go/goreleaser
go/goreleaser
1
0
Fork 0
mirror of https://github.com/goreleaser/goreleaser.git synced 2025-03-25 21:29:14 +02:00
Code Issues Releases Activity
4,664 Commits 15 Branches 563 Tags
Commit Graph

4664 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
9d3603a7e2
chore(deps): bump github/codeql-action from 2.3.3 to 2.3.4 (#4032) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.3.3 to 2.3.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.3.4 - 24 May 2023</h2>
<ul>
<li>Updated the SARIF 2.1.0 JSON schema file to the latest from <a
href="123e95847b/Schemata/sarif-schema-2.1.0.json">oasis-tcs/sarif-spec</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a></li>
<li>We are rolling out a feature in May 2023 that will disable Python
dependency installation for new users of the CodeQL Action. This
improves the speed of analysis while having only a very minor impact on
results. <a
href="https://redirect.github.com/github/codeql-action/pull/1676">#1676</a></li>
<li>We are improving the way that <a
href="https://github.com/github/codeql-action/releases">CodeQL
bundles</a> are tagged to make it possible to easily identify bundles by
their CodeQL semantic version. <a
href="https://redirect.github.com/github/codeql-action/pull/1682">#1682</a>
<ul>
<li>As of CodeQL CLI 2.13.4, CodeQL bundles will be tagged using
semantic versions, for example <code>codeql-bundle-v2.13.4</code>,
instead of timestamps, like <code>codeql-bundle-20230615</code>.</li>
<li>This change does not affect the majority of workflows, and we will
not be changing tags for existing bundle releases.</li>
<li>Some workflows with custom logic that depends on the specific format
of the CodeQL bundle tag may need to be updated. For example, if your
workflow matches CodeQL bundle tag names against a
<code>codeql-bundle-yyyymmdd</code> pattern, you should update it to
also recognize <code>codeql-bundle-vx.y.z</code> tags.</li>
</ul>
</li>
<li>Remove the requirement for <code>on.push</code> and
<code>on.pull_request</code> to trigger on the same branches. <a
href="https://redirect.github.com/github/codeql-action/pull/1675">#1675</a></li>
</ul>
<h2>2.3.3 - 04 May 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.1. <a
href="https://redirect.github.com/github/codeql-action/pull/1664">#1664</a></li>
<li>You can now configure CodeQL within your code scanning workflow by
passing a <code>config</code> input to the <code>init</code> Action. See
<a href="https://aka.ms/code-scanning-docs/config-file">Using a custom
configuration file</a> for more information about configuring code
scanning. <a
href="https://redirect.github.com/github/codeql-action/pull/1590">#1590</a></li>
</ul>
<h2>2.3.2 - 27 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.3.1 - 26 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.3.0 - 21 Apr 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.0. <a
href="https://redirect.github.com/github/codeql-action/pull/1649">#1649</a></li>
<li>Bump the minimum CodeQL bundle version to 2.8.5. <a
href="https://redirect.github.com/github/codeql-action/pull/1618">#1618</a></li>
</ul>
<h2>2.2.12 - 13 Apr 2023</h2>
<ul>
<li>Include the value of the <code>GITHUB_RUN_ATTEMPT</code> environment
variable in the telemetry sent to GitHub. <a
href="https://redirect.github.com/github/codeql-action/pull/1640">#1640</a></li>
<li>Improve the ease of debugging failed runs configured using <a
href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically">default
setup</a>. The CodeQL Action will now upload diagnostic information to
Code Scanning from failed runs configured using default setup. You can
view this diagnostic information on the <a
href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page">tool
status page</a>. <a
href="https://redirect.github.com/github/codeql-action/pull/1619">#1619</a></li>
</ul>
<h2>2.2.11 - 06 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.10 - 05 Apr 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.6. <a
href="https://redirect.github.com/github/codeql-action/pull/1629">#1629</a></li>
</ul>
<h2>2.2.9 - 27 Mar 2023</h2>
<ul>
<li>Customers post-processing the SARIF output of the
<code>analyze</code> Action before uploading it to Code Scanning will
benefit from an improved debugging experience. <a
href="https://redirect.github.com/github/codeql-action/pull/1598">#1598</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f0e3dfb303"><code>f0e3dfb</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1700">#1700</a>
from github/update-v2.3.4-570734c55</li>
<li><a
href="0d65621757"><code>0d65621</code></a>
Update CHANGELOG.md</li>
<li><a
href="c3ae9dcd15"><code>c3ae9dc</code></a>
Update changelog for v2.3.4</li>
<li><a
href="570734c55c"><code>570734c</code></a>
Remove unnecessary conditional for Ruby autodetect (<a
href="https://redirect.github.com/github/codeql-action/issues/1699">#1699</a>)</li>
<li><a
href="8c923c00a3"><code>8c923c0</code></a>
Fix Swift PR Checks on <code>nightly-latest</code> CLI (<a
href="https://redirect.github.com/github/codeql-action/issues/1696">#1696</a>)</li>
<li><a
href="1245696032"><code>1245696</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1687">#1687</a>
from github/henrymercer/update-changelog-note</li>
<li><a
href="317cd34a7a"><code>317cd34</code></a>
Push back semver CodeQL bundles</li>
<li><a
href="6cfb483131"><code>6cfb483</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1682">#1682</a>
from github/henrymercer/semver-bundles</li>
<li><a
href="a5f4123fb0"><code>a5f4123</code></a>
Improve changelog note</li>
<li><a
href="50931b43dd"><code>50931b4</code></a>
Add changelog note</li>
<li>Additional commits viewable in <a
href="29b1f65c5e...f0e3dfb303">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.3.3&new-version=2.3.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-25 09:38:55 -03:00
Carlos Alexandro Becker
dbd4342078
test(nfpm): fix after update 2023-05-24 12:18:58 +00:00
dependabot[bot]
760aca268a
feat(deps): bump github.com/goreleaser/nfpm/v2 from 2.28.0 to 2.29.0 (#4030) 
Bumps
[github.com/goreleaser/nfpm/v2](https://github.com/goreleaser/nfpm) from
2.28.0 to 2.29.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/goreleaser/nfpm/releases">github.com/goreleaser/nfpm/v2's
releases</a>.</em></p>
<blockquote>
<h2>v2.29.0</h2>
<h2>Changelog</h2>
<h3>Security updates</h3>
<ul>
<li>ed9abdf63d5012cc884f2a83b4ab2b42b3680d30: sec: fix for
CVE-2023-32698 (<a
href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>9ac328846c8b562562c6edfa910f3163ddbe4adc: fix: deb arm64 (<a
href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li>
<li>312fd85338c26a44d330ed07f318d0640a11dcbb: fix: improve goarch to pkg
conversion (<a
href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li>
<li>f64a311eefea340cd3f20cd4568de41b4c5e9aa6: fix: improve umask tests
and documentation (<a
href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li>
<li>b1f3fef606dd1106ca163e5c7f4da0023f308c96: fix: md5sums entries and
lintian errors/warnings (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/656">#656</a>)
(<a href="https://github.com/malaupa"><code>@​malaupa</code></a>)</li>
<li>c20618cdd39ed938f9bf9b97461ce830429fa60c: fix: mips architecture (<a
href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li>
<li>9524bb8a26d3915e84a4df956d2ec064e836c4a3: fix: mips
softfloat/hardfloat handling (<a
href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li>
</ul>
<h3>Dependency updates</h3>
<ul>
<li>c2f47813a3d824bef5c3455669bd9b50081b89fc: feat(deps): bump
github.com/Masterminds/semver/v3 from 3.2.0 to 3.2.1 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/649">#649</a>)
(<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li>c24e1b4d99a451a1e023565b2930bc5512224c0e: feat(deps): bump
github.com/klauspost/compress from 1.16.3 to 1.16.4 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/646">#646</a>)
(<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li>fccdae5dfcb9214ec38d631628074e1c129c204d: feat(deps): bump
github.com/klauspost/compress from 1.16.4 to 1.16.5 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/651">#651</a>)
(<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li>a1fb0477f0f57fde4d673bee8afb8a20273eb7af: feat(deps): bump
github.com/klauspost/pgzip from 1.2.5 to 1.2.6 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/654">#654</a>)
(<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li>561c39b135794aefb877769910e322d614b20d9d: feat(deps): bump
github.com/stretchr/testify from 1.8.2 to 1.8.3 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/661">#661</a>)
(<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
</ul>
<h3>Build process updates</h3>
<ul>
<li>4593dcb36ae178ccb5e6514b93499bf81d70529e: build: improve changelog
(<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li>
<li>e01884ecba1964027fa87bbdb9bf5341408b2ef7: build: improve release
notes (<a
href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li>
</ul>
<h3>Other work</h3>
<ul>
<li>ab59aadf2347b47379cc6c764c00f4e3a5d196e6: docs: fix schema.json URL
(<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li>
<li>590a3ff6f78deeca9bc6803518a173e53c3e65f9: docs: fix verify
instructions (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/647">#647</a>)
(<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li>
<li>dce0853e6360835e450db726a3c13e0886f7aad6: docs: goarch to packager
(<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li>
<li>2b9864a79ed85b4818d1ae1fa3cdfd76a3f8e4f7: docs: update SECURITY.md
(<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li>
<li>858b78b7c12cf9b54a79956655ef8acf3207e3c4: docs: update cmd docs (<a
href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li>
<li>1ba5a445d794977df0ee19ec333b36562f2b0e94: docs: update cmd docs (<a
href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/goreleaser/nfpm/compare/v2.28.0...v2.29.0">https://github.com/goreleaser/nfpm/compare/v2.28.0...v2.29.0</a></p>
<h2>Helping out</h2>
<p>This release is only possible thanks to <strong>all</strong> the
support of <strong>awesome people</strong>!</p>
<p>Want to be one of them?
You can <a href="https://goreleaser.com/sponsors/">sponsor</a> or <a
href="https://goreleaser.com/contributing">contribute with code</a>.</p>
<h2>Where to go next?</h2>
<ul>
<li>nFPM is a satellite project from GoReleaser. <a
href="https://goreleaser.com">Check it out</a>!</li>
<li>Find examples and commented usage of all options in our <a
href="https://nfpm.goreleaser.com/">website</a>.</li>
<li>Reach out on <a href="https://discord.gg/RGEBtg8vQ6">Discord</a> and
<a href="https://twitter.com/goreleaser">Twitter</a>!</li>
</ul>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --><!-- raw HTML
omitted --></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ed9abdf63d"><code>ed9abdf</code></a>
sec: fix for CVE-2023-32698</li>
<li><a
href="4593dcb36a"><code>4593dcb</code></a>
build: improve changelog</li>
<li><a
href="e01884ecba"><code>e01884e</code></a>
build: improve release notes</li>
<li><a
href="f6f8048d47"><code>f6f8048</code></a>
test: stabilize arch test</li>
<li><a
href="7d6a77bee6"><code>7d6a77b</code></a>
test: fix arch tests</li>
<li><a
href="815b388464"><code>815b388</code></a>
test: fix</li>
<li><a
href="9524bb8a26"><code>9524bb8</code></a>
fix: mips softfloat/hardfloat handling</li>
<li><a
href="a8c16744a1"><code>a8c1674</code></a>
test: fix files test</li>
<li><a
href="66c3d277cf"><code>66c3d27</code></a>
test: fixes</li>
<li><a
href="f64a311eef"><code>f64a311</code></a>
fix: improve umask tests and documentation</li>
<li>Additional commits viewable in <a
href="https://github.com/goreleaser/nfpm/compare/v2.28.0...v2.29.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/goreleaser/nfpm/v2&package-manager=go_modules&previous-version=2.28.0&new-version=2.29.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-24 09:16:40 -03:00
Carlos Alexandro Becker
950cebee57
fix(cmd): check with no args 2023-05-24 03:32:37 +00:00
dependabot[bot]
dab69c9b5a
feat(deps): bump github.com/disgoorg/disgo from 0.16.4 to 0.16.5 (#4025) 
Bumps [github.com/disgoorg/disgo](https://github.com/disgoorg/disgo)
from 0.16.4 to 0.16.5.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="125d0727da"><code>125d072</code></a>
fix unmarshalling &amp; marshalling of InteractionChannel</li>
<li><a
href="67ddd7c006"><code>67ddd7c</code></a>
change Interaction.Channel from PartialChannel to
InteractionChannel</li>
<li><a
href="3eb45b6149"><code>3eb45b6</code></a>
fix nil pointer on user leaving voice channel and no audioReceiver being
setup</li>
<li><a
href="554e2695e2"><code>554e269</code></a>
add GatewayMessageDataUnknown &amp; don't error on unknown voice gateway
message</li>
<li><a
href="6b794ba092"><code>6b794ba</code></a>
rename BoostProgressBarEnabled to PremiumProgressBarEnabled</li>
<li><a
href="c3f2beb13f"><code>c3f2beb</code></a>
add Stickers to GuildPreview</li>
<li><a
href="6cda94940a"><code>6cda949</code></a>
Add raid protection (<a
href="https://redirect.github.com/disgoorg/disgo/issues/223">#223</a>)</li>
<li>See full diff in <a
href="https://github.com/disgoorg/disgo/compare/v0.16.4...v0.16.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/disgoorg/disgo&package-manager=go_modules&previous-version=0.16.4&new-version=0.16.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-23 09:56:41 -03:00
Carlos Alexandro Becker
46072c6047
docs: add banner asking for support to the website, release notes, etc 
Sounds a bit like begging, but I was told it actually works.
Let's see...
 2023-05-19 19:33:37 +00:00
Carlos Alexandro Becker
7da18ec8f4
docs: improve brew and krew docs 
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-05-19 14:25:59 +00:00
Carlos Alexandro Becker
27f94523c8
fix(scoop): allow templating name and skip_upload 
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-05-19 14:25:39 +00:00
Carlos Alexandro Becker
dfcd535e31
fix: improve "pushing" logs for multiple publishers 2023-05-19 14:10:06 +00:00
Carlos Alexandro Becker
779cce7af6
docs: clarify replacements a bit more 2023-05-19 13:49:34 +00:00
dependabot[bot]
efafe86ead
feat(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#4022) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify)
from 1.8.2 to 1.8.3.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4c93d8f201"><code>4c93d8f</code></a>
EqualExportedValues: Handle nested pointer, slice and map fields (<a
href="https://redirect.github.com/stretchr/testify/issues/1379">#1379</a>)</li>
<li><a
href="4b2f4d2bcf"><code>4b2f4d2</code></a>
add EventuallyWithT assertion (<a
href="https://redirect.github.com/stretchr/testify/issues/1264">#1264</a>)</li>
<li><a
href="b3106d772c"><code>b3106d7</code></a>
allow testing for functional options (<a
href="https://redirect.github.com/stretchr/testify/issues/1023">#1023</a>)</li>
<li><a
href="437071b948"><code>437071b</code></a>
assert: fix error message formatting for NotContains (<a
href="https://redirect.github.com/stretchr/testify/issues/1362">#1362</a>)</li>
<li><a
href="c5fc9d6b6b"><code>c5fc9d6</code></a>
Compare public elements of struct (<a
href="https://redirect.github.com/stretchr/testify/issues/1309">#1309</a>)</li>
<li>See full diff in <a
href="https://github.com/stretchr/testify/compare/v1.8.2...v1.8.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/stretchr/testify&package-manager=go_modules&previous-version=1.8.2&new-version=1.8.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-19 10:42:28 -03:00
Carlos Alexandro Becker
5520be3d0c
docs: update SECURITY.md 2023-05-18 14:23:10 -03:00
dependabot[bot]
4227c194f8
chore(deps): bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#4020) 2023-05-18 09:34:13 -03:00
Carlos Alexandro Becker
5c6a31c479
docs: fix cookbooks/contributing 2023-05-17 23:27:57 +00:00
Carlos Alexandro Becker
9fb855a204
docs: cookbook for monorepos, release.tag 
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-05-17 23:22:36 +00:00
dependabot[bot]
670238c3ea
chore(deps): bump sigstore/cosign-installer from 3.0.3 to 3.0.4 (#4018) 2023-05-17 09:02:19 -03:00
Carlos Alexandro Becker
b5e8d6db06
fix(archive): warn only for non-default globs with no matches (#4013) 
Adjust the logging of warnings for unmatched globs to only show when the
glob is not a default. No warning will be output for the default globs
when there are no matching files.

These are defaults, by design, very generic.
We should not warn the user about them not finding anything, as that is
their expected behavior most of the time.
 2023-05-16 09:22:22 -03:00
dependabot[bot]
234e1d8ce5
chore(deps): bump codecov/codecov-action from 3.1.3 to 3.1.4 (#4014) 
Bumps
[codecov/codecov-action](https://github.com/codecov/codecov-action) from
3.1.3 to 3.1.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's
releases</a>.</em></p>
<blockquote>
<h2>3.1.4</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps-dev): bump <code>@​types/node</code> from 18.15.12 to
18.16.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/970">codecov/codecov-action#970</a></li>
<li>Fix typo in README.md by <a
href="https://github.com/hisaac"><code>@​hisaac</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/967">codecov/codecov-action#967</a></li>
<li>fix: add back in working dir by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/971">codecov/codecov-action#971</a></li>
<li>fix: CLI option names for uploader by <a
href="https://github.com/kleisauke"><code>@​kleisauke</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/969">codecov/codecov-action#969</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 18.16.3 to
20.1.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/975">codecov/codecov-action#975</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 20.1.0 to
20.1.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/979">codecov/codecov-action#979</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 20.1.2 to
20.1.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/codecov/codecov-action/pull/981">codecov/codecov-action#981</a></li>
<li>release: 3.1.4 by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://redirect.github.com/codecov/codecov-action/pull/983">codecov/codecov-action#983</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/hisaac"><code>@​hisaac</code></a> made
their first contribution in <a
href="https://redirect.github.com/codecov/codecov-action/pull/967">codecov/codecov-action#967</a></li>
<li><a href="https://github.com/kleisauke"><code>@​kleisauke</code></a>
made their first contribution in <a
href="https://redirect.github.com/codecov/codecov-action/pull/969">codecov/codecov-action#969</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v3.1.3...v3.1.4">https://github.com/codecov/codecov-action/compare/v3.1.3...v3.1.4</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md">codecov/codecov-action's
changelog</a>.</em></p>
<blockquote>
<h2>3.1.4</h2>
<h3>Fixes</h3>
<ul>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/967">#967</a>
Fix typo in README.md</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/971">#971</a>
fix: add back in working dir</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/969">#969</a>
fix: CLI option names for uploader</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/970">#970</a>
build(deps-dev): bump <code>@​types/node</code> from 18.15.12 to
18.16.3</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/979">#979</a>
build(deps-dev): bump <code>@​types/node</code> from 20.1.0 to
20.1.2</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/981">#981</a>
build(deps-dev): bump <code>@​types/node</code> from 20.1.2 to
20.1.4</li>
</ul>
<h2>3.1.3</h2>
<h3>Fixes</h3>
<ul>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/960">#960</a>
fix: allow for aarch64 build</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/957">#957</a>
build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/958">#958</a>
build(deps): bump openpgp from 5.7.0 to 5.8.0</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/959">#959</a>
build(deps-dev): bump <code>@​types/node</code> from 18.15.10 to
18.15.12</li>
</ul>
<h2>3.1.2</h2>
<h3>Fixes</h3>
<ul>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/718">#718</a>
Update README.md</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/851">#851</a>
Remove unsupported path_to_write_report argument</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/898">#898</a>
codeql-analysis.yml</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/901">#901</a>
Update README to contain correct information - inputs and negate
feature</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/955">#955</a>
fix: add in all the extra arguments for uploader</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/819">#819</a>
build(deps): bump openpgp from 5.4.0 to 5.5.0</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/835">#835</a>
build(deps): bump node-fetch from 3.2.4 to 3.2.10</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/840">#840</a>
build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/841">#841</a>
build(deps): bump <code>@​actions/core</code> from 1.9.1 to 1.10.0</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/843">#843</a>
build(deps): bump <code>@​actions/github</code> from 5.0.3 to 5.1.1</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/869">#869</a>
build(deps): bump node-fetch from 3.2.10 to 3.3.0</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/872">#872</a>
build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/879">#879</a>
build(deps): bump decode-uri-component from 0.2.0 to 0.2.2</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/889">#889</a>
build(deps): bump ossf/scorecard-action from 1.1.1 to 2.1.2</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/895">#895</a>
build(deps): bump json5 from 2.2.1 to 2.2.3</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/896">#896</a>
build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/900">#900</a>
build(deps-dev): bump <code>@​vercel/ncc</code> from 0.34.0 to
0.36.1</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/905">#905</a>
build(deps-dev): bump typescript from 4.7.4 to 4.9.5</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/911">#911</a>
build(deps-dev): bump <code>@​types/node</code> from 16.11.40 to
18.13.0</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/922">#922</a>
build(deps-dev): bump <code>@​types/node</code> from 18.13.0 to
18.14.0</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/924">#924</a>
build(deps): bump openpgp from 5.5.0 to 5.7.0</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/927">#927</a>
build(deps-dev): bump <code>@​types/node</code> from 18.14.0 to
18.14.2</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/933">#933</a>
build(deps-dev): bump <code>@​types/node</code> from 18.14.2 to
18.14.6</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/937">#937</a>
build(deps-dev): bump <code>@​types/node</code> from 18.14.6 to
18.15.0</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/938">#938</a>
build(deps): bump node-fetch from 3.3.0 to 3.3.1</li>
<li><a
href="https://redirect.github.com/codecov/codecov-action/issues/945">#945</a>
build(deps-dev): bump <code>@​types/node</code> from 18.15.0 to
18.15.5</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="eaaf4bedf3"><code>eaaf4be</code></a>
release: 3.1.4 (<a
href="https://redirect.github.com/codecov/codecov-action/issues/983">#983</a>)</li>
<li><a
href="c2ab9ab2e1"><code>c2ab9ab</code></a>
build(deps-dev): bump <code>@​types/node</code> from 20.1.2 to 20.1.4
(<a
href="https://redirect.github.com/codecov/codecov-action/issues/981">#981</a>)</li>
<li><a
href="49c20db375"><code>49c20db</code></a>
build(deps-dev): bump <code>@​types/node</code> from 20.1.0 to 20.1.2
(<a
href="https://redirect.github.com/codecov/codecov-action/issues/979">#979</a>)</li>
<li><a
href="cf8e3e4262"><code>cf8e3e4</code></a>
build(deps-dev): bump <code>@​types/node</code> from 18.16.3 to 20.1.0
(<a
href="https://redirect.github.com/codecov/codecov-action/issues/975">#975</a>)</li>
<li><a
href="1c34415a06"><code>1c34415</code></a>
fix: CLI option names for uploader (<a
href="https://redirect.github.com/codecov/codecov-action/issues/969">#969</a>)</li>
<li><a
href="b4dfea724f"><code>b4dfea7</code></a>
fix: add back in working dir (<a
href="https://redirect.github.com/codecov/codecov-action/issues/971">#971</a>)</li>
<li><a
href="5bf250470e"><code>5bf2504</code></a>
Fix typo in README.md (<a
href="https://redirect.github.com/codecov/codecov-action/issues/967">#967</a>)</li>
<li><a
href="1dd0ce34be"><code>1dd0ce3</code></a>
build(deps-dev): bump <code>@​types/node</code> from 18.15.12 to 18.16.3
(<a
href="https://redirect.github.com/codecov/codecov-action/issues/970">#970</a>)</li>
<li>See full diff in <a
href="894ff025c7...eaaf4bedf3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=3.1.3&new-version=3.1.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-16 09:22:03 -03:00
dependabot[bot]
8005088588
chore(deps): bump actions/setup-go from 4.0.0 to 4.0.1 (#4015) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.0.0
to 4.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v4.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update documentation for <code>v4</code> by <a
href="https://github.com/dsame"><code>@​dsame</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/354">actions/setup-go#354</a></li>
<li>Fix glob bug in the package.json scripts section by <a
href="https://github.com/IvanZosimov"><code>@​IvanZosimov</code></a> in
<a
href="https://redirect.github.com/actions/setup-go/pull/359">actions/setup-go#359</a></li>
<li>Bump <code>xml2js</code> dependency by <a
href="https://github.com/dmitry-shibanov"><code>@​dmitry-shibanov</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/370">actions/setup-go#370</a></li>
<li>Bump <code>@actions/cache</code> dependency to v3.2.1 by <a
href="https://github.com/nikolai-laevskii"><code>@​nikolai-laevskii</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/374">actions/setup-go#374</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/nikolai-laevskii"><code>@​nikolai-laevskii</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-go/pull/374">actions/setup-go#374</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v4...v4.0.1">https://github.com/actions/setup-go/compare/v4...v4.0.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fac708d667"><code>fac708d</code></a>
Bump <code>@​actions/cache</code> dependency to v3.2.1 (<a
href="https://redirect.github.com/actions/setup-go/issues/374">#374</a>)</li>
<li><a
href="dd84a9531a"><code>dd84a95</code></a>
Update xml2js (<a
href="https://redirect.github.com/actions/setup-go/issues/370">#370</a>)</li>
<li><a
href="41c2024c46"><code>41c2024</code></a>
Fix glob bug in package.json scripts section (<a
href="https://redirect.github.com/actions/setup-go/issues/359">#359</a>)</li>
<li><a
href="8dbf352f06"><code>8dbf352</code></a>
update README fo v4 (<a
href="https://redirect.github.com/actions/setup-go/issues/354">#354</a>)</li>
<li>See full diff in <a
href="4d34df0c23...fac708d667">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=4.0.0&new-version=4.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-16 09:21:45 -03:00
Jamie Tanna
8eea2ddf15
docs: pre-fill scopes for new Personal Access Token (#4010) 
To make it easier for someone to create a new GitHub Personal Access
Token.
 2023-05-15 09:26:08 -03:00
Carlos Alexandro Becker
cebdf0d8a6
fix: goreleaser build index out of range (#4007) 
If you run `goreleaser build --single-target` with
`universalbinaries[*].replace = true` on a mac, it'll break.

This fixes it by disabling universal binaries when building a single
target.

It isn't useful anyway.

Closes #4004

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-05-12 15:50:12 -03:00
dependabot[bot]
f0dfdb8732
feat(deps): bump golang from 913de96 to ee2f23f (#4009) 
Bumps golang from `913de96` to `ee2f23f`.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang&package-manager=docker&previous-version=1.20.4-alpine&new-version=1.20.4-alpine)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-12 10:20:59 -03:00
Carlos Alexandro Becker
05d25567f9
feat: allow to template dockers.skip_push and docker_manifests.skip_push (#4008) 2023-05-12 01:51:02 -03:00
Carlos Alexandro Becker
dcbe842893
Merge remote-tracking branch 'origin/main' 2023-05-12 01:05:53 +00:00
dependabot[bot]
f462f55556
feat(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible (#4006) 
Bumps
[github.com/docker/distribution](https://github.com/docker/distribution)
from 2.8.1+incompatible to 2.8.2+incompatible.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/distribution/releases">github.com/docker/distribution's
releases</a>.</em></p>
<blockquote>
<h2>v2.8.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Revert registry/client: set <code>Accept: identity</code> header
when getting layers by <a
href="https://github.com/ndeloof"><code>@​ndeloof</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/3783">distribution/distribution#3783</a></li>
<li>Parse <code>http</code> forbidden as denied by <a
href="https://github.com/vvoland"><code>@​vvoland</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/3914">distribution/distribution#3914</a></li>
<li>Fix <a
href="https://www.cve.org/CVERecord?id=CVE-2022-28391">CVE-2022-28391</a>
by bumping alpine from 3.14 to 3.16 by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> (<a
href="https://redirect.github.com/distribution/distribution/pull/3650">#3650</a>)</li>
<li>Fix <a
href="https://www.cve.org/CVERecord?id=CVE-2023-2253">CVE-2023-2253</a>
runaway allocation on /v2/_catalog by <a
href="https://github.com/josegomezr"><code>@​josegomezr</code></a> <a
href="521ea3d973"><code>521ea3d9</code></a></li>
<li>Fix panic in inmemory driver by <a
href="https://github.com/wy65701436"><code>@​wy65701436</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/3815">distribution/distribution#3815</a></li>
<li>bump up golang version (alternative) by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/3903">distribution/distribution#3903</a></li>
<li>Dockerfile: update xx to v1.2.1 by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/3907">distribution/distribution#3907</a></li>
<li>update to go1.19.9 by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/3908">distribution/distribution#3908</a></li>
<li>Add code to handle pagination of parts. Fixes max layer size of 10GB
bug by <a
href="https://github.com/DavidSpek"><code>@​DavidSpek</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/3893">distribution/distribution#3893</a></li>
<li>Dockerfile: fix filenames of artifacts by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/3911">distribution/distribution#3911</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2">https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2</a></p>
<h2>v2.8.2-beta.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix <a
href="https://www.cve.org/CVERecord?id=CVE-2022-28391">CVE-2022-28391</a>
by bumping alpine from 3.14 to 3.16 by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> (<a
href="https://redirect.github.com/distribution/distribution/pull/3650">#3650</a>)</li>
<li>Fix <a
href="https://www.cve.org/CVERecord?id=CVE-2023-2253">CVE-2023-2253</a>
runaway allocation on /v2/_catalog by <a
href="https://github.com/josegomezr"><code>@​josegomezr</code></a> <a
href="521ea3d973"><code>521ea3d9</code></a></li>
<li>Fix panic in inmemory driver by <a
href="https://github.com/wy65701436"><code>@​wy65701436</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/3815">distribution/distribution#3815</a></li>
<li>bump up golang version (alternative) by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/3903">distribution/distribution#3903</a></li>
<li>Dockerfile: update xx to v1.2.1 by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/3907">distribution/distribution#3907</a></li>
<li>update to go1.19.9 by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/3908">distribution/distribution#3908</a></li>
<li>Add code to handle pagination of parts. Fixes max layer size of 10GB
bug by <a
href="https://github.com/DavidSpek"><code>@​DavidSpek</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/3893">distribution/distribution#3893</a></li>
<li>Dockerfile: fix filenames of artifacts by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/3911">distribution/distribution#3911</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2">https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.2</a></p>
<h2>v2.8.2-beta.1</h2>
<h3><strong>NOTE: This is a pre-release that does not contain any
artifacts!</strong></h3>
<h2>What's Changed</h2>
<ul>
<li>Fix runaway allocation on /v2/_catalog by <a
href="https://github.com/josegomezr"><code>@​josegomezr</code></a> <a
href="521ea3d973"><code>521ea3d9</code></a></li>
<li>Fix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/3650">distribution/distribution#3650</a></li>
<li>Fix panic in inmemory driver by <a
href="https://github.com/wy65701436"><code>@​wy65701436</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/3815">distribution/distribution#3815</a></li>
<li>bump up golang version (alternative) by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/3903">distribution/distribution#3903</a></li>
<li>Dockerfile: update xx to v1.2.1 by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/3907">distribution/distribution#3907</a></li>
<li>update to go1.19.9 by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/3908">distribution/distribution#3908</a></li>
<li>Add code to handle pagination of parts. Fixes max layer size of 10GB
bug by <a
href="https://github.com/DavidSpek"><code>@​DavidSpek</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/3893">distribution/distribution#3893</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1">https://github.com/distribution/distribution/compare/v2.8.1...v2.8.2-beta.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7c354a4b40"><code>7c354a4</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/distribution/issues/3915">#3915</a>
from distribution/2.8.2-release-notes</li>
<li><a
href="a173a9c625"><code>a173a9c</code></a>
Add v2.8.2 release notes</li>
<li><a
href="4894d35ecc"><code>4894d35</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/distribution/issues/3914">#3914</a>
from vvoland/handle-forbidden-28</li>
<li><a
href="f067f66d3d"><code>f067f66</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/distribution/issues/3783">#3783</a>
from ndeloof/accept-encoding-28</li>
<li><a
href="483ad69da3"><code>483ad69</code></a>
registry/errors: Parse http forbidden as denied</li>
<li><a
href="2b0f84df21"><code>2b0f84d</code></a>
Revert &quot;registry/client: set Accept: identity header when getting
layers&quot;</li>
<li><a
href="320d6a141f"><code>320d6a1</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/distribution/issues/3912">#3912</a>
from distribution/2.8.2-beta.2-release-notes</li>
<li><a
href="5f3ca1b2fb"><code>5f3ca1b</code></a>
Add release notes for 2.8.2-beta.2 release</li>
<li><a
href="cb840f63b3"><code>cb840f6</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/distribution/issues/3911">#3911</a>
from thaJeztah/2.8_backport_fix_releaser_filenames</li>
<li><a
href="e884644fff"><code>e884644</code></a>
Dockerfile: fix filenames of artifacts</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/distribution/compare/v2.8.1...v2.8.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/distribution&package-manager=go_modules&previous-version=2.8.1+incompatible&new-version=2.8.2+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/goreleaser/goreleaser/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-11 21:58:37 -03:00
Michal Jan Matczuk
aecc9ea982
docs: homebrew link to resource-not-accessible-by-integration (#4003) 
This adds information on token configuration in hopes that users who
read it will avoid the error.

Co-authored-by: Michał Matczuk <mmatczuk@gmail.com>
 2023-05-11 09:47:00 -03:00
dependabot[bot]
4508ba71c7
feat(deps): bump github.com/klauspost/pgzip from 1.2.5 to 1.2.6 (#3985) 2023-05-11 12:38:19 +00:00
dependabot[bot]
6f5e94c2fb
feat(deps): bump golang.org/x/crypto from 0.8.0 to 0.9.0 (#4001) 2023-05-11 12:21:54 +00:00
dependabot[bot]
455730c619
feat(deps): bump github.com/disgoorg/disgo from 0.16.3 to 0.16.4 (#3996) 
Bumps [github.com/disgoorg/disgo](https://github.com/disgoorg/disgo)
from 0.16.3 to 0.16.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/disgoorg/disgo/releases">github.com/disgoorg/disgo's
releases</a>.</em></p>
<blockquote>
<h2>v0.16.4</h2>
<h2>What's Changed</h2>
<ul>
<li>fix missing user in resolved member by <a
href="https://github.com/TopiSenpai"><code>@​TopiSenpai</code></a> in <a
href="e9b9dd1605</a></li>
<li>fix missing user in target member by <a
href="https://github.com/TopiSenpai"><code>@​TopiSenpai</code></a> in <a
href="779858bdba</a></li>
<li>fix nil guild id in message delete event by <a
href="https://github.com/TopiSenpai"><code>@​TopiSenpai</code></a> in <a
href="66a0ba4e04</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/disgoorg/disgo/compare/v0.16.3...v0.16.4">https://github.com/disgoorg/disgo/compare/v0.16.3...v0.16.4</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="66a0ba4e04"><code>66a0ba4</code></a>
fix nil guild id in message delete event</li>
<li><a
href="779858bdba"><code>779858b</code></a>
fix missing user in target member</li>
<li><a
href="e9b9dd1605"><code>e9b9dd1</code></a>
fix missing user in resolved member</li>
<li>See full diff in <a
href="https://github.com/disgoorg/disgo/compare/v0.16.3...v0.16.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/disgoorg/disgo&package-manager=go_modules&previous-version=0.16.3&new-version=0.16.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
Dependabot will merge this PR once it's up-to-date and CI passes on it,
as requested by @caarlos0.

[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-11 09:07:20 -03:00
dependabot[bot]
f8bf6f068a
feat(deps): bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 (#4002) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.7.0
to 0.8.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="839de2255f"><code>839de22</code></a>
google: don't check for IsNotExist for well-known file</li>
<li><a
href="0690208dba"><code>0690208</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="451d5d662f"><code>451d5d6</code></a>
internal: remove repeated definite articles</li>
<li><a
href="cfe200d5bb"><code>cfe200d</code></a>
oauth2: parse RFC 6749 error response</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.7.0...v0.8.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/oauth2&package-manager=go_modules&previous-version=0.7.0&new-version=0.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-11 08:47:42 -03:00
dependabot[bot]
83e754614e
feat(deps): bump golang.org/x/tools from 0.8.0 to 0.9.1 (#3999) 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.8.0
to 0.9.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.9.1</h2>
<p>This release fixes a regression in the v0.9.0 release: a crash when
running the <code>go:generate</code><code>golang/go#53781</code></p>
<p>Thank you to all those who filed crash reports, and apologies for the
breakage!</p>
<h2>gopls@v0.9.0</h2>
<p>This release contains significant performance improvements
(especially in incremental processing after source changes), bug fixes,
and support for the LSP “<a
href="https://redirect.github.com/microsoft/language-server-protocol/issues/956">inlay
hints</a>” feature, along with several other minor enhancements.</p>
<h2>Performance improvements</h2>
<p>Source edits cause gopls to invalidate and recompute information
about the workspace, most of which has not changed. Previously, gopls
would spend significant CPU copying data structures, sometimes more than
100ms per keystroke in a large workspace. This release includes many
optimizations to avoid copying data needlessly, including a new <a
href="https://cs.opensource.google/go/x/tools/+/gopls-release-branch.0.9:internal/persistent/map.go;l=26-37">map
representation</a> to achieve copying in constant time. Special thanks
to <a
href="https://github.com/euroelessar"><code>@​euroelessar</code></a> for
the design and implementation of this data structure.</p>
<p>As a result of these improvements, gopls should be more responsive
while typing in large codebases, though it will still use a lot of
memory.</p>
<p>Time to process a change notification in the Kubernetes repo:
<img
src="https://user-images.githubusercontent.com/57144380/176967584-a8040048-6357-40d5-9d80-c448281f6482.png"
alt="image" /></p>
<h2>New Features</h2>
<h3>Inlay hints</h3>
<p>Added support for displaying inlay hints of composite literal field
names and types, constant values, function parameter names, function
type params, and short variable declarations. You can try these out in
the <a
href="https://github.com/golang/vscode-go/blob/master/docs/nightly.md">vscode-go
nightly</a> by <a
href="https://github.com/golang/vscode-go/blob/master/docs/settings.md#goinlayhintsassignvariabletypes">enabling
inlay hints settings</a>.</p>
<p><img
src="https://user-images.githubusercontent.com/57144380/176967591-a7b767b3-d447-4691-9486-10f957dc9a0f.gif"
alt="image3" /></p>
<h3>Package References</h3>
<p>Find references on <code>package foo</code> now lists locations where
the given package is imported.</p>
<h3>Quick-fix to add field names to struct literals</h3>
<p>A new quick fix adds field names to struct literals with unkeyed
fields.</p>
<p><img
src="https://user-images.githubusercontent.com/57144380/176967261-6acbe0e7-7698-46ea-8deb-cbd913296034.gif"
alt="image1" /></p>
<h2>Bug fixes</h2>
<p>This release includes the following notable bugfixes:</p>
<ul>
<li>Fixes for goimports performance and correctness when using a go.work
file (<a href="https://go.dev/issue/52784">#52784</a>)</li>
<li>Fix a crash during renaming in a package that uses generics (<a
href="https://go.dev/issue/52940">#52940</a>)</li>
<li>Fix gopls getting confused when moving a file from the
<code>foo_test</code> package to <code>foo</code> package (<a
href="https://redirect.github.com/golang/go/issues/45317">#45317</a>)</li>
</ul>
<p>A full list of all issues fixed can be found in the <a
href="https://github.com/golang/go/milestone/260">gopls/v0.9.0
milestone</a>.
To report a new problem, please file a new issue at <a
href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors!</h2>
<p>Thank you for your contribution, <a
href="https://github.com/alandonovan"><code>@​alandonovan</code></a>, <a
href="https://github.com/euroelessar"><code>@​euroelessar</code></a>, <a
href="https://github.com/findleyr"><code>@​findleyr</code></a>, <a
href="https://github.com/hyangah"><code>@​hyangah</code></a>, <a
href="https://github.com/jamalc"><code>@​jamalc</code></a>, <a
href="https://github.com/jba"><code>@​jba</code></a>, <a
href="https://github.com/marwan-at-work"><code>@​marwan-at-work</code></a>,
<a href="https://github.com/suzmue"><code>@​suzmue</code></a>, and <a
href="https://github.com/dle8"><code>@​dle8</code></a>!</p>
<h2>What’s Next?</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4609d79b05"><code>4609d79</code></a>
cmd/bisect: add -compile and -godebug shorthands</li>
<li><a
href="ddfa2200ae"><code>ddfa220</code></a>
internal/fuzzy: improvements to the symbol scoring algorithm</li>
<li><a
href="344924276c"><code>3449242</code></a>
go/types/objectpath: don't panic when receiver is missing a method</li>
<li><a
href="0809ec2e45"><code>0809ec2</code></a>
gopls/internal/lsp/source: document {All,Workspace}Metadata</li>
<li><a
href="8f7fb01dd4"><code>8f7fb01</code></a>
go/analysis/unitchecker: add test of go vet on std</li>
<li><a
href="23e52a3e12"><code>23e52a3</code></a>
bisect: diagnose bad targets better</li>
<li><a
href="d5af8894fe"><code>d5af889</code></a>
gopls: set GOWORK=off for loads from debug and safetoken tests</li>
<li><a
href="c93329a947"><code>c93329a</code></a>
go/analysis/passes/printf: reshorten diagnostic about %s in Println
call</li>
<li><a
href="62197261cf"><code>6219726</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="f4d143ebcd"><code>f4d143e</code></a>
go/ssa: cleanup TestGenericBodies to pickup package name</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.8.0...v0.9.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.8.0&new-version=0.9.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-10 11:02:44 -03:00
Carlos Alexandro Becker
1eced630a6
docs: fix typo 
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-05-08 15:20:17 +00:00
dependabot[bot]
64d6424215
chore(deps): bump anchore/sbom-action from 0.14.1 to 0.14.2 (#3994) 
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from
0.14.1 to 0.14.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.14.2</h2>
<h2>Changes in v0.14.2</h2>
<ul>
<li>Update Syft to v0.80.0 (<a
href="https://redirect.github.com/anchore/sbom-action/issues/415">#415</a>)</li>
<li>Make sure all invalid artifact name characters are replaced <a
href="https://redirect.github.com/anchore/sbom-action/issues/396">#396</a>
(<a
href="https://redirect.github.com/anchore/sbom-action/issues/417">#417</a>)
[<a href="https://github.com/lts-po">lts-po</a>]</li>
<li>Ensure SBOM is copied to <code>output-file</code> (<a
href="https://redirect.github.com/anchore/sbom-action/issues/411">#411</a>)
[<a href="https://github.com/gszr">gszr</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4d571ad103"><code>4d571ad</code></a>
chore(deps): update Syft to v0.80.0 (<a
href="https://redirect.github.com/anchore/sbom-action/issues/415">#415</a>)</li>
<li><a
href="a59054d328"><code>a59054d</code></a>
fix: Make sure all invalid chars are replaced for artifact names --
fixes <a
href="https://redirect.github.com/anchore/sbom-action/issues/39">#39</a>...</li>
<li><a
href="ea7104d799"><code>ea7104d</code></a>
chore: update snapshot workflow (<a
href="https://redirect.github.com/anchore/sbom-action/issues/413">#413</a>)</li>
<li><a
href="50dec67b80"><code>50dec67</code></a>
chore(deps): update Syft to v0.77.0 (<a
href="https://redirect.github.com/anchore/sbom-action/issues/409">#409</a>)</li>
<li><a
href="8e2e93770c"><code>8e2e937</code></a>
fix: ensure sbom is copied to output-file (<a
href="https://redirect.github.com/anchore/sbom-action/issues/411">#411</a>)</li>
<li><a
href="800a56fe08"><code>800a56f</code></a>
chore: update snapshot workflow (<a
href="https://redirect.github.com/anchore/sbom-action/issues/412">#412</a>)</li>
<li><a
href="9cf3dcd573"><code>9cf3dcd</code></a>
chore: update snapshot workflow (<a
href="https://redirect.github.com/anchore/sbom-action/issues/410">#410</a>)</li>
<li><a
href="642f63cefc"><code>642f63c</code></a>
chore: update syft update check (<a
href="https://redirect.github.com/anchore/sbom-action/issues/408">#408</a>)</li>
<li><a
href="a7622b6841"><code>a7622b6</code></a>
chore: update deprecated set-output (<a
href="https://redirect.github.com/anchore/sbom-action/issues/407">#407</a>)</li>
<li><a
href="c82ee2675f"><code>c82ee26</code></a>
chore: add workflow to update snapshots from PR comment (<a
href="https://redirect.github.com/anchore/sbom-action/issues/406">#406</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/anchore/sbom-action/compare/v0.14.1...v0.14.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.14.1&new-version=0.14.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-08 08:49:41 -03:00
actions-user
51c4501d6a chore: docs releases json auto-update 2023-05-07 03:37:42 +00:00
actions-user
2beed29de2 chore: docs releases json auto-update 2023-05-07 03:27:03 +00:00
Carlos Alexandro Becker
ad00069419
fix: warn when no match on archive files (#3992) 
refs https://github.com/orgs/goreleaser/discussions/3991

---------

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
v1.18.2 		2023-05-06 23:08:36 -03:00
Carlos Alexandro Becker
c6c6cdf0de
Revert "build: temp disable push to aur" 
This reverts commit b037471278c3264cbdf058f0f4e18d5539e9762a.
 2023-05-06 03:18:48 +00:00
Brian Strauch
b54d9d8aa4
docs: fix prebuilt binaries page (#3987) 
<!--

Hi, thanks for contributing!

Please make sure you read our CONTRIBUTING guide.

Also, add tests and the respective documentation changes as well.

-->


<!-- If applied, this commit will... -->

Fixes documentation for the "prebuilt binaries" section of the docs
 2023-05-05 13:37:52 -03:00
dependabot[bot]
d371145f89
chore(deps): bump github/codeql-action from 2.3.2 to 2.3.3 (#3983) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.3.2 to 2.3.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.3.3 - 04 May 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.1. <a
href="https://redirect.github.com/github/codeql-action/pull/1664">#1664</a></li>
<li>You can now configure CodeQL within your code scanning workflow by
passing a <code>config</code> input to the <code>init</code> Action. See
<a href="https://aka.ms/code-scanning-docs/config-file">Using a custom
configuration file</a> for more information about configuring code
scanning. <a
href="https://redirect.github.com/github/codeql-action/pull/1590">#1590</a></li>
</ul>
<h2>2.3.2 - 27 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.3.1 - 26 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.3.0 - 21 Apr 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.13.0. <a
href="https://redirect.github.com/github/codeql-action/pull/1649">#1649</a></li>
<li>Bump the minimum CodeQL bundle version to 2.8.5. <a
href="https://redirect.github.com/github/codeql-action/pull/1618">#1618</a></li>
</ul>
<h2>2.2.12 - 13 Apr 2023</h2>
<ul>
<li>Include the value of the <code>GITHUB_RUN_ATTEMPT</code> environment
variable in the telemetry sent to GitHub. <a
href="https://redirect.github.com/github/codeql-action/pull/1640">#1640</a></li>
<li>Improve the ease of debugging failed runs configured using <a
href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically">default
setup</a>. The CodeQL Action will now upload diagnostic information to
Code Scanning from failed runs configured using default setup. You can
view this diagnostic information on the <a
href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page">tool
status page</a>. <a
href="https://redirect.github.com/github/codeql-action/pull/1619">#1619</a></li>
</ul>
<h2>2.2.11 - 06 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.10 - 05 Apr 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.6. <a
href="https://redirect.github.com/github/codeql-action/pull/1629">#1629</a></li>
</ul>
<h2>2.2.9 - 27 Mar 2023</h2>
<ul>
<li>Customers post-processing the SARIF output of the
<code>analyze</code> Action before uploading it to Code Scanning will
benefit from an improved debugging experience. <a
href="https://redirect.github.com/github/codeql-action/pull/1598">#1598</a>
<ul>
<li>The CodeQL Action will now upload a SARIF file with debugging
information to Code Scanning on failed runs for customers using
<code>upload: false</code>. Previously, this was only available for
customers using the default value of the <code>upload</code> input.</li>
<li>The <code>upload</code> input to the <code>analyze</code> Action now
accepts the following values:
<ul>
<li><code>always</code> is the default value, which uploads the SARIF
file to Code Scanning for successful and failed runs.</li>
<li><code>failure-only</code> is recommended for customers
post-processing the SARIF file before uploading it to Code Scanning.
This option uploads debugging information to Code Scanning for failed
runs to improve the debugging experience.</li>
<li><code>never</code> avoids uploading the SARIF file to Code Scanning
even if the code scanning run fails. This is not recommended for
external users since it complicates debugging.</li>
<li>The legacy <code>true</code> and <code>false</code> options will be
interpreted as <code>always</code> and <code>failure-only</code>
respectively.</li>
</ul>
</li>
</ul>
</li>
</ul>
<h2>2.2.8 - 22 Mar 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.5. <a
href="https://redirect.github.com/github/codeql-action/pull/1585">#1585</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="29b1f65c5e"><code>29b1f65</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1669">#1669</a>
from github/update-v2.3.3-318bcc7f8</li>
<li><a
href="140500d80a"><code>140500d</code></a>
Update changelog for v2.3.3</li>
<li><a
href="318bcc7f84"><code>318bcc7</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1664">#1664</a>
from github/update-bundle/codeql-bundle-20230428</li>
<li><a
href="f72bf5dfb3"><code>f72bf5d</code></a>
Fix workflow formatting</li>
<li><a
href="33461954a5"><code>3346195</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-20230428</li>
<li><a
href="8ca5570701"><code>8ca5570</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1666">#1666</a>
from github/aeisenberg/readme-update</li>
<li><a
href="b1b3d00b62"><code>b1b3d00</code></a>
Add link to changenote for custom config</li>
<li><a
href="d2f6dfd52d"><code>d2f6dfd</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1665">#1665</a>
from github/aeisenberg/config-param</li>
<li><a
href="cba5616040"><code>cba5616</code></a>
Update CHANGELOG.md</li>
<li><a
href="40c95932fe"><code>40c9593</code></a>
Add changelog note</li>
<li>Additional commits viewable in <a
href="f3feb00acb...29b1f65c5e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.3.2&new-version=2.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-05 10:10:43 -03:00
actions-user
072173cdc5 chore: docs releases json auto-update 2023-05-05 04:52:44 +00:00
actions-user
bee9a91af0 chore: docs releases json auto-update 2023-05-05 04:45:31 +00:00
actions-user
c8e1e64d7e chore: docs releases json auto-update 2023-05-05 04:31:08 +00:00
Carlos Alexandro Becker
aaa9da33d5
fix: disable upx for now v1.18.1 2023-05-05 04:26:12 +00:00
actions-user
b35b8b29d9 chore: docs releases json auto-update v1.18.0 2023-05-05 03:44:34 +00:00
Carlos Alexandro Becker
b037471278
build: temp disable push to aur 2023-05-05 03:28:11 +00:00
Carlos Alexandro Becker
337f34ef01
chore: go mod tidy 
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-05-04 02:33:35 +00:00
Carlos Alexandro Becker
de986a199e
docs: update 
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-05-04 02:33:06 +00:00
Carlos Alexandro Becker
3707fe4d82
feat: allow to goreleaser check multiple files (#3980) 
This will be more useful for goreleaser pro than for oss, but I thought
it might worth it having it in both versions.
 2023-05-03 23:28:55 -03:00
Carlos Alexandro Becker
e8be671703
docs: multi platform docker images 
closes #3978
 2023-05-04 02:28:12 +00:00
dependabot[bot]
38b82f1117
feat(deps): bump github.com/sigstore/rekor from 1.0.1 to 1.1.1 (#3979) 
Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor)
from 1.0.1 to 1.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/rekor/releases">github.com/sigstore/rekor's
releases</a>.</em></p>
<blockquote>
<h1>v1.1.1</h1>
<h2>Functional Enhancements</h2>
<ul>
<li>Refactor Trillian client with exported methods (<a
href="https://redirect.github.com/sigstore/rekor/issues/1454">#1454</a>)</li>
<li>Switch to official redis-go client (<a
href="https://redirect.github.com/sigstore/rekor/issues/1459">#1459</a>)</li>
<li>Remove replace in go.mod (<a
href="https://redirect.github.com/sigstore/rekor/issues/1444">#1444</a>)</li>
<li>Add Rekor OID info. (<a
href="https://redirect.github.com/sigstore/rekor/issues/1390">#1390</a>)</li>
</ul>
<h2>Quality Enhancements</h2>
<ul>
<li>remove legacy encrypted cosign key (<a
href="https://redirect.github.com/sigstore/rekor/issues/1446">#1446</a>)</li>
<li>swap cjson dependency (<a
href="https://redirect.github.com/sigstore/rekor/issues/1441">#1441</a>)</li>
<li>Update release readme (<a
href="https://redirect.github.com/sigstore/rekor/issues/1456">#1456</a>)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Merge pull request from GHSA-2h5h-59f5-c5x9</li>
</ul>
<h2>Contributors</h2>
<ul>
<li>Billy Lynch</li>
<li>Bob Callaway</li>
<li>Carlos Tadeu Panato Junior</li>
<li>Ceridwen Coghlan</li>
<li>Hayden B</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/rekor/compare/v1.1.0...v1.1.1">https://github.com/sigstore/rekor/compare/v1.1.0...v1.1.1</a></p>
<h1>v1.1.0</h1>
<h2>Functional Enhancements</h2>
<ul>
<li>improve validation on intoto v0.0.2 type (<a
href="https://redirect.github.com/sigstore/rekor/issues/1351">#1351</a>)</li>
<li>add feature to limit HTTP request body length to process (<a
href="https://redirect.github.com/sigstore/rekor/issues/1334">#1334</a>)</li>
<li>add information about the file size limit (<a
href="https://redirect.github.com/sigstore/rekor/issues/1313">#1313</a>)</li>
<li>Add script to backfill Redis from Rekor (<a
href="https://redirect.github.com/sigstore/rekor/issues/1163">#1163</a>)</li>
<li>Feature: add search support for sha512 (<a
href="https://redirect.github.com/sigstore/rekor/issues/1142">#1142</a>)</li>
</ul>
<h2>Quality Enhancements</h2>
<ul>
<li>fuzzing: refactor OSS-Fuzz build script (<a
href="https://redirect.github.com/sigstore/rekor/issues/1377">#1377</a>)</li>
<li>Update cloudbuild for cosign 2.0 (<a
href="https://redirect.github.com/sigstore/rekor/issues/1375">#1375</a>)</li>
<li>Tests - Additional sharding tests (<a
href="https://redirect.github.com/sigstore/rekor/issues/1180">#1180</a>)</li>
<li>jar type: add fuzzer for 3rd-party dep (<a
href="https://redirect.github.com/sigstore/rekor/issues/1360">#1360</a>)</li>
<li>update cosign to 2.0.0 and builder image and also cosign flags (<a
href="https://redirect.github.com/sigstore/rekor/issues/1368">#1368</a>)</li>
<li>fuzzing: move alpine utils to fuzz utils (<a
href="https://redirect.github.com/sigstore/rekor/issues/1335">#1335</a>)</li>
<li>fuzzing: add seed for alpine fuzzer (<a
href="https://redirect.github.com/sigstore/rekor/issues/1342">#1342</a>)</li>
<li>jar: add v001 fuzzer (<a
href="https://redirect.github.com/sigstore/rekor/issues/1327">#1327</a>)</li>
<li>fuzzing: open writer later in fuzz utils (<a
href="https://redirect.github.com/sigstore/rekor/issues/1326">#1326</a>)</li>
<li>fuzzing: remove tar operations in alpine fuzzer (<a
href="https://redirect.github.com/sigstore/rekor/issues/1322">#1322</a>)</li>
<li>alpine: add v001 fuzzer (<a
href="https://redirect.github.com/sigstore/rekor/issues/1316">#1316</a>)</li>
<li>hashedrekord: add v001 fuzzer (<a
href="https://redirect.github.com/sigstore/rekor/issues/1315">#1315</a>)</li>
<li>fuzzing: add call to IndexKeys in multiple fuzzers (<a
href="https://redirect.github.com/sigstore/rekor/issues/1302">#1302</a>)</li>
<li>fuzzing: improve cose fuzzer (<a
href="https://redirect.github.com/sigstore/rekor/issues/1300">#1300</a>)</li>
<li>fuzzing: improve fuzz utils (<a
href="https://redirect.github.com/sigstore/rekor/issues/1298">#1298</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/rekor/blob/main/CHANGELOG.md">github.com/sigstore/rekor's
changelog</a>.</em></p>
<blockquote>
<h1>v1.1.1</h1>
<h2>Functional Enhancements</h2>
<ul>
<li>Refactor Trillian client with exported methods (<a
href="https://redirect.github.com/sigstore/rekor/issues/1454">#1454</a>)</li>
<li>Switch to official redis-go client (<a
href="https://redirect.github.com/sigstore/rekor/issues/1459">#1459</a>)</li>
<li>Remove replace in go.mod (<a
href="https://redirect.github.com/sigstore/rekor/issues/1444">#1444</a>)</li>
<li>Add Rekor OID info. (<a
href="https://redirect.github.com/sigstore/rekor/issues/1390">#1390</a>)</li>
</ul>
<h2>Quality Enhancements</h2>
<ul>
<li>remove legacy encrypted cosign key (<a
href="https://redirect.github.com/sigstore/rekor/issues/1446">#1446</a>)</li>
<li>swap cjson dependency (<a
href="https://redirect.github.com/sigstore/rekor/issues/1441">#1441</a>)</li>
<li>Update release readme (<a
href="https://redirect.github.com/sigstore/rekor/issues/1456">#1456</a>)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Merge pull request from GHSA-2h5h-59f5-c5x9</li>
</ul>
<h2>Contributors</h2>
<ul>
<li>Billy Lynch</li>
<li>Bob Callaway</li>
<li>Carlos Tadeu Panato Junior</li>
<li>Ceridwen Coghlan</li>
<li>Hayden B</li>
</ul>
<h1>v1.1.0</h1>
<h2>Functional Enhancements</h2>
<ul>
<li>improve validation on intoto v0.0.2 type (<a
href="https://redirect.github.com/sigstore/rekor/issues/1351">#1351</a>)</li>
<li>add feature to limit HTTP request body length to process (<a
href="https://redirect.github.com/sigstore/rekor/issues/1334">#1334</a>)</li>
<li>add information about the file size limit (<a
href="https://redirect.github.com/sigstore/rekor/issues/1313">#1313</a>)</li>
<li>Add script to backfill Redis from Rekor (<a
href="https://redirect.github.com/sigstore/rekor/issues/1163">#1163</a>)</li>
<li>Feature: add search support for sha512 (<a
href="https://redirect.github.com/sigstore/rekor/issues/1142">#1142</a>)</li>
</ul>
<h2>Quality Enhancements</h2>
<ul>
<li>fuzzing: refactor OSS-Fuzz build script (<a
href="https://redirect.github.com/sigstore/rekor/issues/1377">#1377</a>)</li>
<li>Update cloudbuild for cosign 2.0 (<a
href="https://redirect.github.com/sigstore/rekor/issues/1375">#1375</a>)</li>
<li>Tests - Additional sharding tests (<a
href="https://redirect.github.com/sigstore/rekor/issues/1180">#1180</a>)</li>
<li>jar type: add fuzzer for 3rd-party dep (<a
href="https://redirect.github.com/sigstore/rekor/issues/1360">#1360</a>)</li>
<li>update cosign to 2.0.0 and builder image and also cosign flags (<a
href="https://redirect.github.com/sigstore/rekor/issues/1368">#1368</a>)</li>
<li>fuzzing: move alpine utils to fuzz utils (<a
href="https://redirect.github.com/sigstore/rekor/issues/1335">#1335</a>)</li>
<li>fuzzing: add seed for alpine fuzzer (<a
href="https://redirect.github.com/sigstore/rekor/issues/1342">#1342</a>)</li>
<li>jar: add v001 fuzzer (<a
href="https://redirect.github.com/sigstore/rekor/issues/1327">#1327</a>)</li>
<li>fuzzing: open writer later in fuzz utils (<a
href="https://redirect.github.com/sigstore/rekor/issues/1326">#1326</a>)</li>
<li>fuzzing: remove tar operations in alpine fuzzer (<a
href="https://redirect.github.com/sigstore/rekor/issues/1322">#1322</a>)</li>
<li>alpine: add v001 fuzzer (<a
href="https://redirect.github.com/sigstore/rekor/issues/1316">#1316</a>)</li>
<li>hashedrekord: add v001 fuzzer (<a
href="https://redirect.github.com/sigstore/rekor/issues/1315">#1315</a>)</li>
<li>fuzzing: add call to IndexKeys in multiple fuzzers (<a
href="https://redirect.github.com/sigstore/rekor/issues/1302">#1302</a>)</li>
<li>fuzzing: improve cose fuzzer (<a
href="https://redirect.github.com/sigstore/rekor/issues/1300">#1300</a>)</li>
<li>fuzzing: improve fuzz utils (<a
href="https://redirect.github.com/sigstore/rekor/issues/1298">#1298</a>)</li>
<li>fuzzing: improve alpine fuzzer (<a
href="https://redirect.github.com/sigstore/rekor/issues/1273">#1273</a>)</li>
<li>fuzzing: go mod edit go-fuzz-headers (<a
href="https://redirect.github.com/sigstore/rekor/issues/1272">#1272</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0c1914e5e9"><code>0c1914e</code></a>
update CHANGELOG for v1.1.1 (<a
href="https://redirect.github.com/sigstore/rekor/issues/1462">#1462</a>)</li>
<li><a
href="cf42ace826"><code>cf42ace</code></a>
Merge pull request from GHSA-2h5h-59f5-c5x9</li>
<li><a
href="46ac0b224e"><code>46ac0b2</code></a>
Refactor Trillian client with exported methods (<a
href="https://redirect.github.com/sigstore/rekor/issues/1454">#1454</a>)</li>
<li><a
href="5d6e9723b1"><code>5d6e972</code></a>
build(deps): bump github.com/redis/go-redis/v9 from 9.0.3 to 9.0.4 (<a
href="https://redirect.github.com/sigstore/rekor/issues/1460">#1460</a>)</li>
<li><a
href="baa14ce4eb"><code>baa14ce</code></a>
Switch to official redis-go client (<a
href="https://redirect.github.com/sigstore/rekor/issues/1459">#1459</a>)</li>
<li><a
href="059e097a0b"><code>059e097</code></a>
build(deps): bump github.com/go-playground/validator/v10 (<a
href="https://redirect.github.com/sigstore/rekor/issues/1457">#1457</a>)</li>
<li><a
href="1f75c79256"><code>1f75c79</code></a>
Update release readme (<a
href="https://redirect.github.com/sigstore/rekor/issues/1456">#1456</a>)</li>
<li><a
href="98163f336c"><code>98163f3</code></a>
build(deps): bump github/codeql-action from 2.3.1 to 2.3.2 (<a
href="https://redirect.github.com/sigstore/rekor/issues/1455">#1455</a>)</li>
<li><a
href="24cb647106"><code>24cb647</code></a>
Remove replace in go.mod (<a
href="https://redirect.github.com/sigstore/rekor/issues/1444">#1444</a>)</li>
<li><a
href="39bd69bc7c"><code>39bd69b</code></a>
Add Rekor OID info. (<a
href="https://redirect.github.com/sigstore/rekor/issues/1390">#1390</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/sigstore/rekor/compare/v1.0.1...v1.1.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/rekor&package-manager=go_modules&previous-version=1.0.1&new-version=1.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/goreleaser/goreleaser/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-03 23:11:29 -03:00