Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from
0.15.2 to 0.15.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.15.3</h2>
<h2>Changes in v0.15.3</h2>
<ul>
<li>chore(deps): update Syft to v0.100.0 (<a
href="https://redirect.github.com/anchore/sbom-action/issues/435">#435</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c7f031d924"><code>c7f031d</code></a>
chore(deps): update Syft to v0.100.0 (<a
href="https://redirect.github.com/anchore/sbom-action/issues/435">#435</a>)</li>
<li>See full diff in <a
href="https://github.com/anchore/sbom-action/compare/v0.15.2...v0.15.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
Dependabot will merge this PR once CI passes on it, as requested by
@caarlos0.
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
refs #4513
this does not prevent the `dist` filepath to have spaces in it, although
that's likely less of an issue, but it will remove the spaces from
artifact's names.
Ideally, we could add a `tmpl.ApplyTrim` (or similar) that applies and
trim spaces, and use it everywhere it makes sense (which is likely a lot
of places).
Doing it on regular `Apply` might break things like release
footers/headers, which usually rely on empty lines (although maybe its
easier to treat those cases differently then).
Anyway, still thinking about it. Opinions are welcome :)
---------
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
log all skip reasons instead of only one, using a multierror.Error to
merge them all.
refs https://github.com/orgs/goreleaser/discussions/4469
---------
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.35.0 to
0.36.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/go-cloud/releases">gocloud.dev's
releases</a>.</em></p>
<blockquote>
<h2>v0.36.0</h2>
<p><strong>blob</strong></p>
<ul>
<li><strong>all</strong>: Allow disabling of <code>ContentType</code>
auto-detection during writes.</li>
</ul>
<p><strong>pubsub</strong></p>
<ul>
<li><strong>azuresb</strong>: Added a new auth method to support Service
principal/kubelet identity/Workload identity auth methods.</li>
</ul>
<p><strong>docstore</strong></p>
<ul>
<li><strong>all</strong>: Add in/not-in operators for Query.</li>
<li><strong>gcpfirestore</strong>: Added a missing resource header when
running query.</li>
</ul>
<p><strong>mysql</strong></p>
<ul>
<li>Pass TLS config directly to MySQL's config</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="01064b751a"><code>01064b7</code></a>
all: prerelease</li>
<li><a
href="92114ef433"><code>92114ef</code></a>
mysql: pass TLS config directly to MySQL's config (<a
href="https://redirect.github.com/google/go-cloud/issues/3348">#3348</a>)</li>
<li><a
href="97fe9d0425"><code>97fe9d0</code></a>
docstore/all: Add in/not-in operators for Query</li>
<li><a
href="4fe95eea2d"><code>4fe95ee</code></a>
blob/all: Allow disabling of ContentType auto-detection during writes
(<a
href="https://redirect.github.com/google/go-cloud/issues/3371">#3371</a>)</li>
<li><a
href="1dbbbb3e64"><code>1dbbbb3</code></a>
pubsub/azuresb: minor comments and fixes (<a
href="https://redirect.github.com/google/go-cloud/issues/3370">#3370</a>)</li>
<li><a
href="2090984208"><code>2090984</code></a>
all: update golang.org/x/crypto (<a
href="https://redirect.github.com/google/go-cloud/issues/3369">#3369</a>)</li>
<li><a
href="ddc7b99101"><code>ddc7b99</code></a>
pubsub/azuresb: new auth method to support Service principal/kubelet
identit...</li>
<li><a
href="c770de8217"><code>c770de8</code></a>
docstore/gcpfirestore: Add missing resource header when running
query</li>
<li><a
href="e86400ea40"><code>e86400e</code></a>
pubsub/awssnssqs: Remove hack for broken AWS error codes now that
they've fix...</li>
<li><a
href="8c8f558aff"><code>8c8f558</code></a>
all: postrelease (<a
href="https://redirect.github.com/google/go-cloud/issues/3351">#3351</a>)</li>
<li>See full diff in <a
href="https://github.com/google/go-cloud/compare/v0.35.0...v0.36.0">compare
view</a></li>
</ul>
</details>
<br />
<details>
<summary>Most Recent Ignore Conditions Applied to This Pull
Request</summary>
| Dependency Name | Ignore Conditions |
| --- | --- |
| gocloud.dev | [>= 0.25.a, < 0.26] |
</details>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.5.0 to
0.6.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="59c1ca1e46"><code>59c1ca1</code></a>
errgroup: add reference to sync.WaitGroup</li>
<li>See full diff in <a
href="https://github.com/golang/sync/compare/v0.5.0...v0.6.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps code.gitea.io/sdk/gitea from 0.17.0 to 0.17.1.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[github.com/goreleaser/nfpm/v2](https://github.com/goreleaser/nfpm) from
2.35.1 to 2.35.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/goreleaser/nfpm/releases">github.com/goreleaser/nfpm/v2's
releases</a>.</em></p>
<blockquote>
<h2>v2.35.2</h2>
<h2>Changelog</h2>
<h3>Security updates</h3>
<ul>
<li>440588e9d22bbb413014921baea0b81be3048769: sec(deps): bump
github.com/go-git/go-git/v5 from 5.7.0 to 5.11.0 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/759">#759</a>)
(<a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>beb0f7314e098689ee29cd957134107ad535f85e: fix: properly handle files
owned by fs (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/760">#760</a>)
(<a href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
</ul>
<h3>Build process updates</h3>
<ul>
<li>e15b21b0fba2f098ac7292a89126079ecf3e58fc: build: add packagers shell
to flake.nix (<a
href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
<li>19f03e44c39065d55675c04c794c1668801e1f06: build: fix flake (<a
href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
<li>a117582d8c23e97635bf55502f9a7eef8c3e35ba: build: use nix flake (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/761">#761</a>)
(<a href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
</ul>
<h3>Other work</h3>
<ul>
<li>37b28fd4a368a94e4e285bdabbd3c1641f28cff4: ci: release for ppc64le
(<a href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
<li>2b60d2191cef2110a15f62095eb7a909c78f7970: docs: update cmd docs (<a
href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
<li>c6f2eb7008f081ef5e1e448083dfbaeacd604c77: docs: validate jsonschema
(<a href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/goreleaser/nfpm/compare/v2.35.1...v2.35.2">https://github.com/goreleaser/nfpm/compare/v2.35.1...v2.35.2</a></p>
<h2>Helping out</h2>
<p>This release is only possible thanks to <strong>all</strong> the
support of <strong>awesome people</strong>!</p>
<p>Want to be one of them?
You can <a href="https://goreleaser.com/sponsors/">sponsor</a> or <a
href="https://goreleaser.com/contributing">contribute with code</a>.</p>
<h2>Where to go next?</h2>
<ul>
<li>nFPM is a satellite project from GoReleaser. <a
href="https://goreleaser.com">Check it out</a>!</li>
<li>Find examples and commented usage of all options in our <a
href="https://nfpm.goreleaser.com/">website</a>.</li>
<li>Reach out on <a href="https://discord.gg/RGEBtg8vQ6">Discord</a> and
<a href="https://twitter.com/goreleaser">Twitter</a>!</li>
</ul>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --><!-- raw HTML
omitted --></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="19f03e44c3"><code>19f03e4</code></a>
build: fix flake</li>
<li><a
href="beb0f7314e"><code>beb0f73</code></a>
fix: properly handle files owned by fs (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/760">#760</a>)</li>
<li><a
href="37b28fd4a3"><code>37b28fd</code></a>
ci: release for ppc64le</li>
<li><a
href="fcd64f5959"><code>fcd64f5</code></a>
chore(deps): bump anchore/sbom-action from 0.15.1 to 0.15.2 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/762">#762</a>)</li>
<li><a
href="e15b21b0fb"><code>e15b21b</code></a>
build: add packagers shell to flake.nix</li>
<li><a
href="b744dfbd5b"><code>b744dfb</code></a>
chore: add .editorconfig</li>
<li><a
href="c6f2eb7008"><code>c6f2eb7</code></a>
docs: validate jsonschema</li>
<li><a
href="a117582d8c"><code>a117582</code></a>
build: use nix flake (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/761">#761</a>)</li>
<li><a
href="440588e9d2"><code>440588e</code></a>
sec(deps): bump github.com/go-git/go-git/v5 from 5.7.0 to 5.11.0 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/759">#759</a>)</li>
<li><a
href="2b60d2191c"><code>2b60d21</code></a>
docs: update cmd docs</li>
<li>See full diff in <a
href="https://github.com/goreleaser/nfpm/compare/v2.35.1...v2.35.2">compare
view</a></li>
</ul>
</details>
<br />
<details>
<summary>Most Recent Ignore Conditions Applied to This Pull
Request</summary>
| Dependency Name | Ignore Conditions |
| --- | --- |
| github.com/goreleaser/nfpm/v2 | [>= 2.24.a, < 2.25] |
</details>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
