go/goreleaser
go/goreleaser
1
0
Fork 0
mirror of https://github.com/goreleaser/goreleaser.git synced 2025-01-10 03:47:03 +02:00
Code Issues Releases Activity
5,188 Commits 8 Branches 558 Tags 41 MiB
c567f15ad7
Commit Graph

5188 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Carlos Alexandro Becker
c567f15ad7
test: improve test 2023-11-29 23:12:16 -03:00
Carlos Alexandro Becker
a09a0d7018
fix(ko): error finishing with . 2023-11-29 23:12:07 -03:00
Carlos Alexandro Becker
b0bf4eb0cd
build: golangci config 2023-11-29 23:11:46 -03:00
Carlos Alexandro Becker
d0d088dee7
test: fix 2023-11-29 22:40:10 -03:00
Carlos Alexandro Becker
1ec5245f51
test: improve brittle tests 2023-11-29 22:25:14 -03:00
Carlos Alexandro Becker
bd7933d185
feat: improve project and build hooks error handling 
closes #4451
 2023-11-29 22:01:13 -03:00
Carlos Alexandro Becker
d89557b277
docs: install should say the required Go version 
refs https://github.com/orgs/goreleaser/discussions/4443
 2023-11-29 13:12:18 -03:00
dependabot[bot]
8eccb57161
chore(deps): bump cachix/install-nix-action from 23 to 24 (#4448) 
Bumps
[cachix/install-nix-action](https://github.com/cachix/install-nix-action)
from 23 to 24.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cachix/install-nix-action/releases">cachix/install-nix-action's
releases</a>.</em></p>
<blockquote>
<h2>install-nix-action-v24</h2>
<ul>
<li>Nix 2.19.1</li>
<li>enables KVM on linux</li>
<li>set <code>TMPDIR</code> to avoid potential disk space issues</li>
<li>don't use the default GitHub token for Enterprise</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7ac1ec2549"><code>7ac1ec2</code></a>
Nix 2.19.1</li>
<li><a
href="dc33a216cb"><code>dc33a21</code></a>
Merge pull request <a
href="https://redirect.github.com/cachix/install-nix-action/issues/200">#200</a>
from cachix/fix/196</li>
<li><a
href="2b90cd3130"><code>2b90cd3</code></a>
Merge pull request <a
href="https://redirect.github.com/cachix/install-nix-action/issues/202">#202</a>
from cachix/feature/kvm</li>
<li><a
href="fe19c91c6b"><code>fe19c91</code></a>
feat: enable KVM on Linux if available</li>
<li><a
href="a56e3a8089"><code>a56e3a8</code></a>
Merge pull request <a
href="https://redirect.github.com/cachix/install-nix-action/issues/199">#199</a>
from jalaziz/tempdir</li>
<li><a
href="81eb746179"><code>81eb746</code></a>
Update install-nix.sh</li>
<li><a
href="97a1be3c09"><code>97a1be3</code></a>
fix: don't use the default GitHub token for Enterprise</li>
<li><a
href="2cce1fd76b"><code>2cce1fd</code></a>
fix: Set TMPDIR to avoid disk space issues</li>
<li><a
href="300721fe01"><code>300721f</code></a>
Merge pull request <a
href="https://redirect.github.com/cachix/install-nix-action/issues/193">#193</a>
from cachix/dependabot/github_actions/actions/checkout-4</li>
<li><a
href="fe6788c5de"><code>fe6788c</code></a>
chore(deps): bump actions/checkout from 3 to 4</li>
<li>See full diff in <a
href="https://github.com/cachix/install-nix-action/compare/v23...v24">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cachix/install-nix-action&package-manager=github_actions&previous-version=23&new-version=24)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-29 09:35:49 -03:00
ixje
149b178094
docs: update deprecated --skip-publish release flag (#4449) 
Calling `goreleaser release --skip-publish` as according to the [dry run
documentation](https://goreleaser.com/quick-start/?h=dry+run#release-flags)
gives the following deprecation warning
```
• DEPRECATED: --skip-publish was deprecated in favor of --skip=publish, check https://goreleaser.com/deprecations#-skip for more details
```

This updates the documentation
 2023-11-29 09:31:53 -03:00
wrench
d2c0e4c6ad
docs: fix typo (#4447) 2023-11-28 11:08:53 -03:00
dependabot[bot]
2f1162a2a4
feat(deps): bump golang.org/x/tools from 0.15.0 to 0.16.0 (#4444) 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.15.0
to 0.16.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a9ef4cfeac"><code>a9ef4cf</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="d9b9452656"><code>d9b9452</code></a>
gopls/internal/lsp/cache: move quick-fix bundling logic to the cache
pkg</li>
<li><a
href="1733061d5f"><code>1733061</code></a>
go/analysis/passes/testinggoroutine: report by enclosing regions</li>
<li><a
href="b19be0fa71"><code>b19be0f</code></a>
gopls/internal/cmd/help_test.go: document</li>
<li><a
href="daa4aa59ed"><code>daa4aa5</code></a>
gopls/internal/lsp/source: stubmethods: fix out-of-bounds index</li>
<li><a
href="a586d0db84"><code>a586d0d</code></a>
go/types/internal/play: show more types.Scope detail</li>
<li><a
href="53ad329bd9"><code>53ad329</code></a>
gopls/internal/lsp/source: move edit logic into the protocol
package</li>
<li><a
href="3c677e3f7d"><code>3c677e3</code></a>
gopls/internal/lsp/cache: move SuggestedFixFromCommand into cache</li>
<li><a
href="ab6af7d4bb"><code>ab6af7d</code></a>
gopls/internal/lsp/source: extract InDir to a new pathutil package</li>
<li><a
href="e7d61d9d57"><code>e7d61d9</code></a>
gopls/internal/lsp/cache: simplify named error values</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.15.0...v0.16.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.15.0&new-version=0.16.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-28 10:15:02 -03:00
Carlos Alexandro Becker
5a74601559
build: fix typo 2023-11-28 09:23:01 -03:00
dependabot[bot]
5587cb2cb7
feat(deps): bump golang.org/x/oauth2 from 0.14.0 to 0.15.0 (#4445) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from
0.14.0 to 0.15.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6e9ec9323d"><code>6e9ec93</code></a>
go.mod: update golang.org/x dependencies</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.14.0...v0.15.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/oauth2&package-manager=go_modules&previous-version=0.14.0&new-version=0.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-28 09:22:27 -03:00
Carlos Alexandro Becker
64916314c7
docs: update users.md 2023-11-27 18:38:06 -03:00
Carlos Alexandro Becker
25a054c5e1
feat: improve --single-target (#4442) 
closes #4437 
closes #4426

---------

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-11-27 18:29:50 -03:00
Libor Ondrušek
6bce81c0be
docs(azblob): correct auth to Azure storage service (#4439) 
I corected documentation for upload blobs to azure Storage Service from
[used
library](53ccd8db26/blob/azureblob/azureblob.go (L30)).
 2023-11-24 20:17:45 -03:00
Carlos Alexandro Becker
9d2162b61c
build: report only new lint problems 
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-11-24 14:07:24 -03:00
John Taylor
74e706461b
fix: allow homebrew to use tar.xz format (#4441) 
<!-- If applied, this commit will... -->

In a `brews` section, goreleaser will fail when using `format: tar.xz`
even though homebrew supports installing binaries bundled in a `.tar.xz`
archive.

<!-- Why is this change being made? -->

I use `.tar.xz` instead of `.tar.gz` and would like goreleaser to
support this when used in conjunction with `brews` sections.

With this patch, I created a test [homebrew
formulae](https://github.com/jftuga/homebrew-tap/blob/main/awswho.rb)
and successfully installed it under macOS.
 2023-11-24 14:03:05 -03:00
Carlos Alexandro Becker
103b54bed5
fix(sbom): warn/error on wrong configuration 
refs #4425

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-11-23 17:41:48 -03:00
Carlos Alexandro Becker
1d34568b75
feat(sbom): update default command 
--file is deprecated

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-11-23 17:41:43 -03:00
Carlos Alexandro Becker
d83243cc28
docs(sbom): improve sbom alternative example 
previous example was invalid and would hide errors to anyone mindlessly
copying it.

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-11-23 17:41:14 -03:00
Carlos Alexandro Becker
a5f767832a
SBOM improvements (#4430) 
refs https://github.com/orgs/goreleaser/discussions/4425
 2023-11-23 17:40:25 -03:00
dependabot[bot]
f9203badeb
feat(deps): bump github.com/disgoorg/disgo from 0.16.12 to 0.17.0 (#4434) 
Bumps [github.com/disgoorg/disgo](https://github.com/disgoorg/disgo)
from 0.16.12 to 0.17.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c4ffb0537d"><code>c4ffb05</code></a>
fix checking timeouts when calculating permissions</li>
<li><a
href="7e8c825d82"><code>7e8c825</code></a>
Address Discord having shitty API design</li>
<li><a
href="c9a23642bd"><code>c9a2364</code></a>
Add new expressions and events permissions (<a
href="https://redirect.github.com/disgoorg/disgo/issues/292">#292</a>)</li>
<li><a
href="f19739c45e"><code>f19739c</code></a>
update dependencies</li>
<li><a
href="0c2c0328fa"><code>0c2c032</code></a>
migrate to slog &amp; go 1.21 (<a
href="https://redirect.github.com/disgoorg/disgo/issues/294">#294</a>)</li>
<li>See full diff in <a
href="https://github.com/disgoorg/disgo/compare/v0.16.12...v0.17.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/disgoorg/disgo&package-manager=go_modules&previous-version=0.16.12&new-version=0.17.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-23 17:38:25 -03:00
dependabot[bot]
334cb890a5
feat(deps): bump github.com/google/ko from 0.15.0 to 0.15.1 (#4435) 
Bumps [github.com/google/ko](https://github.com/google/ko) from 0.15.0
to 0.15.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/ko/releases">github.com/google/ko's
releases</a>.</em></p>
<blockquote>
<h2>v0.15.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Don't AppendDescriptor until we've written config by <a
href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a>
in <a
href="https://redirect.github.com/ko-build/ko/pull/1175">ko-build/ko#1175</a></li>
<li>Add more locking around on-disk image cache by <a
href="https://github.com/jonjohnsonjr"><code>@​jonjohnsonjr</code></a>
in <a
href="https://redirect.github.com/ko-build/ko/pull/1176">ko-build/ko#1176</a></li>
<li>Fix &quot;AM&quot; Time Typo by <a
href="https://github.com/StephenGrider"><code>@​StephenGrider</code></a>
in <a
href="https://redirect.github.com/ko-build/ko/pull/1179">ko-build/ko#1179</a></li>
<li>docs: add MacPorts install info by <a
href="https://github.com/herbygillot"><code>@​herbygillot</code></a> in
<a
href="https://redirect.github.com/ko-build/ko/pull/1180">ko-build/ko#1180</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/StephenGrider"><code>@​StephenGrider</code></a>
made their first contribution in <a
href="https://redirect.github.com/ko-build/ko/pull/1179">ko-build/ko#1179</a></li>
<li><a
href="https://github.com/herbygillot"><code>@​herbygillot</code></a>
made their first contribution in <a
href="https://redirect.github.com/ko-build/ko/pull/1180">ko-build/ko#1180</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ko-build/ko/compare/v0.15.0...v0.15.1">https://github.com/ko-build/ko/compare/v0.15.0...v0.15.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2e9e58b187"><code>2e9e58b</code></a>
Bump k8s.io/apimachinery from 0.28.3 to 0.28.4</li>
<li><a
href="84d3803370"><code>84d3803</code></a>
Merge pull request <a
href="https://redirect.github.com/google/ko/issues/1177">#1177</a> from
ko-build/dependabot/go_modules/github.com/sigst...</li>
<li><a
href="512ca9c0fb"><code>512ca9c</code></a>
Bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1</li>
<li><a
href="4aceae1ddf"><code>4aceae1</code></a>
update test</li>
<li><a
href="a271b54fe5"><code>a271b54</code></a>
Bump github.com/google/go-containerregistry from 0.15.2 to 0.16.1</li>
<li><a
href="cfc13deeb6"><code>cfc13de</code></a>
Bump golang.org/x/tools from 0.14.0 to 0.15.0</li>
<li><a
href="59038b983f"><code>59038b9</code></a>
Merge pull request <a
href="https://redirect.github.com/google/ko/issues/1180">#1180</a> from
herbygillot/patch-1</li>
<li><a
href="63cd511412"><code>63cd511</code></a>
docs: add MacPorts install info</li>
<li><a
href="f1f5fb3afb"><code>f1f5fb3</code></a>
Update community.md (<a
href="https://redirect.github.com/google/ko/issues/1179">#1179</a>)</li>
<li><a
href="c92ea35f27"><code>c92ea35</code></a>
Merge pull request <a
href="https://redirect.github.com/google/ko/issues/1178">#1178</a> from
ko-build/dependabot/github_actions/sigstore/cos...</li>
<li>Additional commits viewable in <a
href="https://github.com/google/ko/compare/v0.15.0...v0.15.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/ko&package-manager=go_modules&previous-version=0.15.0&new-version=0.15.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
Dependabot will merge this PR once CI passes on it, as requested by
@caarlos0.

[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-23 17:38:08 -03:00
dependabot[bot]
969003ca5f
chore(deps): bump actions/github-script from 7.0.0 to 7.0.1 (#4432) 
Bumps [actions/github-script](https://github.com/actions/github-script)
from 7.0.0 to 7.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Avoid setting <code>baseUrl</code> to undefined when input is not
provided by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/439">actions/github-script#439</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v7.0.0...v7.0.1">https://github.com/actions/github-script/compare/v7.0.0...v7.0.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="60a0d83039"><code>60a0d83</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/github-script/issues/440">#440</a>
from actions/joshmgross/v7.0.1</li>
<li><a
href="b7fb2001b4"><code>b7fb200</code></a>
Update version to 7.0.1</li>
<li><a
href="12e22ed06b"><code>12e22ed</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/github-script/issues/439">#439</a>
from actions/joshmgross/avoid-setting-base-url</li>
<li><a
href="d319f8f5b5"><code>d319f8f</code></a>
Avoid setting <code>baseUrl</code> to undefined when input is not
provided</li>
<li>See full diff in <a
href="e69ef5462f...60a0d83039">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=7.0.0&new-version=7.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-23 17:37:59 -03:00
dependabot[bot]
182e103330
feat(deps): bump github.com/xanzy/go-gitlab from 0.93.2 to 0.94.0 (#4433) 
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab)
from 0.93.2 to 0.94.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="793bc3cdf5"><code>793bc3c</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1829">#1829</a>
from mauamy/feat/add-member-roles</li>
<li><a
href="99ab72b8c2"><code>99ab72b</code></a>
Make the code match the rest of the package</li>
<li><a
href="ec84ef5626"><code>ec84ef5</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1788">#1788</a>
from mycrEEpy/update-go</li>
<li><a
href="664c0acc48"><code>664c0ac</code></a>
Simplify the Ptr func</li>
<li><a
href="2bf8cd2ee2"><code>2bf8cd2</code></a>
update deprecation docs</li>
<li><a
href="ce857a2572"><code>ce857a2</code></a>
update readme examples</li>
<li><a
href="a2fd184003"><code>a2fd184</code></a>
update minimum go version to 1.19; add Ptr function to use generics for
alloc...</li>
<li><a
href="5a3d963c32"><code>5a3d963</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1827">#1827</a>
from pwlandoll/feat/815-keyset-pagination</li>
<li><a
href="5bd3fc74a9"><code>5bd3fc7</code></a>
Small tweaks, nothing exiting :)</li>
<li><a
href="d906aaa47a"><code>d906aaa</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1834">#1834</a>
from ppeble/pipelines-add-name-field</li>
<li>Additional commits viewable in <a
href="https://github.com/xanzy/go-gitlab/compare/v0.93.2...v0.94.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/xanzy/go-gitlab&package-manager=go_modules&previous-version=0.93.2&new-version=0.94.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-23 17:37:49 -03:00
dependabot[bot]
48b49ea2ae
chore(deps): bump anchore/sbom-action from 0.14.3 to 0.15.0 (#4436) 
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from
0.14.3 to 0.15.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.15.0</h2>
<h2>Changes in v0.14.4</h2>
<h3>Breaking Changes</h3>
<ul>
<li>Previously, running on Windows required WSL. Now, running on Windows
expects to be run on native windows (<a
href="https://redirect.github.com/anchore/sbom-action/issues/426">#426</a>)
[<a href="https://github.com/willmurphyscode">willmurphyscode</a>].</li>
</ul>
<h3>Other Changes</h3>
<ul>
<li>pin and upgrade actions/checkout (<a
href="https://redirect.github.com/anchore/sbom-action/issues/428">#428</a>)
[<a href="https://github.com/willmurphyscode">willmurphyscode</a>]</li>
<li>chore(deps): update Syft to v0.97.1 (<a
href="https://redirect.github.com/anchore/sbom-action/issues/427">#427</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
<li>add oss community board auto-add workflow (<a
href="https://redirect.github.com/anchore/sbom-action/issues/421">#421</a>)
[<a href="https://github.com/wagoodman">wagoodman</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fd74a6fb98"><code>fd74a6f</code></a>
pin and upgrade actions/checkout (<a
href="https://redirect.github.com/anchore/sbom-action/issues/428">#428</a>)</li>
<li><a
href="c9fb15d7bc"><code>c9fb15d</code></a>
chore(deps): update Syft to v0.97.1 (<a
href="https://redirect.github.com/anchore/sbom-action/issues/427">#427</a>)</li>
<li><a
href="74207bd644"><code>74207bd</code></a>
chore: test natively on Windows (<a
href="https://redirect.github.com/anchore/sbom-action/issues/426">#426</a>)</li>
<li><a
href="ace0b9722a"><code>ace0b97</code></a>
add oss community board auto-add workflow (<a
href="https://redirect.github.com/anchore/sbom-action/issues/421">#421</a>)</li>
<li>See full diff in <a
href="https://github.com/anchore/sbom-action/compare/v0.14.3...v0.15.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.14.3&new-version=0.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-23 17:37:39 -03:00
Gabriel Cipriano
8f6b16f6b5
feat: validate ko's main path (#4429) 
closes #4382
 2023-11-19 14:54:18 -03:00
dependabot[bot]
3c6dcd8dcd
feat(deps): bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.1 (#4419) 
Bumps
[github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from
2.1.1 to 2.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign/releases">github.com/sigstore/cosign/v2's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.1</h2>
<p><strong>Note: This release comes with a fix for CVE-2023-46737
described in this <a
href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github
Security Advisory</a>. Please upgrade to this release ASAP</strong></p>
<h2>Enhancements</h2>
<ul>
<li>feat: Support basic auth and bearer auth login to registry (<a
href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li>
<li>add support for ignoring certificates with pkcs11 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li>
<li>Support ReplaceOp in Signatures (<a
href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li>
<li>feat: added ability to get image digest back via triangulate (<a
href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li>
<li>feat: add <code>--only</code> flag in <code>cosign copy</code> to
copy sign, att &amp; sbom (<a
href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li>
<li>feat: add support attaching a Rekor bundle to a container (<a
href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li>
<li>feat: add support outputting rekor response on signing (<a
href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li>
<li>feat: improve dockerfile verify subcommand (<a
href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li>
<li>Add guard flag for experimental OCI 1.1 verify. (<a
href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li>
<li>Deprecate SBOM attachments (<a
href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li>
<li>feat: dedent line in cosign copy doc (<a
href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li>
<li>feat: add platform flag to cosign copy command (<a
href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li>
<li>Add SLSA 1.0 attestation support to cosign. Closes <a
href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a>
(<a
href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li>
<li>attest: pass OCI remote opts to att resolver. (<a
href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Merge pull request from GHSA-vfp6-jrw2-99g9</li>
<li>fix: allow cosign download sbom when image is absent (<a
href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li>
<li>ci: add a OCI registry test for referrers support (<a
href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li>
<li>Fix ReplaceSignatures (<a
href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li>
<li>Stop using deprecated in_toto.ProvenanceStatement (<a
href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li>
<li>Fixes <a
href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>,
disable SCT checking for a cosign verification when usin… (<a
href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li>
<li>fix: update error in <code>SignedEntity</code> to be more
descriptive (<a
href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li>
<li>Fail timestamp verification if no root is provided (<a
href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li>
</ul>
<h2>Documentation</h2>
<ul>
<li>Add some docs about verifying in an air-gapped environment (<a
href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li>
<li>Update CONTRIBUTING.md (<a
href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li>
<li>docs: improves the Contribution guidelines (<a
href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li>
<li>Remove security policy (<a
href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li>
</ul>
<h2>Others</h2>
<ul>
<li>Set go to min 1.21 and update dependencies (<a
href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li>
<li>Update contact for code of conduct (<a
href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li>
<li>Update .ko.yaml (<a
href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li>
</ul>
<h2>Contributors</h2>
<ul>
<li>AdamKorcz</li>
<li>Andres Galante</li>
<li>Appu</li>
<li>Billy Lynch</li>
<li>Bob Callaway</li>
<li>Caleb Woodbine</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign/blob/main/CHANGELOG.md">github.com/sigstore/cosign/v2's
changelog</a>.</em></p>
<blockquote>
<h1>v2.2.1</h1>
<p><strong>Note: This release comes with a fix for CVE-2023-46737
described in this <a
href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github
Security Advisory</a>. Please upgrade to this release ASAP</strong></p>
<h2>Enhancements</h2>
<ul>
<li>feat: Support basic auth and bearer auth login to registry (<a
href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li>
<li>add support for ignoring certificates with pkcs11 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li>
<li>Support ReplaceOp in Signatures (<a
href="https://redirect.github.com/sigstore/cosign/issues/3315">#3315</a>)</li>
<li>feat: added ability to get image digest back via triangulate (<a
href="https://redirect.github.com/sigstore/cosign/issues/3255">#3255</a>)</li>
<li>feat: add <code>--only</code> flag in <code>cosign copy</code> to
copy sign, att &amp; sbom (<a
href="https://redirect.github.com/sigstore/cosign/issues/3247">#3247</a>)</li>
<li>feat: add support attaching a Rekor bundle to a container (<a
href="https://redirect.github.com/sigstore/cosign/issues/3246">#3246</a>)</li>
<li>feat: add support outputting rekor response on signing (<a
href="https://redirect.github.com/sigstore/cosign/issues/3248">#3248</a>)</li>
<li>feat: improve dockerfile verify subcommand (<a
href="https://redirect.github.com/sigstore/cosign/issues/3264">#3264</a>)</li>
<li>Add guard flag for experimental OCI 1.1 verify. (<a
href="https://redirect.github.com/sigstore/cosign/issues/3272">#3272</a>)</li>
<li>Deprecate SBOM attachments (<a
href="https://redirect.github.com/sigstore/cosign/issues/3256">#3256</a>)</li>
<li>feat: dedent line in cosign copy doc (<a
href="https://redirect.github.com/sigstore/cosign/issues/3244">#3244</a>)</li>
<li>feat: add platform flag to cosign copy command (<a
href="https://redirect.github.com/sigstore/cosign/issues/3234">#3234</a>)</li>
<li>Add SLSA 1.0 attestation support to cosign. Closes <a
href="https://redirect.github.com/sigstore/cosign/issues/2860">#2860</a>
(<a
href="https://redirect.github.com/sigstore/cosign/issues/3219">#3219</a>)</li>
<li>attest: pass OCI remote opts to att resolver. (<a
href="https://redirect.github.com/sigstore/cosign/issues/3225">#3225</a>)</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Merge pull request from GHSA-vfp6-jrw2-99g9</li>
<li>fix: allow cosign download sbom when image is absent (<a
href="https://redirect.github.com/sigstore/cosign/issues/3245">#3245</a>)</li>
<li>ci: add a OCI registry test for referrers support (<a
href="https://redirect.github.com/sigstore/cosign/issues/3253">#3253</a>)</li>
<li>Fix ReplaceSignatures (<a
href="https://redirect.github.com/sigstore/cosign/issues/3292">#3292</a>)</li>
<li>Stop using deprecated in_toto.ProvenanceStatement (<a
href="https://redirect.github.com/sigstore/cosign/issues/3243">#3243</a>)</li>
<li>Fixes <a
href="https://redirect.github.com/sigstore/cosign/issues/3236">#3236</a>,
disable SCT checking for a cosign verification when usin… (<a
href="https://redirect.github.com/sigstore/cosign/issues/3237">#3237</a>)</li>
<li>fix: update error in <code>SignedEntity</code> to be more
descriptive (<a
href="https://redirect.github.com/sigstore/cosign/issues/3233">#3233</a>)</li>
<li>Fail timestamp verification if no root is provided (<a
href="https://redirect.github.com/sigstore/cosign/issues/3224">#3224</a>)</li>
</ul>
<h2>Documentation</h2>
<ul>
<li>Add some docs about verifying in an air-gapped environment (<a
href="https://redirect.github.com/sigstore/cosign/issues/3321">#3321</a>)</li>
<li>Update CONTRIBUTING.md (<a
href="https://redirect.github.com/sigstore/cosign/issues/3268">#3268</a>)</li>
<li>docs: improves the Contribution guidelines (<a
href="https://redirect.github.com/sigstore/cosign/issues/3257">#3257</a>)</li>
<li>Remove security policy (<a
href="https://redirect.github.com/sigstore/cosign/issues/3230">#3230</a>)</li>
</ul>
<h2>Others</h2>
<ul>
<li>Set go to min 1.21 and update dependencies (<a
href="https://redirect.github.com/sigstore/cosign/issues/3327">#3327</a>)</li>
<li>Update contact for code of conduct (<a
href="https://redirect.github.com/sigstore/cosign/issues/3266">#3266</a>)</li>
<li>Update .ko.yaml (<a
href="https://redirect.github.com/sigstore/cosign/issues/3240">#3240</a>)</li>
</ul>
<h2>Contributors</h2>
<ul>
<li>AdamKorcz</li>
<li>Andres Galante</li>
<li>Appu</li>
<li>Billy Lynch</li>
<li>Bob Callaway</li>
<li>Caleb Woodbine</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="12cbf9ea17"><code>12cbf9e</code></a>
add changelog for v2.2.1 release (<a
href="https://redirect.github.com/sigstore/cosign/issues/3344">#3344</a>)</li>
<li><a
href="827f24e9d4"><code>827f24e</code></a>
feat: Support basic auth and bearer auth login to registry (<a
href="https://redirect.github.com/sigstore/cosign/issues/3310">#3310</a>)</li>
<li><a
href="8ac891ff0e"><code>8ac891f</code></a>
Merge pull request from GHSA-vfp6-jrw2-99g9</li>
<li><a
href="8b366c497b"><code>8b366c4</code></a>
add support for ignoring certificates with pkcs11 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3334">#3334</a>)</li>
<li><a
href="23920de562"><code>23920de</code></a>
chore(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3342">#3342</a>)</li>
<li><a
href="e022e1c132"><code>e022e1c</code></a>
chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3341">#3341</a>)</li>
<li><a
href="28c59c5eca"><code>28c59c5</code></a>
add missing groups key (<a
href="https://redirect.github.com/sigstore/cosign/issues/3339">#3339</a>)</li>
<li><a
href="8e5bdcc0ff"><code>8e5bdcc</code></a>
chore(deps): bump github.com/google/certificate-transparency-go (<a
href="https://redirect.github.com/sigstore/cosign/issues/3338">#3338</a>)</li>
<li><a
href="510cac4ef5"><code>510cac4</code></a>
chore(deps): bump github.com/sigstore/rekor from 1.3.2 to 1.3.3 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3336">#3336</a>)</li>
<li><a
href="063902b1d7"><code>063902b</code></a>
chore(deps): bump github.com/buildkite/agent/v3 from 3.57.0 to 3.58.0
(<a
href="https://redirect.github.com/sigstore/cosign/issues/3337">#3337</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/sigstore/cosign/compare/v2.1.1...v2.2.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/cosign/v2&package-manager=go_modules&previous-version=2.1.1&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/goreleaser/goreleaser/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-18 13:39:49 -03:00
dependabot[bot]
a5ae5cd20a
feat(deps): bump github.com/disgoorg/disgo from 0.16.11 to 0.16.12 (#4422) 
Bumps [github.com/disgoorg/disgo](https://github.com/disgoorg/disgo)
from 0.16.11 to 0.16.12.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/disgoorg/disgo/releases">github.com/disgoorg/disgo's
releases</a>.</em></p>
<blockquote>
<h2>v0.16.12</h2>
<h2>What's Changed</h2>
<ul>
<li>Update subscription objects to match the docs by <a
href="https://github.com/mlnrDev"><code>@​mlnrDev</code></a> in <a
href="https://redirect.github.com/disgoorg/disgo/pull/322">disgoorg/disgo#322</a></li>
<li>Fix problem with oauth2 endpoints by <a
href="https://github.com/topi314"><code>@​topi314</code></a> in <a
href="https://redirect.github.com/disgoorg/disgo/pull/323">disgoorg/disgo#323</a></li>
<li>Fix incorrect expiration in oauth sessions by <a
href="https://github.com/topi314"><code>@​topi314</code></a> in <a
href="c50b92ff0a</a></li>
<li>Fix missnamed creator json tag in emoji by <a
href="https://github.com/topi314"><code>@​topi314</code></a> in <a
href="0162c707df</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/disgoorg/disgo/compare/v0.16.11...v0.16.12">https://github.com/disgoorg/disgo/compare/v0.16.11...v0.16.12</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0162c707df"><code>0162c70</code></a>
fix missnamed creator json tag in emoji</li>
<li><a
href="631c26135b"><code>631c261</code></a>
fix problem with oauth2 endpoints (<a
href="https://redirect.github.com/disgoorg/disgo/issues/323">#323</a>)</li>
<li><a
href="c50b92ff0a"><code>c50b92f</code></a>
fix incorrect expiration in oauth sessions</li>
<li><a
href="5a9ed6695b"><code>5a9ed66</code></a>
Update subscription objects to match the docs (<a
href="https://redirect.github.com/disgoorg/disgo/issues/322">#322</a>)</li>
<li>See full diff in <a
href="https://github.com/disgoorg/disgo/compare/v0.16.11...v0.16.12">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/disgoorg/disgo&package-manager=go_modules&previous-version=0.16.11&new-version=0.16.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-18 13:39:36 -03:00
dependabot[bot]
a73fcfc5d9
feat(deps): bump golang.org/x/oauth2 from 0.13.0 to 0.14.0 (#4416) 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from
0.13.0 to 0.14.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e067960af8"><code>e067960</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="4c91c17b32"><code>4c91c17</code></a>
google: adds header to security considerations section</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.13.0...v0.14.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/oauth2&package-manager=go_modules&previous-version=0.13.0&new-version=0.14.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-18 13:39:25 -03:00
dependabot[bot]
5c2cbb3417
feat(deps): bump golang.org/x/tools from 0.14.0 to 0.15.0 (#4417) 
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.14.0
to 0.15.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.14.1</h2>
<p>This release contains just two changes:</p>
<ul>
<li>A workaround for a regression affecting some users of
<code>GOPACKAGESDRIVER</code>: <a
href="https://redirect.github.com/golang/go/issues/63751">golang/go#63751</a>,
for example those using gopls with an older version of <a
href="https://bazel.build/">Bazel</a>. When the <a
href="https://pkg.go.dev/golang.org/x/tools/go/packages"><code>go/packages</code></a>
driver is missing compiler or architecture information, gopls now
assumes a default value rather than failing to load package
information.</li>
<li>A fix for a minor bug in the <a
href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.14.0">new</a>
&quot;remove unused parameter&quot; refactoring: <a
href="https://redirect.github.com/golang/go/issues/63755">golang/go#63755</a>.
Notably, this bug was discovered via an automated report from someone
who had opted in to <a href="https://telemetry.go.dev/privacy">Go
telemetry</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="729e159c03"><code>729e159</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="38ed81a6b5"><code>38ed81a</code></a>
gopls/internal/regtest/marker: porting extract tests</li>
<li><a
href="bbf8380961"><code>bbf8380</code></a>
gopls/internal/regtest/marker: use golden diffs for suggested fixes</li>
<li><a
href="51df92b224"><code>51df92b</code></a>
go/ssa: two minor cleanups</li>
<li><a
href="e7fb31ad45"><code>e7fb31a</code></a>
internal/cmd/deadcode: rename -format to -f</li>
<li><a
href="c538b4e994"><code>c538b4e</code></a>
internal/cmd/deadcode: add -whylive=function flag</li>
<li><a
href="b753e58b84"><code>b753e58</code></a>
internal/lsp/helper: fix misspelled &quot;Code generated&quot;
comment</li>
<li><a
href="2638d66336"><code>2638d66</code></a>
internal/cmd/deadcode: omit package/func keywords in default output</li>
<li><a
href="118c362a56"><code>118c362</code></a>
gopls/internal/lsp/source: fix signatureHelp with pointer receivers</li>
<li><a
href="4124316da0"><code>4124316</code></a>
gopls/internal/lsp/cache: remove baseCtx from the View</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.14.0...v0.15.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.14.0&new-version=0.15.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-18 12:18:36 -03:00
Carlos Alexandro Becker
18c109a62a
build: simplify changelog on nightly builds 
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-11-18 09:55:07 -03:00
Gabriel Cipriano
59a3eeb56d
fix: linkedin announce api changes (#4428) 
Closes #4421 

I chose to keep `getProfileID` as `getProfileIDLegacy` and use it as a
fallback if `getProfileSub` fails because of permission scope.

In this way, it's not a breaking change because one that has only a
deprecated permissions such as `r_liteprofile` will still be able to hit
`v2/me`

this logic is encapsulated in the new function `getProfileURN`, that
resolves the user identifier and returns it formatted as a URN

---------

Co-authored-by: Gabriel F Cipriano <gabriel.cipriano@farme.com.br>
 2023-11-18 09:51:42 -03:00
Gabriel Cipriano
11e5682165
docs: update CONTRIBUTING.md add upx as optional prerequesite (#4427) 
A test failed as I didn't had upx installed:

```
--- FAIL: TestRun (0.58s)
    upx_test.go:119: 
                Error Trace:    /home/cipri/git/goreleaser/internal/pipe/upx/upx_test.go:119
                Error:          Received unexpected error:
                                upx not found in PATH
                Test:           TestRun
FAIL
```


<!-- If applied, this commit will... -->

...

<!-- Why is this change being made? -->

...

<!-- # Provide links to any relevant tickets, URLs or other resources
-->

...
 2023-11-18 09:49:45 -03:00
dependabot[bot]
57f25324a9
chore(deps): bump actions/github-script from 6.4.1 to 7.0.0 (#4424) 
Bumps [actions/github-script](https://github.com/actions/github-script)
from 6.4.1 to 7.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add base-url option by <a
href="https://github.com/robandpdx"><code>@​robandpdx</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/429">actions/github-script#429</a></li>
<li>Expose async-function argument type by <a
href="https://github.com/viktorlott"><code>@​viktorlott</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/402">actions/github-script#402</a>,
see for details <a
href="https://github.com/actions/github-script#use-scripts-with-jsdoc-support">https://github.com/actions/github-script#use-scripts-with-jsdoc-support</a></li>
<li>Update dependencies and use Node 20 by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/github-script/pull/425">actions/github-script#425</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/navarroaxel"><code>@​navarroaxel</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/285">actions/github-script#285</a></li>
<li><a href="https://github.com/robandpdx"><code>@​robandpdx</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/429">actions/github-script#429</a></li>
<li><a
href="https://github.com/viktorlott"><code>@​viktorlott</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/github-script/pull/402">actions/github-script#402</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v6.4.1...v7.0.0">https://github.com/actions/github-script/compare/v6.4.1...v7.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e69ef5462f"><code>e69ef54</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/github-script/issues/425">#425</a>
from actions/joshmgross/node-20</li>
<li><a
href="ee0914b839"><code>ee0914b</code></a>
Update licenses</li>
<li><a
href="d6fc56f33b"><code>d6fc56f</code></a>
Use <code>@types/node</code> for Node 20</li>
<li><a
href="384d6cf581"><code>384d6cf</code></a>
Fix quotations in tests</li>
<li><a
href="84724927e3"><code>8472492</code></a>
Only validate GraphQL <code>previews</code></li>
<li><a
href="84903f5182"><code>84903f5</code></a>
Remove <code>node-fetch</code> from type</li>
<li><a
href="5349cf9965"><code>5349cf9</code></a>
Merge branch 'main' into joshmgross/node-20</li>
<li><a
href="ecae9eb535"><code>ecae9eb</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/github-script/issues/402">#402</a>
from typed-actions/export-types</li>
<li><a
href="044ebbb945"><code>044ebbb</code></a>
Merge branch 'main' into export-types</li>
<li><a
href="6b5d3eac1f"><code>6b5d3ea</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/github-script/issues/429">#429</a>
from robandpdx/add-base-url-option</li>
<li>Additional commits viewable in <a
href="d7906e4ad0...e69ef5462f">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=6.4.1&new-version=7.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-14 07:15:57 -03:00
laurentsimon
b149223223
feat(docs): Update command in SLSA verification blog post (#4420) 
Great blog post! I added it to the documentation of the
https://github.com/slsa-framework/slsa-github-generator :)

This PR fixes the command to verify SLSA provenance in the blog post
https://goreleaser.com/blog/slsa-generation-for-your-artifacts/.

The verification for binary artifacts is correct.

The verification for container images is incorrect:
- The command verifies the identity of the builder only, but it should
also verify the source repository
- The command does not verify the release version, which _may_ allows an
attacker to perform a downgrade attack. (not a super big deal, but still
useful to close this gap if the image was built on a tag trigger)

This follows the same steps on argoCD's documentation
https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets/#verification-of-container-image-with-slsa-attestations

Thanks!

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>
 2023-11-13 12:35:44 -03:00
actions-user
c4a33d5b83 chore: docs auto-update 2023-11-09 00:13:54 +00:00
dependabot[bot]
7d293855e8
fix(deps): bump golang from 1.21.3-alpine to 1.21.4-alpine (#4414) 
Bumps golang from 1.21.3-alpine to 1.21.4-alpine.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang&package-manager=docker&previous-version=1.21.3-alpine&new-version=1.21.4-alpine)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-08 08:56:31 -03:00
dependabot[bot]
926760eac1
chore(deps): bump sigstore/cosign-installer from 3.1.2 to 3.2.0 (#4413) 
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 3.1.2 to 3.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.0</h2>
<p><strong>Note: This release comes with a fix for CVE-2023-46737
described in this <a
href="https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9">Github
Security Advisory</a>. Please upgrade to this release ASAP</strong></p>
<p>see <a
href="https://github.com/sigstore/cosign/releases/tag/v2.2.1">https://github.com/sigstore/cosign/releases/tag/v2.2.1</a></p>
<h2>What's Changed</h2>
<ul>
<li>Support the runner context of gitea act by <a
href="https://github.com/josedev-union"><code>@​josedev-union</code></a>
in <a
href="https://redirect.github.com/sigstore/cosign-installer/pull/147">sigstore/cosign-installer#147</a></li>
<li>bump cosign to v2.2.1 by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://redirect.github.com/sigstore/cosign-installer/pull/148">sigstore/cosign-installer#148</a></li>
<li>test with latest go version by <a
href="https://github.com/bobcallaway"><code>@​bobcallaway</code></a> in
<a
href="https://redirect.github.com/sigstore/cosign-installer/pull/150">sigstore/cosign-installer#150</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/josedev-union"><code>@​josedev-union</code></a>
made their first contribution in <a
href="https://redirect.github.com/sigstore/cosign-installer/pull/147">sigstore/cosign-installer#147</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v3...v3.2.0">https://github.com/sigstore/cosign-installer/compare/v3...v3.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1fc5bd396d"><code>1fc5bd3</code></a>
test with latest go version (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/150">#150</a>)</li>
<li><a
href="9ce7d6069f"><code>9ce7d60</code></a>
bump cosign to v2.2.1 (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/148">#148</a>)</li>
<li><a
href="4b014e3cf1"><code>4b014e3</code></a>
Support the runner context of gitea act (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/147">#147</a>)</li>
<li><a
href="38ab09d8bf"><code>38ab09d</code></a>
Bump actions/checkout from 4.1.0 to 4.1.1 (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/145">#145</a>)</li>
<li><a
href="9c520b997e"><code>9c520b9</code></a>
Bump actions/checkout from 4.0.0 to 4.1.0 (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/144">#144</a>)</li>
<li><a
href="ef6a6b364b"><code>ef6a6b3</code></a>
Bump actions/checkout from 3.6.0 to 4.0.0 (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/143">#143</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v3.1.2...v3.2.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=3.1.2&new-version=3.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-08 08:55:59 -03:00
Carlos Alexandro Becker
e33d053612
fix: --single-target when no match 
closes #4412
 2023-11-08 02:02:49 +00:00
Carlos Alexandro Becker
c0b2be344f
fix: handle configs with no explicit targets on --single-target 
closes #4411
 2023-11-07 11:40:31 +00:00
actions-user
17393af9fa chore: docs auto-update 2023-11-07 01:07:54 +00:00
Carlos Alexandro Becker
4f17fba173
build: fix setup-task rate limit 
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-11-07 01:05:02 +00:00
Carlos Alexandro Becker
be9ad4d47d
build: update workflow 
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-11-07 01:03:44 +00:00
Carlos Alexandro Becker
6b65ea5ca1
docs: update 
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-11-07 00:39:45 +00:00
dependabot[bot]
3a552a9df5
feat(deps): bump golang.org/x/sync from 0.4.0 to 0.5.0 (#4408) 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.4.0 to
0.5.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="10739b037d"><code>10739b0</code></a>
all: update go directive to 1.18</li>
<li>See full diff in <a
href="https://github.com/golang/sync/compare/v0.4.0...v0.5.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/sync&package-manager=go_modules&previous-version=0.4.0&new-version=0.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
Dependabot will merge this PR once CI passes on it, as requested by
@caarlos0.

[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-06 12:51:07 -03:00
dependabot[bot]
f20320b9e6
feat(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (#4410) 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from
1.7.0 to 1.8.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spf13/cobra/releases">github.com/spf13/cobra's
releases</a>.</em></p>
<blockquote>
<h2>v1.8.0</h2>
<h2> Features</h2>
<ul>
<li>Support usage as plugin for tools like kubectl by <a
href="https://github.com/nirs"><code>@​nirs</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2018">spf13/cobra#2018</a>
- this means that programs that utilize a &quot;plugin-like&quot;
structure have much better support and usage (like for completions,
command paths, etc.)</li>
<li>Move documentation sources to site/content by <a
href="https://github.com/umarcor"><code>@​umarcor</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/1428">spf13/cobra#1428</a></li>
<li>Add 'one required flag' group by <a
href="https://github.com/marevers"><code>@​marevers</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/1952">spf13/cobra#1952</a>
- this includes a new <code>MarkFlagsOneRequired</code> API for flags
which can be used to mark a flag group as required and cause command
failure if at least one is not used when invoked.</li>
<li>Customizable error message prefix by <a
href="https://github.com/5ouma"><code>@​5ouma</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2023">spf13/cobra#2023</a>
- This adds the <code>SetErrPrefix</code> and <code>ErrPrefix</code>
APIs on the <code>Command</code> struct to allow for setting a custom
prefix for errors</li>
<li>feat: add getters for flag completions by <a
href="https://github.com/avirtopeanu-ionos"><code>@​avirtopeanu-ionos</code></a>
in <a
href="https://redirect.github.com/spf13/cobra/pull/1943">spf13/cobra#1943</a></li>
<li>Feature: allow running persistent run hooks of all parents by <a
href="https://github.com/vkhoroz"><code>@​vkhoroz</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2044">spf13/cobra#2044</a></li>
<li>Improve API to get flag completion function by <a
href="https://github.com/marckhouzam"><code>@​marckhouzam</code></a> in
<a
href="https://redirect.github.com/spf13/cobra/pull/2063">spf13/cobra#2063</a></li>
</ul>
<h2>🐛 Bug fixes</h2>
<ul>
<li>Fix typo in fish completions by <a
href="https://github.com/twpayne"><code>@​twpayne</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/1945">spf13/cobra#1945</a></li>
<li>Fix grammar: 'allows to' by <a
href="https://github.com/supertassu"><code>@​supertassu</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/1978">spf13/cobra#1978</a></li>
<li>powershell: escape variable with curly brackets by <a
href="https://github.com/Luap99"><code>@​Luap99</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/1960">spf13/cobra#1960</a></li>
<li>Don't complete --help flag when flag parsing disabled by <a
href="https://github.com/marckhouzam"><code>@​marckhouzam</code></a> in
<a
href="https://redirect.github.com/spf13/cobra/pull/2061">spf13/cobra#2061</a></li>
<li>Replace all non-alphanumerics in active help env var program prefix
by <a href="https://github.com/scop"><code>@​scop</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/1940">spf13/cobra#1940</a></li>
</ul>
<h2>🔧 Maintenance</h2>
<ul>
<li>build(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://redirect.github.com/spf13/cobra/pull/1971">spf13/cobra#1971</a></li>
<li>build(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://redirect.github.com/spf13/cobra/pull/1976">spf13/cobra#1976</a></li>
<li>build(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://redirect.github.com/spf13/cobra/pull/2021">spf13/cobra#2021</a></li>
<li>build(deps): bump actions/setup-go from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/1934">spf13/cobra#1934</a></li>
<li>build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.2 to
2.0.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2047">spf13/cobra#2047</a></li>
<li>build(deps): bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2028">spf13/cobra#2028</a></li>
<li>command: temporarily disable G602 due to <a
href="https://redirect.github.com/securego/gosec/issues/1005">securego/gosec#1005</a>
by <a href="https://github.com/umarcor"><code>@​umarcor</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2022">spf13/cobra#2022</a></li>
</ul>
<h2>🧪 Testing &amp; CI/CD</h2>
<ul>
<li>test: make fish_completions_test more robust by <a
href="https://github.com/branchvincent"><code>@​branchvincent</code></a>
in <a
href="https://redirect.github.com/spf13/cobra/pull/1980">spf13/cobra#1980</a></li>
<li>golangci: enable 'unused' and disable deprecated replaced by it by
<a href="https://github.com/umarcor"><code>@​umarcor</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/1983">spf13/cobra#1983</a></li>
<li>cleanup: minor corrections to unit tests by <a
href="https://github.com/JunNishimura"><code>@​JunNishimura</code></a>
in <a
href="https://redirect.github.com/spf13/cobra/pull/2003">spf13/cobra#2003</a></li>
<li>ci: test golang 1.21 by <a
href="https://github.com/nunoadrego"><code>@​nunoadrego</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2024">spf13/cobra#2024</a></li>
<li>Fix linter errors by <a
href="https://github.com/marckhouzam"><code>@​marckhouzam</code></a> in
<a
href="https://redirect.github.com/spf13/cobra/pull/2052">spf13/cobra#2052</a></li>
<li>Add tests for flag completion registration by <a
href="https://github.com/marckhouzam"><code>@​marckhouzam</code></a> in
<a
href="https://redirect.github.com/spf13/cobra/pull/2053">spf13/cobra#2053</a></li>
</ul>
<h2>✏️ Documentation</h2>
<ul>
<li>doc: fix typo, Deperecated -&gt; Deprecated by <a
href="https://github.com/callthingsoff"><code>@​callthingsoff</code></a>
in <a
href="https://redirect.github.com/spf13/cobra/pull/2000">spf13/cobra#2000</a></li>
<li>Add notes to doc about the execution condition of *PreRun and
*PostRun functions by <a
href="https://github.com/haoming29"><code>@​haoming29</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2041">spf13/cobra#2041</a></li>
</ul>
<hr />
<p>Thank you everyone who contributed to this release and all your hard
work! Cobra and this community would never be possible without all of
you!!!! 🐍</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0">https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a0a6ae020b"><code>a0a6ae0</code></a>
Improve API to get flag completion function (<a
href="https://redirect.github.com/spf13/cobra/issues/2063">#2063</a>)</li>
<li><a
href="890302a35f"><code>890302a</code></a>
Support usage as plugin for tools like kubectl (<a
href="https://redirect.github.com/spf13/cobra/issues/2018">#2018</a>)</li>
<li><a
href="48cea5c87b"><code>48cea5c</code></a>
build(deps): bump actions/checkout from 3 to 4 (<a
href="https://redirect.github.com/spf13/cobra/issues/2028">#2028</a>)</li>
<li><a
href="22953d8845"><code>22953d8</code></a>
Replace all non-alphanumerics in active help env var program prefix (<a
href="https://redirect.github.com/spf13/cobra/issues/1940">#1940</a>)</li>
<li><a
href="00b68a1c26"><code>00b68a1</code></a>
Add tests for flag completion registration (<a
href="https://redirect.github.com/spf13/cobra/issues/2053">#2053</a>)</li>
<li><a
href="b711e8760b"><code>b711e87</code></a>
Don't complete --help flag when flag parsing disabled (<a
href="https://redirect.github.com/spf13/cobra/issues/2061">#2061</a>)</li>
<li><a
href="8b1eba4761"><code>8b1eba4</code></a>
Fix linter errors (<a
href="https://redirect.github.com/spf13/cobra/issues/2052">#2052</a>)</li>
<li><a
href="4cafa37bc4"><code>4cafa37</code></a>
Allow running persistent run hooks of all parents (<a
href="https://redirect.github.com/spf13/cobra/issues/2044">#2044</a>)</li>
<li><a
href="5c962a221e"><code>5c962a2</code></a>
build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.2 to 2.0.3
(<a
href="https://redirect.github.com/spf13/cobra/issues/2047">#2047</a>)</li>
<li><a
href="efe8fa3e44"><code>efe8fa3</code></a>
build(deps): bump actions/setup-go from 3 to 4 (<a
href="https://redirect.github.com/spf13/cobra/issues/1934">#1934</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/spf13/cobra/compare/v1.7.0...v1.8.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/spf13/cobra&package-manager=go_modules&previous-version=1.7.0&new-version=1.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
Dependabot will merge this PR once CI passes on it, as requested by
@caarlos0.

[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-06 12:44:28 -03:00
dependabot[bot]
a9b3d49e59
feat(deps): bump golang.org/x/text from 0.13.0 to 0.14.0 (#4409) 
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.13.0 to
0.14.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6c97a165dd"><code>6c97a16</code></a>
all: update go directive to 1.18</li>
<li>See full diff in <a
href="https://github.com/golang/text/compare/v0.13.0...v0.14.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/text&package-manager=go_modules&previous-version=0.13.0&new-version=0.14.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
Dependabot will merge this PR once CI passes on it, as requested by
@caarlos0.

[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-06 12:44:16 -03:00
Ernst Widerberg
d2d910f54f
docs: fix typos (#4406) 2023-11-06 09:14:07 -03:00