go/goreleaser
go/goreleaser
1
0
Fork 0
mirror of https://github.com/goreleaser/goreleaser.git synced 2025-01-10 03:47:03 +02:00
Code Issues Releases Activity
5,300 Commits 8 Branches 558 Tags 41 MiB
c22d52fb1e
Commit Graph

452 Commits

Author SHA1 Message Date
dependabot[bot]
9d6d85855d
chore(deps): bump github/codeql-action from 2.2.2 to 2.2.3 (#3767) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.2.2 to 2.2.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.2.3 - 08 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1518">#1518</a></li>
</ul>
<h2>2.2.2 - 06 Feb 2023</h2>
<ul>
<li>Fix an issue where customers using the CodeQL Action with the <a
href="https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access">CodeQL
Action sync tool</a> would not be able to obtain the CodeQL tools. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1517">#1517</a></li>
</ul>
<h2>2.2.1 - 27 Jan 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.0 - 26 Jan 2023</h2>
<ul>
<li>Improve stability when choosing the default version of CodeQL to use
in code scanning workflow runs on Actions on GitHub.com. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1475">#1475</a>
<ul>
<li>This change addresses customer reports of code scanning alerts on
GitHub.com being closed and reopened during the rollout of new versions
of CodeQL in the GitHub Actions <a
href="https://github.com/actions/runner-images">runner images</a>.</li>
<li><strong>No change is required for the majority of
workflows</strong>, including:
<ul>
<li>Workflows on GitHub.com hosted runners using the latest version
(<code>v2</code>) of the CodeQL Action.</li>
<li>Workflows on GitHub.com hosted runners that are pinned to specific
versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li>
<li>Workflows on GitHub Enterprise Server.</li>
</ul>
</li>
<li><strong>A change may be required</strong> for workflows on
GitHub.com hosted runners that are pinned to specific versions of the
CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>):
<ul>
<li>Previously, these workflows would obtain the latest version of
CodeQL from the Actions runner image.</li>
<li>Now, these workflows will download an older, compatible version of
CodeQL from GitHub Releases. To use this older version, no change is
required. To use the newest version of CodeQL, please update your
workflows to reference the latest version of the CodeQL Action
(<code>v2</code>).</li>
</ul>
</li>
<li><strong>Internal changes</strong>
<ul>
<li>These changes will not affect the majority of code scanning
workflows. Continue reading only if your workflow uses <a
href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@​actions/tool-cache</code></a>
or relies on the precise location of CodeQL within the Actions tool
cache.</li>
<li>The tool cache now contains <strong>two</strong> recent CodeQL
versions (previously <strong>one</strong>).</li>
<li>Each CodeQL version is located under a directory named after the
release date and version number, e.g. CodeQL 2.11.6 is now located under
<code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously
<code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li>
</ul>
</li>
</ul>
</li>
<li>The maximum number of <a
href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF
runs</a> per file has been increased from 15 to 20 for users uploading
SARIF files to GitHub.com. This change will help ensure that Code
Scanning can process SARIF files generated by third-party tools that
have many runs. See the <a
href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub
API documentation</a> for a list of all the limits around uploading
SARIF. This change will be released to GitHub Enterprise Server as part
of GHES 3.9.</li>
<li>Update default CodeQL bundle version to 2.12.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1498">#1498</a></li>
<li>Fix a bug that forced the <code>init</code> Action to run for at
least two minutes on JavaScript. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1494">#1494</a></li>
</ul>
<h2>2.1.39 - 18 Jan 2023</h2>
<ul>
<li>CodeQL Action v1 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v2. For more information, see <a
href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/">this
changelog post</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1467</a></li>
<li>Python automatic dependency installation will no longer fail for
projects using Poetry that specify <code>virtualenvs.options.no-pip =
true</code> in their <code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431">#1431</a></li>
<li>Avoid printing a stack trace and error message when the action fails
to find the SHA at the
current directory. This will happen in several non-error states and so
we now avoid cluttering the
log with this message. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1485">#1485</a></li>
</ul>
<h2>2.1.38 - 12 Jan 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1466</a></li>
</ul>
<h2>2.1.37 - 14 Dec 2022</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8775e86802"><code>8775e86</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1530">#1530</a>
from github/update-v2.2.3-c4e22e9fc</li>
<li><a
href="a2ad80b966"><code>a2ad80b</code></a>
Update changelog for v2.2.3</li>
<li><a
href="c4e22e9fce"><code>c4e22e9</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1529">#1529</a>
from github/henrymercer/remove-bypass-toolcache-flags</li>
<li><a
href="db534af2ae"><code>db534af</code></a>
Remove feature flags for bypassing the toolcache</li>
<li><a
href="4369dda4ae"><code>4369dda</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1518">#1518</a>
from github/cklin/codeql-cli-2.12.2</li>
<li><a
href="4f08c2cf20"><code>4f08c2c</code></a>
Bump default CodeQL version to 2.12.2</li>
<li><a
href="81644f35ff"><code>81644f3</code></a>
Add max line length of 120 to linter (<a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1524">#1524</a>)</li>
<li><a
href="9ab6aa64a0"><code>9ab6aa6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1526">#1526</a>
from github/mergeback/v2.2.2-to-main-39d8d7e7</li>
<li><a
href="256973e279"><code>256973e</code></a>
Update checked-in dependencies</li>
<li><a
href="59b25b480f"><code>59b25b4</code></a>
Update changelog and version after v2.2.2</li>
<li>Additional commits viewable in <a
href="39d8d7e78f...8775e86802">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.2&new-version=2.2.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-09 08:52:59 -03:00
dependabot[bot]
9da9f78537
chore(deps): bump docker/setup-buildx-action from 2.4.0 to 2.4.1 (#3762) 2023-02-07 14:07:51 +00:00
dependabot[bot]
6ab9fd15e1
chore(deps): bump github/codeql-action from 2.2.1 to 2.2.2 (#3763) 2023-02-07 13:57:31 +00:00
Carlos A Becker
b0783c7401
build: run test on any workflow change 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-02-07 09:48:26 -03:00
Carlos A Becker
addd7c4ceb
build: fix workflow syntax 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-02-07 09:44:33 -03:00
Carlos Alexandro Becker
81914757da
build: use go1.20 (#3757) 
update everything to go 1.20

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-05 13:39:39 -03:00
dependabot[bot]
599f9b4c6a
chore(deps): bump arduino/setup-task from 1.0.2 to 1.0.3 (#3736) 
Bumps [arduino/setup-task](https://github.com/arduino/setup-task) from
1.0.2 to 1.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/arduino/setup-task/releases">arduino/setup-task's
releases</a>.</em></p>
<blockquote>
<h2>1.0.3</h2>
<h2>Changelog</h2>
<h4>Enhancement</h4>
<ul>
<li>Add support for all Task build architectures
(43e1bb8c37ce39c24e88b4622c2f66b6d7d9ebbd)</li>
</ul>
<h2>Full Changeset</h2>
<p><a
href="https://github.com/arduino/setup-task/compare/1.0.2...1.0.3">https://github.com/arduino/setup-task/compare/1.0.2...1.0.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e26d897557"><code>e26d897</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/636">#636</a>
from per1234/arm-arch</li>
<li><a
href="43e1bb8c37"><code>43e1bb8</code></a>
Add support for all Task build architectures</li>
<li><a
href="bf9d22fbca"><code>bf9d22f</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/637">#637</a>
from arduino/dependabot/npm_and_yarn/eslint-8.33.0</li>
<li><a
href="f307193035"><code>f307193</code></a>
build(deps-dev): bump eslint from 8.32.0 to 8.33.0</li>
<li><a
href="9a385911a6"><code>9a38591</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/635">#635</a>
from arduino/dependabot/npm_and_yarn/jest-circus-29.4.1</li>
<li><a
href="446dc59e7a"><code>446dc59</code></a>
build(deps-dev): bump jest-circus from 29.4.0 to 29.4.1</li>
<li><a
href="fe65533e09"><code>fe65533</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/634">#634</a>
from arduino/dependabot/npm_and_yarn/vercel/ncc-0.36.1</li>
<li><a
href="af97840bda"><code>af97840</code></a>
build(deps-dev): bump <code>@​vercel/ncc</code> from 0.36.0 to
0.36.1</li>
<li><a
href="88a5c5cdc0"><code>88a5c5c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/632">#632</a>
from arduino/dependabot/npm_and_yarn/jest-circus-29.4.0</li>
<li><a
href="4d2bca9f30"><code>4d2bca9</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/631">#631</a>
from arduino/dependabot/npm_and_yarn/typescript-eslin...</li>
<li>Additional commits viewable in <a
href="d665c6beeb...e26d897557">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=arduino/setup-task&package-manager=github_actions&previous-version=1.0.2&new-version=1.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-01 09:19:19 -03:00
dependabot[bot]
ce5826ff36
chore(deps): bump docker/setup-buildx-action from 2.3.0 to 2.4.0 (#3737) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.3.0 to 2.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.4.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Don't depend on the GitHub API to check release by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/196">#196</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.3.0...v2.4.0">https://github.com/docker/setup-buildx-action/compare/v2.3.0...v2.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="15c905b16b"><code>15c905b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/196">#196</a>
from crazy-max/dl-no-token</li>
<li><a
href="a25d6a0130"><code>a25d6a0</code></a>
update generated content</li>
<li><a
href="39322d9057"><code>39322d9</code></a>
don't depend on the GitHub API to check release</li>
<li><a
href="0648fd6fd6"><code>0648fd6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/195">#195</a>
from crazy-max/fix-readme</li>
<li><a
href="30d8a59ee0"><code>30d8a59</code></a>
fix action version in README</li>
<li><a
href="71320d2e17"><code>71320d2</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/193">#193</a>
from fevrin/update-gh-doc-url</li>
<li><a
href="272f8b84cf"><code>272f8b8</code></a>
update GH doc URL</li>
<li>See full diff in <a
href="5e716dcfd6...15c905b16b">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.3.0&new-version=2.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-01 09:15:36 -03:00
dependabot[bot]
ca6ee15bb8
chore(deps): bump actions/cache from 3.2.3 to 3.2.4 (#3738) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.3 to
3.2.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Update json5 package version by <a
href="https://github.com/vsvipul"><code>@​vsvipul</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1065">actions/cache#1065</a></li>
<li>Cache recipes for cache, restore and save actions by <a
href="https://github.com/kotewar"><code>@​kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1055">actions/cache#1055</a></li>
<li>Add gnu tar and zstd as pre-requisites for windows self-hosted
runners by <a href="https://github.com/pdotl"><code>@​pdotl</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1068">actions/cache#1068</a></li>
<li>Fix a whitespace typo by <a
href="https://github.com/kurtmckee"><code>@​kurtmckee</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1074">actions/cache#1074</a></li>
<li>📝 <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1045">#1045</a>
update using the <code>set-output</code> command is deprecated by <a
href="https://github.com/siguikesse"><code>@​siguikesse</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1046">actions/cache#1046</a></li>
<li>Fix referenced output key in save action readme by <a
href="https://github.com/ruudk"><code>@​ruudk</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1061">actions/cache#1061</a></li>
<li>Update workflows to use reusable-workflows by <a
href="https://github.com/jongwooo"><code>@​jongwooo</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1066">actions/cache#1066</a></li>
<li>Introduce add-to-project step &amp; rename workflow files by <a
href="https://github.com/pallavx"><code>@​pallavx</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1077">actions/cache#1077</a></li>
<li>chore: Fix syntax error typo by <a
href="https://github.com/vHeemstra"><code>@​vHeemstra</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1081">actions/cache#1081</a></li>
<li>Update caching-strategies.md by <a
href="https://github.com/kpfleming"><code>@​kpfleming</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1084">actions/cache#1084</a></li>
<li>Added another usage hint to foresee <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1072">#1072</a>
by <a href="https://github.com/maybeec"><code>@​maybeec</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1089">actions/cache#1089</a></li>
<li>Add <code>fail-on-cache-miss</code> option by <a
href="https://github.com/cdce8p"><code>@​cdce8p</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1036">actions/cache#1036</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/kurtmckee"><code>@​kurtmckee</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1074">actions/cache#1074</a></li>
<li><a
href="https://github.com/siguikesse"><code>@​siguikesse</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1046">actions/cache#1046</a></li>
<li><a href="https://github.com/ruudk"><code>@​ruudk</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1061">actions/cache#1061</a></li>
<li><a href="https://github.com/pallavx"><code>@​pallavx</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1077">actions/cache#1077</a></li>
<li><a href="https://github.com/vHeemstra"><code>@​vHeemstra</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1081">actions/cache#1081</a></li>
<li><a href="https://github.com/kpfleming"><code>@​kpfleming</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1084">actions/cache#1084</a></li>
<li><a href="https://github.com/maybeec"><code>@​maybeec</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1089">actions/cache#1089</a></li>
<li><a href="https://github.com/cdce8p"><code>@​cdce8p</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1036">actions/cache#1036</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.2.4">https://github.com/actions/cache/compare/v3...v3.2.4</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<h3>3.0.11</h3>
<ul>
<li>Update toolkit version to 3.0.5 to include
<code>@actions/core@^1.10.0</code></li>
<li>Update <code>@actions/cache</code> to use updated
<code>saveState</code> and <code>setOutput</code> functions from
<code>@actions/core@^1.10.0</code></li>
</ul>
<h3>3.1.0-beta.1</h3>
<ul>
<li>Update <code>@actions/cache</code> on windows to use gnu tar and
zstd by default and fallback to bsdtar and zstd if gnu tar is not
available. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li>
</ul>
<h3>3.1.0-beta.2</h3>
<ul>
<li>Added support for fallback to gzip to restore old caches on
windows.</li>
</ul>
<h3>3.1.0-beta.3</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="627f0f41f6"><code>627f0f4</code></a>
Add <code>fail-on-cache-miss</code> option (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1036">#1036</a>)</li>
<li><a
href="8e3048d0f7"><code>8e3048d</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1089">#1089</a>
from maybeec/patch-1</li>
<li><a
href="1b004e8a69"><code>1b004e8</code></a>
Update tips-and-workarounds.md</li>
<li><a
href="75b110bc85"><code>75b110b</code></a>
Added another hint to foresee <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1072">#1072</a></li>
<li><a
href="2b5a782c64"><code>2b5a782</code></a>
Update caching-strategies.md (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1084">#1084</a>)</li>
<li><a
href="6c2de3ba98"><code>6c2de3b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1081">#1081</a>
from vHeemstra/patch-1</li>
<li><a
href="b63536828e"><code>b635368</code></a>
there as well ;)</li>
<li><a
href="cd2aaa9df8"><code>cd2aaa9</code></a>
chore: Fix syntax error typo</li>
<li><a
href="9b7ef12f3e"><code>9b7ef12</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1077">#1077</a>
from actions/pallavx-patch-1</li>
<li><a
href="3c08cab74f"><code>3c08cab</code></a>
Introduce add-to-project step &amp; rename add-reviewer-pr workflow
file</li>
<li>Additional commits viewable in <a
href="58c146cc91...627f0f41f6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.2.3&new-version=3.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-01 09:12:12 -03:00
dependabot[bot]
5c1fd3582b
chore(deps): bump docker/setup-buildx-action from 2.2.1 to 2.3.0 (#3729) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.2.1 to 2.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Use Octokit to check Buildx release on GitHub by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/191">#191</a>
<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/192">#192</a>)</li>
<li>Add version pinning information to the README by <a
href="https://github.com/jedevc"><code>@​jedevc</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/189">#189</a>)</li>
<li>Bump minimatch from 3.0.4 to 3.1.2 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/182">#182</a>)</li>
<li>Bump csv-parse from 5.3.1 to 5.3.3 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/181">#181</a>)</li>
<li>Bump json5 from 2.2.0 to 2.2.3 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/184">#184</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.2.1...v2.3.0">https://github.com/docker/setup-buildx-action/compare/v2.2.1...v2.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e716dcfd6"><code>5e716dc</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/192">#192</a>
from crazy-max/support-ghes</li>
<li><a
href="a83788eef0"><code>a83788e</code></a>
update generated content</li>
<li><a
href="d0d9a72195"><code>d0d9a72</code></a>
pass the token input through on GHES</li>
<li><a
href="a8165e7b70"><code>a8165e7</code></a>
enforce baseUrl to api.github.com if action used on GHES</li>
<li><a
href="a024221c60"><code>a024221</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/191">#191</a>
from crazy-max/fix-dl-release</li>
<li><a
href="4c3fce4ab2"><code>4c3fce4</code></a>
update generated content</li>
<li><a
href="7c965aebec"><code>7c965ae</code></a>
use Octokit client to download buildx</li>
<li><a
href="7932f6210d"><code>7932f62</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/189">#189</a>
from docker/version-pinning-docs</li>
<li><a
href="70deadb37a"><code>70deadb</code></a>
docs: add version pinning information to the README</li>
<li><a
href="165fe681b8"><code>165fe68</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/184">#184</a>
from docker/dependabot/npm_and_yarn/json5-2.2.3</li>
<li>Additional commits viewable in <a
href="8c0edbc76e...5e716dcfd6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.2.1&new-version=2.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-30 09:50:59 -03:00
dependabot[bot]
b192de9162
chore(deps): bump github/codeql-action from 2.2.0 to 2.2.1 (#3725) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.2.0 to 2.2.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.2.1 - 27 Jan 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.0 - 26 Jan 2023</h2>
<ul>
<li>Improve stability when choosing the default version of CodeQL to use
in code scanning workflow runs on Actions on GitHub.com. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1475">#1475</a>
<ul>
<li>This change addresses customer reports of code scanning alerts on
GitHub.com being closed and reopened during the rollout of new versions
of CodeQL in the GitHub Actions <a
href="https://github.com/actions/runner-images">runner images</a>.</li>
<li><strong>No change is required for the majority of
workflows</strong>, including:
<ul>
<li>Workflows on GitHub.com hosted runners using the latest version
(<code>v2</code>) of the CodeQL Action.</li>
<li>Workflows on GitHub.com hosted runners that are pinned to specific
versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li>
<li>Workflows on GitHub Enterprise Server.</li>
</ul>
</li>
<li><strong>A change may be required</strong> for workflows on
GitHub.com hosted runners that are pinned to specific versions of the
CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>):
<ul>
<li>Previously, these workflows would obtain the latest version of
CodeQL from the Actions runner image.</li>
<li>Now, these workflows will download an older, compatible version of
CodeQL from GitHub Releases. To use this older version, no change is
required. To use the newest version of CodeQL, please update your
workflows to reference the latest version of the CodeQL Action
(<code>v2</code>).</li>
</ul>
</li>
<li><strong>Internal changes</strong>
<ul>
<li>These changes will not affect the majority of code scanning
workflows. Continue reading only if your workflow uses <a
href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@​actions/tool-cache</code></a>
or relies on the precise location of CodeQL within the Actions tool
cache.</li>
<li>The tool cache now contains <strong>two</strong> recent CodeQL
versions (previously <strong>one</strong>).</li>
<li>Each CodeQL version is located under a directory named after the
release date and version number, e.g. CodeQL 2.11.6 is now located under
<code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously
<code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li>
</ul>
</li>
</ul>
</li>
<li>The maximum number of <a
href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF
runs</a> per file has been increased from 15 to 20 for users uploading
SARIF files to GitHub.com. This change will help ensure that Code
Scanning can process SARIF files generated by third-party tools that
have many runs. See the <a
href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub
API documentation</a> for a list of all the limits around uploading
SARIF. This change will be released to GitHub Enterprise Server as part
of GHES 3.9.</li>
<li>Update default CodeQL bundle version to 2.12.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1498">#1498</a></li>
<li>Fix a bug that forced the <code>init</code> Action to run for at
least two minutes on JavaScript. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1494">#1494</a></li>
</ul>
<h2>2.1.39 - 18 Jan 2023</h2>
<ul>
<li>CodeQL Action v1 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v2. For more information, see <a
href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/">this
changelog post</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1467</a></li>
<li>Python automatic dependency installation will no longer fail for
projects using Poetry that specify <code>virtualenvs.options.no-pip =
true</code> in their <code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431">#1431</a></li>
<li>Avoid printing a stack trace and error message when the action fails
to find the SHA at the
current directory. This will happen in several non-error states and so
we now avoid cluttering the
log with this message. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1485">#1485</a></li>
</ul>
<h2>2.1.38 - 12 Jan 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1466</a></li>
</ul>
<h2>2.1.37 - 14 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.6. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1433">#1433</a></li>
</ul>
<h2>2.1.36 - 08 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1412">#1412</a></li>
<li>Add a step that tries to upload a SARIF file for the workflow run
when that workflow run fails. This will help better surface failed code
scanning workflow runs. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1393">#1393</a></li>
<li>Python automatic dependency installation will no longer consider
dependency code installed in venv as user-written, for projects using
Poetry that specify <code>virtualenvs.in-project = true</code> in their
<code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1419">#1419</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3ebbd71c74"><code>3ebbd71</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1514">#1514</a>
from github/update-v2.2.1-4664f3969</li>
<li><a
href="2ae6e13cc3"><code>2ae6e13</code></a>
Update changelog for v2.2.1</li>
<li><a
href="4664f39699"><code>4664f39</code></a>
Ensure that <code>tools_download_duration_ms</code> is int (<a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1513">#1513</a>)</li>
<li><a
href="b2e16761f3"><code>b2e1676</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1512">#1512</a>
from github/mergeback/v2.2.0-to-main-436dbd91</li>
<li><a
href="592a896a53"><code>592a896</code></a>
Update checked-in dependencies</li>
<li><a
href="4a6b5a54c2"><code>4a6b5a5</code></a>
Update changelog and version after v2.2.0</li>
<li>See full diff in <a
href="436dbd9100...3ebbd71c74">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.0&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-27 08:57:40 -03:00
dependabot[bot]
31fbe515c1
chore(deps): bump github/codeql-action from 2.1.39 to 2.2.0 (#3722) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.39 to 2.2.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.2.0 - 26 Jan 2023</h2>
<ul>
<li>Improve stability when choosing the default version of CodeQL to use
in code scanning workflow runs on Actions on GitHub.com. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1475">#1475</a>
<ul>
<li>This change addresses customer reports of code scanning alerts on
GitHub.com being closed and reopened during the rollout of new versions
of CodeQL in the GitHub Actions <a
href="https://github.com/actions/runner-images">runner images</a>.</li>
<li><strong>No change is required for the majority of
workflows</strong>, including:
<ul>
<li>Workflows on GitHub.com hosted runners using the latest version
(<code>v2</code>) of the CodeQL Action.</li>
<li>Workflows on GitHub.com hosted runners that are pinned to specific
versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li>
<li>Workflows on GitHub Enterprise Server.</li>
</ul>
</li>
<li><strong>A change may be required</strong> for workflows on
GitHub.com hosted runners that are pinned to specific versions of the
CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>):
<ul>
<li>Previously, these workflows would obtain the latest version of
CodeQL from the Actions runner image.</li>
<li>Now, these workflows will download an older, compatible version of
CodeQL from GitHub Releases. To use this older version, no change is
required. To use the newest version of CodeQL, please update your
workflows to reference the latest version of the CodeQL Action
(<code>v2</code>).</li>
</ul>
</li>
<li><strong>Internal changes</strong>
<ul>
<li>These changes will not affect the majority of code scanning
workflows. Continue reading only if your workflow uses <a
href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@​actions/tool-cache</code></a>
or relies on the precise location of CodeQL within the Actions tool
cache.</li>
<li>The tool cache now contains <strong>two</strong> recent CodeQL
versions (previously <strong>one</strong>).</li>
<li>Each CodeQL version is located under a directory named after the
release date and version number, e.g. CodeQL 2.11.6 is now located under
<code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously
<code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li>
</ul>
</li>
</ul>
</li>
<li>The maximum number of <a
href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF
runs</a> per file has been increased from 15 to 20 for users uploading
SARIF files to GitHub.com. This change will help ensure that Code
Scanning can process SARIF files generated by third-party tools that
have many runs. See the <a
href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub
API documentation</a> for a list of all the limits around uploading
SARIF. This change will be released to GitHub Enterprise Server as part
of GHES 3.9.</li>
<li>Update default CodeQL bundle version to 2.12.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1498">#1498</a></li>
<li>Fix a bug that forced the <code>init</code> Action to run for at
least two minutes on JavaScript. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1494">#1494</a></li>
</ul>
<h2>2.1.39 - 18 Jan 2023</h2>
<ul>
<li>CodeQL Action v1 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v2. For more information, see <a
href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/">this
changelog post</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1467</a></li>
<li>Python automatic dependency installation will no longer fail for
projects using Poetry that specify <code>virtualenvs.options.no-pip =
true</code> in their <code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431">#1431</a></li>
<li>Avoid printing a stack trace and error message when the action fails
to find the SHA at the
current directory. This will happen in several non-error states and so
we now avoid cluttering the
log with this message. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1485">#1485</a></li>
</ul>
<h2>2.1.38 - 12 Jan 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1466</a></li>
</ul>
<h2>2.1.37 - 14 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.6. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1433">#1433</a></li>
</ul>
<h2>2.1.36 - 08 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1412">#1412</a></li>
<li>Add a step that tries to upload a SARIF file for the workflow run
when that workflow run fails. This will help better surface failed code
scanning workflow runs. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1393">#1393</a></li>
<li>Python automatic dependency installation will no longer consider
dependency code installed in venv as user-written, for projects using
Poetry that specify <code>virtualenvs.in-project = true</code> in their
<code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1419">#1419</a></li>
</ul>
<h2>2.1.35 - 01 Dec 2022</h2>
<p>No user facing changes.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="436dbd9100"><code>436dbd9</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1511">#1511</a>
from github/update-v2.2.0-43f1a6c70</li>
<li><a
href="d966969093"><code>d966969</code></a>
Remove $ from version number</li>
<li><a
href="f6d03f448d"><code>f6d03f4</code></a>
Update changelog for v2.2.0</li>
<li><a
href="43f1a6c701"><code>43f1a6c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1510">#1510</a>
from github/henrymercer/fix-fallback-version-number</li>
<li><a
href="75ae065ae6"><code>75ae065</code></a>
Fix computation of fallback version</li>
<li><a
href="0a9e9db27f"><code>0a9e9db</code></a>
Add failing regression test</li>
<li><a
href="24ca6b0400"><code>24ca6b0</code></a>
Send tools telemetry to <code>init</code> status report (<a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1497">#1497</a>)</li>
<li><a
href="ebf6415a7d"><code>ebf6415</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1493">#1493</a>
from github/aeisenberg/upload-sarif-limits</li>
<li><a
href="a58e90a9da"><code>a58e90a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1508">#1508</a>
from github/henrymercer/default-version-fallback</li>
<li><a
href="fdff4b0a17"><code>fdff4b0</code></a>
Update CHANGELOG.md</li>
<li>Additional commits viewable in <a
href="a34ca99b46...436dbd9100">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.39&new-version=2.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-27 08:55:41 -03:00
dependabot[bot]
4192f38550
chore(deps): bump actions/github-script from 6.3.3 to 6.4.0 (#3723) 
Bumps [actions/github-script](https://github.com/actions/github-script)
from 6.3.3 to 6.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v6.4.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump json5 from 2.1.3 to 2.2.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/319">actions/github-script#319</a></li>
<li>Bump minimatch from 3.0.4 to 3.1.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/320">actions/github-script#320</a></li>
<li>Add node-fetch by <a
href="https://github.com/danmichaelo"><code>@​danmichaelo</code></a> in
<a
href="https://github-redirect.dependabot.com/actions/github-script/pull/321">actions/github-script#321</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/jongwooo"><code>@​jongwooo</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/313">actions/github-script#313</a></li>
<li><a
href="https://github.com/austinvazquez"><code>@​austinvazquez</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/306">actions/github-script#306</a></li>
<li><a
href="https://github.com/danmichaelo"><code>@​danmichaelo</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/321">actions/github-script#321</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v6.3.3...v6.4.0">https://github.com/actions/github-script/compare/v6.3.3...v6.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="98814c53be"><code>98814c5</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/339">#339</a>
from actions/joshmgross/bump-package-version</li>
<li><a
href="ba6cf3fe7c"><code>ba6cf3f</code></a>
Bump version to 6.4.0</li>
<li><a
href="bcc389184d"><code>bcc3891</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/321">#321</a>
from danmichaelo/node-fetch</li>
<li><a
href="da8818015e"><code>da88180</code></a>
Merge <code>main</code></li>
<li><a
href="4d93f38890"><code>4d93f38</code></a>
Update dist and audit deps</li>
<li><a
href="0550e85801"><code>0550e85</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/336">#336</a>
from actions/joshmgross/minimatch-license</li>
<li><a
href="5420835fff"><code>5420835</code></a>
Merge branch 'main' into joshmgross/minimatch-license</li>
<li><a
href="03377835c3"><code>0337783</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/338">#338</a>
from actions/joshmgross/fix-dist</li>
<li><a
href="8c6dda0186"><code>8c6dda0</code></a>
Regenerate <code>dist</code></li>
<li><a
href="ee0d992b06"><code>ee0d992</code></a>
Use Node 16 in CI and examples</li>
<li>Additional commits viewable in <a
href="d556feaca3...98814c53be">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=6.3.3&new-version=6.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-27 08:55:28 -03:00
dependabot[bot]
71bc3f9ba1
chore(deps): bump anchore/sbom-action from 0.13.2 to 0.13.3 (#3724) 
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from
0.13.2 to 0.13.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.13.3</h2>
<h2>Changes in v0.13.3</h2>
<ul>
<li>Update Syft to v0.68.1 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/391">#391</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="07978da4bd"><code>07978da</code></a>
Update Syft to v0.68.1 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/391">#391</a>)</li>
<li>See full diff in <a
href="https://github.com/anchore/sbom-action/compare/v0.13.2...v0.13.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.13.2&new-version=0.13.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-27 08:55:18 -03:00
dependabot[bot]
d120e4dd36
chore(deps): bump anchore/sbom-action from 0.13.1 to 0.13.2 (#3720) 
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from
0.13.1 to 0.13.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.13.2</h2>
<h2>Changes in v0.13.2</h2>
<ul>
<li>Update Syft to v0.68.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/387">#387</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="54e36e45f3"><code>54e36e4</code></a>
feat: update Syft to v0.68.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/387">#387</a>)</li>
<li>See full diff in <a
href="https://github.com/anchore/sbom-action/compare/v0.13.1...v0.13.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.13.1&new-version=0.13.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-26 09:48:38 -03:00
dependabot[bot]
acaf730976
chore(deps): bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 (#3714) 
Bumps
[golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action)
from 3.3.1 to 3.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golangci/golangci-lint-action/releases">golangci/golangci-lint-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.0</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.42.0 to 5.42.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/601">golangci/golangci-lint-action#601</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.42.0 to 5.42.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/602">golangci/golangci-lint-action#602</a></li>
<li>build(deps-dev): bump eslint from 8.27.0 to 8.28.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/604">golangci/golangci-lint-action#604</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.42.1 to 5.43.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/605">golangci/golangci-lint-action#605</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.42.1 to 5.43.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/607">golangci/golangci-lint-action#607</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.43.0 to 5.44.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/609">golangci/golangci-lint-action#609</a></li>
<li>build(deps-dev): bump prettier from 2.7.1 to 2.8.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/611">golangci/golangci-lint-action#611</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.43.0 to 5.44.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/610">golangci/golangci-lint-action#610</a></li>
<li>build(deps-dev): bump typescript from 4.8.4 to 4.9.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/606">golangci/golangci-lint-action#606</a></li>
<li>build(deps): bump <code>@​types/node</code> from 18.11.9 to 18.11.10
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/614">golangci/golangci-lint-action#614</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.44.0 to 5.45.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/615">golangci/golangci-lint-action#615</a></li>
<li>build(deps-dev): bump eslint from 8.28.0 to 8.29.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/617">golangci/golangci-lint-action#617</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.44.0 to 5.45.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/616">golangci/golangci-lint-action#616</a></li>
<li>build(deps-dev): bump typescript from 4.9.3 to 4.9.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/619">golangci/golangci-lint-action#619</a></li>
<li>build(deps-dev): bump <code>@​vercel/ncc</code> from 0.34.0 to
0.36.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/620">golangci/golangci-lint-action#620</a></li>
<li>build(deps-dev): bump prettier from 2.8.0 to 2.8.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/622">golangci/golangci-lint-action#622</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.45.0 to 5.46.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/621">golangci/golangci-lint-action#621</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.45.0 to 5.46.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/623">golangci/golangci-lint-action#623</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.46.0 to 5.46.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/625">golangci/golangci-lint-action#625</a></li>
<li>build(deps): bump <code>@​types/node</code> from 18.11.10 to
18.11.17 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/628">golangci/golangci-lint-action#628</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.46.0 to 5.46.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/626">golangci/golangci-lint-action#626</a></li>
<li>build(deps-dev): bump eslint from 8.29.0 to 8.30.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/627">golangci/golangci-lint-action#627</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.46.1 to 5.47.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/633">golangci/golangci-lint-action#633</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.46.1 to 5.47.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/634">golangci/golangci-lint-action#634</a></li>
<li>build(deps): bump <code>@​actions/cache</code> from 3.0.6 to 3.1.0
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/632">golangci/golangci-lint-action#632</a></li>
<li>build(deps-dev): bump eslint from 8.30.0 to 8.31.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/635">golangci/golangci-lint-action#635</a></li>
<li>build(deps): bump <code>@​types/node</code> from 18.11.17 to
18.11.18 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/636">golangci/golangci-lint-action#636</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.47.0 to 5.47.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/637">golangci/golangci-lint-action#637</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.47.0 to 5.47.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/639">golangci/golangci-lint-action#639</a></li>
<li>build(deps): bump <code>@​actions/cache</code> from 3.1.0 to 3.1.1
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/638">golangci/golangci-lint-action#638</a></li>
<li>build(deps): bump json5 from 1.0.1 to 1.0.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/642">golangci/golangci-lint-action#642</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.47.1 to 5.48.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/643">golangci/golangci-lint-action#643</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.47.1 to 5.48.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/644">golangci/golangci-lint-action#644</a></li>
<li>build(deps-dev): bump prettier from 2.8.1 to 2.8.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/645">golangci/golangci-lint-action#645</a></li>
<li>build(deps-dev): bump eslint-config-prettier from 8.5.0 to 8.6.0 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/646">golangci/golangci-lint-action#646</a></li>
<li>build(deps): bump <code>@​actions/cache</code> from 3.1.1 to 3.1.2
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/647">golangci/golangci-lint-action#647</a></li>
<li>Support Caching in Mono Repo by <a
href="https://github.com/bbernays"><code>@​bbernays</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/629">golangci/golangci-lint-action#629</a></li>
<li>build(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.27.4 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/650">golangci/golangci-lint-action#650</a></li>
<li>build(deps-dev): bump prettier from 2.8.2 to 2.8.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/651">golangci/golangci-lint-action#651</a></li>
<li>build(deps-dev): bump eslint from 8.31.0 to 8.32.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/652">golangci/golangci-lint-action#652</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.48.0 to 5.48.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/653">golangci/golangci-lint-action#653</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.48.0 to 5.48.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/654">golangci/golangci-lint-action#654</a></li>
<li>build(deps-dev): bump eslint-plugin-import from 2.27.4 to 2.27.5 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/655">golangci/golangci-lint-action#655</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.48.1 to 5.48.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/656">golangci/golangci-lint-action#656</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.48.1 to 5.48.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/657">golangci/golangci-lint-action#657</a></li>
<li>build(deps-dev): bump eslint-plugin-simple-import-sort from 8.0.0 to
9.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/658">golangci/golangci-lint-action#658</a></li>
</ul>
<h2>New Contributors</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="08e2f20817"><code>08e2f20</code></a>
build(deps-dev): bump eslint-plugin-simple-import-sort from 8.0.0 to
9.0.0 (#...</li>
<li><a
href="8d110786c7"><code>8d11078</code></a>
build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.48.1 to 5.48.2 ...</li>
<li><a
href="724a5425db"><code>724a542</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.48.1 to 5.48.2 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/656">#656</a>)</li>
<li><a
href="ac0edcd804"><code>ac0edcd</code></a>
build(deps-dev): bump eslint-plugin-import from 2.27.4 to 2.27.5 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/655">#655</a>)</li>
<li><a
href="d6404ce293"><code>d6404ce</code></a>
build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.48.0 to 5.48.1 ...</li>
<li><a
href="cb88bde406"><code>cb88bde</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.48.0 to 5.48.1 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/653">#653</a>)</li>
<li><a
href="f26018a9c0"><code>f26018a</code></a>
build(deps-dev): bump eslint from 8.31.0 to 8.32.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/652">#652</a>)</li>
<li><a
href="78451d099c"><code>78451d0</code></a>
build(deps-dev): bump prettier from 2.8.2 to 2.8.3 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/651">#651</a>)</li>
<li><a
href="5570e66705"><code>5570e66</code></a>
build(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.27.4 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/650">#650</a>)</li>
<li><a
href="1626f2bd94"><code>1626f2b</code></a>
Support Caching in Mono Repo (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/629">#629</a>)</li>
<li>Additional commits viewable in <a
href="0ad9a0988b...08e2f20817">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=3.3.1&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-24 09:49:46 -03:00
dependabot[bot]
93b582b4bb
chore(deps): bump github/codeql-action from 2.1.38 to 2.1.39 (#3704) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.38 to 2.1.39.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.39 - 18 Jan 2023</h2>
<ul>
<li>CodeQL Action v1 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v2. For more information, see <a
href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/">this
changelog post</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1467</a></li>
<li>Python automatic dependency installation will no longer fail for
projects using Poetry that specify <code>virtualenvs.options.no-pip =
true</code> in their <code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431">#1431</a></li>
<li>Avoid printing a stack trace and error message when the action fails
to find the SHA at the
current directory. This will happen in several non-error states and so
we now avoid cluttering the
log with this message. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1485">#1485</a></li>
</ul>
<h2>2.1.38 - 12 Jan 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1466</a></li>
</ul>
<h2>2.1.37 - 14 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.6. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1433">#1433</a></li>
</ul>
<h2>2.1.36 - 08 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1412">#1412</a></li>
<li>Add a step that tries to upload a SARIF file for the workflow run
when that workflow run fails. This will help better surface failed code
scanning workflow runs. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1393">#1393</a></li>
<li>Python automatic dependency installation will no longer consider
dependency code installed in venv as user-written, for projects using
Poetry that specify <code>virtualenvs.in-project = true</code> in their
<code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1419">#1419</a></li>
</ul>
<h2>2.1.35 - 01 Dec 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.34 - 25 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1391">#1391</a></li>
<li>Fixed a bug where some the <code>init</code> action and the
<code>analyze</code> action would have different sets of experimental
feature flags enabled. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1384">#1384</a></li>
</ul>
<h2>2.1.33 - 16 Nov 2022</h2>
<ul>
<li>Go is now analyzed in the same way as other compiled languages such
as C/C++, C#, and Java. This completes the rollout of the feature
described in <a
href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL
Action version 2.1.27</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li>
<li>Bump the minimum CodeQL bundle version to 2.6.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li>
</ul>
<h2>2.1.32 - 14 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li>
<li>Update the ML-powered additional query pack for JavaScript to
version 0.4.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li>
</ul>
<h2>2.1.31 - 04 Nov 2022</h2>
<ul>
<li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been
updated to no longer report uses of hash functions such as
<code>MD5</code> and <code>SHA1</code> even if they are known to be
weak. These hash algorithms are used very often in non-sensitive
contexts, making the query too imprecise in practice. For more
information, see the corresponding change in the <a
href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql
repository</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a34ca99b46"><code>a34ca99</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1489">#1489</a>
from github/update-v2.1.39-597c2041</li>
<li><a
href="48fa82899a"><code>48fa828</code></a>
Update changelog for v2.1.39</li>
<li><a
href="597c204127"><code>597c204</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1481">#1481</a>
from github/henrymercer/discontinue-v1</li>
<li><a
href="e0fd640b0c"><code>e0fd640</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1487">#1487</a>
from github/aeisenberg/queries-check</li>
<li><a
href="d731c012c4"><code>d731c01</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1486">#1486</a>
from github/update-supported-enterprise-server-versions</li>
<li><a
href="6dfc772b5f"><code>6dfc772</code></a>
Add link to new changelog post</li>
<li><a
href="60e58b4a21"><code>60e58b4</code></a>
Merge branch 'main' into henrymercer/discontinue-v1</li>
<li><a
href="9b1206e898"><code>9b1206e</code></a>
Fix a bug in cli config parsing</li>
<li><a
href="40cfcb0a3f"><code>40cfcb0</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1485">#1485</a>
from github/aeisenberg/comitoid-message</li>
<li><a
href="e199504667"><code>e199504</code></a>
Update supported GitHub Enterprise Server versions.</li>
<li>Additional commits viewable in <a
href="515828d974...a34ca99b46">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.38&new-version=2.1.39)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-19 09:42:30 -03:00
dependabot[bot]
8ebefd251e
chore(deps): bump github/codeql-action from 2.1.37 to 2.1.38 (#3696) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.37 to 2.1.38.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.38 - 12 Jan 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1466</a></li>
</ul>
<h2>2.1.37 - 14 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.6. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1433">#1433</a></li>
</ul>
<h2>2.1.36 - 08 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1412">#1412</a></li>
<li>Add a step that tries to upload a SARIF file for the workflow run
when that workflow run fails. This will help better surface failed code
scanning workflow runs. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1393">#1393</a></li>
<li>Python automatic dependency installation will no longer consider
dependecy code installed in venv as user-written, for projects using
Poetry that specify <code>virtualenvs.in-project = true</code> in their
<code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1419">#1419</a>.</li>
</ul>
<h2>2.1.35 - 01 Dec 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.34 - 25 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1391">#1391</a></li>
<li>Fixed a bug where some the <code>init</code> action and the
<code>analyze</code> action would have different sets of experimental
feature flags enabled. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1384">#1384</a></li>
</ul>
<h2>2.1.33 - 16 Nov 2022</h2>
<ul>
<li>Go is now analyzed in the same way as other compiled languages such
as C/C++, C#, and Java. This completes the rollout of the feature
described in <a
href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL
Action version 2.1.27</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li>
<li>Bump the minimum CodeQL bundle version to 2.6.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li>
</ul>
<h2>2.1.32 - 14 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li>
<li>Update the ML-powered additional query pack for JavaScript to
version 0.4.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li>
</ul>
<h2>2.1.31 - 04 Nov 2022</h2>
<ul>
<li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been
updated to no longer report uses of hash functions such as
<code>MD5</code> and <code>SHA1</code> even if they are known to be
weak. These hash algorithms are used very often in non-sensitive
contexts, making the query too imprecise in practice. For more
information, see the corresponding change in the <a
href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql
repository</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li>
</ul>
<h2>2.1.30 - 02 Nov 2022</h2>
<ul>
<li>Improve the error message when using CodeQL bundle version 2.7.2 and
earlier in a workflow that runs on a runner image such as
<code>ubuntu-22.04</code> that uses glibc version 2.34 and later. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1334">#1334</a></li>
</ul>
<h2>2.1.29 - 26 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="515828d974"><code>515828d</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1476">#1476</a>
from github/update-v2.1.38-70fdddff</li>
<li><a
href="caa49ae471"><code>caa49ae</code></a>
Update changelog for v2.1.38</li>
<li><a
href="70fdddff11"><code>70fdddf</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1474">#1474</a>
from github/henrymercer/fix-ghae-setup-test</li>
<li><a
href="6ba0a36550"><code>6ba0a36</code></a>
Add JSDoc for <code>mockDownloadApi</code></li>
<li><a
href="4a918790cd"><code>4a91879</code></a>
Merge branch 'main' into henrymercer/fix-ghae-setup-test</li>
<li><a
href="42d6d35dd1"><code>42d6d35</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1464">#1464</a>
from github/aeisenberg/externalRepoTokenConfigParsing</li>
<li><a
href="e009918fbc"><code>e009918</code></a>
Merge branch 'main' into aeisenberg/externalRepoTokenConfigParsing</li>
<li><a
href="70a288daae"><code>70a288d</code></a>
Merge branch 'main' into henrymercer/fix-ghae-setup-test</li>
<li><a
href="bdc7c5d203"><code>bdc7c5d</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1466">#1466</a>
from github/dbartol/bundle-20230105</li>
<li><a
href="272d916f23"><code>272d916</code></a>
Address comments from PR</li>
<li>Additional commits viewable in <a
href="959cbb7472...515828d974">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.37&new-version=2.1.38)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-13 10:20:58 -03:00
Carlos A Becker
e90193b6e8
build: only notify generate-releases on a release 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-01-11 09:40:12 -03:00
Carlos A Becker
17cd672149
build: use go 1.19.5 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-01-11 09:18:25 -03:00
Artur Troian
0f8de79473
build: notify goreleaser-cross about new release (#3685) 
Signed-off-by: Artur Troian <troian.ap@gmail.com>

Signed-off-by: Artur Troian <troian.ap@gmail.com>
 2023-01-09 14:45:29 -03:00
dependabot[bot]
5388005912
chore(deps): bump actions/cache from 3.2.2 to 3.2.3 (#3687) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.2 to
3.2.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Add Mint example by <a
href="https://github.com/uhooi"><code>@​uhooi</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1051">actions/cache#1051</a></li>
<li>Fixed broken link by <a
href="https://github.com/kotewar"><code>@​kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1057">actions/cache#1057</a></li>
<li>Add support to opt-in enable cross-os caching on windows by <a
href="https://github.com/Phantsure"><code>@​Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1056">actions/cache#1056</a></li>
<li>Release support for cross-os caching as opt-in feature by <a
href="https://github.com/Phantsure"><code>@​Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1060">actions/cache#1060</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/uhooi"><code>@​uhooi</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1051">actions/cache#1051</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.2.3">https://github.com/actions/cache/compare/v3...v3.2.3</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<h3>3.0.11</h3>
<ul>
<li>Update toolkit version to 3.0.5 to include
<code>@actions/core@^1.10.0</code></li>
<li>Update <code>@actions/cache</code> to use updated
<code>saveState</code> and <code>setOutput</code> functions from
<code>@actions/core@^1.10.0</code></li>
</ul>
<h3>3.1.0-beta.1</h3>
<ul>
<li>Update <code>@actions/cache</code> on windows to use gnu tar and
zstd by default and fallback to bsdtar and zstd if gnu tar is not
available. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li>
</ul>
<h3>3.1.0-beta.2</h3>
<ul>
<li>Added support for fallback to gzip to restore old caches on
windows.</li>
</ul>
<h3>3.1.0-beta.3</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="58c146cc91"><code>58c146c</code></a>
Release support for cross-os caching as opt-in feature (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1060">#1060</a>)</li>
<li><a
href="6fd2d4538c"><code>6fd2d45</code></a>
Add support to opt-in enable cross-os caching on windows (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1056">#1056</a>)</li>
<li><a
href="1f414295fe"><code>1f41429</code></a>
Fixed broken link (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1057">#1057</a>)</li>
<li><a
href="365406cb70"><code>365406c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1051">#1051</a>
from uhooi/feature/add_mint_example</li>
<li><a
href="d6217569d5"><code>d621756</code></a>
Update Mint example</li>
<li><a
href="84e54000da"><code>84e5400</code></a>
Merge remote-tracking branch 'origin/main' into
feature/add_mint_example</li>
<li>See full diff in <a
href="4723a57e26...58c146cc91">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.2.2&new-version=3.2.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-09 09:23:07 -03:00
dependabot[bot]
d80b937827
chore(deps): bump actions/checkout from 3.2.0 to 3.3.0 (#3683) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.2.0
to 3.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v3.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Implement branch list using callbacks from exec function by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1045">actions/checkout#1045</a></li>
<li>Add in explicit reference to private checkout options by <a
href="https://github.com/vanZeben"><code>@​vanZeben</code></a> in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1050">actions/checkout#1050</a></li>
<li>Fix comment typos (that got added in <a
href="https://github-redirect.dependabot.com/actions/checkout/issues/770">#770</a>)
by <a href="https://github.com/lurch"><code>@​lurch</code></a> in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1057">actions/checkout#1057</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/vanZeben"><code>@​vanZeben</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1050">actions/checkout#1050</a></li>
<li><a href="https://github.com/lurch"><code>@​lurch</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1057">actions/checkout#1057</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v3.2.0...v3.3.0">https://github.com/actions/checkout/compare/v3.2.0...v3.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ac59398561"><code>ac59398</code></a>
Fix comment typos (that got added in <a
href="https://github-redirect.dependabot.com/actions/checkout/issues/770">#770</a>)
(<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/1057">#1057</a>)</li>
<li><a
href="3ba5ee6fac"><code>3ba5ee6</code></a>
Add in explicit reference to private checkout options (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/1050">#1050</a>)</li>
<li><a
href="8856415920"><code>8856415</code></a>
Implement branch list using callbacks from exec function (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/1045">#1045</a>)</li>
<li>See full diff in <a
href="755da8c3cf...ac59398561">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.2.0&new-version=3.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-06 09:20:17 -03:00
Carlos A Becker
b4e0439f4d
Merge remote-tracking branch 'origin/main' 2022-12-30 22:50:26 -03:00
dependabot[bot]
3bcd4c6f28
chore(deps): Bump benc-uk/workflow-dispatch from 1 to 121 (#3675) 2022-12-30 09:13:12 -03:00
Carlos A Becker
09b76aa090
docs: fix descriptions 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-12-29 21:57:42 -03:00
Carlos A Becker
02e2dfddf2
docs: update workflows 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-12-29 15:02:27 -03:00
Carlos Alexandro Becker
232c982fb0
docs: improve build (#3674) 
- generate releases.json et al on our github actions workflow
- use those when building and also on our `run` script
- new releases will dispatch the workflow so it re-generates the needed
files

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-12-29 14:55:45 -03:00
dependabot[bot]
04410be510
chore(deps): Bump actions/cache from 3.2.1 to 3.2.2 (#3664) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.1 to
3.2.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix formatting error in restore/README.md by <a
href="https://github.com/me-and"><code>@​me-and</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1044">actions/cache#1044</a></li>
<li>save/README.md: Fix typo in example by <a
href="https://github.com/mmuetzel"><code>@​mmuetzel</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1040">actions/cache#1040</a></li>
<li>README.md: remove outdated Windows cache tip link by <a
href="https://github.com/me-and"><code>@​me-and</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1042">actions/cache#1042</a></li>
<li>Revert compression changes related to windows but keep version
logging by <a
href="https://github.com/Phantsure"><code>@​Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1049">actions/cache#1049</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/me-and"><code>@​me-and</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1044">actions/cache#1044</a></li>
<li><a href="https://github.com/mmuetzel"><code>@​mmuetzel</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1040">actions/cache#1040</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3.2.1...v3.2.2">https://github.com/actions/cache/compare/v3.2.1...v3.2.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<h3>3.0.11</h3>
<ul>
<li>Update toolkit version to 3.0.5 to include
<code>@actions/core@^1.10.0</code></li>
<li>Update <code>@actions/cache</code> to use updated
<code>saveState</code> and <code>setOutput</code> functions from
<code>@actions/core@^1.10.0</code></li>
</ul>
<h3>3.1.0-beta.1</h3>
<ul>
<li>Update <code>@actions/cache</code> on windows to use gnu tar and
zstd by default and fallback to bsdtar and zstd if gnu tar is not
available. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li>
</ul>
<h3>3.1.0-beta.2</h3>
<ul>
<li>Added support for fallback to gzip to restore old caches on
windows.</li>
</ul>
<h3>3.1.0-beta.3</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4723a57e26"><code>4723a57</code></a>
Revert compression changes related to windows but keep version logging
(<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1049">#1049</a>)</li>
<li><a
href="d1507cccba"><code>d1507cc</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1042">#1042</a>
from me-and/correct-readme-re-windows</li>
<li><a
href="3337563725"><code>3337563</code></a>
Merge branch 'main' into correct-readme-re-windows</li>
<li><a
href="60c7666709"><code>60c7666</code></a>
save/README.md: Fix typo in example (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1040">#1040</a>)</li>
<li><a
href="b053f2b699"><code>b053f2b</code></a>
Fix formatting error in restore/README.md (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1044">#1044</a>)</li>
<li><a
href="501277cfd7"><code>501277c</code></a>
README.md: remove outdated Windows cache tip link</li>
<li>See full diff in <a
href="c1a5de879e...4723a57e26">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.2.1&new-version=3.2.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-28 10:02:31 -03:00
dependabot[bot]
89856068b8
chore(deps): Bump actions/cache from 3.2.0 to 3.2.1 (#3658) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.0 to
3.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Release compression related changes for windows by <a
href="https://github.com/Phantsure"><code>@​Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1039">actions/cache#1039</a></li>
<li>Upgrade codeql to v2 by <a
href="https://github.com/Phantsure"><code>@​Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1023">actions/cache#1023</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3.2.0...v3.2.1">https://github.com/actions/cache/compare/v3.2.0...v3.2.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<h3>3.0.11</h3>
<ul>
<li>Update toolkit version to 3.0.5 to include
<code>@actions/core@^1.10.0</code></li>
<li>Update <code>@actions/cache</code> to use updated
<code>saveState</code> and <code>setOutput</code> functions from
<code>@actions/core@^1.10.0</code></li>
</ul>
<h3>3.1.0-beta.1</h3>
<ul>
<li>Update <code>@actions/cache</code> on windows to use gnu tar and
zstd by default and fallback to bsdtar and zstd if gnu tar is not
available. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li>
</ul>
<h3>3.1.0-beta.2</h3>
<ul>
<li>Added support for fallback to gzip to restore old caches on
windows.</li>
</ul>
<h3>3.1.0-beta.3</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c1a5de879e"><code>c1a5de8</code></a>
Upgrade codeql to v2 (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1023">#1023</a>)</li>
<li><a
href="9b0be58822"><code>9b0be58</code></a>
Release compression related changes for windows (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1039">#1039</a>)</li>
<li>See full diff in <a
href="c17f4bf466...c1a5de879e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.2.0&new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-23 08:57:15 -03:00
dependabot[bot]
6c9adcb1c7
chore(deps): bump actions/cache from 3.0.11 to 3.2.0 (#3657) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.11 to
3.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>fix wrong timeout env var key in README.md by <a
href="https://github.com/walterddr"><code>@​walterddr</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/959">actions/cache#959</a></li>
<li>Updated release doc with correct env variable by <a
href="https://github.com/kotewar"><code>@​kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/960">actions/cache#960</a></li>
<li>Create pull_request_template.md by <a
href="https://github.com/pdotl"><code>@​pdotl</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/963">actions/cache#963</a></li>
<li>Update README with clearer info about cache-hit and its value by <a
href="https://github.com/kotewar"><code>@​kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/961">actions/cache#961</a></li>
<li>Change datadog/squid to Ubuntu/squid in CI check by <a
href="https://github.com/bishal-pdMSFT"><code>@​bishal-pdMSFT</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/976">actions/cache#976</a></li>
<li>Add more details to version section in readme by <a
href="https://github.com/bishal-pdMSFT"><code>@​bishal-pdMSFT</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/971">actions/cache#971</a></li>
<li>Update hashFiles documentation reference by <a
href="https://github.com/asaf400"><code>@​asaf400</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/979">actions/cache#979</a></li>
<li>Updated link for cache segment download info by <a
href="https://github.com/kotewar"><code>@​kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/986">actions/cache#986</a></li>
<li>Readme update for deleting caches by <a
href="https://github.com/t-dedah"><code>@​t-dedah</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/981">actions/cache#981</a></li>
<li>Add oncall logic to assign issues and PRs by <a
href="https://github.com/vsvipul"><code>@​vsvipul</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/997">actions/cache#997</a></li>
<li>Bump minimatch from 3.0.4 to 3.1.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/998">actions/cache#998</a></li>
<li>Revert &quot;Bump minimatch from 3.0.4 to 3.1.2&quot; by <a
href="https://github.com/vsvipul"><code>@​vsvipul</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1005">actions/cache#1005</a></li>
<li>Fix npm vulnerability by <a
href="https://github.com/Phantsure"><code>@​Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1007">actions/cache#1007</a></li>
<li>refactor: Use early return pattern to avoid nested conditions by <a
href="https://github.com/jongwooo"><code>@​jongwooo</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1013">actions/cache#1013</a></li>
<li>Use cache in check-dist.yml by <a
href="https://github.com/jongwooo"><code>@​jongwooo</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1004">actions/cache#1004</a></li>
<li>chore: Use built-in cache action to cache dependencies by <a
href="https://github.com/jongwooo"><code>@​jongwooo</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1014">actions/cache#1014</a></li>
<li>Updated node example by <a
href="https://github.com/t-dedah"><code>@​t-dedah</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1008">actions/cache#1008</a></li>
<li>Fix: Node npm doc example by <a
href="https://github.com/apascualm"><code>@​apascualm</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1026">actions/cache#1026</a></li>
<li>docs: fix an invalid link in workarounds.md by <a
href="https://github.com/teatimeguest"><code>@​teatimeguest</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/929">actions/cache#929</a></li>
<li>General Availability release for granular cache by <a
href="https://github.com/kotewar"><code>@​kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1035">actions/cache#1035</a>
More details here on <a
href="https://github.com/actions/cache/discussions/1020">beta</a>
release.</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/walterddr"><code>@​walterddr</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/959">actions/cache#959</a></li>
<li><a href="https://github.com/asaf400"><code>@​asaf400</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/979">actions/cache#979</a></li>
<li><a href="https://github.com/jongwooo"><code>@​jongwooo</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1013">actions/cache#1013</a></li>
<li><a href="https://github.com/apascualm"><code>@​apascualm</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1026">actions/cache#1026</a></li>
<li><a
href="https://github.com/teatimeguest"><code>@​teatimeguest</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/929">actions/cache#929</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.2.0">https://github.com/actions/cache/compare/v3...v3.2.0</a></p>
<h2>v3.2.0-beta.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Actions Cache Granular Control Implementation by <a
href="https://github.com/kotewar"><code>@​kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1006">actions/cache#1006</a></li>
</ul>
<h2>v3.1.0-beta.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Bug fixes for bsdtar fallback, if gnutar not available, and gzip
fallback, if cache saved using old cache action, on windows.</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3.1.0-beta.2...v3.1.0-beta.3">https://github.com/actions/cache/compare/v3.1.0-beta.2...v3.1.0-beta.3</a></p>
<h2>v3.1.0-beta.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Updated node example by <a
href="https://github.com/t-dedah"><code>@​t-dedah</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1008">actions/cache#1008</a></li>
<li>Release cache <code>3.1.0-beta.2</code> with gzip fallback for old
cache by <a
href="https://github.com/Phantsure"><code>@​Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1022">actions/cache#1022</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3.1.0-beta.1...v3.1.0-beta.2">https://github.com/actions/cache/compare/v3.1.0-beta.1...v3.1.0-beta.2</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<h3>3.0.11</h3>
<ul>
<li>Update toolkit version to 3.0.5 to include
<code>@actions/core@^1.10.0</code></li>
<li>Update <code>@actions/cache</code> to use updated
<code>saveState</code> and <code>setOutput</code> functions from
<code>@actions/core@^1.10.0</code></li>
</ul>
<h3>3.1.0-beta.1</h3>
<ul>
<li>Update <code>@actions/cache</code> on windows to use gnu tar and
zstd by default and fallback to bsdtar and zstd if gnu tar is not
available. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li>
</ul>
<h3>3.1.0-beta.2</h3>
<ul>
<li>Added support for fallback to gzip to restore old caches on
windows.</li>
</ul>
<h3>3.1.0-beta.3</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c17f4bf466"><code>c17f4bf</code></a>
GA for granular cache (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1035">#1035</a>)</li>
<li><a
href="ac25611cae"><code>ac25611</code></a>
docs: fix an invalid link in workarounds.md (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/929">#929</a>)</li>
<li><a
href="dc097e3bb9"><code>dc097e3</code></a>
Update examples.md (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1026">#1026</a>)</li>
<li><a
href="fb86cbf360"><code>fb86cbf</code></a>
Updated node example (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1008">#1008</a>)</li>
<li><a
href="a57932faba"><code>a57932f</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1014">#1014</a>
from jongwooo/chore/use-built-in-cache-action</li>
<li><a
href="04b13caea4"><code>04b13ca</code></a>
chore: Use built-in cache action to cache dependencies</li>
<li><a
href="941bc71a24"><code>941bc71</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1004">#1004</a>
from jongwooo/chore/use-cache-in-check-dist</li>
<li><a
href="08d8639046"><code>08d8639</code></a>
Merge branch 'main' into chore/use-cache-in-check-dist</li>
<li><a
href="a2f324eeb7"><code>a2f324e</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1013">#1013</a>
from jongwooo/refactor/use-early-return-pattern-to-a...</li>
<li><a
href="35f4702f6c"><code>35f4702</code></a>
refactor: Use early return pattern to avoid nested conditions</li>
<li>Additional commits viewable in <a
href="9b0c1fce7a...c17f4bf466">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.0.11&new-version=3.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-22 09:13:39 -03:00
dependabot[bot]
0d5b669642
chore(deps): bump github/codeql-action from 2.1.36 to 2.1.37 (#3645) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.36 to 2.1.37.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.37 - 14 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.6. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1433">#1433</a></li>
</ul>
<h2>2.1.36 - 08 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1412">#1412</a></li>
<li>Add a step that tries to upload a SARIF file for the workflow run
when that workflow run fails. This will help better surface failed code
scanning workflow runs. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1393">#1393</a></li>
<li>Python automatic dependency installation will no longer consider
dependecy code installed in venv as user-written, for projects using
Poetry that specify <code>virtualenvs.in-project = true</code> in their
<code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1419">#1419</a>.</li>
</ul>
<h2>2.1.35 - 01 Dec 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.34 - 25 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1391">#1391</a></li>
<li>Fixed a bug where some the <code>init</code> action and the
<code>analyze</code> action would have different sets of experimental
feature flags enabled. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1384">#1384</a></li>
</ul>
<h2>2.1.33 - 16 Nov 2022</h2>
<ul>
<li>Go is now analyzed in the same way as other compiled languages such
as C/C++, C#, and Java. This completes the rollout of the feature
described in <a
href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL
Action version 2.1.27</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li>
<li>Bump the minimum CodeQL bundle version to 2.6.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li>
</ul>
<h2>2.1.32 - 14 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li>
<li>Update the ML-powered additional query pack for JavaScript to
version 0.4.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li>
</ul>
<h2>2.1.31 - 04 Nov 2022</h2>
<ul>
<li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been
updated to no longer report uses of hash functions such as
<code>MD5</code> and <code>SHA1</code> even if they are known to be
weak. These hash algorithms are used very often in non-sensitive
contexts, making the query too imprecise in practice. For more
information, see the corresponding change in the <a
href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql
repository</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li>
</ul>
<h2>2.1.30 - 02 Nov 2022</h2>
<ul>
<li>Improve the error message when using CodeQL bundle version 2.7.2 and
earlier in a workflow that runs on a runner image such as
<code>ubuntu-22.04</code> that uses glibc version 2.34 and later. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1334">#1334</a></li>
</ul>
<h2>2.1.29 - 26 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li>
</ul>
<h2>2.1.28 - 18 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="959cbb7472"><code>959cbb7</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1436">#1436</a>
from github/update-v2.1.37-d58039a1</li>
<li><a
href="10ca836463"><code>10ca836</code></a>
Update changelog for v2.1.37</li>
<li><a
href="d58039a1e3"><code>d58039a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1435">#1435</a>
from github/orhantoy/add-CODE_SCANNING_REF-tests</li>
<li><a
href="37a4496237"><code>37a4496</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1433">#1433</a>
from github/henrymercer/use-codeql-2.11.6</li>
<li><a
href="b7028afcb4"><code>b7028af</code></a>
Make sure env is reset between tests</li>
<li><a
href="f629dada4c"><code>f629dad</code></a>
Merge branch 'main' into henrymercer/use-codeql-2.11.6</li>
<li><a
href="ccee4c68ff"><code>ccee4c6</code></a>
Add tests for CODE_SCANNING_REF</li>
<li><a
href="899bf9c076"><code>899bf9c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1432">#1432</a>
from github/henrymercer/init-post-telemetry</li>
<li><a
href="dd7c3ef80e"><code>dd7c3ef</code></a>
Remove debugging log statements</li>
<li><a
href="b7b875efff"><code>b7b875e</code></a>
Reuse existing fields in post-init status report</li>
<li>Additional commits viewable in <a
href="a669cc5936...959cbb7472">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.36&new-version=2.1.37)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-15 10:16:31 -03:00
Carlos Alexandro Becker
cac3f17562
feat(deps): build with go 1.19.4 (#3644) 
latest and greatest

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-12-14 15:23:40 -03:00
dependabot[bot]
f05b211b61
chore(deps): bump actions/setup-go from 3.4.0 to 3.5.0 (#3643) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.4.0
to 3.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>Add support for stable and oldstable aliases</h2>
<p>In scope of this release we introduce aliases for the
<code>go-version</code> input. The <code>stable</code> alias instals the
latest stable version of Go. The <code>oldstable</code> alias installs
previous latest minor release (the stable is 1.19.x -&gt; the oldstable
is 1.18.x).</p>
<h3>Stable</h3>
<pre lang="yaml"><code>steps:
  - uses: actions/checkout@v3
  - uses: actions/setup-go@v3
    with:
      go-version: 'stable'
  - run: go run hello.go
</code></pre>
<h3>OldStable</h3>
<pre lang="yaml"><code>steps:
  - uses: actions/checkout@v3
  - uses: actions/setup-go@v3
    with:
      go-version: 'oldstable'
  - run: go run hello.go
</code></pre>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6edd4406fa"><code>6edd440</code></a>
fix log for stable aliases (<a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/303">#303</a>)</li>
<li><a
href="38dbe75f81"><code>38dbe75</code></a>
Add stable and oldstable aliases (<a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/300">#300</a>)</li>
<li><a
href="30c39bfe0c"><code>30c39bf</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/301">#301</a>
from jongwooo/chore/use-cache-in-check-dist</li>
<li><a
href="8377b69a56"><code>8377b69</code></a>
Use cache in check-dist.yml</li>
<li>See full diff in <a
href="d0a58c1c4d...6edd4406fa">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=3.4.0&new-version=3.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-14 12:09:30 -03:00
dependabot[bot]
43e2b3bf69
chore(deps): bump actions/checkout from 3.1.0 to 3.2.0 (#3636) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0
to 3.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add GitHub Action to perform release by <a
href="https://github.com/rentziass"><code>@​rentziass</code></a> in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/942">actions/checkout#942</a></li>
<li>Fix status badge by <a
href="https://github.com/ScottBrenner"><code>@​ScottBrenner</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/967">actions/checkout#967</a></li>
<li>Replace datadog/squid with ubuntu/squid Docker image by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1002">actions/checkout#1002</a></li>
<li>Wrap pipeline commands for submoduleForeach in quotes by <a
href="https://github.com/jokreliable"><code>@​jokreliable</code></a> in
<a
href="https://github-redirect.dependabot.com/actions/checkout/pull/964">actions/checkout#964</a></li>
<li>Update <code>@​actions/io</code> to 1.1.2 by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1029">actions/checkout#1029</a></li>
<li>Upgrading version to 3.2.0 by <a
href="https://github.com/vmjoseph"><code>@​vmjoseph</code></a> in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1039">actions/checkout#1039</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/ScottBrenner"><code>@​ScottBrenner</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/967">actions/checkout#967</a></li>
<li><a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1002">actions/checkout#1002</a></li>
<li><a
href="https://github.com/jokreliable"><code>@​jokreliable</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/964">actions/checkout#964</a></li>
<li><a href="https://github.com/vmjoseph"><code>@​vmjoseph</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1039">actions/checkout#1039</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v3...v3.2.0">https://github.com/actions/checkout/compare/v3...v3.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="755da8c3cf"><code>755da8c</code></a>
3.2.0 (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/1039">#1039</a>)</li>
<li><a
href="26d48e8ea1"><code>26d48e8</code></a>
Update <code>@​actions/io</code> to 1.1.2 (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/1029">#1029</a>)</li>
<li><a
href="bf085276ce"><code>bf08527</code></a>
wrap pipeline commands for submoduleForeach in quotes (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/964">#964</a>)</li>
<li><a
href="5c3ccc22eb"><code>5c3ccc2</code></a>
Replace datadog/squid with ubuntu/squid Docker image (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/1002">#1002</a>)</li>
<li><a
href="1f9a0c22da"><code>1f9a0c2</code></a>
README - fix status badge (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/967">#967</a>)</li>
<li><a
href="8230315d06"><code>8230315</code></a>
Add workflow to update a main version (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/942">#942</a>)</li>
<li>See full diff in <a
href="93ea575cb5...755da8c3cf">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.1.0&new-version=3.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-13 09:44:45 -03:00
dependabot[bot]
dae543ff24
chore(deps): bump github/codeql-action from 2.1.35 to 2.1.36 (#3629) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.35 to 2.1.36.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.36 - 08 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1412">#1412</a></li>
<li>Add a step that tries to upload a SARIF file for the workflow run
when that workflow run fails. This will help better surface failed code
scanning workflow runs. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1393">#1393</a></li>
<li>Python automatic dependency installation will no longer consider
dependecy code installed in venv as user-written, for projects using
Poetry that specify <code>virtualenvs.in-project = true</code> in their
<code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1419">#1419</a>.</li>
</ul>
<h2>2.1.35 - 01 Dec 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.34 - 25 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1391">#1391</a></li>
<li>Fixed a bug where some the <code>init</code> action and the
<code>analyze</code> action would have different sets of experimental
feature flags enabled. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1384">#1384</a></li>
</ul>
<h2>2.1.33 - 16 Nov 2022</h2>
<ul>
<li>Go is now analyzed in the same way as other compiled languages such
as C/C++, C#, and Java. This completes the rollout of the feature
described in <a
href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL
Action version 2.1.27</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li>
<li>Bump the minimum CodeQL bundle version to 2.6.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li>
</ul>
<h2>2.1.32 - 14 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li>
<li>Update the ML-powered additional query pack for JavaScript to
version 0.4.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li>
</ul>
<h2>2.1.31 - 04 Nov 2022</h2>
<ul>
<li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been
updated to no longer report uses of hash functions such as
<code>MD5</code> and <code>SHA1</code> even if they are known to be
weak. These hash algorithms are used very often in non-sensitive
contexts, making the query too imprecise in practice. For more
information, see the corresponding change in the <a
href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql
repository</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li>
</ul>
<h2>2.1.30 - 02 Nov 2022</h2>
<ul>
<li>Improve the error message when using CodeQL bundle version 2.7.2 and
earlier in a workflow that runs on a runner image such as
<code>ubuntu-22.04</code> that uses glibc version 2.34 and later. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1334">#1334</a></li>
</ul>
<h2>2.1.29 - 26 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li>
</ul>
<h2>2.1.28 - 18 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li>
<li>Replace uses of GitHub Actions command <code>set-output</code>
because it is now deprecated. See more information in the <a
href="https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/">GitHub
Changelog</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1301">#1301</a></li>
</ul>
<h2>2.1.27 - 06 Oct 2022</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a669cc5936"><code>a669cc5</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1428">#1428</a>
from github/update-v2.1.36-2b971a70</li>
<li><a
href="aab7a26877"><code>aab7a26</code></a>
Update changelog for v2.1.36</li>
<li><a
href="2b971a70bb"><code>2b971a7</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1426">#1426</a>
from github/dependabot/pip/python-setup/tests/poetry...</li>
<li><a
href="bf944d782b"><code>bf944d7</code></a>
Bump certifi in /python-setup/tests/poetry/requests-3</li>
<li><a
href="566a5e6727"><code>566a5e6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1424">#1424</a>
from github/dependabot/pip/python-setup/tests/pipenv...</li>
<li><a
href="10c89976dc"><code>10c8997</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1421">#1421</a>
from github/cklin/fix-update-required-checks-sha</li>
<li><a
href="8121f62c54"><code>8121f62</code></a>
Bump certifi in /python-setup/tests/pipenv/python-3.8</li>
<li><a
href="104319fe98"><code>104319f</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1423">#1423</a>
from github/dependabot/pip/python-setup/tests/pipenv...</li>
<li><a
href="aba18b82f7"><code>aba18b8</code></a>
Bump certifi in /python-setup/tests/pipenv/requests-3</li>
<li><a
href="4a5ad5af18"><code>4a5ad5a</code></a>
update-required-checks.sh: ignore check-expected-release-files</li>
<li>Additional commits viewable in <a
href="b2a92eb56d...a669cc5936">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.35&new-version=2.1.36)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-09 13:53:16 -03:00
Carlos Alexandro Becker
7e9c6a82df
chore: delete lock.yml 
not really that useful, as we rarely have gravediggers... and its too noisy.
 2022-12-05 11:20:01 -03:00
dependabot[bot]
60cbed540e
chore(deps): bump dessant/lock-threads from 3.0.0 to 4.0.0 (#3621) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads)
from 3.0.0 to 4.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dessant/lock-threads/releases">dessant/lock-threads's
releases</a>.</em></p>
<blockquote>
<h2>v4.0.0</h2>
<p>Learn more about this release from the <a
href="https://github.com/dessant/lock-threads/blob/master/CHANGELOG.md#changelog">changelog</a>.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/dessant/lock-threads/blob/master/CHANGELOG.md">dessant/lock-threads's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file.
See <a
href="https://github.com/conventional-changelog/standard-version">standard-version</a>
for commit guidelines.</p>
<h2><a
href="https://github.com/dessant/lock-threads/compare/v3.0.0...v4.0.0">4.0.0</a>
(2022-12-04)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>the action now requires Node.js 16</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>update dependencies (<a
href="38e9185581">38e9185</a>)</li>
<li>update docs (<a
href="32986e2696">32986e2</a>)</li>
</ul>
<h2><a
href="https://github.com/dessant/lock-threads/compare/v2.1.2...v3.0.0">3.0.0</a>
(2021-09-27)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>
<p>input parameter names have changed</p>
<p>Rename the following input parameters when upgrading from v2 to
v3:</p>
<ul>
<li><code>issue-lock-inactive-days</code> --&gt;
<code>issue-inactive-days</code></li>
<li><code>issue-exclude-created-before</code> --&gt;
<code>exclude-issue-created-before</code></li>
<li><code>issue-exclude-labels</code> --&gt;
<code>exclude-any-issue-labels</code></li>
<li><code>issue-lock-labels</code> --&gt;
<code>add-issue-labels</code></li>
<li><code>issue-lock-comment</code> --&gt;
<code>issue-comment</code></li>
<li><code>pr-lock-inactive-days</code> --&gt;
<code>pr-inactive-days</code></li>
<li><code>pr-exclude-created-before</code> --&gt;
<code>exclude-pr-created-before</code></li>
<li><code>pr-exclude-labels</code> --&gt;
<code>exclude-any-pr-labels</code></li>
<li><code>pr-lock-labels</code> --&gt; <code>add-pr-labels</code></li>
<li><code>pr-lock-comment</code> --&gt; <code>pr-comment</code></li>
</ul>
</li>
</ul>
<h3>Features</h3>
<ul>
<li>add new filtering and labeling options, update input parameter names
(<a
href="26fd836f96">26fd836</a>)</li>
<li>allow manual triggering (<a
href="a0c7da3065">a0c7da3</a>)</li>
</ul>
<h3><a
href="https://github.com/dessant/lock-threads/compare/v2.1.1...v2.1.2">2.1.2</a>
(2021-08-17)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>ignore error when commenting on issue converted to discussion (<a
href="60d2a1a4be">60d2a1a</a>),
closes <a
href="https://github-redirect.dependabot.com/dessant/lock-threads/issues/24">#24</a></li>
</ul>
<h3><a
href="https://github.com/dessant/lock-threads/compare/v2.1.0...v2.1.1">2.1.1</a>
(2021-07-09)</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c1b35aecc5"><code>c1b35ae</code></a>
chore(release): 4.0.0</li>
<li><a
href="32986e2696"><code>32986e2</code></a>
fix: update docs</li>
<li><a
href="b677b85bbb"><code>b677b85</code></a>
chore: update workflows</li>
<li><a
href="dc42875c06"><code>dc42875</code></a>
chore: update package</li>
<li><a
href="38e9185581"><code>38e9185</code></a>
fix: update dependencies</li>
<li><a
href="08e671be8a"><code>08e671b</code></a>
chore: add upgrade guide</li>
<li>See full diff in <a
href="e460dfeb36...c1b35aecc5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dessant/lock-threads&package-manager=github_actions&previous-version=3.0.0&new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2022-12-05 09:55:17 -03:00
Engin Diri
e57416e0ab
chore: update lock task parameter due to breaking change (#3623) 
<!--

Hi, thanks for contributing!

Please make sure you read our CONTRIBUTING guide.

Also, add tests and the respective documentation changes as well.

-->


<!-- If applied, this commit will... -->

Update lock task due to breaking changes 


https://github.com/dessant/lock-threads/blob/master/CHANGELOG.md#changelog

<!-- Why is this change being made? -->

Updated the properties

<!-- # Provide links to any relevant tickets, URLs or other resources
-->

...
 2022-12-05 09:54:29 -03:00
dependabot[bot]
2228edc406
chore(deps): bump actions/setup-go from 3.3.1 to 3.4.0 (#3616) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.3.1
to 3.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>Add support for go.work and pass the token input through on
GHES</h2>
<p>In scope of this release we added <a
href="https://github-redirect.dependabot.com/actions/setup-go/pull/283">support
for go.work file to pass it in go-version-file input</a>.</p>
<pre lang="yaml"><code>steps:
  - uses: actions/checkout@v3
  - uses: actions/setup-go@v3
    with:
      go-version-file: go.work
  - run: go run hello.go
</code></pre>
<p>Besides, we added support to <a
href="https://github-redirect.dependabot.com/actions/setup-go/pull/277">pass
the token input through on GHES</a>.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d0a58c1c4d"><code>d0a58c1</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/294">#294</a>
from JamesMGreene/patch-1</li>
<li><a
href="3dcd9d6eb3"><code>3dcd9d6</code></a>
Update to latest <code>actions/publish-action</code></li>
<li><a
href="e983b65a44"><code>e983b65</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/283">#283</a>
from koba1t/add_support_gowork_for_go-version-file</li>
<li><a
href="27b43e1b0d"><code>27b43e1</code></a>
Pass the token input through on GHES (<a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/277">#277</a>)</li>
<li><a
href="7678c83214"><code>7678c83</code></a>
add support gowork for go-version-file</li>
<li>See full diff in <a
href="c4a742cab1...d0a58c1c4d">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=3.3.1&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-02 09:09:52 -03:00
dependabot[bot]
c26340a267
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.15.4 to 4.16.0 (#3615) 
Bumps
[stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action)
from 4.15.4 to 4.16.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.16.0</h2>
<h2>Changed</h2>
<ul>
<li>Don't commit files when only LF/CRLF changes (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/265">#265</a>)
<a href="https://github.com/@ZeroRin"><code>@​ZeroRin</code></a></li>
<li>Update default email address of github-actions[bot] (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/264">#264</a>)
<a href="https://github.com/@Teko012"><code>@​Teko012</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>Fix link and text for workflow limitation (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/263">#263</a>)
<a href="https://github.com/@Teko012"><code>@​Teko012</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.16.0...HEAD">Unreleased</a></h2>
<blockquote>
<p>TBD</p>
</blockquote>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.4...v4.16.0">v4.16.0</a>
- 2022-12-02</h2>
<h3>Changed</h3>
<ul>
<li>Don't commit files when only LF/CRLF changes (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/265">#265</a>)
<a href="https://github.com/@ZeroRin"><code>@​ZeroRin</code></a></li>
<li>Update default email address of github-actions[bot] (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/264">#264</a>)
<a href="https://github.com/@Teko012"><code>@​Teko012</code></a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix link and text for workflow limitation (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/263">#263</a>)
<a href="https://github.com/@Teko012"><code>@​Teko012</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.3...v4.15.4">v4.15.4</a>
- 2022-11-05</h2>
<h3>Fixed</h3>
<ul>
<li>Let Action fail if git binary can't be located (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/261">#261</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h3>Dependency Updates</h3>
<ul>
<li>Bump github/super-linter from 3 to 4 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/258">#258</a>)
<a
href="https://github.com/@dependabot"><code>@​dependabot</code></a></li>
<li>Bump bats from 1.7.0 to 1.8.2 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/259">#259</a>)
<a
href="https://github.com/@dependabot"><code>@​dependabot</code></a></li>
<li>Bump actions/checkout from 2 to 3 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/257">#257</a>)
<a
href="https://github.com/@dependabot"><code>@​dependabot</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.2...v4.15.3">v4.15.3</a>
- 2022-10-26</h2>
<h3>Changed</h3>
<ul>
<li>Use deprecated set-output syntax if GITHUB_OUTPUT environment is not
available (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/255">#255</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.1...v4.15.2">v4.15.2</a>
- 2022-10-22</h2>
<h3>Changed</h3>
<ul>
<li>Replace set-output usage with GITHUB_OUTPUT (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/252">#252</a>)
<a href="https://github.com/amonshiz"><code>@​amonshiz</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.0...v4.15.1">v4.15.1</a>
- 2022-10-10</h2>
<h3>Fixed</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3ea6ae190b"><code>3ea6ae1</code></a>
Fix &quot;nothing to commit&quot; error with LF/CRLF changes <a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/241">#241</a>
(<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/265">#265</a>)</li>
<li><a
href="976f22029f"><code>976f220</code></a>
Fix github-actions[bot] email address (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/264">#264</a>)</li>
<li><a
href="ebb5756042"><code>ebb5756</code></a>
Fix link and text for workflow limitation (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/263">#263</a>)</li>
<li><a
href="3dce995a13"><code>3dce995</code></a>
Update CHANGELOG</li>
<li>See full diff in <a
href="0b007fbd11...3ea6ae190b">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stefanzweifel/git-auto-commit-action&package-manager=github_actions&previous-version=4.15.4&new-version=4.16.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-02 09:08:33 -03:00
dependabot[bot]
0a59bc4773
chore(deps): bump github/codeql-action from 2.1.33 to 2.1.35 (#3614) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.33 to 2.1.35.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.35 - 01 Dec 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.34 - 25 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1391">#1391</a></li>
<li>Fixed a bug where some the <code>init</code> action and the
<code>analyze</code> action would have different sets of experimental
feature flags enabled. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1384">#1384</a></li>
</ul>
<h2>2.1.33 - 16 Nov 2022</h2>
<ul>
<li>Go is now analyzed in the same way as other compiled languages such
as C/C++, C#, and Java. This completes the rollout of the feature
described in <a
href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL
Action version 2.1.27</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li>
<li>Bump the minimum CodeQL bundle version to 2.6.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li>
</ul>
<h2>2.1.32 - 14 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li>
<li>Update the ML-powered additional query pack for JavaScript to
version 0.4.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li>
</ul>
<h2>2.1.31 - 04 Nov 2022</h2>
<ul>
<li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been
updated to no longer report uses of hash functions such as
<code>MD5</code> and <code>SHA1</code> even if they are known to be
weak. These hash algorithms are used very often in non-sensitive
contexts, making the query too imprecise in practice. For more
information, see the corresponding change in the <a
href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql
repository</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li>
</ul>
<h2>2.1.30 - 02 Nov 2022</h2>
<ul>
<li>Improve the error message when using CodeQL bundle version 2.7.2 and
earlier in a workflow that runs on a runner image such as
<code>ubuntu-22.04</code> that uses glibc version 2.34 and later. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1334">#1334</a></li>
</ul>
<h2>2.1.29 - 26 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li>
</ul>
<h2>2.1.28 - 18 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li>
<li>Replace uses of GitHub Actions command <code>set-output</code>
because it is now deprecated. See more information in the <a
href="https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/">GitHub
Changelog</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1301">#1301</a></li>
</ul>
<h2>2.1.27 - 06 Oct 2022</h2>
<ul>
<li>We are rolling out a feature of the CodeQL Action in October 2022
that changes the way that Go code is analyzed to be more consistent with
other compiled languages like C/C++, C#, and Java. You do not need to
alter your code scanning workflows. If you encounter any problems,
please <a href="https://github.com/github/codeql-action/issues">file an
issue</a> or open a private ticket with GitHub Support and request an
escalation to engineering.</li>
</ul>
<h2>2.1.26 - 29 Sep 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b2a92eb56d"><code>b2a92eb</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1406">#1406</a>
from github/update-v2.1.35-9af9a11d</li>
<li><a
href="075b74d36e"><code>075b74d</code></a>
Update changelog for v2.1.35</li>
<li><a
href="9af9a11da8"><code>9af9a11</code></a>
Stop running fallback Go autobuild if database is finalized (<a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1405">#1405</a>)</li>
<li><a
href="a631f4b016"><code>a631f4b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1400">#1400</a>
from github/aeisenberg/fix-test-error</li>
<li><a
href="1384ce4ab3"><code>1384ce4</code></a>
Fixes spurious error messages in tests</li>
<li><a
href="160613c380"><code>160613c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1402">#1402</a>
from github/rasmuswl/new-virtualenv</li>
<li><a
href="caf1c5057b"><code>caf1c50</code></a>
python-setup: Remove outdated comment</li>
<li><a
href="c62445de22"><code>c62445d</code></a>
python-setup: rely on new <code>virtualenv</code> for venv creation in
Ubuntu 22.04</li>
<li><a
href="9dac9f748a"><code>9dac9f7</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1396">#1396</a>
from github/mergeback/v2.1.34-to-main-312e093a</li>
<li><a
href="c6e756bb39"><code>c6e756b</code></a>
Update checked-in dependencies</li>
<li>Additional commits viewable in <a
href="678fc3afe2...b2a92eb56d">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.33&new-version=2.1.35)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-02 09:08:17 -03:00
Carlos Alexandro Becker
127281131a
fix(ci): codeql use go 1.19 (#3570) 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-11-18 01:02:33 -03:00
Carlos Alexandro Becker
59138b43ce
chore: announce goreleaser releases to mastodon (#3569) 
actually announce goreleaser releases to mastodon as well :)

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-11-17 21:42:43 -03:00
dependabot[bot]
bb1fb9a397
chore(deps): bump github/codeql-action from 2.1.32 to 2.1.33 (#3564) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.32 to 2.1.33.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.33 - 16 Nov 2022</h2>
<ul>
<li>Go is now analyzed in the same way as other compiled languages such
as C/C++, C#, and Java. This completes the rollout of the feature
described in <a
href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL
Action version 2.1.27</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li>
<li>Bump the minimum CodeQL bundle version to 2.6.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li>
</ul>
<h2>2.1.32 - 14 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li>
<li>Update the ML-powered additional query pack for JavaScript to
version 0.4.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li>
</ul>
<h2>2.1.31 - 04 Nov 2022</h2>
<ul>
<li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been
updated to no longer report uses of hash functions such as
<code>MD5</code> and <code>SHA1</code> even if they are known to be
weak. These hash algorithms are used very often in non-sensitive
contexts, making the query too imprecise in practice. For more
information, see the corresponding change in the <a
href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql
repository</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li>
</ul>
<h2>2.1.30 - 02 Nov 2022</h2>
<ul>
<li>Improve the error message when using CodeQL bundle version 2.7.2 and
earlier in a workflow that runs on a runner image such as
<code>ubuntu-22.04</code> that uses glibc version 2.34 and later. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1334">#1334</a></li>
</ul>
<h2>2.1.29 - 26 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li>
</ul>
<h2>2.1.28 - 18 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li>
<li>Replace uses of GitHub Actions command <code>set-output</code>
because it is now deprecated. See more information in the <a
href="https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/">GitHub
Changelog</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1301">#1301</a></li>
</ul>
<h2>2.1.27 - 06 Oct 2022</h2>
<ul>
<li>We are rolling out a feature of the CodeQL Action in October 2022
that changes the way that Go code is analyzed to be more consistent with
other compiled languages like C/C++, C#, and Java. You do not need to
alter your code scanning workflows. If you encounter any problems,
please <a href="https://github.com/github/codeql-action/issues">file an
issue</a> or open a private ticket with GitHub Support and request an
escalation to engineering.</li>
</ul>
<h2>2.1.26 - 29 Sep 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li>
</ul>
<h2>2.1.25 - 21 Sep 2022</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
<li>Add support for Python automatic dependency installation with Poetry
1.2 <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="678fc3afe2"><code>678fc3a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1375">#1375</a>
from github/update-v2.1.33-c939e661</li>
<li><a
href="d13b9b8244"><code>d13b9b8</code></a>
Fix changelog entry</li>
<li><a
href="f2c3e7ca4e"><code>f2c3e7c</code></a>
Update changelog for v2.1.33</li>
<li><a
href="c939e6615d"><code>c939e66</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1372">#1372</a>
from github/marcogario/prioritize_github_ref</li>
<li><a
href="1935d19d61"><code>1935d19</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1358">#1358</a>
from github/henrymercer/require-cli-2.6.3</li>
<li><a
href="7484436e5d"><code>7484436</code></a>
Remove Go extraction feature flags (<a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1371">#1371</a>)</li>
<li><a
href="0a76b97b28"><code>0a76b97</code></a>
Prefer GITHUB_REF to CODE_SCANNING_REF</li>
<li><a
href="f8b607edaa"><code>f8b607e</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1364">#1364</a>
from github/henrymercer/delete-runner-part-2</li>
<li><a
href="d48707ce53"><code>d48707c</code></a>
Merge branch 'henrymercer/delete-runner-part-2' into
henrymercer/require-cli-...</li>
<li><a
href="07b9db6a46"><code>07b9db6</code></a>
Explicitly set up Go 1.13.1 in checks running on old runner images</li>
<li>Additional commits viewable in <a
href="4238421316...678fc3afe2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.32&new-version=2.1.33)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-17 09:50:23 -03:00
dependabot[bot]
2a46d627c7
chore(deps): bump github/codeql-action from 2.1.31 to 2.1.32 (#3557) 2022-11-15 07:58:32 -03:00
dependabot[bot]
79b83a133c
chore(deps): bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 (#3550) 
Bumps
[golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action)
from 3.3.0 to 3.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golangci/golangci-lint-action/releases">golangci/golangci-lint-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.3.1</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.40.0 to 5.40.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/590">golangci/golangci-lint-action#590</a></li>
<li>build(deps-dev): bump eslint from 8.25.0 to 8.26.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/591">golangci/golangci-lint-action#591</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.40.0 to 5.40.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/592">golangci/golangci-lint-action#592</a></li>
<li>build(deps): bump <code>@​actions/cache</code> from 3.0.5 to 3.0.6
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/593">golangci/golangci-lint-action#593</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.40.1 to 5.41.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/594">golangci/golangci-lint-action#594</a></li>
<li>build(deps): bump <code>@​types/semver</code> from 7.3.12 to 7.3.13
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/595">golangci/golangci-lint-action#595</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.40.1 to 5.41.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/596">golangci/golangci-lint-action#596</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.41.0 to 5.42.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/597">golangci/golangci-lint-action#597</a></li>
<li>build(deps-dev): bump eslint from 8.26.0 to 8.27.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/598">golangci/golangci-lint-action#598</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.41.0 to 5.42.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/599">golangci/golangci-lint-action#599</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/golangci/golangci-lint-action/compare/v3...v3.3.1">https://github.com/golangci/golangci-lint-action/compare/v3...v3.3.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0ad9a0988b"><code>0ad9a09</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.41.0 to 5.42.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/599">#599</a>)</li>
<li><a
href="235ea57a8f"><code>235ea57</code></a>
build(deps-dev): bump eslint from 8.26.0 to 8.27.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/598">#598</a>)</li>
<li><a
href="a6ed001163"><code>a6ed001</code></a>
build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.41.0 to 5.42.0 ...</li>
<li><a
href="3a7156a1b4"><code>3a7156a</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.40.1 to 5.41.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/596">#596</a>)</li>
<li><a
href="481f8ba892"><code>481f8ba</code></a>
build(deps): bump <code>@​types/semver</code> from 7.3.12 to 7.3.13 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/595">#595</a>)</li>
<li><a
href="06edb377a6"><code>06edb37</code></a>
build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.40.1 to 5.41.0 ...</li>
<li><a
href="c2f79a722b"><code>c2f79a7</code></a>
build(deps): bump <code>@​actions/cache</code> from 3.0.5 to 3.0.6 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/593">#593</a>)</li>
<li><a
href="d6eac69936"><code>d6eac69</code></a>
build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.40.0 to 5.40.1 ...</li>
<li><a
href="72684341c8"><code>7268434</code></a>
build(deps-dev): bump eslint from 8.25.0 to 8.26.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/591">#591</a>)</li>
<li><a
href="a926e2b3f3"><code>a926e2b</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.40.0 to 5.40.1 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/590">#590</a>)</li>
<li>See full diff in <a
href="07db5389c9...0ad9a0988b">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=3.3.0&new-version=3.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-14 09:38:20 -03:00
dependabot[bot]
4bdf2e9ba6
chore(deps): bump actions/dependency-review-action from 2 to 3 (#3551) 
Bumps
[actions/dependency-review-action](https://github.com/actions/dependency-review-action)
from 2 to 3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's
releases</a>.</em></p>
<blockquote>
<h2>3.0.0</h2>
<h2>Breaking Changes</h2>
<p>By default the action now expects <a
href="https://spdx.org/licenses/">SPDX-compliant licenses</a>
everywhere. If you were previously using license names in the allow or
deny lists make sure they're valid!</p>
<h2>What's Changed</h2>
<h3>Support for external configuration files</h3>
<p>You can now specify a <a
href="https://github.com/actions/dependency-review-action/#configuration-file">configuration
file external to your repository</a>. This allows organizations to have
a single configuration file for all their repos.</p>
<h3>Broader license support</h3>
<p>We've added support for a much broader set of project licenses by
using GitHub's <a
href="https://docs.github.com/en/rest/licenses">Licenses API</a>.</p>
<h3>SPDX Compliance</h3>
<p>All of our license-related code now expects <a
href="https://spdx.org/licenses/">SPDX-compliant licenses or
expressions</a>. This allows us to standardize on a license naming
scheme that already supports <code>OR</code>/<code>AND</code>
expressions.</p>
<h3>Disable individual checks</h3>
<p>You can now use the boolean options <code>license-check</code> and
<code>vulnerability-check</code> to disable either one of the checks.
More information in <a
href="https://github.com/actions/dependency-review-action/#configuration-options">our
configuration options</a>.</p>
<h2>Thanks</h2>
<p>Contributors for this release include:</p>
<ul>
<li><a
href="https://github.com/cnagadya"><code>@​cnagadya</code></a></li>
<li><a
href="https://github.com/courtneycl"><code>@​courtneycl</code></a></li>
<li><a
href="https://github.com/ericcornelissen"><code>@​ericcornelissen</code></a></li>
<li><a
href="https://github.com/elireisman"><code>@​elireisman</code></a></li>
<li><a href="https://github.com/hmaurer"><code>@​hmaurer</code></a></li>
</ul>
<p>Thanks everyone!
<strong>Full Changelog</strong>: <a
href="https://github.com/actions/dependency-review-action/compare/v2...v3.0.0">https://github.com/actions/dependency-review-action/compare/v2...v3.0.0</a></p>
<h2>2.5.1</h2>
<p>Adding some quality-of-life improvements to the local development
experience. You can now pass a flag to the <code>scripts/scan_pr</code>
script using the <code>-c/--config-file</code> flags to use an external
configuration file:</p>
<p>Example:</p>
<pre><code> scripts/scan_pr
https://github.com/actions/dependency-review-action/pull/294
</code></pre>
<h2>2.5.0</h2>
<p>Fallback on GitHub Licenses API data for missing Dependency Review
API Licenses. This should improve our license coverage.</p>
<h2>2.4.1</h2>
<p>This patch release fixes the bugs below:</p>
<ul>
<li>Display the dependency name instead of the manifest name in the
detailed list of dependents.</li>
<li>Fix an issue where undefined GHSAs would remove filter out all
changes.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="30d5821115"><code>30d5821</code></a>
Bumping version number</li>
<li><a
href="6e42c3395a"><code>6e42c33</code></a>
Remove defaults from the recently added fields.</li>
<li><a
href="a3074cd699"><code>a3074cd</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/327">#327</a>
from actions/adding-extra-options</li>
<li><a
href="51a29d6960"><code>51a29d6</code></a>
Updating action.yml to include <code>*-check</code> config</li>
<li><a
href="235a221cf4"><code>235a221</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/324">#324</a>
from actions/readme-update</li>
<li><a
href="9b3a7f61dd"><code>9b3a7f6</code></a>
Minor README tweaks.</li>
<li><a
href="a4761312ac"><code>a476131</code></a>
Add <code>pull_request</code> to the list of events that don't need
refs.</li>
<li><a
href="28c7c8c314"><code>28c7c8c</code></a>
Set the correct default for license-check in README.</li>
<li><a
href="9da0fd4871"><code>9da0fd4</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/325">#325</a>
from actions/dependabot/npm_and_yarn/eslint-plugin-je...</li>
<li><a
href="fe45fd6645"><code>fe45fd6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/326">#326</a>
from actions/dependabot/npm_and_yarn/esbuild-register...</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/dependency-review-action/compare/v2...v3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/dependency-review-action&package-manager=github_actions&previous-version=2&new-version=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-14 09:38:04 -03:00
dependabot[bot]
53fa4773c6
chore(deps): bump github/codeql-action from 2.1.30 to 2.1.31 (#3534) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.30 to 2.1.31.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c3b6fce4ee"><code>c3b6fce</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1345">#1345</a>
from github/update-v2.1.31-a8cabafa</li>
<li><a
href="8aa42f1f11"><code>8aa42f1</code></a>
Update CHANGELOG.md</li>
<li><a
href="29a5553722"><code>29a5553</code></a>
Update CHANGELOG.md</li>
<li><a
href="e260194d76"><code>e260194</code></a>
Update changelog for v2.1.31</li>
<li><a
href="a8cabafa56"><code>a8cabaf</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1344">#1344</a>
from github/edoardo/prune-ruby</li>
<li><a
href="862a512899"><code>862a512</code></a>
Prune results of Ruby query from SARIF</li>
<li><a
href="71510779c2"><code>7151077</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1342">#1342</a>
from github/mergeback/v2.1.30-to-main-18fe527f</li>
<li><a
href="81a1ec0fb3"><code>81a1ec0</code></a>
Update checked-in dependencies</li>
<li><a
href="60c8cda203"><code>60c8cda</code></a>
Update changelog and version after v2.1.30</li>
<li>See full diff in <a
href="18fe527fa8...c3b6fce4ee">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.30&new-version=2.1.31)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-07 09:12:17 -03:00
dependabot[bot]
2e0e5c259e
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.15.3 to 4.15.4 (#3535) 
Bumps
[stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action)
from 4.15.3 to 4.15.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.15.4</h2>
<h2>Fixed</h2>
<ul>
<li>Let Action fail if git binary can't be located (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/261">#261</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2>Dependency Updates</h2>
<ul>
<li>Bump github/super-linter from 3 to 4 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/258">#258</a>)
<a
href="https://github.com/@dependabot"><code>@​dependabot</code></a></li>
<li>Bump bats from 1.7.0 to 1.8.2 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/259">#259</a>)
<a
href="https://github.com/@dependabot"><code>@​dependabot</code></a></li>
<li>Bump actions/checkout from 2 to 3 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/257">#257</a>)
<a
href="https://github.com/@dependabot"><code>@​dependabot</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.4...HEAD">Unreleased</a></h2>
<blockquote>
<p>TBD</p>
</blockquote>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.3...v4.15.4">v4.15.4</a>
- 2022-11-05</h2>
<h3>Fixed</h3>
<ul>
<li>Let Action fail if git binary can't be located (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/261">#261</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h3>Dependency Updates</h3>
<ul>
<li>Bump github/super-linter from 3 to 4 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/258">#258</a>)
<a
href="https://github.com/@dependabot"><code>@​dependabot</code></a></li>
<li>Bump bats from 1.7.0 to 1.8.2 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/259">#259</a>)
<a
href="https://github.com/@dependabot"><code>@​dependabot</code></a></li>
<li>Bump actions/checkout from 2 to 3 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/257">#257</a>)
<a
href="https://github.com/@dependabot"><code>@​dependabot</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.2...v4.15.3">v4.15.3</a>
- 2022-10-26</h2>
<h3>Changed</h3>
<ul>
<li>Use deprecated set-output syntax if GITHUB_OUTPUT environment is not
available (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/255">#255</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.1...v4.15.2">v4.15.2</a>
- 2022-10-22</h2>
<h3>Changed</h3>
<ul>
<li>Replace set-output usage with GITHUB_OUTPUT (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/252">#252</a>)
<a href="https://github.com/amonshiz"><code>@​amonshiz</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.0...v4.15.1">v4.15.1</a>
- 2022-10-10</h2>
<h3>Fixed</h3>
<ul>
<li>Run Action on Node16 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/247">#247</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.1...v4.15.0">v4.15.0</a>
- 2022-09-24</h2>
<h3>Changed</h3>
<ul>
<li>Expand <code>file_pattern</code>-input to an array (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/205">#205</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>String values in README.md extended example are now correct (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/196">#196</a>)
<a
href="https://github.com/@karolswdev"><code>@​karolswdev</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0b007fbd11"><code>0b007fb</code></a>
Let Action fail if git binary can't be located (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/261">#261</a>)</li>
<li><a
href="7106b2184a"><code>7106b21</code></a>
Bump github/super-linter from 3 to 4 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/258">#258</a>)</li>
<li><a
href="f166130208"><code>f166130</code></a>
Bump bats from 1.7.0 to 1.8.2 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/259">#259</a>)</li>
<li><a
href="021a6363fa"><code>021a636</code></a>
Bump actions/checkout from 2 to 3 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/257">#257</a>)</li>
<li><a
href="38864a638f"><code>38864a6</code></a>
Create dependabot.yml</li>
<li><a
href="393fea59ef"><code>393fea5</code></a>
Update CHANGELOG</li>
<li>See full diff in <a
href="0049e3fa40...0b007fbd11">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stefanzweifel/git-auto-commit-action&package-manager=github_actions&previous-version=4.15.3&new-version=4.15.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-07 09:11:56 -03:00
dependabot[bot]
bd4d497c99
chore(deps): bump anchore/sbom-action from 0.13.0 to 0.13.1 (#3533) 
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from
0.13.0 to 0.13.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.13.1</h2>
<h2>Changes in v0.13.1</h2>
<ul>
<li>File input not being passed properly to Syft invocation (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/385">#385</a>)
[<a href="https://github.com/kzantow">kzantow</a>]</li>
<li>Update Syft to v0.60.3 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/386">#386</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="06e109483e"><code>06e1094</code></a>
fix: file input not being passed properly to syft invocation (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/385">#385</a>)</li>
<li><a
href="f4e264e189"><code>f4e264e</code></a>
Update Syft to v0.60.3 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/386">#386</a>)</li>
<li><a
href="faa694c549"><code>faa694c</code></a>
chore: update dependencies (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/384">#384</a>)</li>
<li>See full diff in <a
href="https://github.com/anchore/sbom-action/compare/v0.13.0...v0.13.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.13.0&new-version=0.13.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-07 09:11:22 -03:00
dependabot[bot]
914d3d5941
chore(deps): bump github/codeql-action from 2.1.29 to 2.1.30 (#3526) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.29 to 2.1.30.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.30 - 02 Nov 2022</h2>
<ul>
<li>Improve the error message when using CodeQL bundle version 2.7.2 and
earlier in a workflow that runs on a runner image such as
<code>ubuntu-22.04</code> that uses glibc version 2.34 and later. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1334">#1334</a></li>
</ul>
<h2>2.1.29 - 26 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li>
</ul>
<h2>2.1.28 - 18 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li>
<li>Replace uses of GitHub Actions command <code>set-output</code>
because it is now deprecated. See more information in the <a
href="https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/">GitHub
Changelog</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1301">#1301</a></li>
</ul>
<h2>2.1.27 - 06 Oct 2022</h2>
<ul>
<li>We are rolling out a feature of the CodeQL Action in October 2022
that changes the way that Go code is analyzed to be more consistent with
other compiled languages like C/C++, C#, and Java. You do not need to
alter your code scanning workflows. If you encounter any problems,
please <a href="https://github.com/github/codeql-action/issues">file an
issue</a> or open a private ticket with GitHub Support and request an
escalation to engineering.</li>
</ul>
<h2>2.1.26 - 29 Sep 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li>
</ul>
<h2>2.1.25 - 21 Sep 2022</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
<li>Add support for Python automatic dependency installation with Poetry
1.2 <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.23 - 14 Sep 2022</h2>
<ul>
<li>Allow CodeQL packs to be downloaded from GitHub Enterprise Server
instances, using the new <code>registries</code> input for the
<code>init</code> action. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1221">#1221</a></li>
<li>Update default CodeQL bundle version to 2.10.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1240">#1240</a></li>
</ul>
<h2>2.1.22 - 01 Sep 2022</h2>
<ul>
<li>Downloading CodeQL packs has been moved to the <code>init</code>
step. Previously, CodeQL packs were downloaded during the
<code>analyze</code> step. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li>
<li>Update default CodeQL bundle version to 2.10.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li>
<li>The newly released <a
href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry
1.2</a> is not yet supported. In the most common case where the CodeQL
Action is automatically installing Python dependencies, it will continue
to install and use Poetry 1.1 on its own. However, in certain cases such
as with self-hosted runners, you may need to ensure Poetry 1.1 is
installed yourself.</li>
</ul>
<h2>2.1.21 - 25 Aug 2022</h2>
<ul>
<li>Improve error messages when the code scanning configuration file
includes an invalid <code>queries</code> block or an invalid
<code>query-filters</code> block. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="18fe527fa8"><code>18fe527</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1341">#1341</a>
from github/update-v2.1.30-cd983e71</li>
<li><a
href="f04ca7c11c"><code>f04ca7c</code></a>
Update changelog for v2.1.30</li>
<li><a
href="cd983e71c6"><code>cd983e7</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1334">#1334</a>
from github/henrymercer/better-error-for-glibc</li>
<li><a
href="2ec046b5ac"><code>2ec046b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1328">#1328</a>
from github/angelapwen/add-go-autobuild-comment</li>
<li><a
href="72bd9cbe62"><code>72bd9cb</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1321">#1321</a>
from github/criemen/datadog-tag</li>
<li><a
href="ac0112f7f1"><code>ac0112f</code></a>
Add Go to list of supported languages</li>
<li><a
href="77b1f7e44c"><code>77b1f7e</code></a>
Merge remote-tracking branch 'origin/main' into criemen/datadog-tag</li>
<li><a
href="aa07b3894b"><code>aa07b38</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1340">#1340</a>
from github/henrymercer/fix-proxy-check</li>
<li><a
href="c44e6c6096"><code>c44e6c6</code></a>
Fix missing Docker image in proxy test</li>
<li><a
href="ae0a2603c1"><code>ae0a260</code></a>
Update src/actions-util.ts</li>
<li>Additional commits viewable in <a
href="ec3cf9c605...18fe527fa8">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.29&new-version=2.1.30)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-11-03 09:34:07 -03:00
Carlos Alexandro Becker
7544f7ab96
feat: update to go 1.19.3 (#3523) 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-11-02 14:19:01 -03:00
dependabot[bot]
f3aea7663f
chore(deps): bump anchore/sbom-action from 0.12.0 to 0.13.0 (#3512) 
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from
0.12.0 to 0.13.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.13.0</h2>
<h2>Changes in v0.13.0</h2>
<ul>
<li>Allow type &quot;file:...&quot; to enable creation of SBOMs from tar
and other package formats (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/357">#357</a>)
[<a href="https://github.com/malt3">malt3</a>]</li>
<li>Update Syft to v0.59.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/371">#371</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
<li>Update dependencies and node version (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/372">#372</a>)
[<a href="https://github.com/kzantow">kzantow</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b7e8507c6a"><code>b7e8507</code></a>
chore: remove dependabot (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/381">#381</a>)</li>
<li><a
href="2424de21c4"><code>2424de2</code></a>
Bump <code>@​types/node</code> from 18.11.2 to 18.11.3 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/373">#373</a>)</li>
<li><a
href="12a03b588c"><code>12a03b5</code></a>
Update Syft to v0.59.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/371">#371</a>)</li>
<li><a
href="563238bdcc"><code>563238b</code></a>
chore: Update dependencies and action node version (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/372">#372</a>)</li>
<li><a
href="eda59434a8"><code>eda5943</code></a>
Update Syft to v0.58.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/354">#354</a>)</li>
<li><a
href="614fe8a3b7"><code>614fe8a</code></a>
feat: Allow type &quot;file:...&quot; (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/357">#357</a>)</li>
<li><a
href="6218d4fbd4"><code>6218d4f</code></a>
Update Syft to v0.57.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/344">#344</a>)</li>
<li><a
href="a173e5341b"><code>a173e53</code></a>
Update Syft to v0.56.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/329">#329</a>)</li>
<li><a
href="2cd5755dcc"><code>2cd5755</code></a>
Add update-deps script (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/322">#322</a>)</li>
<li>See full diff in <a
href="https://github.com/anchore/sbom-action/compare/v0.12.0...v0.13.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.12.0&new-version=0.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-31 11:13:56 -03:00
dependabot[bot]
d73a0116e0
chore(deps): bump github/codeql-action from 2.1.28 to 2.1.29 (#3498) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.28 to 2.1.29.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.29 - 26 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li>
</ul>
<h2>2.1.28 - 18 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li>
<li>Replace uses of GitHub Actions command <code>set-output</code>
because it is now deprecated. See more information in the <a
href="https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/">GitHub
Changelog</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1301">#1301</a></li>
</ul>
<h2>2.1.27 - 06 Oct 2022</h2>
<ul>
<li>We are rolling out a feature of the CodeQL Action in October 2022
that changes the way that Go code is analyzed to be more consistent with
other compiled languages like C/C++, C#, and Java. You do not need to
alter your code scanning workflows. If you encounter any problems,
please <a href="https://github.com/github/codeql-action/issues">file an
issue</a> or open a private ticket with GitHub Support and request an
escalation to engineering.</li>
</ul>
<h2>2.1.26 - 29 Sep 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li>
</ul>
<h2>2.1.25 - 21 Sep 2022</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
<li>Add support for Python automatic dependency installation with Poetry
1.2 <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.23 - 14 Sep 2022</h2>
<ul>
<li>Allow CodeQL packs to be downloaded from GitHub Enterprise Server
instances, using the new <code>registries</code> input for the
<code>init</code> action. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1221">#1221</a></li>
<li>Update default CodeQL bundle version to 2.10.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1240">#1240</a></li>
</ul>
<h2>2.1.22 - 01 Sep 2022</h2>
<ul>
<li>Downloading CodeQL packs has been moved to the <code>init</code>
step. Previously, CodeQL packs were downloaded during the
<code>analyze</code> step. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li>
<li>Update default CodeQL bundle version to 2.10.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li>
<li>The newly released <a
href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry
1.2</a> is not yet supported. In the most common case where the CodeQL
Action is automatically installing Python dependencies, it will continue
to install and use Poetry 1.1 on its own. However, in certain cases such
as with self-hosted runners, you may need to ensure Poetry 1.1 is
installed yourself.</li>
</ul>
<h2>2.1.21 - 25 Aug 2022</h2>
<ul>
<li>Improve error messages when the code scanning configuration file
includes an invalid <code>queries</code> block or an invalid
<code>query-filters</code> block. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li>
<li>Fix a bug where Go build tracing could fail on Windows. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li>
</ul>
<h2>2.1.20 - 22 Aug 2022</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec3cf9c605"><code>ec3cf9c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1323">#1323</a>
from github/update-v2.1.29-4b53723d</li>
<li><a
href="f246f20ec4"><code>f246f20</code></a>
Update changelog for v2.1.29</li>
<li><a
href="4b53723d6b"><code>4b53723</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1320">#1320</a>
from github/edoardo/2.11.2-bump</li>
<li><a
href="de9f112cd1"><code>de9f112</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1318">#1318</a>
from github/aeisenberg/bump-min-version</li>
<li><a
href="f1a4ff53b4"><code>f1a4ff5</code></a>
Bumps the min version for code scanning config in the cli</li>
<li><a
href="624418cb40"><code>624418c</code></a>
Bump default CodeQL version to 2.11.2</li>
<li><a
href="f0a1281661"><code>f0a1281</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1315">#1315</a>
from github/mergeback/v2.1.28-to-main-cc7986c0</li>
<li><a
href="f0b3ef9e9c"><code>f0b3ef9</code></a>
Update checked-in dependencies</li>
<li><a
href="3920e2d8ae"><code>3920e2d</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1313">#1313</a>
from github/criemen/ghes-31-deprecation</li>
<li><a
href="be55631a21"><code>be55631</code></a>
Update changelog and version after v2.1.28</li>
<li>Additional commits viewable in <a
href="cc7986c02b...ec3cf9c605">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.28&new-version=2.1.29)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-27 09:32:34 -03:00
dependabot[bot]
f0b912a708
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.15.2 to 4.15.3 (#3499) 
Bumps
[stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action)
from 4.15.2 to 4.15.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.15.3</h2>
<h2>Changed</h2>
<ul>
<li>Use deprecated set-output syntax if GITHUB_OUTPUT environment is not
available (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/255">#255</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.3...HEAD">Unreleased</a></h2>
<blockquote>
<p>TBD</p>
</blockquote>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.2...v4.15.3">v4.15.3</a>
- 2022-10-26</h2>
<h3>Changed</h3>
<ul>
<li>Use deprecated set-output syntax if GITHUB_OUTPUT environment is not
available (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/255">#255</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.1...v4.15.2">v4.15.2</a>
- 2022-10-22</h2>
<h3>Changed</h3>
<ul>
<li>Replace set-output usage with GITHUB_OUTPUT (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/252">#252</a>)
<a href="https://github.com/amonshiz"><code>@​amonshiz</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.0...v4.15.1">v4.15.1</a>
- 2022-10-10</h2>
<h3>Fixed</h3>
<ul>
<li>Run Action on Node16 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/247">#247</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.1...v4.15.0">v4.15.0</a>
- 2022-09-24</h2>
<h3>Changed</h3>
<ul>
<li>Expand <code>file_pattern</code>-input to an array (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/205">#205</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>String values in README.md extended example are now correct (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/196">#196</a>)
<a
href="https://github.com/@karolswdev"><code>@​karolswdev</code></a></li>
<li>Fix Typos and grammer Errors in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/235">#235</a>)
<a
href="https://github.com/@derrickleemy"><code>@​derrickleemy</code></a></li>
<li>Fix Typo in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/230">#230</a>)
<a href="https://github.com/@fty4"><code>@​fty4</code></a></li>
<li>Add missing links in the CHANGELOG (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/223">#223</a>)
<a
href="https://github.com/@ericcornelissen"><code>@​ericcornelissen</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.0...v4.14.1">v4.14.1</a>
- 2022-04-12</h2>
<h2>Changed</h2>
<ul>
<li>Change Commit User Name from &quot;GitHub Actions&quot; to
&quot;github-actions[bot]&quot; (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
<li>Change Commit User Email from &quot;<a
href="mailto:actions@github.com">actions@github.com</a>&quot; to
&quot;github-actions[bot]<a
href="https://github.com/users"><code>@​users</code></a>.noreply.github.com&quot;
(<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
</ul>
<h2>Fixed</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0049e3fa40"><code>0049e3f</code></a>
Use deprecated set-output syntax if GITHUB_OUTPUT environment is not
availabl...</li>
<li><a
href="f6f7a9c351"><code>f6f7a9c</code></a>
Update CHANGELOG</li>
<li>See full diff in <a
href="2fde6fc18d...0049e3fa40">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stefanzweifel/git-auto-commit-action&package-manager=github_actions&previous-version=4.15.2&new-version=4.15.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-27 09:29:34 -03:00
dependabot[bot]
62361bb6ad
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.15.1 to 4.15.2 (#3492) 
Bumps
[stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action)
from 4.15.1 to 4.15.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.15.2</h2>
<h2>Changed</h2>
<ul>
<li>Replace set-output usage with GITHUB_OUTPUT (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/252">#252</a>)
<a href="https://github.com/amonshiz"><code>@​amonshiz</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.2...HEAD">Unreleased</a></h2>
<blockquote>
<p>TBD</p>
</blockquote>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.1...v4.15.2">v4.15.2</a>
- 2022-10-22</h2>
<h3>Changed</h3>
<ul>
<li>Replace set-output usage with GITHUB_OUTPUT (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/252">#252</a>)
<a href="https://github.com/amonshiz"><code>@​amonshiz</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.0...v4.15.1">v4.15.1</a>
- 2022-10-10</h2>
<h3>Fixed</h3>
<ul>
<li>Run Action on Node16 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/247">#247</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.1...v4.15.0">v4.15.0</a>
- 2022-09-24</h2>
<h3>Changed</h3>
<ul>
<li>Expand <code>file_pattern</code>-input to an array (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/205">#205</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>String values in README.md extended example are now correct (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/196">#196</a>)
<a
href="https://github.com/@karolswdev"><code>@​karolswdev</code></a></li>
<li>Fix Typos and grammer Errors in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/235">#235</a>)
<a
href="https://github.com/@derrickleemy"><code>@​derrickleemy</code></a></li>
<li>Fix Typo in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/230">#230</a>)
<a href="https://github.com/@fty4"><code>@​fty4</code></a></li>
<li>Add missing links in the CHANGELOG (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/223">#223</a>)
<a
href="https://github.com/@ericcornelissen"><code>@​ericcornelissen</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.0...v4.14.1">v4.14.1</a>
- 2022-04-12</h2>
<h2>Changed</h2>
<ul>
<li>Change Commit User Name from &quot;GitHub Actions&quot; to
&quot;github-actions[bot]&quot; (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
<li>Change Commit User Email from &quot;<a
href="mailto:actions@github.com">actions@github.com</a>&quot; to
&quot;github-actions[bot]<a
href="https://github.com/users"><code>@​users</code></a>.noreply.github.com&quot;
(<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>Update doc link to GITHUB_TOKEN not triggering new workflow runs (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/206">#206</a>)
<a href="https://github.com/gapple"><code>@​gapple</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.13.1...v4.14.0">v4.14.0</a>
- 2022-03-18</h2>
<h2>Added</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2fde6fc18d"><code>2fde6fc</code></a>
Replace set-output usage with GITHUB_OUTPUT (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/252">#252</a>)</li>
<li><a
href="faf78595b8"><code>faf7859</code></a>
Update README.md</li>
<li><a
href="a0873a0795"><code>a0873a0</code></a>
Update CHANGELOG</li>
<li>See full diff in <a
href="fd157da78f...2fde6fc18d">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stefanzweifel/git-auto-commit-action&package-manager=github_actions&previous-version=4.15.1&new-version=4.15.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-24 10:45:43 -03:00
Carlos A Becker
f28a70c481
chore: image scan always fails 
the security issues comes from the golang image, which we need to be
using in order to build stuff.

That said, not much we can do either way, so, I'm disabling this check
for now.

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-10-21 08:56:21 -03:00
dependabot[bot]
bc5d4bf97a
chore(deps): bump golangci/golangci-lint-action from 3.2.0 to 3.3.0 (#3486) 
Bumps
[golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action)
from 3.2.0 to 3.3.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="07db5389c9"><code>07db538</code></a>
build(deps): bump <code>@​actions/cache</code> from 3.0.4 to 3.0.5 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/586">#586</a>)</li>
<li><a
href="328c000029"><code>328c000</code></a>
build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.39.0 to 5.40.0 ...</li>
<li><a
href="3a79f8d45a"><code>3a79f8d</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.39.0 to 5.40.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/584">#584</a>)</li>
<li><a
href="43c645b597"><code>43c645b</code></a>
build(deps-dev): bump eslint from 8.24.0 to 8.25.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/582">#582</a>)</li>
<li><a
href="88e5fc6380"><code>88e5fc6</code></a>
build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.38.1 to 5.39.0 ...</li>
<li><a
href="6191de56c9"><code>6191de5</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.38.1 to 5.39.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/580">#580</a>)</li>
<li><a
href="5423639e7b"><code>5423639</code></a>
build(deps): bump <code>@​actions/core</code> from 1.9.1 to 1.10.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/578">#578</a>)</li>
<li><a
href="c225631afd"><code>c225631</code></a>
build(deps): bump <code>@​actions/github</code> from 5.1.0 to 5.1.1 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/576">#576</a>)</li>
<li><a
href="b81d829cdb"><code>b81d829</code></a>
build(deps-dev): bump typescript from 4.8.3 to 4.8.4 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/577">#577</a>)</li>
<li><a
href="5b682fd40b"><code>5b682fd</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.38.0 to 5.38.1 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/575">#575</a>)</li>
<li>Additional commits viewable in <a
href="537aa1903e...07db5389c9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=3.2.0&new-version=3.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-21 08:54:45 -03:00
dependabot[bot]
097baac606
chore(deps): bump actions/setup-go from 3.3.0 to 3.3.1 (#3477) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.3.0
to 3.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>Fix cache issues and update dependencies</h2>
<p>In scope of this release we fixed the issue with the correct
generation of the cache key when the <code>go-version-file</code> input
is set (<a
href="https://github-redirect.dependabot.com/actions/setup-go/pull/267">actions/setup-go#267</a>).
Moreover, we fixed an issue when <a
href="https://github-redirect.dependabot.com/actions/setup-go/pull/264">the
cache folder was not found</a>. Besides, we updated
<code>actions/core</code> to 1.10.0 version (<a
href="https://github-redirect.dependabot.com/actions/setup-go/pull/273">actions/setup-go#273</a>).</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c4a742cab1"><code>c4a742c</code></a>
fix(): cache resolve version input (<a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/267">#267</a>)</li>
<li><a
href="f556e5b7e0"><code>f556e5b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/273">#273</a>
from rentziass/rentziass/update-actions-core</li>
<li><a
href="514ae57904"><code>514ae57</code></a>
Update <code>@​actions/core</code> to 1.10.0</li>
<li><a
href="30b9ddff11"><code>30b9ddf</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/264">#264</a>
from e-korolevskii/258-not-throw-err-no-cache-folders</li>
<li><a
href="c4e169859f"><code>c4e1698</code></a>
prettier format</li>
<li><a
href="db58e98a43"><code>db58e98</code></a>
format</li>
<li><a
href="2905db4069"><code>2905db4</code></a>
update build</li>
<li><a
href="57452eb902"><code>57452eb</code></a>
fix debug lines in test</li>
<li><a
href="5547b9ed8d"><code>5547b9e</code></a>
fix(cache): Not throw err if no cache folders</li>
<li><a
href="be45b2722d"><code>be45b27</code></a>
build</li>
<li>Additional commits viewable in <a
href="268d8c0ca0...c4a742cab1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=3.3.0&new-version=3.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-19 09:54:46 -03:00
dependabot[bot]
a94d809a63
chore(deps): bump sigstore/cosign-installer from 2.8.0 to 2.8.1 (#3478) 
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 2.8.0 to 2.8.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v2.8.1</h2>
<h2>What's Changed</h2>
<ul>
<li>bump cosign install to use release v1.13.1 by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/98">sigstore/cosign-installer#98</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v2...v2.8.1">https://github.com/sigstore/cosign-installer/compare/v2...v2.8.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9becc61764"><code>9becc61</code></a>
bump cosign install to use release v1.13.1 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/98">#98</a>)</li>
<li><a
href="c6d50c2e98"><code>c6d50c2</code></a>
Bump actions/checkout from 3.0.2 to 3.1.0 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/96">#96</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v2.8.0...v2.8.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=2.8.0&new-version=2.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-19 09:54:06 -03:00
dependabot[bot]
7b1ce71351
chore(deps): bump github/codeql-action from 2.1.27 to 2.1.28 (#3479) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.27 to 2.1.28.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.28 - 18 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li>
<li>Replace uses of GitHub Actions command <code>set-output</code>
because it is now deprecated. See more information in the <a
href="https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/">GitHub
Changelog</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1301">#1301</a></li>
</ul>
<h2>2.1.27 - 06 Oct 2022</h2>
<ul>
<li>We are rolling out a feature of the CodeQL Action in October 2022
that changes the way that Go code is analyzed to be more consistent with
other compiled languages like C/C++, C#, and Java. You do not need to
alter your code scanning workflows. If you encounter any problems,
please <a href="https://github.com/github/codeql-action/issues">file an
issue</a> or open a private ticket with GitHub Support and request an
escalation to engineering.</li>
</ul>
<h2>2.1.26 - 29 Sep 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li>
</ul>
<h2>2.1.25 - 21 Sep 2022</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
<li>Add support for Python automatic dependency installation with Poetry
1.2 <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.23 - 14 Sep 2022</h2>
<ul>
<li>Allow CodeQL packs to be downloaded from GitHub Enterprise Server
instances, using the new <code>registries</code> input for the
<code>init</code> action. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1221">#1221</a></li>
<li>Update default CodeQL bundle version to 2.10.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1240">#1240</a></li>
</ul>
<h2>2.1.22 - 01 Sep 2022</h2>
<ul>
<li>Downloading CodeQL packs has been moved to the <code>init</code>
step. Previously, CodeQL packs were downloaded during the
<code>analyze</code> step. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li>
<li>Update default CodeQL bundle version to 2.10.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li>
<li>The newly released <a
href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry
1.2</a> is not yet supported. In the most common case where the CodeQL
Action is automatically installing Python dependencies, it will continue
to install and use Poetry 1.1 on its own. However, in certain cases such
as with self-hosted runners, you may need to ensure Poetry 1.1 is
installed yourself.</li>
</ul>
<h2>2.1.21 - 25 Aug 2022</h2>
<ul>
<li>Improve error messages when the code scanning configuration file
includes an invalid <code>queries</code> block or an invalid
<code>query-filters</code> block. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li>
<li>Fix a bug where Go build tracing could fail on Windows. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li>
</ul>
<h2>2.1.20 - 22 Aug 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.19 - 17 Aug 2022</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cc7986c02b"><code>cc7986c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1311">#1311</a>
from github/update-v2.1.28-96c8872f</li>
<li><a
href="aecd03235b"><code>aecd032</code></a>
Update changelog for v2.1.28</li>
<li><a
href="96c8872f06"><code>96c8872</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1310">#1310</a>
from github/henrymercer/v2-mergeback</li>
<li><a
href="b709139433"><code>b709139</code></a>
Merge branch 'releases/v2' into henrymercer/v2-mergeback</li>
<li><a
href="5dd73678a4"><code>5dd7367</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1308">#1308</a>
from github/aeisenberg/fix-merge</li>
<li><a
href="4c1ccc4a5e"><code>4c1ccc4</code></a>
Fix CHANGELOG</li>
<li><a
href="c2f5185572"><code>c2f5185</code></a>
Merge commit 'e4cc4a2f' into releases/v2</li>
<li><a
href="297ec80a46"><code>297ec80</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1301">#1301</a>
from github/aeisenberg/remove-set-output</li>
<li><a
href="b0f8861cea"><code>b0f8861</code></a>
Update CHANGELOG.md</li>
<li><a
href="2ee8edc7f0"><code>2ee8edc</code></a>
Update changelog</li>
<li>Additional commits viewable in <a
href="807578363a...cc7986c02b">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.27&new-version=2.1.28)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-19 09:53:53 -03:00
dependabot[bot]
97e9bc40f9
chore(deps): bump docker/setup-buildx-action from 2.2.0 to 2.2.1 (#3480) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.2.0 to 2.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Preserve quotes surrounding fields in input list by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/174">#174</a>)</li>
<li>Escape surrounding quotes for <code>platforms</code> input by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/175">#175</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.2.0...v2.2.1">https://github.com/docker/setup-buildx-action/compare/v2.2.0...v2.2.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8c0edbc76e"><code>8c0edbc</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/175">#175</a>
from crazy-max/input-list-quotes</li>
<li><a
href="1fb9cbdb32"><code>1fb9cbd</code></a>
escape surrounding quotes for platforms input</li>
<li><a
href="693fdd6ca6"><code>693fdd6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/174">#174</a>
from crazy-max/input-quote</li>
<li><a
href="fe4c1ac86d"><code>fe4c1ac</code></a>
preserve quotes surrounding fields in input list</li>
<li>See full diff in <a
href="c74574e6c8...8c0edbc76e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.2.0&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-19 09:53:41 -03:00
dependabot[bot]
903713ea0a
chore(deps): bump docker/setup-buildx-action from 2.1.0 to 2.2.0 (#3474) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.1.0 to 2.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Append nodes to builder support by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/165">#165</a>)</li>
<li>Bump csv-parse from 5.3.0 to 5.3.1 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/172">#172</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.1.0...v2.2.0">https://github.com/docker/setup-buildx-action/compare/v2.1.0...v2.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c74574e6c8"><code>c74574e</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/172">#172</a>
from docker/dependabot/npm_and_yarn/csv-parse-5.3.1</li>
<li><a
href="2d0cf98781"><code>2d0cf98</code></a>
update generated content</li>
<li><a
href="5f1d4ea81f"><code>5f1d4ea</code></a>
Bump csv-parse from 5.3.0 to 5.3.1</li>
<li><a
href="59b5ed6124"><code>59b5ed6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/165">#165</a>
from crazy-max/append</li>
<li><a
href="bd61d52837"><code>bd61d52</code></a>
update generated content</li>
<li><a
href="f6efb5fcbb"><code>f6efb5f</code></a>
platforms input</li>
<li><a
href="2dfca373f3"><code>2dfca37</code></a>
append nodes to builder support</li>
<li>See full diff in <a
href="95cb08cb26...c74574e6c8">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.1.0&new-version=2.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-18 09:19:42 -03:00
dependabot[bot]
647262634b
chore(deps): bump actions/cache from 3.0.10 to 3.0.11 (#3465) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.10 to
3.0.11.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.11</h2>
<h2>What's Changed</h2>
<ul>
<li>Call out cache not saved on hit by <a
href="https://github.com/Phantsure"><code>@​Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/946">actions/cache#946</a></li>
<li>Update <code>@​actions/core</code> to 1.10.0 by <a
href="https://github.com/rentziass"><code>@​rentziass</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/950">actions/cache#950</a></li>
<li>Update cache to use <code>@​actions/core</code>@^1.10.0 by <a
href="https://github.com/pdotl"><code>@​pdotl</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/956">actions/cache#956</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/rentziass"><code>@​rentziass</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/950">actions/cache#950</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.0.11">https://github.com/actions/cache/compare/v3...v3.0.11</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MIN</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<h3>3.0.11</h3>
<ul>
<li>Update toolkit version to 3.0.5 to include
<code>@actions/core@^1.10.0</code></li>
<li>Update <code>@actions/cache</code> to use updated
<code>saveState</code> and <code>setOutput</code> functions from
<code>@actions/core@^1.10.0</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9b0c1fce7a"><code>9b0c1fc</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/956">#956</a>
from actions/pdotl-version-bump</li>
<li><a
href="18103f63fe"><code>18103f6</code></a>
Fix licensed status error</li>
<li><a
href="3e383cd9c3"><code>3e383cd</code></a>
Update RELEASES</li>
<li><a
href="43428ea056"><code>43428ea</code></a>
toolkit versioon update and version bump for cache</li>
<li><a
href="1c73980b09"><code>1c73980</code></a>
3.0.11</li>
<li><a
href="a3f5edc237"><code>a3f5edc</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/950">#950</a>
from rentziass/rentziass/update-actions-core</li>
<li><a
href="831ee695a5"><code>831ee69</code></a>
Update licenses</li>
<li><a
href="b9c8bfe442"><code>b9c8bfe</code></a>
Update <code>@​actions/core</code> to 1.10.0</li>
<li><a
href="0f20846208"><code>0f20846</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/946">#946</a>
from actions/Phantsure-patch-2</li>
<li><a
href="862fc14188"><code>862fc14</code></a>
Update README.md</li>
<li>Additional commits viewable in <a
href="56461b9eb0...9b0c1fce7a">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.0.10&new-version=3.0.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-14 10:17:02 -03:00
dependabot[bot]
fcd9b379f5
chore(deps): bump actions/github-script from 6.3.2 to 6.3.3 (#3464) 
Bumps [actions/github-script](https://github.com/actions/github-script)
from 6.3.2 to 6.3.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v6.3.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Update <code>@actions/glob</code> to 0.3.0 by <a
href="https://github.com/nineinchnick"><code>@​nineinchnick</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/279">actions/github-script#279</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/nineinchnick"><code>@​nineinchnick</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/279">actions/github-script#279</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v6.3.2...v6.3.3">https://github.com/actions/github-script/compare/v6.3.2...v6.3.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d556feaca3"><code>d556fea</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/300">#300</a>
from actions/joshmgross/v6.3.3</li>
<li><a
href="01fde8b524"><code>01fde8b</code></a>
Update version to 6.3.3</li>
<li><a
href="633e9fd3a1"><code>633e9fd</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/279">#279</a>
from nineinchnick/update-glob</li>
<li><a
href="ee124b1288"><code>ee124b1</code></a>
Update dist</li>
<li><a
href="ca24d5fb29"><code>ca24d5f</code></a>
Update <code>@actions/glob</code> license version</li>
<li><a
href="c09747ec1a"><code>c09747e</code></a>
Merge branch 'main' into update-glob</li>
<li>See full diff in <a
href="100527700e...d556feaca3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=6.3.2&new-version=6.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-14 10:16:50 -03:00
dependabot[bot]
6a5a3d9f1d
chore(deps): bump docker/setup-qemu-action from 2.0.0 to 2.1.0 (#3458) 
Bumps
[docker/setup-qemu-action](https://github.com/docker/setup-qemu-action)
from 2.0.0 to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Use context for inputs by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/62">#62</a>)</li>
<li>Use built-in <code>getExecOutput</code> by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/61">#61</a>)</li>
<li>Remove workaround for <code>setOutput</code> by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/63">#63</a>)</li>
<li>Bump <code>@​actions/core</code> from 1.6.0 to 1.10.0 (<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/54">#54</a>
<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/58">#58</a>
<a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/59">#59</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-qemu-action/compare/v2.0.0...v2.1.0">https://github.com/docker/setup-qemu-action/compare/v2.0.0...v2.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e81a89b173"><code>e81a89b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/63">#63</a>
from crazy-max/setOutput</li>
<li><a
href="2d3efc7878"><code>2d3efc7</code></a>
Remove workaround for setOutput</li>
<li><a
href="bfc44eaf57"><code>bfc44ea</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/62">#62</a>
from crazy-max/context</li>
<li><a
href="25725d8d2e"><code>25725d8</code></a>
Use context for inputs</li>
<li><a
href="8c1e35a8c6"><code>8c1e35a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/61">#61</a>
from crazy-max/exec-output</li>
<li><a
href="f3c51a3313"><code>f3c51a3</code></a>
update README</li>
<li><a
href="c47ad32952"><code>c47ad32</code></a>
Use built-in getExecOutput</li>
<li><a
href="aa087459ac"><code>aa08745</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-qemu-action/issues/59">#59</a>
from docker/dependabot/npm_and_yarn/actions/core-1.10.0</li>
<li><a
href="9443994984"><code>9443994</code></a>
Update generated content</li>
<li><a
href="81a47e15eb"><code>81a47e1</code></a>
Bump <code>@​actions/core</code> from 1.9.1 to 1.10.0</li>
<li>Additional commits viewable in <a
href="8b122486ce...e81a89b173">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-qemu-action&package-manager=github_actions&previous-version=2.0.0&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2022-10-13 10:52:43 -03:00
dependabot[bot]
9ce619ad09
chore(deps): bump docker/setup-buildx-action from 2.0.0 to 2.1.0 (#3459) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.0.0 to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Auth support for tls endpoint by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/164">#164</a>)</li>
<li>Nodes metadata JSON ouput by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/162">#162</a>)
<ul>
<li><code>endpoint</code>, <code>status</code> and <code>flags</code>
outputs are deprecated. Use <code>nodes</code> output instead.</li>
</ul>
</li>
<li>Skip setting buildkitd flags and config for remote driver by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/161">#161</a>)</li>
<li>Move args logic to context module and add tests by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/169">#169</a>)</li>
<li>Remove workaround for <code>setOutput</code> by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/170">#170</a>)</li>
<li>Fix deprecated <code>fs.rmdir</code> by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/171">#171</a>)</li>
<li>Docs: clarify install option by <a
href="https://github.com/rodrigc"><code>@​rodrigc</code></a> in (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/152">#152</a>)</li>
<li>Bump <code>@​actions/core</code> from 1.6.0 to 1.10.0 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/151">#151</a>
<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/157">#157</a>
<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/167">#167</a>)</li>
<li>Bump <code>@​actions/tool-cache</code> from 1.7.2 to 2.0.1 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/150">#150</a>)</li>
<li>Bump <code>@​actions/http-client</code> from 1.0.11 to 2.0.1 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/149">#149</a>)</li>
<li>Bump uuid from 8.3.2 to 9.0.0 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/159">#159</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.0.0...v2.1.0">https://github.com/docker/setup-buildx-action/compare/v2.0.0...v2.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="95cb08cb26"><code>95cb08c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/171">#171</a>
from crazy-max/rmsync</li>
<li><a
href="eb5c2a6eea"><code>eb5c2a6</code></a>
Fix deprecated fs.rmdir</li>
<li><a
href="83612bea36"><code>83612be</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/170">#170</a>
from crazy-max/setOutput</li>
<li><a
href="40fefd8a58"><code>40fefd8</code></a>
Remove workaround for setOutput</li>
<li><a
href="90a1e4619e"><code>90a1e46</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/169">#169</a>
from crazy-max/context-module</li>
<li><a
href="5a9fc40575"><code>5a9fc40</code></a>
move args logic to context module and add tests</li>
<li><a
href="6c48dad5f0"><code>6c48dad</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/159">#159</a>
from docker/dependabot/npm_and_yarn/uuid-9.0.0</li>
<li><a
href="16c2ddbfa7"><code>16c2ddb</code></a>
update generated content</li>
<li><a
href="0fe8589bf4"><code>0fe8589</code></a>
Bump uuid from 8.3.2 to 9.0.0</li>
<li><a
href="f3692cbe43"><code>f3692cb</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/167">#167</a>
from docker/dependabot/npm_and_yarn/actions/core-1.10.0</li>
<li>Additional commits viewable in <a
href="dc7b9719a9...95cb08cb26">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.0.0&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2022-10-13 10:51:29 -03:00
dependabot[bot]
637ffc49a9
chore(deps): bump docker/login-action from 2.0.0 to 2.1.0 (#3451) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [docker/login-action](https://github.com/docker/login-action) from
2.0.0 to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/login-action/releases">docker/login-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Ensure AWS temp credentials are redacted in workflow logs by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/275">#275</a>)</li>
<li>Bump <code>@​actions/core</code> from 1.6.0 to 1.10.0 (<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/252">#252</a>
<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/292">#292</a>)</li>
<li>Bump <code>@​aws-sdk/client-ecr</code> from 3.53.0 to 3.186.0 (<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/298">#298</a>)</li>
<li>Bump <code>@​aws-sdk/client-ecr-public</code> from 3.53.0 to 3.186.0
(<a
href="https://github-redirect.dependabot.com/docker/login-action/issues/299">#299</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/login-action/compare/v2.0.0...v2.1.0">https://github.com/docker/login-action/compare/v2.0.0...v2.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f4ef78c080"><code>f4ef78c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/login-action/issues/299">#299</a>
from docker/dependabot/npm_and_yarn/aws-sdk/client-ec...</li>
<li><a
href="9ad4ce3929"><code>9ad4ce3</code></a>
Update generated content</li>
<li><a
href="884eadd4f8"><code>884eadd</code></a>
Bump <code>@​aws-sdk/client-ecr-public</code> from 3.53.0 to
3.186.0</li>
<li><a
href="a266232f5c"><code>a266232</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/login-action/issues/298">#298</a>
from docker/dependabot/npm_and_yarn/aws-sdk/client-ec...</li>
<li><a
href="f97efcfbf9"><code>f97efcf</code></a>
Update generated content</li>
<li><a
href="5ae789beac"><code>5ae789b</code></a>
Bump <code>@​aws-sdk/client-ecr</code> from 3.53.0 to 3.186.0</li>
<li><a
href="71c23b5b34"><code>71c23b5</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/login-action/issues/292">#292</a>
from docker/dependabot/npm_and_yarn/actions/core-1.10.0</li>
<li><a
href="6401d70aab"><code>6401d70</code></a>
Update generated content</li>
<li><a
href="67e8909cc6"><code>67e8909</code></a>
Bump <code>@​actions/core</code> from 1.9.1 to 1.10.0</li>
<li><a
href="21f251affc"><code>21f251a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/login-action/issues/275">#275</a>
from crazy-max/redact-aws-creds</li>
<li>Additional commits viewable in <a
href="49ed152c8e...f4ef78c080">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/login-action&package-manager=github_actions&previous-version=2.0.0&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-12 19:05:18 -03:00
dependabot[bot]
614cab8586
chore(deps): bump actions/github-script from 6.3.1 to 6.3.2 (#3453) 
Bumps [actions/github-script](https://github.com/actions/github-script)
from 6.3.1 to 6.3.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v6.3.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Update <code>@​actions/core</code> to 1.10.0 by <a
href="https://github.com/rentziass"><code>@​rentziass</code></a> in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/295">actions/github-script#295</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/rentziass"><code>@​rentziass</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/295">actions/github-script#295</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v6.3.1...v6.3.2">https://github.com/actions/github-script/compare/v6.3.1...v6.3.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="100527700e"><code>1005277</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/299">#299</a>
from actions/joshmgross/v6.3.2</li>
<li><a
href="085a7754e8"><code>085a775</code></a>
Bump version to 6.3.2</li>
<li><a
href="6871f0ffce"><code>6871f0f</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/295">#295</a>
from rentziass/rentziass/update-actions-core</li>
<li><a
href="7ed718295b"><code>7ed7182</code></a>
Update <code>@​actions/core</code> to 1.10.0</li>
<li>See full diff in <a
href="7dff1a8764...100527700e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=6.3.1&new-version=6.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-12 19:05:03 -03:00
dependabot[bot]
38c8436863
chore(deps): bump arduino/setup-task from 1.0.1 to 1.0.2 (#3452) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [arduino/setup-task](https://github.com/arduino/setup-task) from
1.0.1 to 1.0.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/arduino/setup-task/releases">arduino/setup-task's
releases</a>.</em></p>
<blockquote>
<h2>1.0.2</h2>
<h2>Release Notes</h2>
<h3>Changelog</h3>
<h4>Enhancement</h4>
<ul>
<li>Run action with Node.js 16 (<a
href="https://github-redirect.dependabot.com/arduino/setup-task/pull/552">arduino/setup-task#552</a>)</li>
<li>Various dependency updates</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a href="https://github.com/kasperg"><code>@​kasperg</code></a></li>
</ul>
<hr />
<p><strong>Full Changeset</strong>: <a
href="https://github.com/arduino/setup-task/compare/1.0.1...1.0.2">https://github.com/arduino/setup-task/compare/1.0.1...1.0.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d665c6beeb"><code>d665c6b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/554">#554</a>
from arduino/dependabot/npm_and_yarn/types/node-16.11.65</li>
<li><a
href="f911dc0bbc"><code>f911dc0</code></a>
build(deps-dev): bump <code>@​types/node</code> from 16.11.64 to
16.11.65</li>
<li><a
href="2cdd1760c6"><code>2cdd176</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/555">#555</a>
from arduino/dependabot/npm_and_yarn/typescript-eslin...</li>
<li><a
href="0238d42112"><code>0238d42</code></a>
build(deps-dev): bump
<code>@​typescript-eslint/eslint-plugin</code></li>
<li><a
href="b592b746bd"><code>b592b74</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/553">#553</a>
from arduino/dependabot/npm_and_yarn/typescript-eslin...</li>
<li><a
href="1b72357a23"><code>1b72357</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.38.1 to 5.40.0</li>
<li><a
href="eea6bc2215"><code>eea6bc2</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/551">#551</a>
from arduino/dependabot/npm_and_yarn/eslint-8.25.0</li>
<li><a
href="c36e056867"><code>c36e056</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/552">#552</a>
from kasperg/patch-1</li>
<li><a
href="ba0113b2fc"><code>ba0113b</code></a>
Bump Node version from 12 to 16</li>
<li><a
href="1bdabdfc86"><code>1bdabdf</code></a>
build(deps-dev): bump eslint from 8.24.0 to 8.25.0</li>
<li>Additional commits viewable in <a
href="ca745e1891...d665c6beeb">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=arduino/setup-task&package-manager=github_actions&previous-version=1.0.1&new-version=1.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-12 19:04:36 -03:00
dependabot[bot]
7cd73510c0
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.15.0 to 4.15.1 (#3450) 
Bumps
[stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action)
from 4.15.0 to 4.15.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.15.1</h2>
<h2>Fixed</h2>
<ul>
<li>Run Action on Node16 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/247">#247</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.1...HEAD">Unreleased</a></h2>
<blockquote>
<p>TBD</p>
</blockquote>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.0...v4.15.1">v4.15.1</a>
- 2022-10-10</h2>
<h3>Fixed</h3>
<ul>
<li>Run Action on Node16 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/247">#247</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.1...v4.15.0">v4.15.0</a>
- 2022-09-24</h2>
<h3>Changed</h3>
<ul>
<li>Expand <code>file_pattern</code>-input to an array (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/205">#205</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>String values in README.md extended example are now correct (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/196">#196</a>)
<a
href="https://github.com/@karolswdev"><code>@​karolswdev</code></a></li>
<li>Fix Typos and grammer Errors in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/235">#235</a>)
<a
href="https://github.com/@derrickleemy"><code>@​derrickleemy</code></a></li>
<li>Fix Typo in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/230">#230</a>)
<a href="https://github.com/@fty4"><code>@​fty4</code></a></li>
<li>Add missing links in the CHANGELOG (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/223">#223</a>)
<a
href="https://github.com/@ericcornelissen"><code>@​ericcornelissen</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.0...v4.14.1">v4.14.1</a>
- 2022-04-12</h2>
<h2>Changed</h2>
<ul>
<li>Change Commit User Name from &quot;GitHub Actions&quot; to
&quot;github-actions[bot]&quot; (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
<li>Change Commit User Email from &quot;<a
href="mailto:actions@github.com">actions@github.com</a>&quot; to
&quot;github-actions[bot]<a
href="https://github.com/users"><code>@​users</code></a>.noreply.github.com&quot;
(<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>Update doc link to GITHUB_TOKEN not triggering new workflow runs (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/206">#206</a>)
<a href="https://github.com/gapple"><code>@​gapple</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.13.1...v4.14.0">v4.14.0</a>
- 2022-03-18</h2>
<h2>Added</h2>
<ul>
<li>Add <code>create_branch</code> option to force create a new branch
(<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/203">#203</a>)
<a
href="https://github.com/stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>README.md: Updates hyperlink to GH docs (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/200">#200</a>)
<a
href="https://github.com/funkyfuture"><code>@​funkyfuture</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fd157da78f"><code>fd157da</code></a>
Run Action on Node16 (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/247">#247</a>)</li>
<li><a
href="b208f78c10"><code>b208f78</code></a>
Test that CRLF changes are not picked up</li>
<li><a
href="cef08f2918"><code>cef08f2</code></a>
Update CHANGELOG</li>
<li>See full diff in <a
href="6c32682a40...fd157da78f">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stefanzweifel/git-auto-commit-action&package-manager=github_actions&previous-version=4.15.0&new-version=4.15.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-11 09:54:34 -03:00
dependabot[bot]
dffc068b47
chore(deps): bump github/codeql-action from 2.1.26 to 2.1.27 (#3445) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.26 to 2.1.27.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.27 - 06 Oct 2022</h2>
<ul>
<li>We are rolling out a feature of the CodeQL Action in October 2022
that changes the way that Go code is analyzed to be more consistent with
other compiled languages like C/C++, C#, and Java. You do not need to
alter your code scanning workflows. If you encounter any problems,
please <a href="https://github.com/github/codeql-action/issues">file an
issue</a> or open a private ticket with GitHub Support and request an
escalation to engineering.</li>
</ul>
<h2>2.1.26 - 29 Sep 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li>
</ul>
<h2>2.1.25 - 21 Sep 2022</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
<li>Add support for Python automatic dependency installation with Poetry
1.2 <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.23 - 14 Sep 2022</h2>
<ul>
<li>Allow CodeQL packs to be downloaded from GitHub Enterprise Server
instances, using the new <code>registries</code> input for the
<code>init</code> action. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1221">#1221</a></li>
<li>Update default CodeQL bundle version to 2.10.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1240">#1240</a></li>
</ul>
<h2>2.1.22 - 01 Sep 2022</h2>
<ul>
<li>Downloading CodeQL packs has been moved to the <code>init</code>
step. Previously, CodeQL packs were downloaded during the
<code>analyze</code> step. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li>
<li>Update default CodeQL bundle version to 2.10.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li>
<li>The newly released <a
href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry
1.2</a> is not yet supported. In the most common case where the CodeQL
Action is automatically installing Python dependencies, it will continue
to install and use Poetry 1.1 on its own. However, in certain cases such
as with self-hosted runners, you may need to ensure Poetry 1.1 is
installed yourself.</li>
</ul>
<h2>2.1.21 - 25 Aug 2022</h2>
<ul>
<li>Improve error messages when the code scanning configuration file
includes an invalid <code>queries</code> block or an invalid
<code>query-filters</code> block. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li>
<li>Fix a bug where Go build tracing could fail on Windows. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li>
</ul>
<h2>2.1.20 - 22 Aug 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.19 - 17 Aug 2022</h2>
<ul>
<li>Add the ability to filter queries from a code scanning run by using
the <code>query-filters</code> option in the code scanning configuration
file. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1098">#1098</a></li>
<li>In debug mode, debug artifacts are now uploaded even if a step in
the Actions workflow fails. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1159">#1159</a></li>
<li>Update default CodeQL bundle version to 2.10.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1178">#1178</a></li>
<li>The combination of python2 and Pipenv is no longer supported. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1181">#1181</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="807578363a"><code>8075783</code></a>
Merge main into releases/v2 (<a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1287">#1287</a>)</li>
<li>See full diff in <a
href="e0e5ded33c...807578363a">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.26&new-version=2.1.27)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-10 14:51:49 -03:00
dependabot[bot]
1317be8a7d
chore(deps): bump sigstore/cosign-installer from 2.7.0 to 2.8.0 (#3448) 
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 2.7.0 to 2.8.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v2.8.0</h2>
<h2>What's Changed</h2>
<ul>
<li>bump cosign to v1.13.0 by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/95">sigstore/cosign-installer#95</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v2.7.0...v2.8.0">https://github.com/sigstore/cosign-installer/compare/v2.7.0...v2.8.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7cc35d7fdb"><code>7cc35d7</code></a>
bump cosign to v1.13.0 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/95">#95</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v2.7.0...v2.8.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=2.7.0&new-version=2.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-10 14:50:18 -03:00
Carlos Alexandro Becker
b4159f6377
feat(deps): go 1.19.2 (#3443) 
latest security fixes

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-10-05 21:24:45 -03:00
Carlos A Becker
04162b50fe
chore: always build on main 2022-10-05 10:50:29 -03:00
Carlos A Becker
7c42c807e5
chore: fix fig workflow name 2022-10-05 09:40:12 -03:00
dependabot[bot]
f8da439130
chore(deps): bump actions/checkout from 3.0.2 to 3.1.0 (#3441) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.2
to 3.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v3.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Inject GitHub host to be able to clone from another GitHub instance
by <a
href="https://github.com/peter-murray"><code>@​peter-murray</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/922">actions/checkout#922</a></li>
<li>Bump <code>@​actions/core</code> to 1.10.0 by <a
href="https://github.com/rentziass"><code>@​rentziass</code></a> in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/939">actions/checkout#939</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/peter-murray"><code>@​peter-murray</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/922">actions/checkout#922</a></li>
<li><a href="https://github.com/rentziass"><code>@​rentziass</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/939">actions/checkout#939</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v3.0.2...v3.1.0">https://github.com/actions/checkout/compare/v3.0.2...v3.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v3.1.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/939">Use
<code>@​actions/core</code> <code>saveState</code> and
<code>getState</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/922">Add
<code>github-server-url</code> input</a></li>
</ul>
<h2>v3.0.2</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/770">Add
input <code>set-safe-directory</code></a></li>
</ul>
<h2>v3.0.1</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/762">Fixed
an issue where checkout failed to run in container jobs due to the new
git setting <code>safe.directory</code></a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/744">Bumped
various npm package versions</a></li>
</ul>
<h2>v3.0.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/689">Update
to node 16</a></li>
</ul>
<h2>v2.3.1</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/284">Fix
default branch resolution for .wiki and when using SSH</a></li>
</ul>
<h2>v2.3.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/278">Fallback
to the default branch</a></li>
</ul>
<h2>v2.2.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/258">Fetch
all history for all tags and branches when fetch-depth=0</a></li>
</ul>
<h2>v2.1.1</h2>
<ul>
<li>Changes to support GHES (<a
href="https://github-redirect.dependabot.com/actions/checkout/pull/236">here</a>
and <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/248">here</a>)</li>
</ul>
<h2>v2.1.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/191">Group
output</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/199">Changes
to support GHES alpha release</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/184">Persist
core.sshCommand for submodules</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/163">Add
support ssh</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/179">Convert
submodule SSH URL to HTTPS, when not using SSH</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/157">Add
submodule support</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/144">Follow
proxy settings</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/141">Fix
ref for pr closed event when a pr is merged</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/128">Fix
issue checking detached when git less than 2.22</a></li>
</ul>
<h2>v2.0.0</h2>
<ul>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/108">Do
not pass cred on command line</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/107">Add
input persist-credentials</a></li>
<li><a
href="https://github-redirect.dependabot.com/actions/checkout/pull/104">Fallback
to REST API to download repo</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="93ea575cb5"><code>93ea575</code></a>
Prepare release v3.1.0 (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/940">#940</a>)</li>
<li><a
href="6a84743051"><code>6a84743</code></a>
Bump <code>@​actions/core</code> to 1.10.0 (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/939">#939</a>)</li>
<li><a
href="e6d535c99c"><code>e6d535c</code></a>
Inject GitHub host to be able to clone from another GitHub instance (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/922">#922</a>)</li>
<li>See full diff in <a
href="2541b1294d...93ea575cb5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.0.2&new-version=3.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-05 09:38:34 -03:00
Carlos Alexandro Becker
bb6c53eeda
feat: fig integration (#3437) 
closes #3328

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-10-05 09:33:39 -03:00
Carlos A Becker
e89e2135bd
chore: generate should use go cache 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-10-04 22:05:49 -03:00
dependabot[bot]
6e90e7edba
chore(deps): bump actions/github-script from 6.3.0 to 6.3.1 (#3429) 
Bumps [actions/github-script](https://github.com/actions/github-script)
from 6.3.0 to 6.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v6.3.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix overriding request options from <code>@​actions/github</code> by
<a
href="https://github.com/luketomlinson"><code>@​luketomlinson</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/293">actions/github-script#293</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v6.3.0...v6.3.1">https://github.com/actions/github-script/compare/v6.3.0...v6.3.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7dff1a8764"><code>7dff1a8</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/293">#293</a>
from luketomlinson/main</li>
<li><a
href="8445ca871a"><code>8445ca8</code></a>
Fix overriding request options from <code>@​actions/github</code></li>
<li>See full diff in <a
href="d4560e1570...7dff1a8764">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=6.3.0&new-version=6.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-04 09:27:16 -03:00
dependabot[bot]
c29971bddb
chore(deps): bump actions/cache from 3.0.9 to 3.0.10 (#3433) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.9 to
3.0.10.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.10</h2>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for <code>restore-keys</code> in README.md</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MIN</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="56461b9eb0"><code>56461b9</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/931">#931</a>
from ELHoussineT/patch-1</li>
<li><a
href="f85d12c3b2"><code>f85d12c</code></a>
Merge branch 'main' into patch-1</li>
<li><a
href="98044e486f"><code>98044e4</code></a>
Update README.md</li>
<li><a
href="edc49897ec"><code>edc4989</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/942">#942</a>
from actions/vsvipul/fix-sort</li>
<li><a
href="68d96986b5"><code>68d9698</code></a>
Remove sort logic from inputs</li>
<li><a
href="3238536a48"><code>3238536</code></a>
Update README.md</li>
<li>See full diff in <a
href="ac8075791e...56461b9eb0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.0.9&new-version=3.0.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-10-04 09:24:28 -03:00
dependabot[bot]
501a677d90
chore(deps): bump github/codeql-action from 2.1.25 to 2.1.26 (#3417) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.25 to 2.1.26.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.26 - 29 Sep 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li>
</ul>
<h2>2.1.25 - 21 Sep 2022</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
<li>Add support for Python automatic dependency installation with Poetry
1.2 <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.23 - 14 Sep 2022</h2>
<ul>
<li>Allow CodeQL packs to be downloaded from GitHub Enterprise Server
instances, using the new <code>registries</code> input for the
<code>init</code> action. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1221">#1221</a></li>
<li>Update default CodeQL bundle version to 2.10.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1240">#1240</a></li>
</ul>
<h2>2.1.22 - 01 Sep 2022</h2>
<ul>
<li>Downloading CodeQL packs has been moved to the <code>init</code>
step. Previously, CodeQL packs were downloaded during the
<code>analyze</code> step. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li>
<li>Update default CodeQL bundle version to 2.10.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li>
<li>The newly released <a
href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry
1.2</a> is not yet supported. In the most common case where the CodeQL
Action is automatically installing Python dependencies, it will continue
to install and use Poetry 1.1 on its own. However, in certain cases such
as with self-hosted runners, you may need to ensure Poetry 1.1 is
installed yourself.</li>
</ul>
<h2>2.1.21 - 25 Aug 2022</h2>
<ul>
<li>Improve error messages when the code scanning configuration file
includes an invalid <code>queries</code> block or an invalid
<code>query-filters</code> block. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li>
<li>Fix a bug where Go build tracing could fail on Windows. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li>
</ul>
<h2>2.1.20 - 22 Aug 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.19 - 17 Aug 2022</h2>
<ul>
<li>Add the ability to filter queries from a code scanning run by using
the <code>query-filters</code> option in the code scanning configuration
file. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1098">#1098</a></li>
<li>In debug mode, debug artifacts are now uploaded even if a step in
the Actions workflow fails. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1159">#1159</a></li>
<li>Update default CodeQL bundle version to 2.10.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1178">#1178</a></li>
<li>The combination of python2 and Pipenv is no longer supported. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1181">#1181</a></li>
</ul>
<h2>2.1.18 - 03 Aug 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.10.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1156">#1156</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e0e5ded33c"><code>e0e5ded</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1276">#1276</a>
from github/update-v2.1.26-97054749</li>
<li><a
href="c60b8543e6"><code>c60b854</code></a>
Update changelog for v2.1.26</li>
<li><a
href="97054749c9"><code>9705474</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1274">#1274</a>
from github/aeisenberg/update-checks-script</li>
<li><a
href="fb0f74784f"><code>fb0f747</code></a>
Update the checks script</li>
<li><a
href="3400e51bc8"><code>3400e51</code></a>
Add dotnet env variable to workflow (<a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1273">#1273</a>)</li>
<li><a
href="74740eef3d"><code>74740ee</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1270">#1270</a>
from github/aeisenberg/cli-config-feature-flag</li>
<li><a
href="1ec8ea99ee"><code>1ec8ea9</code></a>
Merge branch 'main' into aeisenberg/cli-config-feature-flag</li>
<li><a
href="2466f0ce2c"><code>2466f0c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1267">#1267</a>
from github/cklin/codeql-cli-2.11.0</li>
<li><a
href="a711c7623d"><code>a711c76</code></a>
Update default CodeQL version to 2.11.0</li>
<li><a
href="39064e0f9b"><code>39064e0</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1272">#1272</a>
from github/update-supported-enterprise-server-versions</li>
<li>Additional commits viewable in <a
href="86f3159a69...e0e5ded33c">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.25&new-version=2.1.26)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-30 09:47:36 -03:00
dependabot[bot]
16abdfd915
chore(deps): bump actions/cache from 3.0.8 to 3.0.9 (#3416) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.8 to
3.0.9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.9</h2>
<ul>
<li>Enhanced the warning message for cache unavailability in case of
GHES.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MIN</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ac8075791e"><code>ac80757</code></a>
Actions/cache release 3.0.9 (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/930">#930</a>)</li>
<li><a
href="0ff0597934"><code>0ff0597</code></a>
Update examples.md (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/920">#920</a>)</li>
<li><a
href="12681847c6"><code>1268184</code></a>
Update README.md (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/936">#936</a>)</li>
<li><a
href="1a78ace131"><code>1a78ace</code></a>
Updated the GHES warning message (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/925">#925</a>)</li>
<li><a
href="1bc650b06c"><code>1bc650b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/922">#922</a>
from actions/vsvipul/add-anurag</li>
<li><a
href="92e01f4797"><code>92e01f4</code></a>
Add anuragc617 to assignees</li>
<li><a
href="b195c997a4"><code>b195c99</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/912">#912</a>
from actions/pdotl/readme-update-1</li>
<li><a
href="9f98a2f01c"><code>9f98a2f</code></a>
Merge branch 'main' into pdotl/readme-update-1</li>
<li><a
href="471fb0c87e"><code>471fb0c</code></a>
Move workarounds to a different file</li>
<li><a
href="a213d1e898"><code>a213d1e</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/913">#913</a>
from actions/vsvipul-patch-2</li>
<li>Additional commits viewable in <a
href="fd5de65bc8...ac8075791e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.0.8&new-version=3.0.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-30 09:47:28 -03:00
Carlos A Becker
c006c9d208
chore: do not login on snapcraft on snapshots 2022-09-27 21:20:57 -03:00
Carlos A Becker
530764513f
chore: workflows being skipped when they shouldn't 2022-09-27 11:52:35 -03:00
dependabot[bot]
0edfbf02cb
chore(deps): bump actions/github-script from 6.2.0 to 6.3.0 (#3408) 
Bumps [actions/github-script](https://github.com/actions/github-script)
from 6.2.0 to 6.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v6.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add retry plugin and related options by <a
href="https://github.com/luketomlinson"><code>@​luketomlinson</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/288">actions/github-script#288</a>,
see <a
href="https://github.com/actions/github-script/tree/v6.3.0#retries">https://github.com/actions/github-script/tree/v6.3.0#retries</a>
for more information.</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/luketomlinson"><code>@​luketomlinson</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/288">actions/github-script#288</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v6.2.0...v6.3.0">https://github.com/actions/github-script/compare/v6.2.0...v6.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d4560e1570"><code>d4560e1</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/288">#288</a>
from luketomlinson/main</li>
<li><a
href="d742690307"><code>d742690</code></a>
6.3.0</li>
<li><a
href="ac0c7cb50b"><code>ac0c7cb</code></a>
Core.debug</li>
<li><a
href="eb0f407f1a"><code>eb0f407</code></a>
Whitespace</li>
<li><a
href="6b09a22cca"><code>6b09a22</code></a>
cleanup quotes</li>
<li><a
href="e7dbaf0565"><code>e7dbaf0</code></a>
update action.yml</li>
<li><a
href="3faaff918c"><code>3faaff9</code></a>
PR feedback</li>
<li><a
href="3cca041b86"><code>3cca041</code></a>
Fix http-client license</li>
<li><a
href="55053af80a"><code>55053af</code></a>
Update licenses</li>
<li><a
href="977060a05e"><code>977060a</code></a>
Add more info to action.yml</li>
<li>Additional commits viewable in <a
href="c713e510db...d4560e1570">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=6.2.0&new-version=6.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-27 10:58:22 -03:00
Carlos A Becker
20ead77da7
chore: gitleaks only when license present 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-09-27 10:57:08 -03:00
Carlos A Becker
32285bab55
chore: do not run gitleaks on dependabot prs 2022-09-27 10:54:05 -03:00
Carlos A Becker
0a3a76c09e
chore: do not run gitleaks on dependabot prs 2022-09-27 10:21:40 -03:00
dependabot[bot]
ee62a8ec00
chore(deps): bump stefanzweifel/git-auto-commit-action from 4.14.1 to 4.15.0 (#3405) 
Bumps
[stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action)
from 4.14.1 to 4.15.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.15.0</h2>
<h2>Changed</h2>
<ul>
<li>Expand <code>file_pattern</code>-input to an array (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/205">#205</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>String values in README.md extended example are now correct (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/196">#196</a>)
<a
href="https://github.com/@karolswdev"><code>@​karolswdev</code></a></li>
<li>Fix Typos and grammer Errors in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/235">#235</a>)
<a
href="https://github.com/@derrickleemy"><code>@​derrickleemy</code></a></li>
<li>Fix Typo in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/230">#230</a>)
<a href="https://github.com/@fty4"><code>@​fty4</code></a></li>
<li>Add missing links in the CHANGELOG (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/223">#223</a>)
<a
href="https://github.com/@ericcornelissen"><code>@​ericcornelissen</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>
and this project adheres to <a
href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.0...HEAD">Unreleased</a></h2>
<blockquote>
<p>TBD</p>
</blockquote>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.1...v4.15.0">v4.15.0</a>
- 2022-09-24</h2>
<h3>Changed</h3>
<ul>
<li>Expand <code>file_pattern</code>-input to an array (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/205">#205</a>)
<a
href="https://github.com/@stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>String values in README.md extended example are now correct (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/196">#196</a>)
<a
href="https://github.com/@karolswdev"><code>@​karolswdev</code></a></li>
<li>Fix Typos and grammer Errors in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/235">#235</a>)
<a
href="https://github.com/@derrickleemy"><code>@​derrickleemy</code></a></li>
<li>Fix Typo in README (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/230">#230</a>)
<a href="https://github.com/@fty4"><code>@​fty4</code></a></li>
<li>Add missing links in the CHANGELOG (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/223">#223</a>)
<a
href="https://github.com/@ericcornelissen"><code>@​ericcornelissen</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.14.0...v4.14.1">v4.14.1</a>
- 2022-04-12</h2>
<h2>Changed</h2>
<ul>
<li>Change Commit User Name from &quot;GitHub Actions&quot; to
&quot;github-actions[bot]&quot; (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
<li>Change Commit User Email from &quot;<a
href="mailto:actions@github.com">actions@github.com</a>&quot; to
&quot;github-actions[bot]<a
href="https://github.com/users"><code>@​users</code></a>.noreply.github.com&quot;
(<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/213">#213</a>)
<a href="https://github.com/jooola"><code>@​jooola</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>Update doc link to GITHUB_TOKEN not triggering new workflow runs (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/206">#206</a>)
<a href="https://github.com/gapple"><code>@​gapple</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.13.1...v4.14.0">v4.14.0</a>
- 2022-03-18</h2>
<h2>Added</h2>
<ul>
<li>Add <code>create_branch</code> option to force create a new branch
(<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/203">#203</a>)
<a
href="https://github.com/stefanzweifel"><code>@​stefanzweifel</code></a></li>
</ul>
<h2>Fixed</h2>
<ul>
<li>README.md: Updates hyperlink to GH docs (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/200">#200</a>)
<a
href="https://github.com/funkyfuture"><code>@​funkyfuture</code></a></li>
</ul>
<h2><a
href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.13.0...v4.13.1">v4.13.1</a>
- 2022-01-13</h2>
<h2>Fixed</h2>
<ul>
<li>Properly disambiguate between branch or file checkout (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/199">#199</a>)
<a
href="https://github.com/kenodegard"><code>@​kenodegard</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6c32682a40"><code>6c32682</code></a>
Add bug label to new issues</li>
<li><a
href="a4a482b6c5"><code>a4a482b</code></a>
Update Issue Templates</li>
<li><a
href="18870f2286"><code>18870f2</code></a>
Add note about line break detection</li>
<li><a
href="52eb0eedc8"><code>52eb0ee</code></a>
Update README</li>
<li><a
href="03246c1cee"><code>03246c1</code></a>
Changed the extended example to correctly use quotes for strings (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/196">#196</a>)</li>
<li><a
href="4d00f10668"><code>4d00f10</code></a>
Expand <code>file_pattern</code>-input to an array (<a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/205">#205</a>)</li>
<li><a
href="4e7c0d67cd"><code>4e7c0d6</code></a>
Assert throws error when force adding ignored files</li>
<li><a
href="dce7e85096"><code>dce7e85</code></a>
Add Tests to Cover <a
href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/233">#233</a></li>
<li><a
href="9262405709"><code>9262405</code></a>
Fix Typo in Test</li>
<li><a
href="32807d4f18"><code>32807d4</code></a>
Upgrade Bats</li>
<li>Additional commits viewable in <a
href="49620cd3ed...6c32682a40">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stefanzweifel/git-auto-commit-action&package-manager=github_actions&previous-version=4.14.1&new-version=4.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-26 10:24:48 -03:00
dependabot[bot]
fd8cc43ef3
chore(deps): bump sigstore/cosign-installer from 2.6.0 to 2.7.0 (#3404) 
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 2.6.0 to 2.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v2.7.0</h2>
<h2>What's Changed</h2>
<ul>
<li>bump cosign to v1.12.1 by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/94">sigstore/cosign-installer#94</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v2...v2.7.0">https://github.com/sigstore/cosign-installer/compare/v2...v2.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ced07f21fb"><code>ced07f2</code></a>
bump cosign to v1.12.1 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/94">#94</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v2.6.0...v2.7.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=2.6.0&new-version=2.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-26 10:24:30 -03:00
Carlos A Becker
6aa3f5a724
chore: minor workflows improvements 2022-09-22 16:00:05 -03:00
dependabot[bot]
14884f52c9
chore(deps): bump github/codeql-action from 2.1.24 to 2.1.25 (#3394) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.24 to 2.1.25.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.25 - 21 Sep 2022</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
<li>Add support for Python automatic dependency installation with Poetry
1.2 <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.23 - 14 Sep 2022</h2>
<ul>
<li>Allow CodeQL packs to be downloaded from GitHub Enterprise Server
instances, using the new <code>registries</code> input for the
<code>init</code> action. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1221">#1221</a></li>
<li>Update default CodeQL bundle version to 2.10.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1240">#1240</a></li>
</ul>
<h2>2.1.22 - 01 Sep 2022</h2>
<ul>
<li>Downloading CodeQL packs has been moved to the <code>init</code>
step. Previously, CodeQL packs were downloaded during the
<code>analyze</code> step. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li>
<li>Update default CodeQL bundle version to 2.10.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li>
<li>The newly released <a
href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry
1.2</a> is not yet supported. In the most common case where the CodeQL
Action is automatically installing Python dependencies, it will continue
to install and use Poetry 1.1 on its own. However, in certain cases such
as with self-hosted runners, you may need to ensure Poetry 1.1 is
installed yourself.</li>
</ul>
<h2>2.1.21 - 25 Aug 2022</h2>
<ul>
<li>Improve error messages when the code scanning configuration file
includes an invalid <code>queries</code> block or an invalid
<code>query-filters</code> block. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li>
<li>Fix a bug where Go build tracing could fail on Windows. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li>
</ul>
<h2>2.1.20 - 22 Aug 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.19 - 17 Aug 2022</h2>
<ul>
<li>Add the ability to filter queries from a code scanning run by using
the <code>query-filters</code> option in the code scanning configuration
file. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1098">#1098</a></li>
<li>In debug mode, debug artifacts are now uploaded even if a step in
the Actions workflow fails. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1159">#1159</a></li>
<li>Update default CodeQL bundle version to 2.10.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1178">#1178</a></li>
<li>The combination of python2 and Pipenv is no longer supported. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1181">#1181</a></li>
</ul>
<h2>2.1.18 - 03 Aug 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.10.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1156">#1156</a></li>
</ul>
<h2>2.1.17 - 28 Jul 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.10.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1143">#1143</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="86f3159a69"><code>86f3159</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1261">#1261</a>
from github/update-v2.1.25-ff5ca122</li>
<li><a
href="d1e2e02bee"><code>d1e2e02</code></a>
Update changelog for v2.1.25</li>
<li><a
href="ff5ca122ed"><code>ff5ca12</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1257">#1257</a>
from github/rasmuswl/fix-ubuntu22.04-venv-creation</li>
<li><a
href="32ca2cf500"><code>32ca2cf</code></a>
Apply suggestions from code review</li>
<li><a
href="b2fc1e178e"><code>b2fc1e1</code></a>
python-setup: Disable python2 tests on ubuntu-22.04</li>
<li><a
href="8a893ddf18"><code>8a893dd</code></a>
python-setup: Flush even more</li>
<li><a
href="93ba53f2de"><code>93ba53f</code></a>
add missing spaces</li>
<li><a
href="1fa5d72846"><code>1fa5d72</code></a>
python-setup: Fail early if installing for Python 2, and
<code>python2</code> not available</li>
<li><a
href="417059fdb2"><code>417059f</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1258">#1258</a>
from github/rasmuswl/poetry-v1.2</li>
<li><a
href="ca8a78d5f3"><code>ca8a78d</code></a>
python-setup: flush at the end of <code>_check_call</code></li>
<li>Additional commits viewable in <a
href="904260d7d9...86f3159a69">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.24&new-version=2.1.25)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-22 10:03:52 -03:00
dependabot[bot]
326b588ece
chore(deps): bump codecov/codecov-action from 3.1.0 to 3.1.1 (#3390) 
Bumps
[codecov/codecov-action](https://github.com/codecov/codecov-action) from
3.1.0 to 3.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's
releases</a>.</em></p>
<blockquote>
<h2>3.1.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update deprecation warning by <a
href="https://github.com/slifty"><code>@​slifty</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/661">codecov/codecov-action#661</a></li>
<li>Create codeql-analysis.yml by <a
href="https://github.com/mitchell-codecov"><code>@​mitchell-codecov</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/593">codecov/codecov-action#593</a></li>
<li>build(deps): bump node-fetch from 3.2.3 to 3.2.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/714">codecov/codecov-action#714</a></li>
<li>build(deps-dev): bump typescript from 4.6.3 to 4.6.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/713">codecov/codecov-action#713</a></li>
<li>README: fix typo by <a
href="https://github.com/Evalir"><code>@​Evalir</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/712">codecov/codecov-action#712</a></li>
<li>build(deps): bump github/codeql-action from 1 to 2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/724">codecov/codecov-action#724</a></li>
<li>build(deps-dev): bump <code>@​types/jest</code> from 27.4.1 to
27.5.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/717">codecov/codecov-action#717</a></li>
<li>fix: Remove a blank row by <a
href="https://github.com/johnmanjiro13"><code>@​johnmanjiro13</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/725">codecov/codecov-action#725</a></li>
<li>Update README.md with correct badge version by <a
href="https://github.com/gsheni"><code>@​gsheni</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/726">codecov/codecov-action#726</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 17.0.25 to
17.0.33 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/729">codecov/codecov-action#729</a></li>
<li>build(deps-dev): downgrade <code>@​types/node</code> to 16.11.35 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/734">codecov/codecov-action#734</a></li>
<li>build(deps): bump actions/checkout from 2 to 3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/723">codecov/codecov-action#723</a></li>
<li>build(deps): bump <code>@​actions/github</code> from 5.0.1 to 5.0.3
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/733">codecov/codecov-action#733</a></li>
<li>build(deps): bump <code>@​actions/core</code> from 1.6.0 to 1.8.2 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/732">codecov/codecov-action#732</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 16.11.35 to
16.11.36 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/737">codecov/codecov-action#737</a></li>
<li>Create scorecards-analysis.yml by <a
href="https://github.com/mitchell-codecov"><code>@​mitchell-codecov</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/633">codecov/codecov-action#633</a></li>
<li>build(deps): bump ossf/scorecard-action from 1.0.1 to 1.1.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/749">codecov/codecov-action#749</a></li>
<li>fix: add more verbosity to validation by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/747">codecov/codecov-action#747</a></li>
<li>build(deps-dev): bump typescript from 4.6.4 to 4.7.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/755">codecov/codecov-action#755</a></li>
<li>Regenerate scorecards-analysis.yml by <a
href="https://github.com/mitchell-codecov"><code>@​mitchell-codecov</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/750">codecov/codecov-action#750</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 16.11.36 to
16.11.39 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/759">codecov/codecov-action#759</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 16.11.39 to
16.11.40 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/762">codecov/codecov-action#762</a></li>
<li>build(deps-dev): bump <code>@​vercel/ncc</code> from 0.33.4 to
0.34.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/746">codecov/codecov-action#746</a></li>
<li>build(deps): bump ossf/scorecard-action from 1.1.0 to 1.1.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/757">codecov/codecov-action#757</a></li>
<li>build(deps): bump openpgp from 5.2.1 to 5.3.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/760">codecov/codecov-action#760</a></li>
<li>build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/748">codecov/codecov-action#748</a></li>
<li>build(deps-dev): bump typescript from 4.7.3 to 4.7.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/766">codecov/codecov-action#766</a></li>
<li>Switch to v3 by <a
href="https://github.com/thomasrockhu"><code>@​thomasrockhu</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/774">codecov/codecov-action#774</a></li>
<li>Fix <code>network</code> entry in table by <a
href="https://github.com/kevmoo"><code>@​kevmoo</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/783">codecov/codecov-action#783</a></li>
<li>Trim arguments after splitting them by <a
href="https://github.com/mitchell-codecov"><code>@​mitchell-codecov</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/791">codecov/codecov-action#791</a></li>
<li>build(deps): bump openpgp from 5.3.0 to 5.4.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/799">codecov/codecov-action#799</a></li>
<li>build(deps): bump <code>@​actions/core</code> from 1.8.2 to 1.9.1 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/798">codecov/codecov-action#798</a></li>
<li>Plumb failCi into verification function. by <a
href="https://github.com/RobbieMcKinstry"><code>@​RobbieMcKinstry</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/769">codecov/codecov-action#769</a></li>
<li>release: update changelog and version to 3.1.1 by <a
href="https://github.com/thomasrockhu-codecov"><code>@​thomasrockhu-codecov</code></a>
in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/828">codecov/codecov-action#828</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/slifty"><code>@​slifty</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/661">codecov/codecov-action#661</a></li>
<li><a href="https://github.com/Evalir"><code>@​Evalir</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/712">codecov/codecov-action#712</a></li>
<li><a
href="https://github.com/johnmanjiro13"><code>@​johnmanjiro13</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/725">codecov/codecov-action#725</a></li>
<li><a href="https://github.com/gsheni"><code>@​gsheni</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/726">codecov/codecov-action#726</a></li>
<li><a href="https://github.com/kevmoo"><code>@​kevmoo</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/783">codecov/codecov-action#783</a></li>
<li><a
href="https://github.com/RobbieMcKinstry"><code>@​RobbieMcKinstry</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/codecov/codecov-action/pull/769">codecov/codecov-action#769</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/codecov/codecov-action/compare/v3.1.0...v3.1.1">https://github.com/codecov/codecov-action/compare/v3.1.0...v3.1.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md">codecov/codecov-action's
changelog</a>.</em></p>
<blockquote>
<h2>3.1.1</h2>
<h3>Fixes</h3>
<ul>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/661">#661</a>
Update deprecation warning</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/593">#593</a>
Create codeql-analysis.yml</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/712">#712</a>
README: fix typo</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/725">#725</a>
fix: Remove a blank row</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/726">#726</a>
Update README.md with correct badge version</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/633">#633</a>
Create scorecards-analysis.yml</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/747">#747</a>
fix: add more verbosity to validation</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/750">#750</a>
Regenerate scorecards-analysis.yml</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/774">#774</a>
Switch to v3</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/783">#783</a>
Fix network entry in table</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/791">#791</a>
Trim arguments after splitting them</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/769">#769</a>
Plumb failCi into verification function.</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/713">#713</a>
build(deps-dev): bump typescript from 4.6.3 to 4.6.4</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/714">#714</a>
build(deps): bump node-fetch from 3.2.3 to 3.2.4</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/724">#724</a>
build(deps): bump github/codeql-action from 1 to 2</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/717">#717</a>
build(deps-dev): bump <code>@​types/jest</code> from 27.4.1 to
27.5.0</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/729">#729</a>
build(deps-dev): bump <code>@​types/node</code> from 17.0.25 to
17.0.33</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/734">#734</a>
build(deps-dev): downgrade <code>@​types/node</code> to 16.11.35</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/723">#723</a>
build(deps): bump actions/checkout from 2 to 3</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/733">#733</a>
build(deps): bump <code>@​actions/github</code> from 5.0.1 to 5.0.3</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/732">#732</a>
build(deps): bump <code>@​actions/core</code> from 1.6.0 to 1.8.2</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/737">#737</a>
build(deps-dev): bump <code>@​types/node</code> from 16.11.35 to
16.11.36</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/749">#749</a>
build(deps): bump ossf/scorecard-action from 1.0.1 to 1.1.0</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/755">#755</a>
build(deps-dev): bump typescript from 4.6.4 to 4.7.3</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/759">#759</a>
build(deps-dev): bump <code>@​types/node</code> from 16.11.36 to
16.11.39</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/762">#762</a>
build(deps-dev): bump <code>@​types/node</code> from 16.11.39 to
16.11.40</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/746">#746</a>
build(deps-dev): bump <code>@​vercel/ncc</code> from 0.33.4 to
0.34.0</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/757">#757</a>
build(deps): bump ossf/scorecard-action from 1.1.0 to 1.1.1</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/760">#760</a>
build(deps): bump openpgp from 5.2.1 to 5.3.0</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/748">#748</a>
build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/766">#766</a>
build(deps-dev): bump typescript from 4.7.3 to 4.7.4</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/799">#799</a>
build(deps): bump openpgp from 5.3.0 to 5.4.0</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/798">#798</a>
build(deps): bump <code>@​actions/core</code> from 1.8.2 to 1.9.1</li>
</ul>
<h2>3.1.0</h2>
<h3>Features</h3>
<ul>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/699">#699</a>
Incorporate <code>xcode</code> arguments for the Codecov uploader</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/694">#694</a>
build(deps-dev): bump <code>@​vercel/ncc</code> from 0.33.3 to
0.33.4</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/696">#696</a>
build(deps-dev): bump <code>@​types/node</code> from 17.0.23 to
17.0.25</li>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/698">#698</a>
build(deps-dev): bump jest-junit from 13.0.0 to 13.2.0</li>
</ul>
<h2>3.0.0</h2>
<h3>Breaking Changes</h3>
<ul>
<li><a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/689">#689</a>
Bump to node16 and small fixes</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d9f34f8cd5"><code>d9f34f8</code></a>
release: update changelog and version to 3.1.1 (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/828">#828</a>)</li>
<li><a
href="0e9e7b4e8a"><code>0e9e7b4</code></a>
Plumb failCi into verification function. (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/769">#769</a>)</li>
<li><a
href="7f20bd4c41"><code>7f20bd4</code></a>
build(deps): bump <code>@​actions/core</code> from 1.8.2 to 1.9.1 (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/798">#798</a>)</li>
<li><a
href="13bc2536ab"><code>13bc253</code></a>
build(deps): bump openpgp from 5.3.0 to 5.4.0 (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/799">#799</a>)</li>
<li><a
href="5c0da1b28f"><code>5c0da1b</code></a>
Trim arguments after splitting them (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/791">#791</a>)</li>
<li><a
href="68d5f6d0be"><code>68d5f6d</code></a>
Fix <code>network</code> entry in table (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/783">#783</a>)</li>
<li><a
href="2a829b95de"><code>2a829b9</code></a>
Switch to v3 (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/774">#774</a>)</li>
<li><a
href="8e09eaf1b4"><code>8e09eaf</code></a>
build(deps-dev): bump typescript from 4.7.3 to 4.7.4 (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/766">#766</a>)</li>
<li><a
href="39e222921f"><code>39e2229</code></a>
build(deps): bump actions/upload-artifact from 2.3.1 to 3.1.0 (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/748">#748</a>)</li>
<li><a
href="b2b7703473"><code>b2b7703</code></a>
build(deps): bump openpgp from 5.2.1 to 5.3.0 (<a
href="https://github-redirect.dependabot.com/codecov/codecov-action/issues/760">#760</a>)</li>
<li>Additional commits viewable in <a
href="81cd2dc814...d9f34f8cd5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=3.1.0&new-version=3.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-20 10:15:30 -03:00
Carlos Alexandro Becker
445f2e730d
chore: avoid running actions when not needed/possible (#3389) 
- only run the build action when actual go files changed
- only run some actions on the main fork to avoid errors
 2022-09-19 23:48:20 -03:00
dependabot[bot]
b59920c54d
chore(deps): bump github/codeql-action from 2.1.23 to 2.1.24 (#3387) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.23 to 2.1.24.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<ul>
<li>We will soon be rolling out a feature of the CodeQL Action that
stores some information used to make future runs faster in the GitHub
Actions cache. Initially, this will only be enabled on JavaScript
repositories, but we plan to add more languages to this soon. The new
feature can be disabled by passing the <code>trap-caching: false</code>
option to your workflow's <code>init</code> step, for example if you are
already using the GitHub Actions cache for a different purpose and are
near the storage limit for it.</li>
</ul>
<h2>2.1.24 - 16 Sep 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.23 - 14 Sep 2022</h2>
<ul>
<li>Allow CodeQL packs to be downloaded from GitHub Enterprise Server
instances, using the new <code>registries</code> input for the
<code>init</code> action. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1221">#1221</a></li>
<li>Update default CodeQL bundle version to 2.10.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1240">#1240</a></li>
</ul>
<h2>2.1.22 - 01 Sep 2022</h2>
<ul>
<li>Downloading CodeQL packs has been moved to the <code>init</code>
step. Previously, CodeQL packs were downloaded during the
<code>analyze</code> step. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li>
<li>Update default CodeQL bundle version to 2.10.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li>
<li>The newly released <a
href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry
1.2</a> is not yet supported. In the most common case where the CodeQL
Action is automatically installing Python dependencies, it will continue
to install and use Poetry 1.1 on its own. However, in certain cases such
as with self-hosted runners, you may need to ensure Poetry 1.1 is
installed yourself.</li>
</ul>
<h2>2.1.21 - 25 Aug 2022</h2>
<ul>
<li>Improve error messages when the code scanning configuration file
includes an invalid <code>queries</code> block or an invalid
<code>query-filters</code> block. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li>
<li>Fix a bug where Go build tracing could fail on Windows. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li>
</ul>
<h2>2.1.20 - 22 Aug 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.19 - 17 Aug 2022</h2>
<ul>
<li>Add the ability to filter queries from a code scanning run by using
the <code>query-filters</code> option in the code scanning configuration
file. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1098">#1098</a></li>
<li>In debug mode, debug artifacts are now uploaded even if a step in
the Actions workflow fails. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1159">#1159</a></li>
<li>Update default CodeQL bundle version to 2.10.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1178">#1178</a></li>
<li>The combination of python2 and Pipenv is no longer supported. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1181">#1181</a></li>
</ul>
<h2>2.1.18 - 03 Aug 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.10.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1156">#1156</a></li>
</ul>
<h2>2.1.17 - 28 Jul 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.10.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1143">#1143</a></li>
</ul>
<h2>2.1.16 - 13 Jul 2022</h2>
<ul>
<li>You can now quickly debug a job that uses the CodeQL Action by
re-running the job from the GitHub UI and selecting the &quot;Enable
debug logging&quot; option. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1132">#1132</a></li>
<li>You can now see diagnostic messages produced by the analysis in the
logs of the <code>analyze</code> Action by enabling debug mode. To
enable debug mode, pass <code>debug: true</code> to the
<code>init</code> Action, or <a
href="https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging">enable
step debug logging</a>. This feature is available for CodeQL CLI version
2.10.0 and later. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1133">#1133</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="904260d7d9"><code>904260d</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1250">#1250</a>
from github/update-v2.1.24-34aa5a55</li>
<li><a
href="21c716dd69"><code>21c716d</code></a>
Update changelog for v2.1.24</li>
<li><a
href="34aa5a554b"><code>34aa5a5</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1242">#1242</a>
from github/henrymercer/go-more-backwards-compat</li>
<li><a
href="9207340122"><code>9207340</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1239">#1239</a>
from github/dependabot/npm_and_yarn/uuid-9.0.0</li>
<li><a
href="fefa6f57a4"><code>fefa6f5</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1247">#1247</a>
from github/mergeback/v2.1.23-to-main-6a38b7d4</li>
<li><a
href="e6ad3e0b35"><code>e6ad3e0</code></a>
Update checked-in dependencies</li>
<li><a
href="f84e389feb"><code>f84e389</code></a>
Update changelog and version after v2.1.23</li>
<li><a
href="f32e161cdd"><code>f32e161</code></a>
Improve warning when using autobuild with multi-language builds</li>
<li><a
href="4cc95769d4"><code>4cc9576</code></a>
Improve variable name</li>
<li><a
href="bde5694fb7"><code>bde5694</code></a>
Comment why we don't run multiple autobuilders for other languages</li>
<li>Additional commits viewable in <a
href="6a38b7d4a1...904260d7d9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.23&new-version=2.1.24)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-19 10:28:08 -03:00
Carlos Alexandro Becker
d19ff6eb1e
chore: splitting workflows (#3386) 
split build & release workflows

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-09-18 21:31:33 -03:00
dependabot[bot]
72fad7678b
chore(deps): bump github/codeql-action from 2.1.22 to 2.1.23 (#3382) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.22 to 2.1.23.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6a38b7d4a1"><code>6a38b7d</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1246">#1246</a>
from github/update-v2.1.23-fd4dc5bf</li>
<li><a
href="99d0a6bc15"><code>99d0a6b</code></a>
Update changelog for v2.1.23</li>
<li><a
href="fd4dc5bf31"><code>fd4dc5b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1244">#1244</a>
from github/criemen/remove-lua-tracer-ff</li>
<li><a
href="c2560331fc"><code>c256033</code></a>
Fix runner integration test.</li>
<li><a
href="0a38743d1a"><code>0a38743</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1240">#1240</a>
from github/henrymercer/2.10.5-bump</li>
<li><a
href="3038e979a8"><code>3038e97</code></a>
Remove the lua tracer feature flag check from the codeql-action.</li>
<li><a
href="ff575f231d"><code>ff575f2</code></a>
Add changelog note</li>
<li><a
href="4a8d26e2bd"><code>4a8d26e</code></a>
Bump CodeQL version to 2.10.5</li>
<li><a
href="9ba4d500aa"><code>9ba4d50</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1221">#1221</a>
from github/aeisenberg/ghes-pack-download</li>
<li><a
href="6085805a3a"><code>6085805</code></a>
Append <code>/</code> to end of registries url</li>
<li>Additional commits viewable in <a
href="b398f525a5...6a38b7d4a1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.22&new-version=2.1.23)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-16 23:35:17 -03:00
dependabot[bot]
f7efe9ca2b
chore(deps): bump sigstore/cosign-installer from 2.5.1 to 2.6.0 (#3368) 
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 2.5.1 to 2.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v2.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>update action to default cosign to v1.11.0 release by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/89">sigstore/cosign-installer#89</a></li>
<li>cleanup dependabot by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/90">sigstore/cosign-installer#90</a></li>
<li>default cosign to v1.11.1 by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/91">sigstore/cosign-installer#91</a></li>
<li>Bump actions/setup-go from 3.2.1 to 3.3.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/92">sigstore/cosign-installer#92</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v2.5.1...v2.6.0">https://github.com/sigstore/cosign-installer/compare/v2.5.1...v2.6.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f3c664df7a"><code>f3c664d</code></a>
Bump actions/setup-go from 3.2.1 to 3.3.0 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/92">#92</a>)</li>
<li><a
href="14d43345ff"><code>14d4334</code></a>
default cosign to v1.11.1 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/91">#91</a>)</li>
<li><a
href="8d0fee40fd"><code>8d0fee4</code></a>
cleanup dependabot (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/90">#90</a>)</li>
<li><a
href="716fc02719"><code>716fc02</code></a>
update action to default cosign to v1.11.0 release (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/89">#89</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v2.5.1...v2.6.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=2.5.1&new-version=2.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-12 09:36:39 -03:00
Carlos Alexandro Becker
8cb4eb1654
fix: ruleguard and semgrep scans and fixes (#3364) 
run semgrep-go ruleguard and semgrep scans

https://github.com/dgryski/semgrep-go

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-09-11 15:32:23 -03:00
Carlos Alexandro Becker
5185b5b6ed
chore(ci): govulncheck (#3362) 
check for vulnerabilities

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-09-09 11:36:15 -03:00
dependabot[bot]
74abb18d2d
chore(deps): bump github/codeql-action from 2.1.21 to 2.1.22 (#3354) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.21 to 2.1.22.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.22 - 01 Sep 2022</h2>
<ul>
<li>Downloading CodeQL packs has been moved to the <code>init</code> step. Previously, CodeQL packs were downloaded during the <code>analyze</code> step. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1218">#1218</a></li>
<li>Update default CodeQL bundle version to 2.10.4. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1224">#1224</a></li>
<li>The newly released <a href="https://python-poetry.org/blog/announcing-poetry-1.2.0">Poetry 1.2</a> is not yet supported. In the most common case where the CodeQL Action is automatically installing Python dependencies, it will continue to install and use Poetry 1.1 on its own. However, in certain cases such as with self-hosted runners, you may need to ensure Poetry 1.1 is installed yourself.</li>
</ul>
<h2>2.1.21 - 25 Aug 2022</h2>
<ul>
<li>Improve error messages when the code scanning configuration file includes an invalid <code>queries</code> block or an invalid <code>query-filters</code> block. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li>
<li>Fix a bug where Go build tracing could fail on Windows. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li>
</ul>
<h2>2.1.20 - 22 Aug 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.19 - 17 Aug 2022</h2>
<ul>
<li>Add the ability to filter queries from a code scanning run by using the <code>query-filters</code> option in the code scanning configuration file. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1098">#1098</a></li>
<li>In debug mode, debug artifacts are now uploaded even if a step in the Actions workflow fails. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1159">#1159</a></li>
<li>Update default CodeQL bundle version to 2.10.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1178">#1178</a></li>
<li>The combination of python2 and Pipenv is no longer supported. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1181">#1181</a></li>
</ul>
<h2>2.1.18 - 03 Aug 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.10.2.  <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1156">#1156</a></li>
</ul>
<h2>2.1.17 - 28 Jul 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.10.1.  <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1143">#1143</a></li>
</ul>
<h2>2.1.16 - 13 Jul 2022</h2>
<ul>
<li>You can now quickly debug a job that uses the CodeQL Action by re-running the job from the GitHub UI and selecting the &quot;Enable debug logging&quot; option. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1132">#1132</a></li>
<li>You can now see diagnostic messages produced by the analysis in the logs of the <code>analyze</code> Action by enabling debug mode. To enable debug mode, pass <code>debug: true</code> to the <code>init</code> Action, or <a href="https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging">enable step debug logging</a>. This feature is available for CodeQL CLI version 2.10.0 and later. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1133">#1133</a></li>
</ul>
<h2>2.1.15 - 28 Jun 2022</h2>
<ul>
<li>CodeQL query packs listed in the <code>packs</code> configuration field will be skipped if their target language is not being analyzed in the current Actions job. Previously, this would throw an error. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1116">#1116</a></li>
<li>The combination of python2 and poetry is no longer supported. See <a href="https://github-redirect.dependabot.com/actions/setup-python/issues/374">actions/setup-python#374</a> for more details. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1124">#1124</a></li>
<li>Update default CodeQL bundle version to 2.10.0. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1123">#1123</a></li>
</ul>
<h2>2.1.14 - 22 Jun 2022</h2>
<p>No user facing changes.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="b398f525a5"><code>b398f52</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1225">#1225</a> from github/update-v2.1.22-a5966ad4</li>
<li><a href="b0f41e06da"><code>b0f41e0</code></a> Update changelog for v2.1.22</li>
<li><a href="a5966ad4f1"><code>a5966ad</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1224">#1224</a> from github/edoardo/2.10.4-bump</li>
<li><a href="8c692b37a0"><code>8c692b3</code></a> Pin <code>poetry</code> to 1.1</li>
<li><a href="693b97bf50"><code>693b97b</code></a> Bump CodeQL version to 2.10.4</li>
<li><a href="d92a91c5c4"><code>d92a91c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1218">#1218</a> from github/aeisenberg/move-pack-download-to-init</li>
<li><a href="7294b404d8"><code>7294b40</code></a> Fix call to <code>endGroup</code></li>
<li><a href="354bc9f629"><code>354bc9f</code></a> Add Changelog entry</li>
<li><a href="0a2b0d236c"><code>0a2b0d2</code></a> Moves calls to pack download to the init action</li>
<li><a href="a59fbe2208"><code>a59fbe2</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1215">#1215</a> from github/dependabot/npm_and_yarn/octokit/types-7.1.1</li>
<li>Additional commits viewable in <a href="c7f292ea4f...b398f525a5">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.21&new-version=2.1.22)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-02 14:22:57 -03:00
dependabot[bot]
c812210167
chore(deps): bump actions/github-script from 6.1.1 to 6.2.0 (#3346) 
Bumps [actions/github-script](https://github.com/actions/github-script)
from 6.1.1 to 6.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v6.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update <code>@octokit/plugin-rest-endpoint-methods</code> to version
6.x by <a href="https://github.com/desrosj"><code>@​desrosj</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/283">actions/github-script#283</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/desrosj"><code>@​desrosj</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/283">actions/github-script#283</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v6.1.1...v6.2.0">https://github.com/actions/github-script/compare/v6.1.1...v6.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c713e510db"><code>c713e51</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/283">#283</a>
from desrosj/update/plugin-rest-endpoint-methods</li>
<li><a
href="fc8cad1c91"><code>fc8cad1</code></a>
Update licenses</li>
<li><a
href="4d94eeabef"><code>4d94eea</code></a>
Update version in <code>package*.json</code> files.</li>
<li><a
href="b9c21f17c0"><code>b9c21f1</code></a>
Update <code>@octokit/plugin-rest-endpoint-methods</code> to
v6.3.0.</li>
<li><a
href="6e70142499"><code>6e70142</code></a>
Update <code>@octokit/plugin-rest-endpoint-methods</code>.</li>
<li>See full diff in <a
href="d50f485531...c713e510db">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=6.1.1&new-version=6.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-29 10:25:05 -03:00
dependabot[bot]
d3d338d34d
chore(deps): bump github/codeql-action from 2.1.20 to 2.1.21 (#3345) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.20 to 2.1.21.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.21 - 25 Aug 2022</h2>
<ul>
<li>Improve error messages when the code scanning configuration file includes an invalid <code>queries</code> block or an invalid <code>query-filters</code> block. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1208">#1208</a></li>
<li>Fix a bug where Go build tracing could fail on Windows. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1209">#1209</a></li>
</ul>
<h2>2.1.20 - 22 Aug 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.19 - 17 Aug 2022</h2>
<ul>
<li>Add the ability to filter queries from a code scanning run by using the <code>query-filters</code> option in the code scanning configuration file. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1098">#1098</a></li>
<li>In debug mode, debug artifacts are now uploaded even if a step in the Actions workflow fails. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1159">#1159</a></li>
<li>Update default CodeQL bundle version to 2.10.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1178">#1178</a></li>
<li>The combination of python2 and Pipenv is no longer supported. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1181">#1181</a></li>
</ul>
<h2>2.1.18 - 03 Aug 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.10.2.  <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1156">#1156</a></li>
</ul>
<h2>2.1.17 - 28 Jul 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.10.1.  <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1143">#1143</a></li>
</ul>
<h2>2.1.16 - 13 Jul 2022</h2>
<ul>
<li>You can now quickly debug a job that uses the CodeQL Action by re-running the job from the GitHub UI and selecting the &quot;Enable debug logging&quot; option. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1132">#1132</a></li>
<li>You can now see diagnostic messages produced by the analysis in the logs of the <code>analyze</code> Action by enabling debug mode. To enable debug mode, pass <code>debug: true</code> to the <code>init</code> Action, or <a href="https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging">enable step debug logging</a>. This feature is available for CodeQL CLI version 2.10.0 and later. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1133">#1133</a></li>
</ul>
<h2>2.1.15 - 28 Jun 2022</h2>
<ul>
<li>CodeQL query packs listed in the <code>packs</code> configuration field will be skipped if their target language is not being analyzed in the current Actions job. Previously, this would throw an error. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1116">#1116</a></li>
<li>The combination of python2 and poetry is no longer supported. See <a href="https://github-redirect.dependabot.com/actions/setup-python/issues/374">actions/setup-python#374</a> for more details. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1124">#1124</a></li>
<li>Update default CodeQL bundle version to 2.10.0. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1123">#1123</a></li>
</ul>
<h2>2.1.14 - 22 Jun 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.13 - 21 Jun 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.9.4. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1100">#1100</a></li>
</ul>
<h2>2.1.12 - 01 Jun 2022</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="c7f292ea4f"><code>c7f292e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1212">#1212</a> from github/update-v2.1.21-21bf3087</li>
<li><a href="00ef1ee757"><code>00ef1ee</code></a> Update changelog for v2.1.21</li>
<li><a href="21bf3087a5"><code>21bf308</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1211">#1211</a> from github/get-default-branch-correctly-schedule</li>
<li><a href="5960bffd3f"><code>5960bff</code></a> When running on a schedule, make a better guess about whether we're analyzing...</li>
<li><a href="92c650bfbd"><code>92c650b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1210">#1210</a> from github/edoardo/record-db-creation-time</li>
<li><a href="8b45ef3845"><code>8b45ef3</code></a> Telemetry: Record DB creation time</li>
<li><a href="e7d4da3fa2"><code>e7d4da3</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1209">#1209</a> from github/henrymercer/fix-go-tracing-tests</li>
<li><a href="182342cdd7"><code>182342c</code></a> Remove unguarded Actions library query</li>
<li><a href="e195431677"><code>e195431</code></a> Override <code>CODEQL_EXTRACTOR_GO_BUILD_TRACING</code> with <code>on</code> when it's <code>true</code></li>
<li><a href="3069613ebd"><code>3069613</code></a> Prevent hangs in Go autobuild tests due to .NET keychain prompts</li>
<li>Additional commits viewable in <a href="7fee4ca032...c7f292ea4f">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.20&new-version=2.1.21)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-26 10:59:22 -03:00
dependabot[bot]
6778972ce6
chore(deps): bump actions/setup-go from 3.2.1 to 3.3.0 (#3340) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.2.1 to 3.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p>
<blockquote>
<h2>Support architecture input and fix Expand-Archive issue</h2>
<p>This release introduces support for architecture input for <code>setup-go</code> action <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/253">#253</a>. It also adds support for arm32 architecture for self-hosted runners. If architecture is not provided action will use default runner architecture.
Example of usage:</p>
<pre lang="yaml"><code>steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
  with:
   go-version: '1.16'
   architecture: arm
</code></pre>
<p>This release also provides fix for issue <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/241">#241</a>. <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/250">#250</a> adds support for using explicit filename for Windows which is necessary to satisfy Expand-Archive's requirement on .zip extension.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="268d8c0ca0"><code>268d8c0</code></a> Add support for arm32 go arch (<a href="https://github-redirect.dependabot.com/actions/setup-go/issues/253">#253</a>)</li>
<li><a href="f279813975"><code>f279813</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/250">#250</a> from jromero/feature/windows-download-filename</li>
<li><a href="1022489cb7"><code>1022489</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/249">#249</a> from e-korolevskii/main</li>
<li><a href="e0dce94eb0"><code>e0dce94</code></a> Use explicit filename when downloading Windows go package</li>
<li><a href="dab57c7c68"><code>dab57c7</code></a> update docs</li>
<li><a href="f2e56d8191"><code>f2e56d8</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/246">#246</a> from e-korolevskii/Update-contributors-guide</li>
<li><a href="edd0aca6b1"><code>edd0aca</code></a> update tests path</li>
<li><a href="f3e3b7c2f2"><code>f3e3b7c</code></a> Update docs/contributors.md</li>
<li><a href="4a0c081511"><code>4a0c081</code></a> Update docs/contributors.md</li>
<li><a href="185e7f2f01"><code>185e7f2</code></a> Update docs/contributors.md</li>
<li>Additional commits viewable in <a href="84cbf80943...268d8c0ca0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=3.2.1&new-version=3.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-24 10:02:10 -03:00
dependabot[bot]
35f1d7881b
chore(deps): bump github/codeql-action from 2.1.19 to 2.1.20 (#3336) 
Bumps github/codeql-action from 2.1.19 to 2.1.20.

Commits

7fee4ca Merge pull request #1199 from github/update-v2.1.20-f0a1a35a
5259c5e Update changelog for v2.1.20
f0a1a35 Merge pull request #1197 from github/henrymercer/fix-release-when-package-con...
a074542 Tweak whitespace in checklist for consistency
53a7a27 Merge pull request #1193 from github/dependabot/npm_and_yarn/actions/core-1.9.1
2927215 Apply suggestions from code review
c145823 Make "Update release branch" workflow fail if npm version fails
66bb63a Merge pull request #1194 from github/mergeback/v2.1.19-to-main-f5d217be
0ce8ba5 Update checked-in dependencies
5354fac Update changelog and version after v2.1.19
Additional commits viewable in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-22 09:30:23 -03:00
dependabot[bot]
6e85391479
chore(deps): bump actions/cache from 3.0.7 to 3.0.8 (#3334) 
Bumps actions/cache from 3.0.7 to 3.0.8.

Release notes
Sourced from actions/cache's releases.

v3.0.8
What's Changed

Fix zstd not working for windows on gnu tar in issues.
Allow users to provide a custom timeout as input for aborting cache segment download using the environment variable SEGMENT_DOWNLOAD_TIMEOUT_MIN. Default is 60 minutes.




Changelog
Sourced from actions/cache's changelog.

Releases
3.0.0

Updated minimum runner version support from node 12 -> node 16

3.0.1

Added support for caching from GHES 3.5.
Fixed download issue for files > 2GB during restore.

3.0.2

Added support for dynamic cache size cap on GHES.

3.0.3

Fixed avoiding empty cache save when no files are available for caching. (issue)

3.0.4

Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (issue)

3.0.5

Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (PR)

3.0.6

Fixed #809 - zstd -d: no such file or directory error
Fixed #833 - cache doesn't work with github workspace directory

3.0.7

Fixed #810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.

3.0.8

Fix zstd not working for windows on gnu tar in issues #888 and #891.
Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MIN. Default is 60 minutes.




Commits

fd5de65 Merge pull request #899 from actions/kotewar/download-and-compression-fix
d49b6bb Updated actions/cache toolkit dep to v3.0.4
See full diff in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-22 09:29:15 -03:00
Carlos Alexandro Becker
85cb047cd7
fix: run gitleaks and grype on prs (#3332) 
Signed-off-by: Carlos A Becker caarlos0@users.noreply.github.com

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-08-21 15:20:31 -03:00
dependabot[bot]
9d2206f607
chore(deps): bump github/codeql-action from 2.1.18 to 2.1.19 (#3325) 
⚠️  Dependabot is rebasing this PR ⚠️
Rebasing might not happen immediately, so don't worry if this takes some time.
Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps github/codeql-action from 2.1.18 to 2.1.19.

Changelog
Sourced from github/codeql-action's changelog.

CodeQL Action Changelog
[UNRELEASED]
No user facing changes.
2.1.19 - 17 Aug 2022

Add the ability to filter queries from a code scanning run by using the query-filters option in the code scanning configuration file. #1098
In debug mode, debug artifacts are now uploaded even if a step in the Actions workflow fails. #1159
Update default CodeQL bundle version to 2.10.3. #1178
The combination of python2 and Pipenv is no longer supported. #1181

2.1.18 - 03 Aug 2022

Update default CodeQL bundle version to 2.10.2.  #1156

2.1.17 - 28 Jul 2022

Update default CodeQL bundle version to 2.10.1.  #1143

2.1.16 - 13 Jul 2022

You can now quickly debug a job that uses the CodeQL Action by re-running the job from the GitHub UI and selecting the "Enable debug logging" option. #1132
You can now see diagnostic messages produced by the analysis in the logs of the analyze Action by enabling debug mode. To enable debug mode, pass debug: true to the init Action, or enable step debug logging. This feature is available for CodeQL CLI version 2.10.0 and later. #1133

2.1.15 - 28 Jun 2022

CodeQL query packs listed in the packs configuration field will be skipped if their target language is not being analyzed in the current Actions job. Previously, this would throw an error. #1116
The combination of python2 and poetry is no longer supported. See actions/setup-python#374 for more details. #1124
Update default CodeQL bundle version to 2.10.0. #1123

2.1.14 - 22 Jun 2022
No user facing changes.
2.1.13 - 21 Jun 2022

Update default CodeQL bundle version to 2.9.4. #1100

2.1.12 - 01 Jun 2022

Update default CodeQL bundle version to 2.9.3. #1084

2.1.11 - 17 May 2022

Update default CodeQL bundle version to 2.9.2. #1074

2.1.10 - 10 May 2022


... (truncated)


Commits

f5d217b Merge pull request #1192 from github/update-v2.1.19-5502fefd
7c3d74c Move changelog note to right release
04ea3b1 Update changelog for v2.1.19
5502fef Merge pull request #1191 from github/edoardo/fix-upload-times
0349bb0 Fix TRAP cache upload timing
3154c4f Merge pull request #1190 from github/henrymercer/fix-debug-artifact-tests-on-...
b21cab9 Mock expect-error input to avoid errors in Action integration tests
219a937 Require test mode to be set to use expect-error input
ff9d53b Dump GitHub event in debug artifacts failure workflow
5f4cfb0 Merge pull request #1188 from github/edoardo/round-fields
Additional commits viewable in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-19 09:12:44 -03:00
dependabot[bot]
8b8da0d2d9
chore(deps): bump anchore/sbom-action from 0.11.0 to 0.12.0 (#3321) 
Bumps anchore/sbom-action from 0.11.0 to 0.12.0.

Release notes
Sourced from anchore/sbom-action's releases.

v0.12.0
Changes in v0.12.0

Update dependencies (#317) kzantow
Update Syft to v0.53.4 (#266) anchore-actions-token-generator
Expose upload-artifact and upload-release-assets inputs (#277) joshowen
Document the dependency-snapshot property (#297) kzantow




Commits

b5042e9 Update dependencies (#317)
ac5a533 Update Syft to v0.53.4 (#266)
0f0f981 Expose upload-artifact and upload-release-assets inputs (#277)
6fb484a Document the dependency-snapshot property (#297)
See full diff in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-19 09:11:54 -03:00
dependabot[bot]
2eb6f84f5c
chore(deps): bump actions/checkout from 3 to 3.0.2 (#3323) 
Bumps actions/checkout from 3 to 3.0.2.

Release notes
Sourced from actions/checkout's releases.

v3.0.2
What's Changed

Add set-safe-directory input to allow customers to take control. by @​TingluoHuang in actions/checkout#770
Prepare changelog for v3.0.2. by @​TingluoHuang in actions/checkout#777

Full Changelog: actions/checkout@v3...v3.0.2
v3.0.1

Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory
Bumped various npm package versions




Changelog
Sourced from actions/checkout's changelog.

Changelog
v3.0.2

Add input set-safe-directory

v3.0.1

Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory
Bumped various npm package versions

v3.0.0

Update to node 16

v2.3.1

Fix default branch resolution for .wiki and when using SSH

v2.3.0

Fallback to the default branch

v2.2.0

Fetch all history for all tags and branches when fetch-depth=0

v2.1.1

Changes to support GHES (here and here)

v2.1.0

Group output
Changes to support GHES alpha release
Persist core.sshCommand for submodules
Add support ssh
Convert submodule SSH URL to HTTPS, when not using SSH
Add submodule support
Follow proxy settings
Fix ref for pr closed event when a pr is merged
Fix issue checking detached when git less than 2.22

v2.0.0

Do not pass cred on command line
Add input persist-credentials
Fallback to REST API to download repo

v2 (beta)

Improved fetch performance



... (truncated)


Commits

See full diff in compare view




Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2022-08-19 09:11:36 -03:00
dependabot[bot]
5fe168e884
chore(deps): bump actions/cache from 661fd3eb7f2f20d8c7c84bc2b0509efd7a826628 to 3.0.7 (#3324) 
Bumps actions/cache from 661fd3eb7f2f20d8c7c84bc2b0509efd7a826628 to 3.0.7. This release includes the previously tagged commit.

Release notes
Sourced from actions/cache's releases.

v3.0.7
What's Changed

Fix for the download stuck problem has been added in actions/cache for users who were intermittently facing the issue. As part of this fix, new timeout has been introduced in the download step to stop the download if it doesn't complete within an hour and run the rest of the workflow without erroring out.




Changelog
Sourced from actions/cache's changelog.

Releases
3.0.0

Updated minimum runner version support from node 12 -> node 16

3.0.1

Added support for caching from GHES 3.5.
Fixed download issue for files > 2GB during restore.

3.0.2

Added support for dynamic cache size cap on GHES.

3.0.3

Fixed avoiding empty cache save when no files are available for caching. (issue)

3.0.4

Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (issue)

3.0.5

Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (PR)

3.0.6

Fixed #809 - zstd -d: no such file or directory error
Fixed #833 - cache doesn't work with github workspace directory

3.0.7

Fixed #810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.




Commits

a7c34ad Merge pull request #894 from actions/kotewar/update-toolkit-version
83394c9 Updated cache version in license file
e839c25 Updated actions/cache version to 3.0.3
33a923d Added release information
a404368 Updated actions/cache version to 3.0.2
f427802 Merge pull request #887 from actions/pdotl-version-patch
9916fe1 Update cache version in licences
318935e Update README and RELEASES
85efbb5 Update cache npm module to latest
4387dbc Merge pull request #835 from shivamarora1/clojure-lein-example
Additional commits viewable in compare view



Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2022-08-19 09:10:01 -03:00
dependabot[bot]
4b33f9a850
chore(deps): bump actions/github-script from 7f4e771d2b3022fa3b8bac499d4a547619f3ab10 to 6.1.1 (#3322) 
Bumps actions/github-script from 7f4e771d2b3022fa3b8bac499d4a547619f3ab10 to 6.1.1. This release includes the previously tagged commit.

Release notes
Sourced from actions/github-script's releases.

v6.1.1
What's Changed

Bump shell-quote from 1.7.2 to 1.7.3 by @​dependabot in actions/github-script#270
Bump @​actions/core to 1.9.1 by @​cory-miller in actions/github-script#280

Non-code changes

Create codeql-analysis.yml by @​joshmgross in actions/github-script#267
Improve grammar by @​kevgo in actions/github-script#269

New Contributors

@​kevgo made their first contribution in actions/github-script#269
@​cory-miller made their first contribution in actions/github-script#280

Full Changelog: actions/github-script@v6.1.0...v6.1.1



Commits

d50f485 Merge pull request #280 from cory-miller/main
1bdf7b2 Bump @​actions/core to 1.9.1
46a476b Merge pull request #269 from kevgo/patch-1
b682e42 Merge pull request #270 from actions/dependabot/npm_and_yarn/shell-quote-1.7.3
0cc15d0 Bump shell-quote from 1.7.2 to 1.7.3
ebee604 Improve grammar
377d38f Merge pull request #267 from actions/joshmgross/add-codeql
174e812 Create codeql-analysis.yml
7a5c598 Merge pull request #263 from smaeda-ks/update-actions-core
cb1c1eb Classify http-client licenses
Additional commits viewable in compare view



Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-19 09:08:49 -03:00
dependabot[bot]
e661eb430d
chore(deps): bump sigstore/cosign-installer from 2.5.0 to 2.5.1 (#3315) 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.5.0 to 2.5.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v2.5.0...v2.5.1)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-17 10:58:06 -03:00
Carlos Alexandro Becker
ee17c9583d
feat(ci): compile with go 1.19 (#3278) 
* feat(ci): compile with go 1.19

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

* test: fixing template test

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

* test: improve check

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

* fix: more test and docs fixes

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

* test: fix

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

* test: fix

* test: fix

* fix: lint

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

* test: docker templates

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

* fix: godoc for RequireTemplateError
 2022-08-06 18:44:23 -03:00
dependabot[bot]
b7687ece3d
chore(deps): bump github/codeql-action from 2.1.17 to 2.1.18 (#3285) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.17 to 2.1.18.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](0c670bbf04...2ca79b6fa8)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-08-04 13:57:06 -03:00
dependabot[bot]
06f03de523
chore(deps): bump github/codeql-action from 2.1.16 to 2.1.17 (#3266) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.16 to 2.1.17.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](3e7e3b32d0...0c670bbf04)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-07-29 09:09:27 -03:00
dependabot[bot]
40164fac9d
chore(deps): bump sigstore/cosign-installer from 2.4.1 to 2.5.0 (#3254) 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.4.1 to 2.5.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v2.4.1...v2.5.0)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-07-26 09:04:54 -03:00
Carlos A Becker
b52c8e387d
chore(ci): fail build if grype fails 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-07-22 11:47:09 -03:00
Carlos A Becker
0f7f799efd
chore(ci): scan with grype 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-07-22 11:45:19 -03:00
dependabot[bot]
3ca8e11779
chore(deps): bump github/codeql-action from 2.1.15 to 2.1.16 (#3239) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.15 to 2.1.16.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](3f62b754e2...3e7e3b32d0)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-07-22 11:34:44 -03:00
dependabot[bot]
dc44ecda4a
chore(deps): bump actions/setup-go from 3.2.0 to 3.2.1 (#3235) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.2.0 to 3.2.1.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](b22fbbc292...84cbf80943)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-07-12 09:56:52 -03:00
Carlos A Becker
5bcd56bcbd
chore(ci): prevent gpl deps 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-07-06 09:50:26 -03:00
dependabot[bot]
7bb16e271a
chore(deps): bump sigstore/cosign-installer from 2.4.0 to 2.4.1 (#3220) 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/v2.4.0...v2.4.1)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-07-04 10:37:54 -03:00
dependabot[bot]
a535b87b4a
chore(deps): bump github/codeql-action from 2.1.14 to 2.1.15 (#3214) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.14 to 2.1.15.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](41a4ada31b...3f62b754e2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-06-29 10:11:14 -03:00
Carlos A Becker
5aed49bd0a
chore(ci): do not run gitleaks on prs 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-06-27 08:55:38 -03:00
Carlos Alexandro Becker
d58a3e72c3
chore(ci): improve tparse output (#3193) 
* chore(ci): improve tparse output

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

* chore(ci): improve tparse output

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-06-24 09:33:34 -03:00
dependabot[bot]
e16a15929e
chore(deps): bump github/codeql-action from 2.1.13 to 2.1.14 (#3186) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.13 to 2.1.14.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](d00e8c09a3...41a4ada31b)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-06-23 08:49:48 -03:00
dependabot[bot]
f1c611b21b
chore(deps): bump github/codeql-action from 2.1.12 to 2.1.13 (#3179) 2022-06-22 08:47:02 -03:00
Carlos Alexandro Becker
c51b0f9847
fix(ci): gitleaks license (#3177) 
* fix(ci): gitleaks license

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

* fix: gitleaks config path

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-06-22 00:08:51 -03:00
dependabot[bot]
891e50e6a4
chore(deps): bump actions/dependency-review-action from 1 to 2 (#3164) 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1 to 2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-06-16 08:55:20 -03:00
Carlos A Becker
d80f11b98e
chore(ci): update sbom and cosign actions 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-06-13 14:28:08 -03:00
Carlos Alexandro Becker
500190f36a
chore(ci): tparse (#3131) 
* chore(ci): tparse

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

* fix: always set json

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

* fix: nocolor

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

* fix: do not need tparse locally

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>

* fix: build

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-06-11 23:25:04 -03:00
dependabot[bot]
ab43561b9c
chore(deps): bump github/codeql-action from 2.1.11 to 2.1.12 (#3141) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.11 to 2.1.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](a3a6c128d7...27ea8f8fe5)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-06-02 08:28:59 -03:00
dependabot[bot]
b869ea44b7
chore(deps): bump actions/setup-go from 3.1.0 to 3.2.0 (#3133) 
* chore(deps): bump actions/setup-go from 3.1.0 to 3.2.0

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](fcdc43634a...b22fbbc292)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Apply suggestions from code review

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2022-05-27 13:26:29 -03:00
dependabot[bot]
6c38b37b11
chore(deps): bump github/codeql-action from 2.1.10 to 2.1.11 (#3113) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.10 to 2.1.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](2f58583a1b...a3a6c128d7)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-18 09:21:43 -03:00
Carlos A Becker
857602a2aa
chore(ci): gitleaks ignore testdata 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-05-17 22:10:22 -03:00
Carlos A Becker
0836149357
chore(ci): gitleaks 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-05-17 22:00:25 -03:00
Naveen
6289aee804
feat(ci): run dependency review action on prs (#3109) 
> Dependency Review GitHub Action in your repository to enforce dependency
> reviews on your pull requests.
> The action scans for vulnerable versions of dependencies introduced by package version
> changes in pull requests,
> and warns you about the associated security vulnerabilities.
> This gives you better visibility of what's changing in a pull request,
> and helps prevent vulnerabilities being added to your repository.

https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-05-14 19:48:43 -03:00
dependabot[bot]
82f5785fd7
chore(deps): bump actions/setup-go from 3.0.0 to 3.1.0 (#3108) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](f6164bd8c8...fcdc43634a)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-13 09:47:56 -03:00
dependabot[bot]
cc0ba360b3
chore(deps): bump github/codeql-action (#3105) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 75b4f1c4669133dc294b06c2794e969efa2e5316 to 2.1.10. This release includes the previously tagged commit.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](75b4f1c466...2f58583a1b)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-12 10:30:12 -03:00
dependabot[bot]
1907ffe6a2
chore(deps): bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 (#3094) 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](b517f99ae2...537aa1903e)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-11 09:50:07 -03:00
dependabot[bot]
5a027de820
chore(deps): bump github/codeql-action from 2.1.9 to 2.1.10 (#3095) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.9 to 2.1.10.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](7502d6e991...75b4f1c466)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-11 09:49:53 -03:00
Carlos A Becker
ad13ba6c8a
fix(ci): improve auto commit msg 
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
 2022-05-10 13:10:12 -03:00
dependabot[bot]
70975ed684
chore(deps): bump docker/setup-qemu-action from 1.2.0 to 2 (#3084) 
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 1.2.0 to 2.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](27d0a4f181...8b122486ce)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-06 15:58:34 -03:00
dependabot[bot]
66d264bdd1
chore(deps): bump docker/login-action from 1.14.1 to 2 (#3082) 
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.14.1 to 2.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](dd4fa0671b...49ed152c8e)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-06 15:56:44 -03:00
dependabot[bot]
313718a8e5
chore(deps): bump docker/setup-buildx-action from 1.7.0 to 2 (#3083) 
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 1.7.0 to 2.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](f211e3e9de...dc7b9719a9)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-06 14:37:18 -03:00
dependabot[bot]
546325d912
chore(deps): bump docker/setup-buildx-action from 1.6.0 to 1.7.0 (#3071) 
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](94ab11c41e...f211e3e9de)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-28 10:23:24 -03:00
dependabot[bot]
35a7ebf680
chore(deps): bump github/codeql-action from 2.1.8 to 2.1.9 (#3070) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.8 to 2.1.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](1ed1437484...7502d6e991)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-28 10:23:13 -03:00