After talking with @perylemke, we realized that probably most people
will likely expect it to be called --clean instead of --rm-dist, as its
more similar to the popular `make clean` task.
This adds the --clean flag, and make the --rm-dist one deprecated.
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.2.0
to 0.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.5.0</h2>
<p>A full list of issues closed can be found in the <a
href="https://github.com/golang/go/milestone/138?closed=1">gopls/v0.5.0
milestone</a>.</p>
<h2>Memory usage</h2>
<ul>
<li>Rewrite of caching model, resulting in significant memory usage
improvements (<a
href="https://github.com/heschik"><code>@heschik</code></a>).</li>
</ul>
<h2>New features</h2>
<ul>
<li>Extract to function: Support for extracting code blocks that contain
return statements (<a
href="https://github.com/joshbaum"><code>@joshbaum</code></a>).</li>
<li>Workspace symbols: Support for <a
href="https://github.com/junegunn/fzf#search-syntax">fzf-style search
syntax</a> (<a
href="https://github.com/findleyr"><code>@findleyr</code></a>). The
following syntax is supported:
<ul>
<li><code>'</code> for exact matching</li>
<li><code>^</code> for prefix matching</li>
<li><code>$</code> for suffix matching</li>
</ul>
</li>
</ul>
<p><strong>Note</strong>: This feature does not yet work in VS Code. See
<a
href="https://github-redirect.dependabot.com/golang/vscode-go/issues/647">golang/vscode-go#647</a>
and <a
href="https://github-redirect.dependabot.com/microsoft/vscode/issues/106788">microsoft/vscode#106788</a>.</p>
<ul>
<li>An experimental new code lens to view GC optimization details (<a
href="https://github.com/pjweinb"><code>@pjweinb</code></a>). Once the
code lens is enabled, you will see a <code>Toggle gc details</code>
annotation at the top of your file. Clicking it will show optimization
diagnostics produced by the Go compiler, and clicking it once again will
hide these diagnostics. Enable the code lens by adding the following to
your settings:
<pre lang="json5"><code>"codelens": {
"gc_details": true
}
</code></pre>
</li>
<li><code>go mod tidy</code> and <code>go mod vendor</code> code lenses
for <code>go.mod</code> files (<a
href="https://github.com/dandua98"><code>@dandua98</code></a>).</li>
<li>Support for filling in matching in-scope variables instead of just
empty values in fillstruct and fillreturns (<a
href="https://github.com/joshbaum"><code>@joshbaum</code></a>).</li>
<li>Autocompletion within import statements (<a
href="https://github.com/dandua98"><code>@dandua98</code></a>).</li>
<li>Autocompletion within package declarations (<a
href="https://github.com/dandua98"><code>@dandua98</code></a>).</li>
</ul>
<h2>Improvements</h2>
<ul>
<li>Improvements to workspace symbols ranking and fuzzy matching (<a
href="https://github.com/findleyr"><code>@findleyr</code></a>, <a
href="https://github.com/myitcv"><code>@myitcv</code></a>).</li>
<li>Better completion suggestions in type switch case clauses and for
calls to <code>append</code>, function literals, and unnamed types (<a
href="https://github.com/muirdm"><code>@muirdm</code></a>).</li>
</ul>
<h2>Thank you</h2>
<p>Thank you to everyone who contributed to this release!</p>
<p><a href="https://github.com/heschik"><code>@heschik</code></a>
<a href="https://github.com/findleyr"><code>@findleyr</code></a>
<a href="https://github.com/pjweinb"><code>@pjweinb</code></a>
<a href="https://github.com/joshbaum"><code>@joshbaum</code></a>
<a href="https://github.com/mcjcloud"><code>@mcjcloud</code></a>
<a href="https://github.com/dandua98"><code>@dandua98</code></a>
<a href="https://github.com/muirdm"><code>@muirdm</code></a>
<a href="https://github.com/leitzler"><code>@leitzler</code></a>
<a href="https://github.com/myitcv"><code>@myitcv</code></a>
<a href="https://github.com/matloob"><code>@matloob</code></a>
<a href="https://github.com/tennashi"><code>@tennashi</code></a>
<a href="https://github.com/ainar-g"><code>@ainar-g</code></a>
<a href="https://github.com/hasheddan"><code>@hasheddan</code></a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7db99dd126"><code>7db99dd</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="1e0dff28f4"><code>1e0dff2</code></a>
gopls/internal/regtest: avoid race in
TestSwitchFromGOPATHToModuleMode</li>
<li><a
href="0441b432ca"><code>0441b43</code></a>
gopls/internal/lsp/cache: use specific mutexes for module data</li>
<li><a
href="33071fbe1a"><code>33071fb</code></a>
internal/robustio: move robustio</li>
<li><a
href="b01e7a4e75"><code>b01e7a4</code></a>
gopls/internal/regtest/watch: don't run
TestSwitchFromGOPATHToModuleMode</li>
<li><a
href="e417ea36ba"><code>e417ea3</code></a>
gopls: remove dead analysis code</li>
<li><a
href="1a08d01ac9"><code>1a08d01</code></a>
gopls/internal/lsp: update replace directives in go.mod for package
renaming</li>
<li><a
href="eac36cb2ac"><code>eac36cb</code></a>
gopls/internal/regtest: port experimental workspace tests to
go.work</li>
<li><a
href="224a61b354"><code>224a61b</code></a>
gopls/internal/lsp/source: delete Snapshot.WriteEnv method</li>
<li><a
href="81e741e32f"><code>81e741e</code></a>
gopls/internal/lsp/safetoken: funnel more calls through this
package</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.2.0...v0.5.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
continuing the PR by @developer-guy
- [x] should be a publisher, as it does publish the images it builds
every time
- [x] `Default` method does not work
- [x] the `fromConfig` thing should probably be on the defaults, too
- [x] wire `--skip-ko`
- [x] documentation
- [x] more tests
- [x] use same registry as docker tests does
- [ ] see if we can make the log output match goreleaser's
- [ ] ??
closes#2556closes#3490
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
Co-authored-by: actions-user <actions@github.com>
Co-authored-by: Jason Hall <jason@chainguard.dev>
Co-authored-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.37 to 2.1.38.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.38 - 12 Jan 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1466</a></li>
</ul>
<h2>2.1.37 - 14 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.6. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1433">#1433</a></li>
</ul>
<h2>2.1.36 - 08 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1412">#1412</a></li>
<li>Add a step that tries to upload a SARIF file for the workflow run
when that workflow run fails. This will help better surface failed code
scanning workflow runs. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1393">#1393</a></li>
<li>Python automatic dependency installation will no longer consider
dependecy code installed in venv as user-written, for projects using
Poetry that specify <code>virtualenvs.in-project = true</code> in their
<code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1419">#1419</a>.</li>
</ul>
<h2>2.1.35 - 01 Dec 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.34 - 25 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1391">#1391</a></li>
<li>Fixed a bug where some the <code>init</code> action and the
<code>analyze</code> action would have different sets of experimental
feature flags enabled. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1384">#1384</a></li>
</ul>
<h2>2.1.33 - 16 Nov 2022</h2>
<ul>
<li>Go is now analyzed in the same way as other compiled languages such
as C/C++, C#, and Java. This completes the rollout of the feature
described in <a
href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL
Action version 2.1.27</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li>
<li>Bump the minimum CodeQL bundle version to 2.6.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li>
</ul>
<h2>2.1.32 - 14 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li>
<li>Update the ML-powered additional query pack for JavaScript to
version 0.4.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li>
</ul>
<h2>2.1.31 - 04 Nov 2022</h2>
<ul>
<li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been
updated to no longer report uses of hash functions such as
<code>MD5</code> and <code>SHA1</code> even if they are known to be
weak. These hash algorithms are used very often in non-sensitive
contexts, making the query too imprecise in practice. For more
information, see the corresponding change in the <a
href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql
repository</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li>
</ul>
<h2>2.1.30 - 02 Nov 2022</h2>
<ul>
<li>Improve the error message when using CodeQL bundle version 2.7.2 and
earlier in a workflow that runs on a runner image such as
<code>ubuntu-22.04</code> that uses glibc version 2.34 and later. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1334">#1334</a></li>
</ul>
<h2>2.1.29 - 26 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="515828d974"><code>515828d</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1476">#1476</a>
from github/update-v2.1.38-70fdddff</li>
<li><a
href="caa49ae471"><code>caa49ae</code></a>
Update changelog for v2.1.38</li>
<li><a
href="70fdddff11"><code>70fdddf</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1474">#1474</a>
from github/henrymercer/fix-ghae-setup-test</li>
<li><a
href="6ba0a36550"><code>6ba0a36</code></a>
Add JSDoc for <code>mockDownloadApi</code></li>
<li><a
href="4a918790cd"><code>4a91879</code></a>
Merge branch 'main' into henrymercer/fix-ghae-setup-test</li>
<li><a
href="42d6d35dd1"><code>42d6d35</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1464">#1464</a>
from github/aeisenberg/externalRepoTokenConfigParsing</li>
<li><a
href="e009918fbc"><code>e009918</code></a>
Merge branch 'main' into aeisenberg/externalRepoTokenConfigParsing</li>
<li><a
href="70a288daae"><code>70a288d</code></a>
Merge branch 'main' into henrymercer/fix-ghae-setup-test</li>
<li><a
href="bdc7c5d203"><code>bdc7c5d</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1466">#1466</a>
from github/dbartol/bundle-20230105</li>
<li><a
href="272d916f23"><code>272d916</code></a>
Address comments from PR</li>
<li>Additional commits viewable in <a
href="959cbb7472...515828d974">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.3.0
to 0.5.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3d872d0428"><code>3d872d0</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="bc7d1d1eb5"><code>bc7d1d1</code></a>
bcrypt: reject passwords longer than 72 bytes</li>
<li><a
href="7e3ac2043e"><code>7e3ac20</code></a>
internal/wycheproof: also use Verify in TestECDSA</li>
<li><a
href="23edec0b38"><code>23edec0</code></a>
ssh: ensure that handshakeTransport goroutines have finished before
Close ret...</li>
<li><a
href="f495dc37d5"><code>f495dc3</code></a>
acme: eliminate arbitrary timeouts in tests</li>
<li><a
href="eb2c406296"><code>eb2c406</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="2c476679df"><code>2c47667</code></a>
cryptobyte: add support for ReadASN1Integer into []byte</li>
<li>See full diff in <a
href="https://github.com/golang/crypto/compare/v0.3.0...v0.5.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
To help solve this issue
```
apk:
signature:
key_file: "{{ .Env.ABUILD_KEY_NAME }}.rsa"
key_name: "{{ .Env.ABUILD_KEY_NAME }}"
```
<!--
Hi, thanks for contributing!
Please make sure you read our CONTRIBUTING guide.
Also, add tests and the respective documentation changes as well.
-->
<!-- If applied, this commit will... -->
Allow that the key_name in apk signature to be templated
<!-- Why is this change being made? -->
The name of the key might not be hardcoded, in a github workflow
<!-- # Provide links to any relevant tickets, URLs or other resources
-->
...
Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.27.0 to
0.28.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/go-cloud/releases">gocloud.dev's
releases</a>.</em></p>
<blockquote>
<h2>v0.28.0</h2>
<p><strong>BREAKING CHANGES</strong>:</p>
<ul>
<li><strong>secrets/azurekeyvault</strong>: Updated to latest Azure
SDK.</li>
<li><strong>blob/azureblob</strong>: Updated to match recent breaking
changes in the Azure packages (yes, again).</li>
<li><strong>pubsub/awssnssqs</strong>: Fixed <code>BeforeSend</code> to
take a pointer to the <code>SendMessageBatchRequestEntry</code> struct,
so that it can be modified.</li>
</ul>
<p><strong>blob</strong></p>
<ul>
<li><strong>memblob</strong>: Fixed bug where use of
<code>BeforeCopy</code> callback would drop the actual copying.</li>
<li><strong>azureblob</strong>: Updated to match recent breaking changes
in the Azure packages.</li>
</ul>
<p><strong>pubsub</strong></p>
<ul>
<li><strong>all</strong>: Simplified and improved batch sizing, should
resolve issues with too-frequent polling in some situations.</li>
<li><strong>azurepubsub</strong>: Made <code>ListenerTimeout</code>
configurable.</li>
<li><strong>gcppubsub</strong> and <strong>awssnssqs</strong>: Support
lazy mode for <code>Nack</code> (where no explicit <code>Nack</code> is
sent).</li>
<li><strong>awssnssqs</strong>: Fixed <code>BeforeSend</code> to take a
pointer to the <code>SendMessageBatchRequestEntry</code> struct, so that
it can be modified.</li>
</ul>
<p><strong>secrets</strong></p>
<ul>
<li><strong>secrets/azurekeyvault</strong>: Updated to latest Azure SDK.
Use azidentity.NewDefaultAzureCredential.</li>
</ul>
<p><strong>sql</strong></p>
<ul>
<li><strong>gcp/cloudsql</strong>: Fixed IAM login.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2416609049"><code>2416609</code></a>
all: prep for v0.28.0 (<a
href="https://github-redirect.dependabot.com/google/go-cloud/issues/3207">#3207</a>)</li>
<li><a
href="13f46eb806"><code>13f46eb</code></a>
pubsub: simplify and improve batch sizing, especially for low message
rates</li>
<li><a
href="8f2c2b9a39"><code>8f2c2b9</code></a>
pubsub/memsub: Add Options for batching (<a
href="https://github-redirect.dependabot.com/google/go-cloud/issues/3205">#3205</a>)</li>
<li><a
href="fe0a3d75fe"><code>fe0a3d7</code></a>
pubsub/awssqs: Fix BeforeSend/As to enable changes to the sqs input
message (...</li>
<li><a
href="dfaf95af34"><code>dfaf95a</code></a>
secrets/azurekeyvault: Use azidentity.NewDefaultAzureCredential to
support ot...</li>
<li><a
href="1e26311532"><code>1e26311</code></a>
blob: Remove some debug logging (<a
href="https://github-redirect.dependabot.com/google/go-cloud/issues/3197">#3197</a>)</li>
<li><a
href="43ed5a4998"><code>43ed5a4</code></a>
pubsub/gcppubsub: Support lazy mode for Nacks (<a
href="https://github-redirect.dependabot.com/google/go-cloud/issues/3195">#3195</a>)</li>
<li><a
href="be80e70b3d"><code>be80e70</code></a>
pubsub/awssnssqs: Support lazy mode for Nacks (<a
href="https://github-redirect.dependabot.com/google/go-cloud/issues/3194">#3194</a>)</li>
<li><a
href="7d690993a5"><code>7d69099</code></a>
blob/azblob: Update to latest, and restore As for dirlist (<a
href="https://github-redirect.dependabot.com/google/go-cloud/issues/3191">#3191</a>)</li>
<li><a
href="e942f3c339"><code>e942f3c</code></a>
blob/azblob: Restore As for List entry (<a
href="https://github-redirect.dependabot.com/google/go-cloud/issues/3188">#3188</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/google/go-cloud/compare/v0.27.0...v0.28.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps golang from 1.19.4-alpine to 1.19.5-alpine.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.3.0
to 0.4.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="34ffb07a99"><code>34ffb07</code></a>
go.mod: update golang.org/x dependencies</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.3.0...v0.4.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab)
from 0.77.0 to 0.78.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ce77452fb9"><code>ce77452</code></a>
Tweaked the ordering a little</li>
<li><a
href="dcaa030fdb"><code>dcaa030</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/xanzy/go-gitlab/issues/1620">#1620</a>
from Alexand/feat/add-enterprise-to-metadata</li>
<li><a
href="c856bb4ab9"><code>c856bb4</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/xanzy/go-gitlab/issues/1615">#1615</a>
from cyd01/master</li>
<li><a
href="06174d15a6"><code>06174d1</code></a>
Merge branch 'xanzy:master' into master</li>
<li><a
href="24f4ce1139"><code>24f4ce1</code></a>
Reorder strurt properties to match the docs</li>
<li><a
href="5681370e4b"><code>5681370</code></a>
Add enterprise attribute to metadata endpoint</li>
<li><a
href="3e2faf7564"><code>3e2faf7</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/xanzy/go-gitlab/issues/1618">#1618</a>
from linkdotnet/fix/<a
href="https://github-redirect.dependabot.com/xanzy/go-gitlab/issues/1578">#1578</a></li>
<li><a
href="1c9b5e4284"><code>1c9b5e4</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/xanzy/go-gitlab/issues/1616">#1616</a>
from robbydyer/pl_event_failure_reason</li>
<li><a
href="baf8093b63"><code>baf8093</code></a>
fix: Tags in Package as complex object</li>
<li><a
href="57255c811d"><code>57255c8</code></a>
Ordering, newlines</li>
<li>Additional commits viewable in <a
href="https://github.com/xanzy/go-gitlab/compare/v0.77.0...v0.78.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps golang from `a9b24b6` to `86d32cc`.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.2 to
3.2.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Add Mint example by <a
href="https://github.com/uhooi"><code>@uhooi</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1051">actions/cache#1051</a></li>
<li>Fixed broken link by <a
href="https://github.com/kotewar"><code>@kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1057">actions/cache#1057</a></li>
<li>Add support to opt-in enable cross-os caching on windows by <a
href="https://github.com/Phantsure"><code>@Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1056">actions/cache#1056</a></li>
<li>Release support for cross-os caching as opt-in feature by <a
href="https://github.com/Phantsure"><code>@Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1060">actions/cache#1060</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/uhooi"><code>@uhooi</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1051">actions/cache#1051</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.2.3">https://github.com/actions/cache/compare/v3...v3.2.3</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -> node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files > 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<h3>3.0.11</h3>
<ul>
<li>Update toolkit version to 3.0.5 to include
<code>@actions/core@^1.10.0</code></li>
<li>Update <code>@actions/cache</code> to use updated
<code>saveState</code> and <code>setOutput</code> functions from
<code>@actions/core@^1.10.0</code></li>
</ul>
<h3>3.1.0-beta.1</h3>
<ul>
<li>Update <code>@actions/cache</code> on windows to use gnu tar and
zstd by default and fallback to bsdtar and zstd if gnu tar is not
available. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li>
</ul>
<h3>3.1.0-beta.2</h3>
<ul>
<li>Added support for fallback to gzip to restore old caches on
windows.</li>
</ul>
<h3>3.1.0-beta.3</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="58c146cc91"><code>58c146c</code></a>
Release support for cross-os caching as opt-in feature (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1060">#1060</a>)</li>
<li><a
href="6fd2d4538c"><code>6fd2d45</code></a>
Add support to opt-in enable cross-os caching on windows (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1056">#1056</a>)</li>
<li><a
href="1f414295fe"><code>1f41429</code></a>
Fixed broken link (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1057">#1057</a>)</li>
<li><a
href="365406cb70"><code>365406c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1051">#1051</a>
from uhooi/feature/add_mint_example</li>
<li><a
href="d6217569d5"><code>d621756</code></a>
Update Mint example</li>
<li><a
href="84e54000da"><code>84e5400</code></a>
Merge remote-tracking branch 'origin/main' into
feature/add_mint_example</li>
<li>See full diff in <a
href="4723a57e26...58c146cc91">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
<!--
Hi, thanks for contributing!
Please make sure you read our CONTRIBUTING guide.
Also, add tests and the respective documentation changes as well.
-->
<!-- If applied, this commit will... -->
Add curio to users.md
<!-- Why is this change being made? -->
Because we are using it :D
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.5.0 to
0.6.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec5565b1b7"><code>ec5565b</code></a>
README.md: update documentation of module versioning</li>
<li>See full diff in <a
href="https://github.com/golang/text/compare/v0.5.0...v0.6.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
<!--
Hi, thanks for contributing!
Please make sure you read our CONTRIBUTING guide.
Also, add tests and the respective documentation changes as well.
-->
<!-- If applied, this commit will... -->
<!-- Why is this change being made? -->
Every other instance I have seen so far uses `.yaml` so, for
consistency, let's rename this one?
<!-- # Provide links to any relevant tickets, URLs or other resources
-->
