encoding/text: fix parsing of incomplete numbers</li>
<li><a
href="fe5bc54041"><code>fe5bc54</code></a>
all: start v1.29.0-devel</li>
<li><a
href="d3c9826520"><code>d3c9826</code></a>
all: release v1.29.0</li>
<li>See full diff in <a
href="https://github.com/protocolbuffers/protobuf-go/compare/v1.29.0...v1.29.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/goreleaser/goreleaser/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab)
from 0.80.2 to 0.81.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7c78a6c1e0"><code>7c78a6c</code></a>
Update dependencies</li>
<li><a
href="711e0b4cc5"><code>711e0b4</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/xanzy/go-gitlab/issues/1663">#1663</a>
from xanzy/feature/rate-limiter</li>
<li><a
href="40e5bfd65b"><code>40e5bfd</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/xanzy/go-gitlab/issues/1665">#1665</a>
from PatrickRice-KSC/add-omit-empty-to-project-options</li>
<li><a
href="77f5aac6fb"><code>77f5aac</code></a>
Fix lint errors</li>
<li><a
href="8f5194d531"><code>8f5194d</code></a>
Add omitempty and test</li>
<li><a
href="824308adfd"><code>824308a</code></a>
Prevent additional call to config the rate limiter</li>
<li><a
href="ae46dbc110"><code>ae46dbc</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/xanzy/go-gitlab/issues/1661">#1661</a>
from KingCrunch/feature/add-missing-fields-to-project</li>
<li><a
href="1e98371450"><code>1e98371</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/xanzy/go-gitlab/issues/1662">#1662</a>
from timofurrer/deploy-token</li>
<li><a
href="74e732fb03"><code>74e732f</code></a>
Tweak PR just a little…</li>
<li><a
href="507b9ece5e"><code>507b9ec</code></a>
Expose Revoked and Expired field for Deploy Tokens</li>
<li>Additional commits viewable in <a
href="https://github.com/xanzy/go-gitlab/compare/v0.80.2...v0.81.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps [github.com/caarlos0/env/v7](https://github.com/caarlos0/env) from
7.0.0 to 7.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/caarlos0/env/releases">github.com/caarlos0/env/v7's
releases</a>.</em></p>
<blockquote>
<h2>v7.1.0</h2>
<h2>Changelog</h2>
<h3>New Features</h3>
<ul>
<li>b135bbd86c4110736a91edf6ac242ef0d4b43bd7: feat: error types (<a
href="https://github-redirect.dependabot.com/caarlos0/env/issues/240">#240</a>)
(<a href="https://github.com/akutuev"><code>@akutuev</code></a>)</li>
<li>17f0a63edccb660238923ac0d02ab0432edb100d: feat: implement Is on
AggregateError (<a
href="https://github-redirect.dependabot.com/caarlos0/env/issues/254">#254</a>)
(<a href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
<li>266f68b264d486a75ebf4b2371aab58a072b52fc: feat: support map kind env
(<a
href="https://github-redirect.dependabot.com/caarlos0/env/issues/244">#244</a>)
(<a href="https://github.com/ken8203"><code>@ken8203</code></a>)</li>
<li>c08b0f906b39a1fbc978eeeb262840f9acd735ff: feat: use field name by
default (<a
href="https://github-redirect.dependabot.com/caarlos0/env/issues/253">#253</a>)
(<a href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>dfd68b2d5d324ecfe910012fe415a24c64d34e4b: fix: improve map handling,
coverage (<a
href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
<li>e5472ec015521ddbef81bfa12e752e86ee09fa4a: fix: remove untested
behavior (<a
href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
</ul>
<h3>Documentation updates</h3>
<ul>
<li>65ba2db37013ed6bc2ebfadbbd2dc251ee528e0e: docs: caveats (<a
href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
<li>f434e985558517cce98d345ea72faa1082e50640: docs: document how to
handle error (<a
href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
<li>2d26ce1cd4c10a7fa055c643cfde3a4a295f8e6d: docs: fix examples (<a
href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
<li>91e69e8f885b30466508baca6220fec4e4307338: docs: maps (<a
href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
<li>850c2d8068a4e311cf2bd6f65a22dce5a66d5edd: docs: update to v7 (<a
href="https://github-redirect.dependabot.com/caarlos0/env/issues/249">#249</a>)
(<a
href="https://github.com/alexandear"><code>@alexandear</code></a>)</li>
</ul>
<hr />
<p><em>Released with <a href="https://goreleaser.com/pro">GoReleaser
Pro</a>!</em></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="17f0a63edc"><code>17f0a63</code></a>
feat: implement Is on AggregateError (<a
href="https://github-redirect.dependabot.com/caarlos0/env/issues/254">#254</a>)</li>
<li><a
href="2d26ce1cd4"><code>2d26ce1</code></a>
docs: fix examples</li>
<li><a
href="c08b0f906b"><code>c08b0f9</code></a>
feat: use field name by default (<a
href="https://github-redirect.dependabot.com/caarlos0/env/issues/253">#253</a>)</li>
<li><a
href="65ba2db370"><code>65ba2db</code></a>
docs: caveats</li>
<li><a
href="91e69e8f88"><code>91e69e8</code></a>
docs: maps</li>
<li><a
href="dfd68b2d5d"><code>dfd68b2</code></a>
fix: improve map handling, coverage</li>
<li><a
href="266f68b264"><code>266f68b</code></a>
feat: support map kind env (<a
href="https://github-redirect.dependabot.com/caarlos0/env/issues/244">#244</a>)</li>
<li><a
href="f434e98555"><code>f434e98</code></a>
docs: document how to handle error</li>
<li><a
href="e5472ec015"><code>e5472ec</code></a>
fix: remove untested behavior</li>
<li><a
href="b135bbd86c"><code>b135bbd</code></a>
feat: error types (<a
href="https://github-redirect.dependabot.com/caarlos0/env/issues/240">#240</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/caarlos0/env/compare/v7.0.0...v7.1.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
<!--
Hi, thanks for contributing!
Please make sure you read our CONTRIBUTING guide.
Also, add tests and the respective documentation changes as well.
-->
<!-- If applied, this commit will... -->
This commit will fix bad version tag sort if there is a prerelease on
the same commit as a release tag. Current output is shown below
```
❯ git tag --points-at HEAD --sort=-version:refname --format='%(creatordate)%09%(refname)'
Thu Mar 2 21:38:51 2023 +0300 refs/tags/v1.13.0-rc3
Thu Mar 2 21:38:51 2023 +0300 refs/tags/v1.13.0
```
Test is changed to match current default value so it will fail without
this fix.
Default value `-` is set to the one that is described inside
[docs](https://goreleaser.com/how-it-works/?h=prerelease#how-it-works),
but people are still allowed to change it.
Output with fix applied
```
❯ git -c versionsort.suffix=- tag --points-at HEAD --sort -version:refname --format='%(creatordate)%09%(refname)'
Thu Mar 2 21:38:51 2023 +0300 refs/tags/v1.13.0
Thu Mar 2 21:38:51 2023 +0300 refs/tags/v1.13.0-rc3
```
<!-- # Provide links to any relevant tickets, URLs or other resources
-->
More info about `versionsort.suffix` can be found
[here](https://github.com/git/git/blob/master/Documentation/config/versionsort.txt#L5)
Docs as well both schemas are updated as well.
I am not sure if users should be allowed to change this option at all.
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.6.0
to 0.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h1>gopls/v0.7.0</h1>
<h2>Features</h2>
<h3>Postfix completions</h3>
<p>Postfix completions are a new style of completions that can save you
time by inserting more complex pieces of commonly-written code. All of
the results end with <code>!</code>. This feature was added
experimentally in <code>gopls/v0.6.10</code> and is now enabled by
default.</p>
<p>See this example:</p>
<p><img
src="https://user-images.githubusercontent.com/5856771/114612163-c5df9800-9c6f-11eb-959c-8fe529018a21.gif"
alt="ezgif-3-a82b2077ff38" /></p>
<h3>New commands: <a
href="https://github.com/golang/tools/blob/master/gopls/doc/commands.md#retrieves-a-list-of-packages">List
known packages</a> and <a
href="https://github.com/golang/tools/blob/master/gopls/doc/commands.md#asks-the-server-to-add-an-import-path-to-a-given-go-file">add
import</a></h3>
<p>These commands can be used to manually list available packages to
import and then add an import to your file. They are currently not used
by any known clients, but they will be made available through the
Command Palette in VS Code in the next VS Code Go release.</p>
<h2>Improvements</h2>
<h3>Memory usage</h3>
<p>Improved trimming of the ASTs of dependency packages results in
reduced memory usage, especially for projects with many dependencies.
This may result in some hard-to-diagnose bugs that we're not yet aware
of, so please report any surprising behavior via <a
href="https://golang.org/issues/new">https://golang.org/issues/new</a>.</p>
<h2>Fixes</h2>
<p>A full list of all issues fixed can be found in the <a
href="https://github.com/golang/go/milestone/213?closed=1">gopls/v0.7.0
milestone</a>. To report a new problem, please file a new issue at <a
href="https://golang.org/issues/new">https://golang.org/issues/new</a>.</p>
<h2>Thank you to our contributors!</h2>
<p><a href="https://github.com/muirdm"><code>@muirdm</code></a> <a
href="https://github.com/marwan-at-work"><code>@marwan-at-work</code></a>
<a href="https://github.com/dominikh"><code>@dominikh</code></a> <a
href="https://github.com/leitzler"><code>@leitzler</code></a> <a
href="https://github.com/OneOfOne"><code>@OneOfOne</code></a> <a
href="https://github.com/zyctree"><code>@zyctree</code></a> <a
href="https://github.com/ShoshinNikita"><code>@ShoshinNikita</code></a>
<a
href="https://github.com/KarthikNayak"><code>@KarthikNayak</code></a>
<a href="https://github.com/suzmue"><code>@suzmue</code></a> <a
href="https://github.com/bcmills"><code>@bcmills</code></a></p>
<h1>gopls/v0.6.11</h1>
<p>This release contains mainly bug fixes. A full list of all issues
fixed can be found in the <a
href="https://github.com/golang/go/milestone/211?closed=1">gopls/v0.6.11
milestone</a>. To report a new problem, please file a new issue at <a
href="https://golang.org/issues/new">https://golang.org/issues/new</a>.</p>
<h2>Thank you to our contributors!</h2>
<p><a
href="https://github.com/ShoshinNikita"><code>@ShoshinNikita</code></a>
<a href="https://github.com/sakateka"><code>@sakateka</code></a> <a
href="https://github.com/muirdm"><code>@muirdm</code></a> Will Langford
<a href="https://github.com/empire"><code>@empire</code></a> <a
href="https://github.com/justplesh"><code>@justplesh</code></a> <a
href="https://github.com/suzmue"><code>@suzmue</code></a></p>
<h1>gopls/v0.6.10</h1>
<h2>Features</h2>
<h3><code>t.Fatal</code> snippet</h3>
<p>If you trigger completion in a test function, on the line after a
call to a function that returns an error, you will be offered a
completion snippet for:</p>
<pre lang="go"><code>if err != nil {
t.Fatal(err)
}
</tr></table>
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="031fc75960"><code>031fc75</code></a>
gopls/internal/regtest/bench: don't run the iwl test with -short</li>
<li><a
href="f477bf4a41"><code>f477bf4</code></a>
gopls/internal/lsp/source/completion: avoid Snapshot.CachedPackages</li>
<li><a
href="b72edd12e5"><code>b72edd1</code></a>
gopls/internal/lsp/filecache: GOPLS_CACHE -> GOPLSCACHE</li>
<li><a
href="d566927635"><code>d566927</code></a>
gopls/internal/lsp/regtest: add <a
href="https://github.com/suggestedfix"><code>@suggestedfix</code></a>
marker</li>
<li><a
href="fdb0da65a1"><code>fdb0da6</code></a>
gopls/internal/regtest/bench: add a benchmark for diagnosing a
change</li>
<li><a
href="6eb432f3b0"><code>6eb432f</code></a>
gopls/internal/regtest/bench: add benchmarks in a wider variety of
repos</li>
<li><a
href="c91d0b88c3"><code>c91d0b8</code></a>
gopls/internal/lsp/source: guard against concurrent writes in xrefs</li>
<li><a
href="c0742f584b"><code>c0742f5</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="21d2256f2c"><code>21d2256</code></a>
gopls/internal/lsp/cache: make type-checking incremental</li>
<li><a
href="ae05609bd0"><code>ae05609</code></a>
internal/lsp/cache: add an LRU parse cache</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.6.0...v0.7.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
