goreleaser

mirror of https://github.com/goreleaser/goreleaser.git synced 2025-01-10 03:47:03 +02:00

Author	SHA1	Message	Date
Carlos Alexandro Becker	937aa9eddf	build: rename file	2023-08-03 02:20:15 +00:00
Carlos Alexandro Becker	7ea7ac5d97	build: rename workflow	2023-08-03 02:17:55 +00:00
Carlos Alexandro Becker	204d14ae64	build: release nightly every Thursday (#4211 ) closes #3501	2023-08-02 23:17:03 -03:00
dependabot[bot]	77f97a6092	chore(deps): bump the github-actions group with 1 update (#4185 )	2023-07-21 16:58:14 +00:00
dependabot[bot]	b95fd39486	chore(deps): bump the github-actions group with 1 update (#4168 ) Bumps the github-actions group with 1 update: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action). <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v2.9.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.6.0 to 0.7.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/246">docker/setup-buildx-action#246</a> <ul> <li>Adds support to cache Buildx binary to hosted tool cache and GHA cache backend</li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v2.8.0...v2.9.0">https://github.com/docker/setup-buildx-action/compare/v2.8.0...v2.9.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`2a1a44ac4a`"><code>2a1a44a</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/246">#246</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="`a6c26a99ef`"><code>a6c26a9</code></a> update ci workflow</li> <li><a href="`a5a7f565d9`"><code>a5a7f56</code></a> update generated content</li> <li><a href="`7d7611f95b`"><code>7d7611f</code></a> Bump <code>@docker/actions-toolkit</code> from 0.6.0 to 0.7.0</li> <li>See full diff in <a href="`16c0bc4a6e...2a1a44ac4a`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.8.0&new-version=2.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-07 10:32:08 -03:00
dependabot[bot]	c16ffc40a1	chore(deps): bump docker/setup-buildx-action from 2.7.0 to 2.8.0 (#4155 ) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.7.0 to 2.8.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v2.8.0</h2> <ul> <li>Only set specific flags for drivers supporting them by <a href="https://github.com/nicks"><code>@nicks</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/241">docker/setup-buildx-action#241</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.5.0 to 0.6.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/242">docker/setup-buildx-action#242</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v2.7.0...v2.8.0">https://github.com/docker/setup-buildx-action/compare/v2.7.0...v2.8.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`16c0bc4a6e`"><code>16c0bc4</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/242">#242</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="`ebcacb9c21`"><code>ebcacb9</code></a> update generated content</li> <li><a href="`496a823b8b`"><code>496a823</code></a> Bump <code>@docker/actions-toolkit</code> from 0.5.0 to 0.6.0</li> <li><a href="`a56031a493`"><code>a56031a</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/241">#241</a> from nicks/nicks/driver</li> <li><a href="`922550f064`"><code>922550f</code></a> context: only append flags if we know the driver supports them</li> <li>See full diff in <a href="`ecf95283f0...16c0bc4a6e`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.7.0&new-version=2.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-29 13:34:00 -03:00
dependabot[bot]	d827252bd3	chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#4147 ) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's releases</a>.</em></p> <blockquote> <h2>v3.1.1</h2> <h2>What's Changed</h2> <ul> <li>default cosign to v2.1.1 by <a href="https://github.com/cpanato"><code>@cpanato</code></a> in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/137">sigstore/cosign-installer#137</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v3.1.0...v3.1.1">https://github.com/sigstore/cosign-installer/compare/v3.1.0...v3.1.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`6e04d228eb`"><code>6e04d22</code></a> default cosign to v2.1.1 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/137">#137</a>)</li> <li>See full diff in <a href="https://github.com/sigstore/cosign-installer/compare/v3.1.0...v3.1.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=3.1.0&new-version=3.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-28 09:46:15 -03:00
dependabot[bot]	e9eda52291	chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#4141 )	2023-06-26 13:17:09 +00:00
Carlos Alexandro Becker	0b1a6bbfea	chore: fmt Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>	2023-06-21 22:09:27 +00:00
dependabot[bot]	cb77f8d667	chore(deps): bump anchore/sbom-action from 0.14.2 to 0.14.3 (#4130 )	2023-06-21 19:13:11 +00:00
dependabot[bot]	db6a1704ed	chore(deps): bump cachix/install-nix-action from 21 to 22 (#4125 ) Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 21 to 22. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cachix/install-nix-action/releases">cachix/install-nix-action's releases</a>.</em></p> <blockquote> <h2>install-nix-action-v22</h2> <ul> <li>Nix 2.16.1</li> <li>Fix issues with System Integrity Protection when using macos-12</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`6ed004b9cc`"><code>6ed004b</code></a> Merge pull request <a href="https://redirect.github.com/cachix/install-nix-action/issues/184">#184</a> from cachix/macos-bump</li> <li><a href="`e27879448e`"><code>e278794</code></a> Nix: 2.15.1 -> 2.16.1</li> <li><a href="`8ab3881720`"><code>8ab3881</code></a> use system certs</li> <li><a href="`16b951426e`"><code>16b9514</code></a> Merge pull request <a href="https://redirect.github.com/cachix/install-nix-action/issues/182">#182</a> from l0b0/feat/configure-editors</li> <li><a href="`2c203fd87b`"><code>2c203fd</code></a> feat: Configure editors</li> <li>See full diff in <a href="https://github.com/cachix/install-nix-action/compare/v21...v22">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cachix/install-nix-action&package-manager=github_actions&previous-version=21&new-version=22)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-19 08:59:24 -03:00
dependabot[bot]	605467bfa4	chore(deps): bump docker/setup-buildx-action from 2.6.0 to 2.7.0 (#4100 ) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.6.0 to 2.7.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v2.7.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.3.0 to 0.5.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/237">docker/setup-buildx-action#237</a> <a href="https://redirect.github.com/docker/setup-buildx-action/pull/238">docker/setup-buildx-action#238</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v2.6.0...v2.7.0">https://github.com/docker/setup-buildx-action/compare/v2.6.0...v2.7.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`ecf95283f0`"><code>ecf9528</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/238">#238</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="`b2a38ee0c6`"><code>b2a38ee</code></a> update generated content</li> <li><a href="`7f79690cac`"><code>7f79690</code></a> Bump <code>@docker/actions-toolkit</code> from 0.4.0 to 0.5.0</li> <li><a href="`bdd549bec0`"><code>bdd549b</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/237">#237</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="`be4a3855af`"><code>be4a385</code></a> update generated content</li> <li><a href="`6c4dbb29f6`"><code>6c4dbb2</code></a> Bump <code>@docker/actions-toolkit</code> from 0.3.0 to 0.4.0</li> <li>See full diff in <a href="`6a58db7e0d...ecf95283f0`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.6.0&new-version=2.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-14 09:35:59 -03:00
dependabot[bot]	28a7e5309d	chore(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (#4093 ) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.5.0 to 3.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golangci/golangci-lint-action/releases">golangci/golangci-lint-action's releases</a>.</em></p> <blockquote> <h2>v3.6.0</h2> <h2>What's Changed</h2> <ul> <li>docs: fix example by <a href="https://github.com/yuki0920"><code>@yuki0920</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/762">golangci/golangci-lint-action#762</a></li> <li>doc: Add custom configuration file path to args by <a href="https://github.com/Aisuko"><code>@Aisuko</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/767">golangci/golangci-lint-action#767</a></li> <li>feat: add install-mode by <a href="https://github.com/ldez"><code>@ldez</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/768">golangci/golangci-lint-action#768</a></li> <li>feat: support out-format as args by <a href="https://github.com/jrehwaldt"><code>@jrehwaldt</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/769">golangci/golangci-lint-action#769</a></li> <li>fix: out-format by <a href="https://github.com/ldez"><code>@ldez</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/770">golangci/golangci-lint-action#770</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/yuki0920"><code>@yuki0920</code></a> made their first contribution in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/762">golangci/golangci-lint-action#762</a></li> <li><a href="https://github.com/Aisuko"><code>@Aisuko</code></a> made their first contribution in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/767">golangci/golangci-lint-action#767</a></li> <li><a href="https://github.com/ldez"><code>@ldez</code></a> made their first contribution in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/768">golangci/golangci-lint-action#768</a></li> <li><a href="https://github.com/jrehwaldt"><code>@jrehwaldt</code></a> made their first contribution in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/769">golangci/golangci-lint-action#769</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/golangci/golangci-lint-action/compare/v3.5.0...v3.6.0">https://github.com/golangci/golangci-lint-action/compare/v3.5.0...v3.6.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`639cd343e1`"><code>639cd34</code></a> tests: increase timeout</li> <li><a href="`569abaa281`"><code>569abaa</code></a> fix: out-format (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/770">#770</a>)</li> <li><a href="`c57cc43669`"><code>c57cc43</code></a> build(deps-dev): bump typescript from 5.0.4 to 5.1.3 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/764">#764</a>)</li> <li><a href="`322510a3ea`"><code>322510a</code></a> feat: support out-format as args (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/769">#769</a>)</li> <li><a href="`185e7a2f8f`"><code>185e7a2</code></a> feat: add install-mode (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/768">#768</a>)</li> <li><a href="`5be60c708e`"><code>5be60c7</code></a> docs: improve args examples</li> <li><a href="`825a50d3a2`"><code>825a50d</code></a> chore: update workflow and doc</li> <li><a href="`8c13ec4e5d`"><code>8c13ec4</code></a> doc: Add custom configuration file path to args (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/767">#767</a>)</li> <li><a href="`416b5d0b48`"><code>416b5d0</code></a> build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.59.7 to 5.59.8 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/765">#765</a>)</li> <li><a href="`66a608006f`"><code>66a6080</code></a> build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.59.7 to 5.59.8 ...</li> <li>Additional commits viewable in <a href="`5f1fec7010...639cd343e1`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=3.5.0&new-version=3.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @caarlos0. [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-13 14:22:58 +00:00
dependabot[bot]	215b96af55	chore(deps): bump github/codeql-action from 2.3.6 to 2.13.4 (#4087 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.6 to 2.13.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>CodeQL Bundle</h2> <p>Bundles CodeQL CLI v2.13.4</p> <ul> <li>(<a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.13.4">release</a>)</li> </ul> <p>Includes the following CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4"><code>github/codeql@codeql-cli/v2.13.4</code></a>:</p> <ul> <li><code>codeql/cpp-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/src">source</a>)</li> <li><code>codeql/cpp-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/lib">source</a>)</li> <li><code>codeql/csharp-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/src">source</a>)</li> <li><code>codeql/csharp-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/lib">source</a>)</li> <li><code>codeql/go-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/src">source</a>)</li> <li><code>codeql/go-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/lib">source</a>)</li> <li><code>codeql/java-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/src">source</a>)</li> <li><code>codeql/java-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/lib">source</a>)</li> <li><code>codeql/javascript-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/src">source</a>)</li> <li><code>codeql/javascript-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/lib">source</a>)</li> <li><code>codeql/python-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/src">source</a>)</li> <li><code>codeql/python-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/lib">source</a>)</li> <li><code>codeql/ruby-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/src">source</a>)</li> <li><code>codeql/ruby-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/lib">source</a>)</li> <li><code>codeql/swift-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/src">source</a>)</li> <li><code>codeql/swift-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/lib">source</a>)</li> </ul> <h2>CodeQL Bundle v2.6.0-beta.1</h2> <p>Bundles CodeQL CLI <a href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.6.0-beta.1">v2.6.0-beta.1</a></p> <h3>⚠️ This is a beta release containing a new CodeQL packaging feature. It may not be compatible with existing workflows.</h3> <p>This release contains beta support for <strong>CodeQL packs</strong>. Please read the documentation below for more information:</p> <ul> <li><a href="https://codeql.github.com/docs/codeql-cli/about-codeql-packs">Using CodeQL packs with the CodeQL CLI</a></li> <li><a href="https://docs.github.com/en/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-codeql-query-packs">Using CodeQL packs in Code Scanning on GitHub Actions</a></li> <li><a href="https://docs.github.com/en/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system#downloading-and-using-codeql-query-packs">Using CodeQL packs in Code Scanning on 3rd-party CI systems</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.3.6 - 01 Jun 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.3. <a href="https://redirect.github.com/github/codeql-action/pull/1698">#1698</a></li> </ul> <h2>2.3.5 - 25 May 2023</h2> <ul> <li>Allow invalid URIs to be used as values to <code>artifactLocation.uri</code> properties. This reverses a change from <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a> that inadvertently led to stricter validation of some URI values. <a href="https://redirect.github.com/github/codeql-action/pull/1705">#1705</a></li> <li>Gracefully handle invalid URIs when fingerprinting. <a href="https://redirect.github.com/github/codeql-action/pull/1694">#1694</a></li> </ul> <h2>2.3.4 - 24 May 2023</h2> <ul> <li>Updated the SARIF 2.1.0 JSON schema file to the latest from <a href="`123e95847b/Schemata/sarif-schema-2.1.0.json`">oasis-tcs/sarif-spec</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a></li> <li>We are rolling out a feature in May 2023 that will disable Python dependency installation for new users of the CodeQL Action. This improves the speed of analysis while having only a very minor impact on results. <a href="https://redirect.github.com/github/codeql-action/pull/1676">#1676</a></li> <li>We are improving the way that <a href="https://github.com/github/codeql-action/releases">CodeQL bundles</a> are tagged to make it possible to easily identify bundles by their CodeQL semantic version. <a href="https://redirect.github.com/github/codeql-action/pull/1682">#1682</a> <ul> <li>As of CodeQL CLI 2.13.4, CodeQL bundles will be tagged using semantic versions, for example <code>codeql-bundle-v2.13.4</code>, instead of timestamps, like <code>codeql-bundle-20230615</code>.</li> <li>This change does not affect the majority of workflows, and we will not be changing tags for existing bundle releases.</li> <li>Some workflows with custom logic that depends on the specific format of the CodeQL bundle tag may need to be updated. For example, if your workflow matches CodeQL bundle tag names against a <code>codeql-bundle-yyyymmdd</code> pattern, you should update it to also recognize <code>codeql-bundle-vx.y.z</code> tags.</li> </ul> </li> <li>Remove the requirement for <code>on.push</code> and <code>on.pull_request</code> to trigger on the same branches. <a href="https://redirect.github.com/github/codeql-action/pull/1675">#1675</a></li> </ul> <h2>2.3.3 - 04 May 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.1. <a href="https://redirect.github.com/github/codeql-action/pull/1664">#1664</a></li> <li>You can now configure CodeQL within your code scanning workflow by passing a <code>config</code> input to the <code>init</code> Action. See <a href="https://aka.ms/code-scanning-docs/config-file">Using a custom configuration file</a> for more information about configuring code scanning. <a href="https://redirect.github.com/github/codeql-action/pull/1590">#1590</a></li> </ul> <h2>2.3.2 - 27 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.3.1 - 26 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.3.0 - 21 Apr 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.0. <a href="https://redirect.github.com/github/codeql-action/pull/1649">#1649</a></li> <li>Bump the minimum CodeQL bundle version to 2.8.5. <a href="https://redirect.github.com/github/codeql-action/pull/1618">#1618</a></li> </ul> <h2>2.2.12 - 13 Apr 2023</h2> <ul> <li>Include the value of the <code>GITHUB_RUN_ATTEMPT</code> environment variable in the telemetry sent to GitHub. <a href="https://redirect.github.com/github/codeql-action/pull/1640">#1640</a></li> <li>Improve the ease of debugging failed runs configured using <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically">default setup</a>. The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page">tool status page</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1619">#1619</a></li> </ul> <h2>2.2.11 - 06 Apr 2023</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`cdcdbb5797`"><code>cdcdbb5</code></a> PR checks: stop setting experimental Swift var for new CLI versions (<a href="https://redirect.github.com/github/codeql-action/issues/1718">#1718</a>)</li> <li><a href="`8b0f2cf9da`"><code>8b0f2cf</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1717">#1717</a> from github/henrymercer/fix-changelog</li> <li><a href="`a35a881b65`"><code>a35a881</code></a> Fix changelog for 2.3.6</li> <li><a href="`d8667207b6`"><code>d866720</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1714">#1714</a> from github/mergeback/v2.3.6-to-main-83f0fe6c</li> <li><a href="`926a4898bc`"><code>926a489</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1712">#1712</a> from github/henrymercer/remove-unused-env-var</li> <li><a href="`5c63cc5b1c`"><code>5c63cc5</code></a> Update checked-in dependencies</li> <li><a href="`30a3b9a904`"><code>30a3b9a</code></a> Update changelog and version after v2.3.6</li> <li><a href="`dfc31c9995`"><code>dfc31c9</code></a> Convert <code>actions-util</code> docs to JSDoc</li> <li><a href="`019a40b91a`"><code>019a40b</code></a> Inline checks for producing a better error message for Dependabot PRs</li> <li><a href="`ae005db7f8`"><code>ae005db</code></a> Merge branch 'main' into henrymercer/remove-unused-env-var</li> <li>Additional commits viewable in <a href="`83f0fe6c49...cdcdbb5797`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.3.6&new-version=2.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-12 08:57:35 -03:00
dependabot[bot]	980bccd1fe	chore(deps): bump actions/checkout from 3.4.0 to 3.5.3 (#4088 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.4.0 to 3.5.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v3.5.3</h2> <h2>What's Changed</h2> <ul> <li>Fix: Checkout Issue in self hosted runner due to faulty submodule check-ins by <a href="https://github.com/megamanics"><code>@megamanics</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1196">actions/checkout#1196</a></li> <li>Fix typos found by codespell by <a href="https://github.com/DimitriPapadopoulos"><code>@DimitriPapadopoulos</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1287">actions/checkout#1287</a></li> <li>Add support for sparse checkouts by <a href="https://github.com/dscho"><code>@dscho</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1369">actions/checkout#1369</a></li> <li>Release v3.5.3 by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1376">actions/checkout#1376</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/megamanics"><code>@megamanics</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1196">actions/checkout#1196</a></li> <li><a href="https://github.com/DimitriPapadopoulos"><code>@DimitriPapadopoulos</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1287">actions/checkout#1287</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3...v3.5.3">https://github.com/actions/checkout/compare/v3...v3.5.3</a></p> <h2>v3.5.2</h2> <h2>What's Changed</h2> <ul> <li>Fix: Use correct API url / endpoint in GHES by <a href="https://github.com/fhammerl"><code>@fhammerl</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1289">actions/checkout#1289</a> based on <a href="https://redirect.github.com/actions/checkout/issues/1286">#1286</a> by <a href="https://github.com/1newsr"><code>@1newsr</code></a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.5.1...v3.5.2">https://github.com/actions/checkout/compare/v3.5.1...v3.5.2</a></p> <h2>v3.5.1</h2> <h2>What's Changed</h2> <ul> <li>Improve checkout performance on Windows runners by upgrading <code>@actions/github</code> dependency by <a href="https://github.com/BrettDong"><code>@BrettDong</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1246">actions/checkout#1246</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/BrettDong"><code>@BrettDong</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1246">actions/checkout#1246</a></li> <li><a href="https://github.com/fhammerl"><code>@fhammerl</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1284">actions/checkout#1284</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.5.0...v3.5.1">https://github.com/actions/checkout/compare/v3.5.0...v3.5.1</a></p> <h2>v3.5.0</h2> <h2>What's Changed</h2> <ul> <li>Add new public key for known_hosts by <a href="https://github.com/cdb"><code>@cdb</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1237">actions/checkout#1237</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/cdb"><code>@cdb</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1237">actions/checkout#1237</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.4.0...v3.5.0">https://github.com/actions/checkout/compare/v3.4.0...v3.5.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v3.5.3</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1196">Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1287">Fix typos found by codespell</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1369">Add support for sparse checkouts</a></li> </ul> <h2>v3.5.2</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1289">Fix api endpoint for GHES</a></li> </ul> <h2>v3.5.1</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1246">Fix slow checkout on Windows</a></li> </ul> <h2>v3.5.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1237">Add new public key for known_hosts</a></li> </ul> <h2>v3.4.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1209">Upgrade codeql actions to v2</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1210">Upgrade dependencies</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1225">Upgrade <code>@actions/io</code></a></li> </ul> <h2>v3.3.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1045">Implement branch list using callbacks from exec function</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1050">Add in explicit reference to private checkout options</a></li> <li>[Fix comment typos (that got added in <a href="https://redirect.github.com/actions/checkout/issues/770">#770</a>)](<a href="https://redirect.github.com/actions/checkout/pull/1057">actions/checkout#1057</a>)</li> </ul> <h2>v3.2.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/942">Add GitHub Action to perform release</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/967">Fix status badge</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1002">Replace datadog/squid with ubuntu/squid Docker image</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/964">Wrap pipeline commands for submoduleForeach in quotes</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1029">Update <code>@actions/io</code> to 1.1.2</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1039">Upgrading version to 3.2.0</a></li> </ul> <h2>v3.1.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/939">Use <code>@actions/core</code> <code>saveState</code> and <code>getState</code></a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/922">Add <code>github-server-url</code> input</a></li> </ul> <h2>v3.0.2</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/770">Add input <code>set-safe-directory</code></a></li> </ul> <h2>v3.0.1</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/762">Fixed an issue where checkout failed to run in container jobs due to the new git setting <code>safe.directory</code></a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/744">Bumped various npm package versions</a></li> </ul> <h2>v3.0.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/689">Update to node 16</a></li> </ul> <h2>v2.3.1</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`c85c95e3d7`"><code>c85c95e</code></a> Release v3.5.3 (<a href="https://redirect.github.com/actions/checkout/issues/1376">#1376</a>)</li> <li><a href="`d106d4669b`"><code>d106d46</code></a> Add support for sparse checkouts (<a href="https://redirect.github.com/actions/checkout/issues/1369">#1369</a>)</li> <li><a href="`f095bcc56b`"><code>f095bcc</code></a> Fix typos found by codespell (<a href="https://redirect.github.com/actions/checkout/issues/1287">#1287</a>)</li> <li><a href="`47fbe2df0a`"><code>47fbe2d</code></a> Fix: Checkout fail in self-hosted runners when faulty submodule are checked-i...</li> <li><a href="`8e5e7e5ab8`"><code>8e5e7e5</code></a> Release v3.5.2 (<a href="https://redirect.github.com/actions/checkout/issues/1291">#1291</a>)</li> <li><a href="`eb35239ec2`"><code>eb35239</code></a> Fix: convert baseUrl to serverApiUrl 'formatted' (<a href="https://redirect.github.com/actions/checkout/issues/1289">#1289</a>)</li> <li><a href="`83b7061638`"><code>83b7061</code></a> Release v3.5.1 (<a href="https://redirect.github.com/actions/checkout/issues/1284">#1284</a>)</li> <li><a href="`40a16ebeed`"><code>40a16eb</code></a> Improve checkout performance on Windows runners by upgrading <code>@actions/github</code> ...</li> <li><a href="`8f4b7f8486`"><code>8f4b7f8</code></a> Add new public key for known_hosts (<a href="https://redirect.github.com/actions/checkout/issues/1237">#1237</a>)</li> <li><a href="`cd6a9fd493`"><code>cd6a9fd</code></a> Update update-main-version.yml</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/v3.4.0...c85c95e3d7251135ab7dc9ce3241c5835cc595a9">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.4.0&new-version=3.5.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-12 08:57:05 -03:00
dependabot[bot]	25c3ed2a7f	chore(deps): bump docker/login-action from 2.1.0 to 2.2.0 (#4082 ) [//]: # (dependabot-start) ⚠️ Dependabot is rebasing this PR ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [docker/login-action](https://github.com/docker/login-action) from 2.1.0 to 2.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v2.2.0</h2> <h2>What's Changed</h2> <ul> <li>Switch to actions-toolkit implementation by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/409">docker/login-action#409</a> <a href="https://redirect.github.com/docker/login-action/pull/470">docker/login-action#470</a> <a href="https://redirect.github.com/docker/login-action/pull/476">docker/login-action#476</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> and <code>@aws-sdk/client-ecr-public</code> to 3.347.1 in <a href="https://redirect.github.com/docker/login-action/pull/524">docker/login-action#524</a> <a href="https://redirect.github.com/docker/login-action/pull/364">docker/login-action#364</a> <a href="https://redirect.github.com/docker/login-action/pull/363">docker/login-action#363</a></li> <li>Bump minimatch from 3.0.4 to 3.1.2 in <a href="https://redirect.github.com/docker/login-action/pull/354">docker/login-action#354</a></li> <li>Bump json5 from 2.2.0 to 2.2.3 in <a href="https://redirect.github.com/docker/login-action/pull/378">docker/login-action#378</a></li> <li>Bump http-proxy-agent from 5.0.0 to 7.0.0 in <a href="https://redirect.github.com/docker/login-action/pull/509">docker/login-action#509</a></li> <li>Bump https-proxy-agent from 5.0.1 to 7.0.0 in <a href="https://redirect.github.com/docker/login-action/pull/508">docker/login-action#508</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v2.1.0...v2.2.0">https://github.com/docker/login-action/compare/v2.1.0...v2.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`465a07811f`"><code>465a078</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/524">#524</a> from crazy-max/bump-aws</li> <li><a href="`360b4b5fef`"><code>360b4b5</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/512">#512</a> from jhihruei/change/update-gitlab-readme</li> <li><a href="`c156700b23`"><code>c156700</code></a> update generated content</li> <li><a href="`f605cf145e`"><code>f605cf1</code></a> bump <code>@aws-sdk/client-ecr</code> and <code>@aws-sdk/client-ecr-public</code> to 3.347.1</li> <li><a href="`2a93a3eddb`"><code>2a93a3e</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/508">#508</a> from docker/dependabot/npm_and_yarn/https-proxy-agent...</li> <li><a href="`422e90f610`"><code>422e90f</code></a> update generated content</li> <li><a href="`bc8c4d08b4`"><code>bc8c4d0</code></a> build(deps): bump https-proxy-agent from 5.0.1 to 7.0.0</li> <li><a href="`052c2c4268`"><code>052c2c4</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/509">#509</a> from docker/dependabot/npm_and_yarn/http-proxy-agent-...</li> <li><a href="`beabccd65a`"><code>beabccd</code></a> update generated content</li> <li><a href="`b56ed1c88d`"><code>b56ed1c</code></a> build(deps): bump http-proxy-agent from 5.0.0 to 7.0.0</li> <li>Additional commits viewable in <a href="`f4ef78c080...465a07811f`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/login-action&package-manager=github_actions&previous-version=2.1.0&new-version=2.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>	2023-06-08 09:41:57 -03:00
dependabot[bot]	6f0cb99477	chore(deps): bump docker/setup-buildx-action from 2.5.0 to 2.6.0 (#4083 ) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.5.0 to 2.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v2.6.0</h2> <h2>What's Changed</h2> <ul> <li>Set node name for k8s driver when appending nodes by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/219">docker/setup-buildx-action#219</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.1.0-beta.18 to 0.3.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/220">docker/setup-buildx-action#220</a> <a href="https://redirect.github.com/docker/setup-buildx-action/pull/229">docker/setup-buildx-action#229</a> <a href="https://redirect.github.com/docker/setup-buildx-action/pull/231">docker/setup-buildx-action#231</a> <a href="https://redirect.github.com/docker/setup-buildx-action/pull/236">docker/setup-buildx-action#236</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v2.5.0...v2.6.0">https://github.com/docker/setup-buildx-action/compare/v2.5.0...v2.6.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`6a58db7e0d`"><code>6a58db7</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/236">#236</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="`d56292e348`"><code>d56292e</code></a> update generated content</li> <li><a href="`790eb2db47`"><code>790eb2d</code></a> Bump <code>@docker/actions-toolkit</code> from 0.2.0 to 0.3.0</li> <li><a href="`2a81c53912`"><code>2a81c53</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/231">#231</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="`00b2400aad`"><code>00b2400</code></a> update generated content</li> <li><a href="`484614d7a1`"><code>484614d</code></a> Bump <code>@docker/actions-toolkit</code> from 0.1.0 to 0.2.0</li> <li><a href="`d95759405f`"><code>d957594</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/219">#219</a> from crazy-max/ci-k3s-append</li> <li><a href="`5bb6d36be0`"><code>5bb6d36</code></a> ci: set up and build with k3s</li> <li><a href="`a99c5e53ef`"><code>a99c5e5</code></a> update generated content</li> <li><a href="`fc1a41d2e5`"><code>fc1a41d</code></a> set node name for k8s driver when appending nodes</li> <li>Additional commits viewable in <a href="`4b4e9c3e2d...6a58db7e0d`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.5.0&new-version=2.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-08 09:41:17 -03:00
dependabot[bot]	8498279c5b	chore(deps): bump docker/setup-qemu-action from 2.1.0 to 2.2.0 (#4084 )	2023-06-08 09:10:29 -03:00
dependabot[bot]	0e92d1dae2	chore(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (#4072 ) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.4.0 to 3.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golangci/golangci-lint-action/releases">golangci/golangci-lint-action's releases</a>.</em></p> <blockquote> <h2>v3.5.0</h2> <h2>What's Changed</h2> <ul> <li>build(deps-dev): bump eslint from 8.32.0 to 8.33.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/659">golangci/golangci-lint-action#659</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.48.2 to 5.49.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/661">golangci/golangci-lint-action#661</a></li> <li>build(deps-dev): bump eslint-plugin-simple-import-sort from 9.0.0 to 10.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/662">golangci/golangci-lint-action#662</a></li> <li>build(deps-dev): bump <code>@vercel/ncc</code> from 0.36.0 to 0.36.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/660">golangci/golangci-lint-action#660</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.48.2 to 5.49.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/663">golangci/golangci-lint-action#663</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.49.0 to 5.50.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/665">golangci/golangci-lint-action#665</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.49.0 to 5.50.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/666">golangci/golangci-lint-action#666</a></li> <li>build(deps-dev): bump typescript from 4.9.4 to 4.9.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/667">golangci/golangci-lint-action#667</a></li> <li>build(deps): bump <code>@types/node</code> from 18.11.18 to 18.11.19 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/668">golangci/golangci-lint-action#668</a></li> <li>doc: add quote aroung go version by <a href="https://github.com/vaughany"><code>@vaughany</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/670">golangci/golangci-lint-action#670</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.50.0 to 5.51.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/671">golangci/golangci-lint-action#671</a></li> <li>build(deps-dev): bump prettier from 2.8.3 to 2.8.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/673">golangci/golangci-lint-action#673</a></li> <li>build(deps): bump <code>@types/node</code> from 18.11.19 to 18.13.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/674">golangci/golangci-lint-action#674</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.50.0 to 5.51.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/675">golangci/golangci-lint-action#675</a></li> <li>build(deps): bump <code>@actions/cache</code> from 3.1.2 to 3.1.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/672">golangci/golangci-lint-action#672</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.51.0 to 5.52.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/678">golangci/golangci-lint-action#678</a></li> <li>build(deps): bump <code>@types/node</code> from 18.13.0 to 18.14.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/679">golangci/golangci-lint-action#679</a></li> <li>build(deps-dev): bump eslint from 8.33.0 to 8.34.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/680">golangci/golangci-lint-action#680</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.51.0 to 5.52.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/681">golangci/golangci-lint-action#681</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.52.0 to 5.53.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/684">golangci/golangci-lint-action#684</a></li> <li>build(deps-dev): bump eslint from 8.34.0 to 8.35.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/685">golangci/golangci-lint-action#685</a></li> <li>build(deps): bump <code>@types/node</code> from 18.14.0 to 18.14.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/688">golangci/golangci-lint-action#688</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.52.0 to 5.53.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/687">golangci/golangci-lint-action#687</a></li> <li>build(deps): bump <code>@actions/cache</code> from 3.1.3 to 3.1.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/686">golangci/golangci-lint-action#686</a></li> <li>build(deps): bump <code>@types/node</code> from 18.14.2 to 18.14.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/691">golangci/golangci-lint-action#691</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.53.0 to 5.54.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/692">golangci/golangci-lint-action#692</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.53.0 to 5.54.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/693">golangci/golangci-lint-action#693</a></li> <li>build(deps-dev): bump eslint-config-prettier from 8.6.0 to 8.7.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/694">golangci/golangci-lint-action#694</a></li> <li>build(deps-dev): bump eslint from 8.35.0 to 8.36.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/699">golangci/golangci-lint-action#699</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.54.0 to 5.54.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/700">golangci/golangci-lint-action#700</a></li> <li>build(deps): bump <code>@types/node</code> from 18.14.6 to 18.15.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/701">golangci/golangci-lint-action#701</a></li> <li>docs/build: update to setup-go@v4 by <a href="https://github.com/caarlos0"><code>@caarlos0</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/704">golangci/golangci-lint-action#704</a></li> <li>build(deps-dev): bump typescript from 4.9.5 to 5.0.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/705">golangci/golangci-lint-action#705</a></li> <li>build(deps): bump <code>@types/node</code> from 18.15.1 to 18.15.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/706">golangci/golangci-lint-action#706</a></li> <li>build(deps): bump <code>@actions/http-client</code> from 2.0.1 to 2.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/697">golangci/golangci-lint-action#697</a></li> <li>build(deps-dev): bump prettier from 2.8.4 to 2.8.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/707">golangci/golangci-lint-action#707</a></li> <li>build(deps): bump <code>@actions/cache</code> from 3.1.4 to 3.2.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/698">golangci/golangci-lint-action#698</a></li> <li>build(deps-dev): bump eslint-config-prettier from 8.7.0 to 8.8.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/709">golangci/golangci-lint-action#709</a></li> <li>build(deps): bump <code>@types/node</code> from 18.15.3 to 18.15.10 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/710">golangci/golangci-lint-action#710</a></li> <li>build(deps-dev): bump prettier from 2.8.5 to 2.8.7 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/711">golangci/golangci-lint-action#711</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.54.1 to 5.56.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/712">golangci/golangci-lint-action#712</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.54.0 to 5.56.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/713">golangci/golangci-lint-action#713</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.56.0 to 5.57.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/718">golangci/golangci-lint-action#718</a></li> <li>build(deps-dev): bump typescript from 5.0.2 to 5.0.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/717">golangci/golangci-lint-action#717</a></li> <li>build(deps-dev): bump eslint from 8.36.0 to 8.37.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/719">golangci/golangci-lint-action#719</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.56.0 to 5.57.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/720">golangci/golangci-lint-action#720</a></li> <li>build(deps): bump <code>@types/node</code> from 18.15.10 to 18.15.11 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/721">golangci/golangci-lint-action#721</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.57.0 to 5.57.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/722">golangci/golangci-lint-action#722</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`5f1fec7010`"><code>5f1fec7</code></a> build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.59.6 to 5.59.7 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/758">#758</a>)</li> <li><a href="`601007b788`"><code>601007b</code></a> build(deps): bump <code>@types/node</code> from 20.2.3 to 20.2.5 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/756">#756</a>)</li> <li><a href="`d2a913e97b`"><code>d2a913e</code></a> build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.59.6 to 5.59.7 ...</li> <li><a href="`7233bd71cb`"><code>7233bd7</code></a> build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.59.5 to 5.59.6 ...</li> <li><a href="`687f029324`"><code>687f029</code></a> build(deps): bump <code>@types/node</code> from 20.1.4 to 20.2.3 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/755">#755</a>)</li> <li><a href="`f9990cd216`"><code>f9990cd</code></a> build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.59.5 to 5.59.6 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/754">#754</a>)</li> <li><a href="`f30aa514f9`"><code>f30aa51</code></a> build(deps-dev): bump eslint from 8.40.0 to 8.41.0 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/753">#753</a>)</li> <li><a href="`6b21f586ed`"><code>6b21f58</code></a> build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.59.2 to 5.59.5 ...</li> <li><a href="`535ed3a04b`"><code>535ed3a</code></a> build(deps): bump <code>@types/semver</code> from 7.3.13 to 7.5.0 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/748">#748</a>)</li> <li><a href="`0078ef00ab`"><code>0078ef0</code></a> build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.59.1 to 5.59.5 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/750">#750</a>)</li> <li>Additional commits viewable in <a href="`08e2f20817...5f1fec7010`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=3.4.0&new-version=3.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-05 13:13:31 -03:00
dependabot[bot]	7886f35f54	chore(deps): bump github/codeql-action from 2.3.5 to 2.3.6 (#4066 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.5 to 2.3.6. <details> <summary>Commits</summary> <ul> <li><a href="`83f0fe6c49`"><code>83f0fe6</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1713">#1713</a> from github/update-v2.3.6-96f284028</li> <li><a href="`5c8f4be0e9`"><code>5c8f4be</code></a> Update changelog for v2.3.6</li> <li><a href="`96f2840282`"><code>96f2840</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1711">#1711</a> from github/henrymercer/improve-supported-versions-u...</li> <li><a href="`89c4c9e65c`"><code>89c4c9e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1678">#1678</a> from github/henrymercer/default-setup-safeguarding</li> <li><a href="`26f16a5e63`"><code>26f16a5</code></a> Rephrase the still supported calculation to make it clearer</li> <li><a href="`955f8596ae`"><code>955f859</code></a> Fix sign error</li> <li><a href="`e7cff66ce1`"><code>e7cff66</code></a> Fix push</li> <li><a href="`afdba76326`"><code>afdba76</code></a> Wait a week before dropping support for end of life GHES versions</li> <li><a href="`07e43a2208`"><code>07e43a2</code></a> Open PR with gh CLI</li> <li><a href="`9632771630`"><code>9632771</code></a> Address review comments</li> <li>Additional commits viewable in <a href="`0225834cc5...83f0fe6c49`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.3.5&new-version=2.3.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-05 13:05:48 -03:00
dependabot[bot]	86a8317ff6	chore(deps): bump github/codeql-action from 2.3.4 to 2.3.5 (#4041 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.4 to 2.3.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.3.5 - 25 May 2023</h2> <ul> <li>Allow invalid URIs to be used as values to <code>artifactLocation.uri</code> properties. This reverses a change from <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a> that inadvertently led to stricter validation of some URI values. <a href="https://redirect.github.com/github/codeql-action/pull/1705">#1705</a></li> <li>Gracefully handle invalid URIs when fingerprinting. <a href="https://redirect.github.com/github/codeql-action/pull/1694">#1694</a></li> </ul> <h2>2.3.4 - 24 May 2023</h2> <ul> <li>Updated the SARIF 2.1.0 JSON schema file to the latest from <a href="`123e95847b/Schemata/sarif-schema-2.1.0.json`">oasis-tcs/sarif-spec</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a></li> <li>We are rolling out a feature in May 2023 that will disable Python dependency installation for new users of the CodeQL Action. This improves the speed of analysis while having only a very minor impact on results. <a href="https://redirect.github.com/github/codeql-action/pull/1676">#1676</a></li> <li>We are improving the way that <a href="https://github.com/github/codeql-action/releases">CodeQL bundles</a> are tagged to make it possible to easily identify bundles by their CodeQL semantic version. <a href="https://redirect.github.com/github/codeql-action/pull/1682">#1682</a> <ul> <li>As of CodeQL CLI 2.13.4, CodeQL bundles will be tagged using semantic versions, for example <code>codeql-bundle-v2.13.4</code>, instead of timestamps, like <code>codeql-bundle-20230615</code>.</li> <li>This change does not affect the majority of workflows, and we will not be changing tags for existing bundle releases.</li> <li>Some workflows with custom logic that depends on the specific format of the CodeQL bundle tag may need to be updated. For example, if your workflow matches CodeQL bundle tag names against a <code>codeql-bundle-yyyymmdd</code> pattern, you should update it to also recognize <code>codeql-bundle-vx.y.z</code> tags.</li> </ul> </li> <li>Remove the requirement for <code>on.push</code> and <code>on.pull_request</code> to trigger on the same branches. <a href="https://redirect.github.com/github/codeql-action/pull/1675">#1675</a></li> </ul> <h2>2.3.3 - 04 May 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.1. <a href="https://redirect.github.com/github/codeql-action/pull/1664">#1664</a></li> <li>You can now configure CodeQL within your code scanning workflow by passing a <code>config</code> input to the <code>init</code> Action. See <a href="https://aka.ms/code-scanning-docs/config-file">Using a custom configuration file</a> for more information about configuring code scanning. <a href="https://redirect.github.com/github/codeql-action/pull/1590">#1590</a></li> </ul> <h2>2.3.2 - 27 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.3.1 - 26 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.3.0 - 21 Apr 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.0. <a href="https://redirect.github.com/github/codeql-action/pull/1649">#1649</a></li> <li>Bump the minimum CodeQL bundle version to 2.8.5. <a href="https://redirect.github.com/github/codeql-action/pull/1618">#1618</a></li> </ul> <h2>2.2.12 - 13 Apr 2023</h2> <ul> <li>Include the value of the <code>GITHUB_RUN_ATTEMPT</code> environment variable in the telemetry sent to GitHub. <a href="https://redirect.github.com/github/codeql-action/pull/1640">#1640</a></li> <li>Improve the ease of debugging failed runs configured using <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically">default setup</a>. The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page">tool status page</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1619">#1619</a></li> </ul> <h2>2.2.11 - 06 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.2.10 - 05 Apr 2023</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`0225834cc5`"><code>0225834</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1706">#1706</a> from github/update-v2.3.5-d3314cca2</li> <li><a href="`15f9b00614`"><code>15f9b00</code></a> Apply suggestions from code review</li> <li><a href="`ff82fd0736`"><code>ff82fd0</code></a> Update changelog for v2.3.5</li> <li><a href="`d3314cca22`"><code>d3314cc</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1705">#1705</a> from github/aeisenberg/location-uri-schema-fix</li> <li><a href="`42add7b4d7`"><code>42add7b</code></a> Update changelog</li> <li><a href="`9c5706e1a2`"><code>9c5706e</code></a> Avoid throwing validation error on invalid URIs</li> <li><a href="`3912995667`"><code>3912995</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1704">#1704</a> from github/henrymercer/contributions-updates</li> <li><a href="`8d7f61b8f2`"><code>8d7f61b</code></a> Update npm version</li> <li><a href="`50bc388cfc`"><code>50bc388</code></a> Update Node version</li> <li><a href="`4a409ace8f`"><code>4a409ac</code></a> Link to CONTRIBUTING doc from README</li> <li>Additional commits viewable in <a href="`f0e3dfb303...0225834cc5`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.3.4&new-version=2.3.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-26 10:00:20 -03:00
dependabot[bot]	967bd7b06c	chore(deps): bump cachix/install-nix-action from 20 to 21 (#4040 ) Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 20 to 21. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cachix/install-nix-action/releases">cachix/install-nix-action's releases</a>.</em></p> <blockquote> <h2>install-nix-action-v21</h2> <ul> <li>pin Nix to 2.15.1 (recent releases broke too many things)</li> <li>fix the action to work on custom containers</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`4b933aa7eb`"><code>4b933aa</code></a> Nix: 2.15.1</li> <li><a href="`35806937f1`"><code>3580693</code></a> Merge pull request <a href="https://redirect.github.com/cachix/install-nix-action/issues/179">#179</a> from joergdw/fix-action-path</li> <li><a href="`3eb7a24508`"><code>3eb7a24</code></a> Merge pull request <a href="https://redirect.github.com/cachix/install-nix-action/issues/178">#178</a> from cachix/docs/149</li> <li><a href="`840ed7ce9a`"><code>840ed7c</code></a> Document how to pass env vars to modern nix commands</li> <li><a href="`b2f4229533`"><code>b2f4229</code></a> Fix action to make it work on custom containers;</li> <li><a href="`e304541747`"><code>e304541</code></a> fix <a href="https://redirect.github.com/cachix/install-nix-action/issues/170">#170</a></li> <li><a href="`3988b729f9`"><code>3988b72</code></a> pin Nix to 2.15.0</li> <li><a href="`763a380571`"><code>763a380</code></a> Bump revision in README</li> <li><a href="`67e9fd765d`"><code>67e9fd7</code></a> bump revision in readme</li> <li><a href="`be4cef7b77`"><code>be4cef7</code></a> Merge pull request <a href="https://redirect.github.com/cachix/install-nix-action/issues/166">#166</a> from l0b0/refactor/linting</li> <li>Additional commits viewable in <a href="https://github.com/cachix/install-nix-action/compare/v20...v21">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cachix/install-nix-action&package-manager=github_actions&previous-version=20&new-version=21)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-26 10:00:14 -03:00
Carlos Alexandro Becker	99afc8d62e	feat: nix support (#4012 ) very, very, very WIP implementation of nixpkgs for GoReleaser. Decisions made for this first version: - only linux and darwin, arm64, 386 and amd64 - only support pkgs from goreleaser-generated archives - no support to push into default nixpkgs repository - no support to automatically add the _maybe_ new pkg to the root `default.nix` - the generated nixpkg will be rather verbose, which shouldn't be too much of an issue as it is autogenerated anyway TODOs: - [x] macos universal binary support - [x] custom pkg path (e.g. pkgs/misc/foo/bar/default.nix) - [x] handle archives with a folder in them - [x] add more options: postInstall, ?? Will be handled in future versions: - [ ] archives.format=binary support - [ ] compile from source - [ ] PR-ing into nixpkgs - [ ] armv6l-linux & armv7l-linux support closes #3537 --------- Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>	2023-05-25 23:07:10 -03:00
dependabot[bot]	9d3603a7e2	chore(deps): bump github/codeql-action from 2.3.3 to 2.3.4 (#4032 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.3 to 2.3.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.3.4 - 24 May 2023</h2> <ul> <li>Updated the SARIF 2.1.0 JSON schema file to the latest from <a href="`123e95847b/Schemata/sarif-schema-2.1.0.json`">oasis-tcs/sarif-spec</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a></li> <li>We are rolling out a feature in May 2023 that will disable Python dependency installation for new users of the CodeQL Action. This improves the speed of analysis while having only a very minor impact on results. <a href="https://redirect.github.com/github/codeql-action/pull/1676">#1676</a></li> <li>We are improving the way that <a href="https://github.com/github/codeql-action/releases">CodeQL bundles</a> are tagged to make it possible to easily identify bundles by their CodeQL semantic version. <a href="https://redirect.github.com/github/codeql-action/pull/1682">#1682</a> <ul> <li>As of CodeQL CLI 2.13.4, CodeQL bundles will be tagged using semantic versions, for example <code>codeql-bundle-v2.13.4</code>, instead of timestamps, like <code>codeql-bundle-20230615</code>.</li> <li>This change does not affect the majority of workflows, and we will not be changing tags for existing bundle releases.</li> <li>Some workflows with custom logic that depends on the specific format of the CodeQL bundle tag may need to be updated. For example, if your workflow matches CodeQL bundle tag names against a <code>codeql-bundle-yyyymmdd</code> pattern, you should update it to also recognize <code>codeql-bundle-vx.y.z</code> tags.</li> </ul> </li> <li>Remove the requirement for <code>on.push</code> and <code>on.pull_request</code> to trigger on the same branches. <a href="https://redirect.github.com/github/codeql-action/pull/1675">#1675</a></li> </ul> <h2>2.3.3 - 04 May 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.1. <a href="https://redirect.github.com/github/codeql-action/pull/1664">#1664</a></li> <li>You can now configure CodeQL within your code scanning workflow by passing a <code>config</code> input to the <code>init</code> Action. See <a href="https://aka.ms/code-scanning-docs/config-file">Using a custom configuration file</a> for more information about configuring code scanning. <a href="https://redirect.github.com/github/codeql-action/pull/1590">#1590</a></li> </ul> <h2>2.3.2 - 27 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.3.1 - 26 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.3.0 - 21 Apr 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.0. <a href="https://redirect.github.com/github/codeql-action/pull/1649">#1649</a></li> <li>Bump the minimum CodeQL bundle version to 2.8.5. <a href="https://redirect.github.com/github/codeql-action/pull/1618">#1618</a></li> </ul> <h2>2.2.12 - 13 Apr 2023</h2> <ul> <li>Include the value of the <code>GITHUB_RUN_ATTEMPT</code> environment variable in the telemetry sent to GitHub. <a href="https://redirect.github.com/github/codeql-action/pull/1640">#1640</a></li> <li>Improve the ease of debugging failed runs configured using <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically">default setup</a>. The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page">tool status page</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1619">#1619</a></li> </ul> <h2>2.2.11 - 06 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.2.10 - 05 Apr 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.6. <a href="https://redirect.github.com/github/codeql-action/pull/1629">#1629</a></li> </ul> <h2>2.2.9 - 27 Mar 2023</h2> <ul> <li>Customers post-processing the SARIF output of the <code>analyze</code> Action before uploading it to Code Scanning will benefit from an improved debugging experience. <a href="https://redirect.github.com/github/codeql-action/pull/1598">#1598</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`f0e3dfb303`"><code>f0e3dfb</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1700">#1700</a> from github/update-v2.3.4-570734c55</li> <li><a href="`0d65621757`"><code>0d65621</code></a> Update CHANGELOG.md</li> <li><a href="`c3ae9dcd15`"><code>c3ae9dc</code></a> Update changelog for v2.3.4</li> <li><a href="`570734c55c`"><code>570734c</code></a> Remove unnecessary conditional for Ruby autodetect (<a href="https://redirect.github.com/github/codeql-action/issues/1699">#1699</a>)</li> <li><a href="`8c923c00a3`"><code>8c923c0</code></a> Fix Swift PR Checks on <code>nightly-latest</code> CLI (<a href="https://redirect.github.com/github/codeql-action/issues/1696">#1696</a>)</li> <li><a href="`1245696032`"><code>1245696</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1687">#1687</a> from github/henrymercer/update-changelog-note</li> <li><a href="`317cd34a7a`"><code>317cd34</code></a> Push back semver CodeQL bundles</li> <li><a href="`6cfb483131`"><code>6cfb483</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1682">#1682</a> from github/henrymercer/semver-bundles</li> <li><a href="`a5f4123fb0`"><code>a5f4123</code></a> Improve changelog note</li> <li><a href="`50931b43dd`"><code>50931b4</code></a> Add changelog note</li> <li>Additional commits viewable in <a href="`29b1f65c5e...f0e3dfb303`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.3.3&new-version=2.3.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-25 09:38:55 -03:00
dependabot[bot]	4227c194f8	chore(deps): bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#4020 )	2023-05-18 09:34:13 -03:00
dependabot[bot]	670238c3ea	chore(deps): bump sigstore/cosign-installer from 3.0.3 to 3.0.4 (#4018 )	2023-05-17 09:02:19 -03:00
dependabot[bot]	234e1d8ce5	chore(deps): bump codecov/codecov-action from 3.1.3 to 3.1.4 (#4014 ) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.3 to 3.1.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's releases</a>.</em></p> <blockquote> <h2>3.1.4</h2> <h2>What's Changed</h2> <ul> <li>build(deps-dev): bump <code>@types/node</code> from 18.15.12 to 18.16.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/970">codecov/codecov-action#970</a></li> <li>Fix typo in README.md by <a href="https://github.com/hisaac"><code>@hisaac</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/967">codecov/codecov-action#967</a></li> <li>fix: add back in working dir by <a href="https://github.com/thomasrockhu-codecov"><code>@thomasrockhu-codecov</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/971">codecov/codecov-action#971</a></li> <li>fix: CLI option names for uploader by <a href="https://github.com/kleisauke"><code>@kleisauke</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/969">codecov/codecov-action#969</a></li> <li>build(deps-dev): bump <code>@types/node</code> from 18.16.3 to 20.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/975">codecov/codecov-action#975</a></li> <li>build(deps-dev): bump <code>@types/node</code> from 20.1.0 to 20.1.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/979">codecov/codecov-action#979</a></li> <li>build(deps-dev): bump <code>@types/node</code> from 20.1.2 to 20.1.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/981">codecov/codecov-action#981</a></li> <li>release: 3.1.4 by <a href="https://github.com/thomasrockhu-codecov"><code>@thomasrockhu-codecov</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/983">codecov/codecov-action#983</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/hisaac"><code>@hisaac</code></a> made their first contribution in <a href="https://redirect.github.com/codecov/codecov-action/pull/967">codecov/codecov-action#967</a></li> <li><a href="https://github.com/kleisauke"><code>@kleisauke</code></a> made their first contribution in <a href="https://redirect.github.com/codecov/codecov-action/pull/969">codecov/codecov-action#969</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/codecov/codecov-action/compare/v3.1.3...v3.1.4">https://github.com/codecov/codecov-action/compare/v3.1.3...v3.1.4</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md">codecov/codecov-action's changelog</a>.</em></p> <blockquote> <h2>3.1.4</h2> <h3>Fixes</h3> <ul> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/967">#967</a> Fix typo in README.md</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/971">#971</a> fix: add back in working dir</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/969">#969</a> fix: CLI option names for uploader</li> </ul> <h3>Dependencies</h3> <ul> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/970">#970</a> build(deps-dev): bump <code>@types/node</code> from 18.15.12 to 18.16.3</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/979">#979</a> build(deps-dev): bump <code>@types/node</code> from 20.1.0 to 20.1.2</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/981">#981</a> build(deps-dev): bump <code>@types/node</code> from 20.1.2 to 20.1.4</li> </ul> <h2>3.1.3</h2> <h3>Fixes</h3> <ul> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/960">#960</a> fix: allow for aarch64 build</li> </ul> <h3>Dependencies</h3> <ul> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/957">#957</a> build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/958">#958</a> build(deps): bump openpgp from 5.7.0 to 5.8.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/959">#959</a> build(deps-dev): bump <code>@types/node</code> from 18.15.10 to 18.15.12</li> </ul> <h2>3.1.2</h2> <h3>Fixes</h3> <ul> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/718">#718</a> Update README.md</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/851">#851</a> Remove unsupported path_to_write_report argument</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/898">#898</a> codeql-analysis.yml</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/901">#901</a> Update README to contain correct information - inputs and negate feature</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/955">#955</a> fix: add in all the extra arguments for uploader</li> </ul> <h3>Dependencies</h3> <ul> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/819">#819</a> build(deps): bump openpgp from 5.4.0 to 5.5.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/835">#835</a> build(deps): bump node-fetch from 3.2.4 to 3.2.10</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/840">#840</a> build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/841">#841</a> build(deps): bump <code>@actions/core</code> from 1.9.1 to 1.10.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/843">#843</a> build(deps): bump <code>@actions/github</code> from 5.0.3 to 5.1.1</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/869">#869</a> build(deps): bump node-fetch from 3.2.10 to 3.3.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/872">#872</a> build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/879">#879</a> build(deps): bump decode-uri-component from 0.2.0 to 0.2.2</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/889">#889</a> build(deps): bump ossf/scorecard-action from 1.1.1 to 2.1.2</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/895">#895</a> build(deps): bump json5 from 2.2.1 to 2.2.3</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/896">#896</a> build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/900">#900</a> build(deps-dev): bump <code>@vercel/ncc</code> from 0.34.0 to 0.36.1</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/905">#905</a> build(deps-dev): bump typescript from 4.7.4 to 4.9.5</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/911">#911</a> build(deps-dev): bump <code>@types/node</code> from 16.11.40 to 18.13.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/922">#922</a> build(deps-dev): bump <code>@types/node</code> from 18.13.0 to 18.14.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/924">#924</a> build(deps): bump openpgp from 5.5.0 to 5.7.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/927">#927</a> build(deps-dev): bump <code>@types/node</code> from 18.14.0 to 18.14.2</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/933">#933</a> build(deps-dev): bump <code>@types/node</code> from 18.14.2 to 18.14.6</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/937">#937</a> build(deps-dev): bump <code>@types/node</code> from 18.14.6 to 18.15.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/938">#938</a> build(deps): bump node-fetch from 3.3.0 to 3.3.1</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/945">#945</a> build(deps-dev): bump <code>@types/node</code> from 18.15.0 to 18.15.5</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`eaaf4bedf3`"><code>eaaf4be</code></a> release: 3.1.4 (<a href="https://redirect.github.com/codecov/codecov-action/issues/983">#983</a>)</li> <li><a href="`c2ab9ab2e1`"><code>c2ab9ab</code></a> build(deps-dev): bump <code>@types/node</code> from 20.1.2 to 20.1.4 (<a href="https://redirect.github.com/codecov/codecov-action/issues/981">#981</a>)</li> <li><a href="`49c20db375`"><code>49c20db</code></a> build(deps-dev): bump <code>@types/node</code> from 20.1.0 to 20.1.2 (<a href="https://redirect.github.com/codecov/codecov-action/issues/979">#979</a>)</li> <li><a href="`cf8e3e4262`"><code>cf8e3e4</code></a> build(deps-dev): bump <code>@types/node</code> from 18.16.3 to 20.1.0 (<a href="https://redirect.github.com/codecov/codecov-action/issues/975">#975</a>)</li> <li><a href="`1c34415a06`"><code>1c34415</code></a> fix: CLI option names for uploader (<a href="https://redirect.github.com/codecov/codecov-action/issues/969">#969</a>)</li> <li><a href="`b4dfea724f`"><code>b4dfea7</code></a> fix: add back in working dir (<a href="https://redirect.github.com/codecov/codecov-action/issues/971">#971</a>)</li> <li><a href="`5bf250470e`"><code>5bf2504</code></a> Fix typo in README.md (<a href="https://redirect.github.com/codecov/codecov-action/issues/967">#967</a>)</li> <li><a href="`1dd0ce34be`"><code>1dd0ce3</code></a> build(deps-dev): bump <code>@types/node</code> from 18.15.12 to 18.16.3 (<a href="https://redirect.github.com/codecov/codecov-action/issues/970">#970</a>)</li> <li>See full diff in <a href="`894ff025c7...eaaf4bedf3`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=3.1.3&new-version=3.1.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-16 09:22:03 -03:00
dependabot[bot]	8005088588	chore(deps): bump actions/setup-go from 4.0.0 to 4.0.1 (#4015 ) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.0.0 to 4.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>v4.0.1</h2> <h2>What's Changed</h2> <ul> <li>Update documentation for <code>v4</code> by <a href="https://github.com/dsame"><code>@dsame</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/354">actions/setup-go#354</a></li> <li>Fix glob bug in the package.json scripts section by <a href="https://github.com/IvanZosimov"><code>@IvanZosimov</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/359">actions/setup-go#359</a></li> <li>Bump <code>xml2js</code> dependency by <a href="https://github.com/dmitry-shibanov"><code>@dmitry-shibanov</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/370">actions/setup-go#370</a></li> <li>Bump <code>@actions/cache</code> dependency to v3.2.1 by <a href="https://github.com/nikolai-laevskii"><code>@nikolai-laevskii</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/374">actions/setup-go#374</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/nikolai-laevskii"><code>@nikolai-laevskii</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/374">actions/setup-go#374</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-go/compare/v4...v4.0.1">https://github.com/actions/setup-go/compare/v4...v4.0.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`fac708d667`"><code>fac708d</code></a> Bump <code>@actions/cache</code> dependency to v3.2.1 (<a href="https://redirect.github.com/actions/setup-go/issues/374">#374</a>)</li> <li><a href="`dd84a9531a`"><code>dd84a95</code></a> Update xml2js (<a href="https://redirect.github.com/actions/setup-go/issues/370">#370</a>)</li> <li><a href="`41c2024c46`"><code>41c2024</code></a> Fix glob bug in package.json scripts section (<a href="https://redirect.github.com/actions/setup-go/issues/359">#359</a>)</li> <li><a href="`8dbf352f06`"><code>8dbf352</code></a> update README fo v4 (<a href="https://redirect.github.com/actions/setup-go/issues/354">#354</a>)</li> <li>See full diff in <a href="`4d34df0c23...fac708d667`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=4.0.0&new-version=4.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-16 09:21:45 -03:00
dependabot[bot]	64d6424215	chore(deps): bump anchore/sbom-action from 0.14.1 to 0.14.2 (#3994 ) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.14.1 to 0.14.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's releases</a>.</em></p> <blockquote> <h2>v0.14.2</h2> <h2>Changes in v0.14.2</h2> <ul> <li>Update Syft to v0.80.0 (<a href="https://redirect.github.com/anchore/sbom-action/issues/415">#415</a>)</li> <li>Make sure all invalid artifact name characters are replaced <a href="https://redirect.github.com/anchore/sbom-action/issues/396">#396</a> (<a href="https://redirect.github.com/anchore/sbom-action/issues/417">#417</a>) [<a href="https://github.com/lts-po">lts-po</a>]</li> <li>Ensure SBOM is copied to <code>output-file</code> (<a href="https://redirect.github.com/anchore/sbom-action/issues/411">#411</a>) [<a href="https://github.com/gszr">gszr</a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`4d571ad103`"><code>4d571ad</code></a> chore(deps): update Syft to v0.80.0 (<a href="https://redirect.github.com/anchore/sbom-action/issues/415">#415</a>)</li> <li><a href="`a59054d328`"><code>a59054d</code></a> fix: Make sure all invalid chars are replaced for artifact names -- fixes <a href="https://redirect.github.com/anchore/sbom-action/issues/39">#39</a>...</li> <li><a href="`ea7104d799`"><code>ea7104d</code></a> chore: update snapshot workflow (<a href="https://redirect.github.com/anchore/sbom-action/issues/413">#413</a>)</li> <li><a href="`50dec67b80`"><code>50dec67</code></a> chore(deps): update Syft to v0.77.0 (<a href="https://redirect.github.com/anchore/sbom-action/issues/409">#409</a>)</li> <li><a href="`8e2e93770c`"><code>8e2e937</code></a> fix: ensure sbom is copied to output-file (<a href="https://redirect.github.com/anchore/sbom-action/issues/411">#411</a>)</li> <li><a href="`800a56fe08`"><code>800a56f</code></a> chore: update snapshot workflow (<a href="https://redirect.github.com/anchore/sbom-action/issues/412">#412</a>)</li> <li><a href="`9cf3dcd573`"><code>9cf3dcd</code></a> chore: update snapshot workflow (<a href="https://redirect.github.com/anchore/sbom-action/issues/410">#410</a>)</li> <li><a href="`642f63cefc`"><code>642f63c</code></a> chore: update syft update check (<a href="https://redirect.github.com/anchore/sbom-action/issues/408">#408</a>)</li> <li><a href="`a7622b6841`"><code>a7622b6</code></a> chore: update deprecated set-output (<a href="https://redirect.github.com/anchore/sbom-action/issues/407">#407</a>)</li> <li><a href="`c82ee2675f`"><code>c82ee26</code></a> chore: add workflow to update snapshots from PR comment (<a href="https://redirect.github.com/anchore/sbom-action/issues/406">#406</a>)</li> <li>Additional commits viewable in <a href="https://github.com/anchore/sbom-action/compare/v0.14.1...v0.14.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.14.1&new-version=0.14.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-08 08:49:41 -03:00
dependabot[bot]	d371145f89	chore(deps): bump github/codeql-action from 2.3.2 to 2.3.3 (#3983 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.2 to 2.3.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.3.3 - 04 May 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.1. <a href="https://redirect.github.com/github/codeql-action/pull/1664">#1664</a></li> <li>You can now configure CodeQL within your code scanning workflow by passing a <code>config</code> input to the <code>init</code> Action. See <a href="https://aka.ms/code-scanning-docs/config-file">Using a custom configuration file</a> for more information about configuring code scanning. <a href="https://redirect.github.com/github/codeql-action/pull/1590">#1590</a></li> </ul> <h2>2.3.2 - 27 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.3.1 - 26 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.3.0 - 21 Apr 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.0. <a href="https://redirect.github.com/github/codeql-action/pull/1649">#1649</a></li> <li>Bump the minimum CodeQL bundle version to 2.8.5. <a href="https://redirect.github.com/github/codeql-action/pull/1618">#1618</a></li> </ul> <h2>2.2.12 - 13 Apr 2023</h2> <ul> <li>Include the value of the <code>GITHUB_RUN_ATTEMPT</code> environment variable in the telemetry sent to GitHub. <a href="https://redirect.github.com/github/codeql-action/pull/1640">#1640</a></li> <li>Improve the ease of debugging failed runs configured using <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically">default setup</a>. The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page">tool status page</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1619">#1619</a></li> </ul> <h2>2.2.11 - 06 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.2.10 - 05 Apr 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.6. <a href="https://redirect.github.com/github/codeql-action/pull/1629">#1629</a></li> </ul> <h2>2.2.9 - 27 Mar 2023</h2> <ul> <li>Customers post-processing the SARIF output of the <code>analyze</code> Action before uploading it to Code Scanning will benefit from an improved debugging experience. <a href="https://redirect.github.com/github/codeql-action/pull/1598">#1598</a> <ul> <li>The CodeQL Action will now upload a SARIF file with debugging information to Code Scanning on failed runs for customers using <code>upload: false</code>. Previously, this was only available for customers using the default value of the <code>upload</code> input.</li> <li>The <code>upload</code> input to the <code>analyze</code> Action now accepts the following values: <ul> <li><code>always</code> is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.</li> <li><code>failure-only</code> is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.</li> <li><code>never</code> avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.</li> <li>The legacy <code>true</code> and <code>false</code> options will be interpreted as <code>always</code> and <code>failure-only</code> respectively.</li> </ul> </li> </ul> </li> </ul> <h2>2.2.8 - 22 Mar 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.5. <a href="https://redirect.github.com/github/codeql-action/pull/1585">#1585</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`29b1f65c5e`"><code>29b1f65</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1669">#1669</a> from github/update-v2.3.3-318bcc7f8</li> <li><a href="`140500d80a`"><code>140500d</code></a> Update changelog for v2.3.3</li> <li><a href="`318bcc7f84`"><code>318bcc7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1664">#1664</a> from github/update-bundle/codeql-bundle-20230428</li> <li><a href="`f72bf5dfb3`"><code>f72bf5d</code></a> Fix workflow formatting</li> <li><a href="`33461954a5`"><code>3346195</code></a> Merge branch 'main' into update-bundle/codeql-bundle-20230428</li> <li><a href="`8ca5570701`"><code>8ca5570</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1666">#1666</a> from github/aeisenberg/readme-update</li> <li><a href="`b1b3d00b62`"><code>b1b3d00</code></a> Add link to changenote for custom config</li> <li><a href="`d2f6dfd52d`"><code>d2f6dfd</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1665">#1665</a> from github/aeisenberg/config-param</li> <li><a href="`cba5616040`"><code>cba5616</code></a> Update CHANGELOG.md</li> <li><a href="`40c95932fe`"><code>40c9593</code></a> Add changelog note</li> <li>Additional commits viewable in <a href="`f3feb00acb...29b1f65c5e`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.3.2&new-version=2.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-05 10:10:43 -03:00
Carlos Alexandro Becker	803ef6566e	build: use ghaction-upx thanks @crazy-max! Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>	2023-05-03 17:06:46 +00:00
dependabot[bot]	718c42895f	chore(deps): bump actions/github-script from 6.4.0 to 6.4.1 (#3973 ) Bumps [actions/github-script](https://github.com/actions/github-script) from 6.4.0 to 6.4.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/github-script/releases">actions/github-script's releases</a>.</em></p> <blockquote> <h2>v6.4.1</h2> <h2>What's Changed</h2> <ul> <li>Add <code>@octokit/plugin-request-log</code>, to produce debug output for requests by <a href="https://github.com/mjpieters"><code>@mjpieters</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/358">actions/github-script#358</a></li> <li>fix input handling by <a href="https://github.com/mjpieters"><code>@mjpieters</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/357">actions/github-script#357</a></li> <li>Remove unused dependencies by <a href="https://github.com/mjpieters"><code>@mjpieters</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/356">actions/github-script#356</a></li> <li>Default debug to current runner debug state by <a href="https://github.com/mjpieters"><code>@mjpieters</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/363">actions/github-script#363</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/mjpieters"><code>@mjpieters</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/358">actions/github-script#358</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v6.4.0...v6.4.1">https://github.com/actions/github-script/compare/v6.4.0...v6.4.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`d7906e4ad0`"><code>d7906e4</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/363">#363</a> from mjpieters/auto_debug</li> <li><a href="`ea954ff83a`"><code>ea954ff</code></a> Default debug to current runner debug state</li> <li><a href="`57c10d434e`"><code>57c10d4</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/356">#356</a> from mjpieters/clean_deps</li> <li><a href="`eae7dc1b88`"><code>eae7dc1</code></a> Merge branch 'main' into clean_deps</li> <li><a href="`f1ab5779d6`"><code>f1ab577</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/357">#357</a> from mjpieters/fix_input_handling</li> <li><a href="`8d9f8fc050`"><code>8d9f8fc</code></a> Fix null handling, covered by integration tests</li> <li><a href="`a4f398e58b`"><code>a4f398e</code></a> Remove unused dependencies</li> <li><a href="`806be26275`"><code>806be26</code></a> Clean and spruce up the integration tests a bit</li> <li><a href="`8d76c9a913`"><code>8d76c9a</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/358">#358</a> from mjpieters/request-log-plugin</li> <li><a href="`78f623b2da`"><code>78f623b</code></a> Add <code>@octokit/plugin-request-log</code>, to produce debug output for requests</li> <li>See full diff in <a href="`98814c53be...d7906e4ad0`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=6.4.0&new-version=6.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-02 09:30:17 -03:00
Carlos Alexandro Becker	d4fc62780c	chore(deps): bump many actions	2023-05-02 12:24:53 +00:00
Carlos Alexandro Becker	161bc9e706	build: fix fig.yml	2023-05-02 12:09:23 +00:00
Carlos Alexandro Becker	43ae761179	feat: native upx support (#3965 ) this adds a new root-level `upx` config, so users can pack their binaries with upx :) --------- Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>	2023-05-01 21:22:05 -03:00
Carlos Alexandro Becker	c849cfc2a9	build: fix golangci-lint failing (#3874 ) refs https://github.com/golangci/golangci-lint-action/issues/677 Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2023-03-19 22:16:47 -03:00
dependabot[bot]	8f4a6929bd	chore(deps): bump github/codeql-action from 2.2.6 to 2.2.7 (#3870 ) [//]: # (dependabot-start) ⚠️ Dependabot is rebasing this PR ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.6 to 2.2.7. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.2.7 - 15 Mar 2023</h2> <p>No user facing changes.</p> <h2>2.2.6 - 10 Mar 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.4.</li> </ul> <h2>2.2.5 - 24 Feb 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.3. <a href="https://redirect.github.com/github/codeql-action/pull/1543">#1543</a></li> </ul> <h2>2.2.4 - 10 Feb 2023</h2> <p>No user facing changes.</p> <h2>2.2.3 - 08 Feb 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.2. <a href="https://redirect.github.com/github/codeql-action/pull/1518">#1518</a></li> </ul> <h2>2.2.2 - 06 Feb 2023</h2> <ul> <li>Fix an issue where customers using the CodeQL Action with the <a href="https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access">CodeQL Action sync tool</a> would not be able to obtain the CodeQL tools. <a href="https://redirect.github.com/github/codeql-action/pull/1517">#1517</a></li> </ul> <h2>2.2.1 - 27 Jan 2023</h2> <p>No user facing changes.</p> <h2>2.2.0 - 26 Jan 2023</h2> <ul> <li>Improve stability when choosing the default version of CodeQL to use in code scanning workflow runs on Actions on GitHub.com. <a href="https://redirect.github.com/github/codeql-action/pull/1475">#1475</a> <ul> <li>This change addresses customer reports of code scanning alerts on GitHub.com being closed and reopened during the rollout of new versions of CodeQL in the GitHub Actions <a href="https://github.com/actions/runner-images">runner images</a>.</li> <li><strong>No change is required for the majority of workflows</strong>, including: <ul> <li>Workflows on GitHub.com hosted runners using the latest version (<code>v2</code>) of the CodeQL Action.</li> <li>Workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li> <li>Workflows on GitHub Enterprise Server.</li> </ul> </li> <li><strong>A change may be required</strong> for workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>): <ul> <li>Previously, these workflows would obtain the latest version of CodeQL from the Actions runner image.</li> <li>Now, these workflows will download an older, compatible version of CodeQL from GitHub Releases. To use this older version, no change is required. To use the newest version of CodeQL, please update your workflows to reference the latest version of the CodeQL Action (<code>v2</code>).</li> </ul> </li> <li><strong>Internal changes</strong> <ul> <li>These changes will not affect the majority of code scanning workflows. Continue reading only if your workflow uses <a href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@actions/tool-cache</code></a> or relies on the precise location of CodeQL within the Actions tool cache.</li> <li>The tool cache now contains <strong>two</strong> recent CodeQL versions (previously <strong>one</strong>).</li> <li>Each CodeQL version is located under a directory named after the release date and version number, e.g. CodeQL 2.11.6 is now located under <code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously <code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li> </ul> </li> </ul> </li> <li>The maximum number of <a href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF runs</a> per file has been increased from 15 to 20 for users uploading SARIF files to GitHub.com. This change will help ensure that Code Scanning can process SARIF files generated by third-party tools that have many runs. See the <a href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub API documentation</a> for a list of all the limits around uploading SARIF. This change will be released to GitHub Enterprise Server as part of GHES 3.9.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`168b99b3c2`"><code>168b99b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1581">#1581</a> from github/update-v2.2.7-433fe88bf</li> <li><a href="`bc7318da91`"><code>bc7318d</code></a> Update changelog for v2.2.7</li> <li><a href="`433fe88bf3`"><code>433fe88</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1579">#1579</a> from github/aeisenberg/no-upload-database</li> <li><a href="`c208575433`"><code>c208575</code></a> Avoid uploading databases after integration tests</li> <li><a href="`b8ea587211`"><code>b8ea587</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1578">#1578</a> from github/henrymercer/fix-circular-dependency</li> <li><a href="`65f42e3768`"><code>65f42e3</code></a> Inline minimum version number to avoid circular dependency</li> <li><a href="`d9ceda3823`"><code>d9ceda3</code></a> Add debug logging for feature flag enablement</li> <li><a href="`19f00dc212`"><code>19f00dc</code></a> Bump <code>@ava/typescript</code> from 3.0.1 to 4.0.0 (<a href="https://redirect.github.com/github/codeql-action/issues/1576">#1576</a>)</li> <li><a href="`ec298233c1`"><code>ec29823</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1565">#1565</a> from github/henrymercer/diagnostics-code-scanning-co...</li> <li><a href="`a92a14621b`"><code>a92a146</code></a> Prefer <code>core.info</code> to <code>console.log</code></li> <li>Additional commits viewable in <a href="`16964e90ba...168b99b3c2`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.6&new-version=2.2.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>	2023-03-17 16:09:30 -03:00
Carlos A Becker	b4b6496ea6	build: setup-go update	2023-03-17 16:04:47 -03:00
dependabot[bot]	b623247fb7	chore(deps): bump actions/setup-go from 3.5.0 to 4.0.0 (#3871 ) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.5.0 to 4.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <p>In scope of release we enable cache by default. The action won’t throw an error if the cache can’t be restored or saved. The action will throw a warning message but it won’t stop a build process. The cache can be disabled by specifying <code>cache: false</code>.</p> <pre lang="yaml"><code>steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v4 with: go-version: ‘1.19’ - run: go run hello.go </code></pre> <p>Besides, we introduce such changes as</p> <ul> <li><a href="https://redirect.github.com/actions/setup-go/pull/305">Allow to use only GOCACHE for cache</a></li> <li><a href="https://redirect.github.com/actions/setup-go/pull/315">Bump json5 from 2.2.1 to 2.2.3</a></li> <li><a href="https://redirect.github.com/actions/setup-go/pull/323">Use proper version for primary key in cache</a></li> <li><a href="https://redirect.github.com/actions/setup-go/pull/351">Always add Go bin to the PATH</a></li> <li><a href="https://redirect.github.com/actions/setup-go/pull/350">Add step warning if go-version input is empty</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`4d34df0c23`"><code>4d34df0</code></a> Update configuration files (<a href="https://redirect.github.com/actions/setup-go/issues/348">#348</a>)</li> <li><a href="`fdc0d672a1`"><code>fdc0d67</code></a> Add Go bin if go-version input is empty (<a href="https://redirect.github.com/actions/setup-go/issues/351">#351</a>)</li> <li><a href="`ebfdf6ac95`"><code>ebfdf6a</code></a> add warning if go-version is empty (<a href="https://redirect.github.com/actions/setup-go/issues/350">#350</a>)</li> <li><a href="`b27d76912e`"><code>b27d769</code></a> fix lockfileVersion (<a href="https://redirect.github.com/actions/setup-go/issues/349">#349</a>)</li> <li><a href="`c51a720768`"><code>c51a720</code></a> Enable caching by default with default input (<a href="https://redirect.github.com/actions/setup-go/issues/332">#332</a>)</li> <li><a href="`6b848af622`"><code>6b848af</code></a> Merge pull request <a href="https://redirect.github.com/actions/setup-go/issues/343">#343</a> from akv-platform/reusable-workflow</li> <li><a href="`12741cc209`"><code>12741cc</code></a> Format update-config-files.yml</li> <li><a href="`7a77a6aab6`"><code>7a77a6a</code></a> Merge branch 'main' into reusable-workflow</li> <li><a href="`42a0cc8e14`"><code>42a0cc8</code></a> Add update-config-files.yml</li> <li><a href="`7406d654ad`"><code>7406d65</code></a> Add and configure ESLint and update configuration for Prettier (<a href="https://redirect.github.com/actions/setup-go/issues/341">#341</a>)</li> <li>Additional commits viewable in <a href="`6edd4406fa...4d34df0c23`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=3.5.0&new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>	2023-03-17 00:40:25 -03:00
dependabot[bot]	5773f1a246	chore(deps): bump actions/checkout from 3.3.0 to 3.4.0 (#3872 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.3.0 to 3.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v3.4.0</h2> <h2>What's Changed</h2> <ul> <li>Upgrade codeql actions to v2 by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/checkout/pull/1209">actions/checkout#1209</a></li> <li>Upgrade dependencies by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/checkout/pull/1210">actions/checkout#1210</a></li> <li>Backfill changelog and bump actions/io by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1225">actions/checkout#1225</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Link"><code>@Link</code></a>- made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1209">actions/checkout#1209</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.3.0...v3.4.0">https://github.com/actions/checkout/compare/v3.3.0...v3.4.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v3.4.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1209">Upgrade codeql actions to v2</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1210">Upgrade dependencies</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1225">Upgrade <code>@actions/io</code></a></li> </ul> <h2>v3.3.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1045">Implement branch list using callbacks from exec function</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1050">Add in explicit reference to private checkout options</a></li> <li>[Fix comment typos (that got added in <a href="https://redirect.github.com/actions/checkout/issues/770">#770</a>)](<a href="https://redirect.github.com/actions/checkout/pull/1057">actions/checkout#1057</a>)</li> </ul> <h2>v3.2.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/942">Add GitHub Action to perform release</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/967">Fix status badge</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1002">Replace datadog/squid with ubuntu/squid Docker image</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/964">Wrap pipeline commands for submoduleForeach in quotes</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1029">Update <code>@actions/io</code> to 1.1.2</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1039">Upgrading version to 3.2.0</a></li> </ul> <h2>v3.1.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/939">Use <code>@actions/core</code> <code>saveState</code> and <code>getState</code></a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/922">Add <code>github-server-url</code> input</a></li> </ul> <h2>v3.0.2</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/770">Add input <code>set-safe-directory</code></a></li> </ul> <h2>v3.0.1</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/762">Fixed an issue where checkout failed to run in container jobs due to the new git setting <code>safe.directory</code></a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/744">Bumped various npm package versions</a></li> </ul> <h2>v3.0.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/689">Update to node 16</a></li> </ul> <h2>v2.3.1</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/284">Fix default branch resolution for .wiki and when using SSH</a></li> </ul> <h2>v2.3.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/278">Fallback to the default branch</a></li> </ul> <h2>v2.2.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/258">Fetch all history for all tags and branches when fetch-depth=0</a></li> </ul> <h2>v2.1.1</h2> <ul> <li>Changes to support GHES (<a href="https://redirect.github.com/actions/checkout/pull/236">here</a> and <a href="https://redirect.github.com/actions/checkout/pull/248">here</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`24cb908017`"><code>24cb908</code></a> Bump <code>@actions/io</code> to v1.1.3 (<a href="https://redirect.github.com/actions/checkout/issues/1225">#1225</a>)</li> <li><a href="`27135e314d`"><code>27135e3</code></a> Upgrade dependencies (<a href="https://redirect.github.com/actions/checkout/issues/1210">#1210</a>)</li> <li><a href="`7b187184d1`"><code>7b18718</code></a> Upgrade codeql actions to v2 (<a href="https://redirect.github.com/actions/checkout/issues/1209">#1209</a>)</li> <li>See full diff in <a href="`ac59398561...24cb908017`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.3.0&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-17 00:11:19 -03:00
dependabot[bot]	2c8d128e1c	chore(deps): bump actions/cache from 3.3.0 to 3.3.1 (#3866 ) Bumps [actions/cache](https://github.com/actions/cache) from 3.3.0 to 3.3.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v3.3.1</h2> <h2>What's Changed</h2> <ul> <li>Reduced download segment size to 128 MB and timeout to 10 minutes by <a href="https://github.com/kotewar"><code>@kotewar</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1129">actions/cache#1129</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v3...v3.3.1">https://github.com/actions/cache/compare/v3...v3.3.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h3>3.0.0</h3> <ul> <li>Updated minimum runner version support from node 12 -> node 16</li> </ul> <h3>3.0.1</h3> <ul> <li>Added support for caching from GHES 3.5.</li> <li>Fixed download issue for files > 2GB during restore.</li> </ul> <h3>3.0.2</h3> <ul> <li>Added support for dynamic cache size cap on GHES.</li> </ul> <h3>3.0.3</h3> <ul> <li>Fixed avoiding empty cache save when no files are available for caching. (<a href="https://redirect.github.com/actions/cache/issues/624">issue</a>)</li> </ul> <h3>3.0.4</h3> <ul> <li>Fixed tar creation error while trying to create tar with path as <code>~/</code> home folder on <code>ubuntu-latest</code>. (<a href="https://redirect.github.com/actions/cache/issues/689">issue</a>)</li> </ul> <h3>3.0.5</h3> <ul> <li>Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (<a href="https://redirect.github.com/actions/cache/pull/834">PR</a>)</li> </ul> <h3>3.0.6</h3> <ul> <li>Fixed <a href="https://redirect.github.com/actions/cache/issues/809">#809</a> - zstd -d: no such file or directory error</li> <li>Fixed <a href="https://redirect.github.com/actions/cache/issues/833">#833</a> - cache doesn't work with github workspace directory</li> </ul> <h3>3.0.7</h3> <ul> <li>Fixed <a href="https://redirect.github.com/actions/cache/issues/810">#810</a> - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.</li> </ul> <h3>3.0.8</h3> <ul> <li>Fix zstd not working for windows on gnu tar in issues <a href="https://redirect.github.com/actions/cache/issues/888">#888</a> and <a href="https://redirect.github.com/actions/cache/issues/891">#891</a>.</li> <li>Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable <code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li> </ul> <h3>3.0.9</h3> <ul> <li>Enhanced the warning message for cache unavailablity in case of GHES.</li> </ul> <h3>3.0.10</h3> <ul> <li>Fix a bug with sorting inputs.</li> <li>Update definition for restore-keys in README.md</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`88522ab9f3`"><code>88522ab</code></a> Reduced download segment size to 128 MB and timeout to 10 minutes (<a href="https://redirect.github.com/actions/cache/issues/1129">#1129</a>)</li> <li>See full diff in <a href="`940f3d7cf1...88522ab9f3`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.3.0&new-version=3.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-13 09:25:53 -03:00
dependabot[bot]	f104c143f7	chore(deps): bump github/codeql-action from 2.2.5 to 2.2.6 (#3864 ) [//]: # (dependabot-start) ⚠️ Dependabot is rebasing this PR ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.5 to 2.2.6. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.2.6 - 10 Mar 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.4.</li> </ul> <h2>2.2.5 - 24 Feb 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.3. <a href="https://redirect.github.com/github/codeql-action/pull/1543">#1543</a></li> </ul> <h2>2.2.4 - 10 Feb 2023</h2> <p>No user facing changes.</p> <h2>2.2.3 - 08 Feb 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.2. <a href="https://redirect.github.com/github/codeql-action/pull/1518">#1518</a></li> </ul> <h2>2.2.2 - 06 Feb 2023</h2> <ul> <li>Fix an issue where customers using the CodeQL Action with the <a href="https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access">CodeQL Action sync tool</a> would not be able to obtain the CodeQL tools. <a href="https://redirect.github.com/github/codeql-action/pull/1517">#1517</a></li> </ul> <h2>2.2.1 - 27 Jan 2023</h2> <p>No user facing changes.</p> <h2>2.2.0 - 26 Jan 2023</h2> <ul> <li>Improve stability when choosing the default version of CodeQL to use in code scanning workflow runs on Actions on GitHub.com. <a href="https://redirect.github.com/github/codeql-action/pull/1475">#1475</a> <ul> <li>This change addresses customer reports of code scanning alerts on GitHub.com being closed and reopened during the rollout of new versions of CodeQL in the GitHub Actions <a href="https://github.com/actions/runner-images">runner images</a>.</li> <li><strong>No change is required for the majority of workflows</strong>, including: <ul> <li>Workflows on GitHub.com hosted runners using the latest version (<code>v2</code>) of the CodeQL Action.</li> <li>Workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li> <li>Workflows on GitHub Enterprise Server.</li> </ul> </li> <li><strong>A change may be required</strong> for workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>): <ul> <li>Previously, these workflows would obtain the latest version of CodeQL from the Actions runner image.</li> <li>Now, these workflows will download an older, compatible version of CodeQL from GitHub Releases. To use this older version, no change is required. To use the newest version of CodeQL, please update your workflows to reference the latest version of the CodeQL Action (<code>v2</code>).</li> </ul> </li> <li><strong>Internal changes</strong> <ul> <li>These changes will not affect the majority of code scanning workflows. Continue reading only if your workflow uses <a href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@actions/tool-cache</code></a> or relies on the precise location of CodeQL within the Actions tool cache.</li> <li>The tool cache now contains <strong>two</strong> recent CodeQL versions (previously <strong>one</strong>).</li> <li>Each CodeQL version is located under a directory named after the release date and version number, e.g. CodeQL 2.11.6 is now located under <code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously <code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li> </ul> </li> </ul> </li> <li>The maximum number of <a href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF runs</a> per file has been increased from 15 to 20 for users uploading SARIF files to GitHub.com. This change will help ensure that Code Scanning can process SARIF files generated by third-party tools that have many runs. See the <a href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub API documentation</a> for a list of all the limits around uploading SARIF. This change will be released to GitHub Enterprise Server as part of GHES 3.9.</li> <li>Update default CodeQL bundle version to 2.12.1. <a href="https://redirect.github.com/github/codeql-action/pull/1498">#1498</a></li> <li>Fix a bug that forced the <code>init</code> Action to run for at least two minutes on JavaScript. <a href="https://redirect.github.com/github/codeql-action/pull/1494">#1494</a></li> </ul> <h2>2.1.39 - 18 Jan 2023</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`16964e90ba`"><code>16964e9</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1570">#1570</a> from github/update-v2.2.6-e12a2ecd4</li> <li><a href="`74cbab4958`"><code>74cbab4</code></a> Update changelog for v2.2.6</li> <li><a href="`e12a2ecd45`"><code>e12a2ec</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1561">#1561</a> from github/dbartol/bundle-2.12.4</li> <li><a href="`d47d4c8047`"><code>d47d4c8</code></a> Merge branch 'main' into dbartol/bundle-2.12.4</li> <li><a href="`f13b180fb8`"><code>f13b180</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1567">#1567</a> from github/aeisenberg/config-parsing-ghes</li> <li><a href="`a3cf96418e`"><code>a3cf964</code></a> Add <code>security-experimental</code> to <code>codeql-config.yml</code> (<a href="https://redirect.github.com/github/codeql-action/issues/1566">#1566</a>)</li> <li><a href="`0c27d0da4a`"><code>0c27d0d</code></a> Add default values to feature flags</li> <li><a href="`e4b846c482`"><code>e4b846c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1564">#1564</a> from github/aeisenberg/qlconfig-file</li> <li><a href="`c310f094dd`"><code>c310f09</code></a> Fix name of qlconfig file argument</li> <li><a href="`4366485427`"><code>4366485</code></a> Avoid passing an undefined qlconfig arg</li> <li>Additional commits viewable in <a href="`32dc499307...16964e90ba`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.5&new-version=2.2.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-13 09:25:41 -03:00
dependabot[bot]	6341c3d0dc	chore(deps): bump docker/setup-buildx-action from 2.4.1 to 2.5.0 (#3865 ) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.4.1 to 2.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v2.5.0</h2> <ul> <li><code>cleanup</code> input to remove builder and temp files by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/213">docker/setup-buildx-action#213</a></li> <li>do not remove builder using the <code>docker</code> driver by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/218">docker/setup-buildx-action#218</a></li> <li>fix current context as builder name for <code>docker</code> driver by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/209">docker/setup-buildx-action#209</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v2.4.1...v2.5.0">https://github.com/docker/setup-buildx-action/compare/v2.4.1...v2.5.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`4b4e9c3e2d`"><code>4b4e9c3</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/216">#216</a> from awendland/patch-1</li> <li><a href="`eb27bcbef3`"><code>eb27bcb</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/218">#218</a> from crazy-max/fix-builder-removal</li> <li><a href="`b7471d4240`"><code>b7471d4</code></a> update generated content</li> <li><a href="`e2df91e851`"><code>e2df91e</code></a> check builder exists before removal</li> <li><a href="`85ce96bcbc`"><code>85ce96b</code></a> do not remove builder using the docker driver</li> <li><a href="`f549413411`"><code>f549413</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/217">#217</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="`99988698a5`"><code>9998869</code></a> update generated content</li> <li><a href="`e30725c029`"><code>e30725c</code></a> Bump <code>@docker/actions-toolkit</code> from 0.1.0-beta.16 to 0.1.0-beta.18</li> <li><a href="`f1dc97ee10`"><code>f1dc97e</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/213">#213</a> from crazy-max/cleanup-input</li> <li><a href="`51ecd0a47f`"><code>51ecd0a</code></a> nit typo in README.md, csv is comma-delimited</li> <li>Additional commits viewable in <a href="`f03ac48505...4b4e9c3e2d`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.4.1&new-version=2.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-13 09:25:22 -03:00
dependabot[bot]	8079a92e39	chore(deps): bump actions/cache from 3.2.6 to 3.3.0 (#3858 )	2023-03-10 09:26:14 -03:00
Carlos Alexandro Becker	dd1315b0a7	fix(GO-2023-1621): update from go 1.20.1 to 1.20.2 (#3854 )	2023-03-09 08:24:20 -03:00
dependabot[bot]	008d43d72b	chore(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 (#3818 ) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.8.1 to 3.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's releases</a>.</em></p> <blockquote> <h2>v3.0.1</h2> <h2>What's Changed</h2> <ul> <li>make cosign v2.0.0 default version by <a href="https://github.com/developer-guy"><code>@developer-guy</code></a> in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/109">sigstore/cosign-installer#109</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v3.0.0...v3.0.1">https://github.com/sigstore/cosign-installer/compare/v3.0.0...v3.0.1</a></p> <h2>v3.0.0</h2> <h1>Breaking change</h1> <p>Cosign v2 has some breaking changes. Please check those: <a href="https://blog.sigstore.dev/cosign-2-0-released/">https://blog.sigstore.dev/cosign-2-0-released/</a></p> <h2>What's Changed</h2> <ul> <li>test: add logs when downloading the public keys by <a href="https://github.com/hectorj2f"><code>@hectorj2f</code></a> in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/106">sigstore/cosign-installer#106</a></li> <li>Add support to install v2 and any other cosign release candidate by <a href="https://github.com/hectorj2f"><code>@hectorj2f</code></a> in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/105">sigstore/cosign-installer#105</a></li> <li>v2.0.0 release by <a href="https://github.com/sabre1041"><code>@sabre1041</code></a> in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/108">sigstore/cosign-installer#108</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/hectorj2f"><code>@hectorj2f</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/106">sigstore/cosign-installer#106</a></li> <li><a href="https://github.com/sabre1041"><code>@sabre1041</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/108">sigstore/cosign-installer#108</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v2...v3.0.0">https://github.com/sigstore/cosign-installer/compare/v2...v3.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`c3667d9942`"><code>c3667d9</code></a> make cosign v2.0.0 default version (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/109">#109</a>)</li> <li><a href="`77560e399f`"><code>77560e3</code></a> v2.0.0 release (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/108">#108</a>)</li> <li><a href="`4079ad3567`"><code>4079ad3</code></a> Bump actions/checkout from 3.2.0 to 3.3.0 (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/107">#107</a>)</li> <li><a href="`55fd288876`"><code>55fd288</code></a> Add support to install v2 and any other cosign release candidate (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/105">#105</a>)</li> <li><a href="`651c379c48`"><code>651c379</code></a> test: add logs when downloading the public keys (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/106">#106</a>)</li> <li><a href="`df6c89e679`"><code>df6c89e</code></a> Bump actions/checkout from 3.1.0 to 3.2.0 (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/102">#102</a>)</li> <li><a href="`31f26445bf`"><code>31f2644</code></a> Bump actions/setup-go from 3.4.0 to 3.5.0 (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/103">#103</a>)</li> <li><a href="`b6757d8360`"><code>b6757d8</code></a> Bump actions/setup-go from 3.3.1 to 3.4.0 (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/101">#101</a>)</li> <li><a href="`7bca8b4116`"><code>7bca8b4</code></a> Bump actions/setup-go from 3.3.0 to 3.3.1 (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/99">#99</a>)</li> <li>See full diff in <a href="https://github.com/sigstore/cosign-installer/compare/v2.8.1...v3.0.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=2.8.1&new-version=3.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-02 09:36:26 -03:00
dependabot[bot]	6fc205a93b	chore(deps): bump github/codeql-action from 2.2.4 to 2.2.5 (#3808 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.4 to 2.2.5. <details> <summary>Commits</summary> <ul> <li><a href="`32dc499307`"><code>32dc499</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1547">#1547</a> from github/update-v2.2.5-237a258d2</li> <li><a href="`b742728ac2`"><code>b742728</code></a> Update changelog for v2.2.5</li> <li><a href="`237a258d2b`"><code>237a258</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1543">#1543</a> from github/alexet/update-2.12.3</li> <li><a href="`5972e6d72e`"><code>5972e6d</code></a> Fix lib file</li> <li><a href="`164027e682`"><code>164027e</code></a> Fix bundle versions</li> <li><a href="`3dde1f3512`"><code>3dde1f3</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1540">#1540</a> from cklin/expect-discarded-cache</li> <li><a href="`d7d7567b0e`"><code>d7d7567</code></a> Unit tests for optimizeForLastQueryRun</li> <li><a href="`0e4e857bab`"><code>0e4e857</code></a> Set optimizeForLastQueryRun on last run</li> <li><a href="`08d1f21d4f`"><code>08d1f21</code></a> Calculate customQueryIndices early</li> <li><a href="`f3bd25eefa`"><code>f3bd25e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1544">#1544</a> from github/aeisenberg/clean-cache</li> <li>Additional commits viewable in <a href="`17573ee1cc...32dc499307`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.4&new-version=2.2.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-27 09:34:34 -03:00
dependabot[bot]	4790e2fe3d	chore(deps): bump actions/cache from 3.2.5 to 3.2.6 (#3798 ) Bumps [actions/cache](https://github.com/actions/cache) from 3.2.5 to 3.2.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v3.2.6</h2> <h2>What's Changed</h2> <ul> <li>Updated branch in Force deletion of caches by <a href="https://github.com/t-dedah"><code>@t-dedah</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1108">actions/cache#1108</a></li> <li>Fix zstd not being used after zstd version upgrade to 1.5.4 on hosted runners by <a href="https://github.com/pdotl"><code>@pdotl</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1118">actions/cache#1118</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v3...v3.2.6">https://github.com/actions/cache/compare/v3...v3.2.6</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h3>3.0.0</h3> <ul> <li>Updated minimum runner version support from node 12 -> node 16</li> </ul> <h3>3.0.1</h3> <ul> <li>Added support for caching from GHES 3.5.</li> <li>Fixed download issue for files > 2GB during restore.</li> </ul> <h3>3.0.2</h3> <ul> <li>Added support for dynamic cache size cap on GHES.</li> </ul> <h3>3.0.3</h3> <ul> <li>Fixed avoiding empty cache save when no files are available for caching. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li> </ul> <h3>3.0.4</h3> <ul> <li>Fixed tar creation error while trying to create tar with path as <code>~/</code> home folder on <code>ubuntu-latest</code>. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li> </ul> <h3>3.0.5</h3> <ul> <li>Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (<a href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li> </ul> <h3>3.0.6</h3> <ul> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a> - zstd -d: no such file or directory error</li> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a> - cache doesn't work with github workspace directory</li> </ul> <h3>3.0.7</h3> <ul> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a> - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.</li> </ul> <h3>3.0.8</h3> <ul> <li>Fix zstd not working for windows on gnu tar in issues <a href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a> and <a href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li> <li>Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable <code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li> </ul> <h3>3.0.9</h3> <ul> <li>Enhanced the warning message for cache unavailablity in case of GHES.</li> </ul> <h3>3.0.10</h3> <ul> <li>Fix a bug with sorting inputs.</li> <li>Update definition for restore-keys in README.md</li> </ul> <h3>3.0.11</h3> <ul> <li>Update toolkit version to 3.0.5 to include <code>@actions/core@^1.10.0</code></li> <li>Update <code>@actions/cache</code> to use updated <code>saveState</code> and <code>setOutput</code> functions from <code>@actions/core@^1.10.0</code></li> </ul> <h3>3.1.0-beta.1</h3> <ul> <li>Update <code>@actions/cache</code> on windows to use gnu tar and zstd by default and fallback to bsdtar and zstd if gnu tar is not available. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li> </ul> <h3>3.1.0-beta.2</h3> <ul> <li>Added support for fallback to gzip to restore old caches on windows.</li> </ul> <h3>3.1.0-beta.3</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`69d9d449ac`"><code>69d9d44</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/cache/issues/1118">#1118</a> from actions/pdotl/zstd-hotfix</li> <li><a href="`8d3a1e02aa`"><code>8d3a1e0</code></a> Fix license</li> <li><a href="`b1db4b4897`"><code>b1db4b4</code></a> Fix zstd breaking after new version release</li> <li><a href="`7d4d6f7ffd`"><code>7d4d6f7</code></a> Update package-lock.json</li> <li><a href="`8f7fa5d715`"><code>8f7fa5d</code></a> Bump <code>@actions/cache</code> version</li> <li><a href="`95b455a0fb`"><code>95b455a</code></a> 3.2.6</li> <li><a href="`81b7281936`"><code>81b7281</code></a> Updated branch in Force deletion of caches (<a href="https://github-redirect.dependabot.com/actions/cache/issues/1108">#1108</a>)</li> <li>See full diff in <a href="`6998d139dd...69d9d449ac`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.2.5&new-version=3.2.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-22 09:15:32 -03:00
Carlos A Becker	6d3eb57c7a	fix: update to go 1.20.1	2023-02-17 10:44:02 -03:00
dependabot[bot]	019364be32	chore(deps): bump github/codeql-action from 2.2.3 to 2.2.4 (#3777 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.3 to 2.2.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.2.4 - 10 Feb 2023</h2> <p>No user facing changes.</p> <h2>2.2.3 - 08 Feb 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.2. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1518">#1518</a></li> </ul> <h2>2.2.2 - 06 Feb 2023</h2> <ul> <li>Fix an issue where customers using the CodeQL Action with the <a href="https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access">CodeQL Action sync tool</a> would not be able to obtain the CodeQL tools. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1517">#1517</a></li> </ul> <h2>2.2.1 - 27 Jan 2023</h2> <p>No user facing changes.</p> <h2>2.2.0 - 26 Jan 2023</h2> <ul> <li>Improve stability when choosing the default version of CodeQL to use in code scanning workflow runs on Actions on GitHub.com. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1475">#1475</a> <ul> <li>This change addresses customer reports of code scanning alerts on GitHub.com being closed and reopened during the rollout of new versions of CodeQL in the GitHub Actions <a href="https://github.com/actions/runner-images">runner images</a>.</li> <li><strong>No change is required for the majority of workflows</strong>, including: <ul> <li>Workflows on GitHub.com hosted runners using the latest version (<code>v2</code>) of the CodeQL Action.</li> <li>Workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li> <li>Workflows on GitHub Enterprise Server.</li> </ul> </li> <li><strong>A change may be required</strong> for workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>): <ul> <li>Previously, these workflows would obtain the latest version of CodeQL from the Actions runner image.</li> <li>Now, these workflows will download an older, compatible version of CodeQL from GitHub Releases. To use this older version, no change is required. To use the newest version of CodeQL, please update your workflows to reference the latest version of the CodeQL Action (<code>v2</code>).</li> </ul> </li> <li><strong>Internal changes</strong> <ul> <li>These changes will not affect the majority of code scanning workflows. Continue reading only if your workflow uses <a href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@actions/tool-cache</code></a> or relies on the precise location of CodeQL within the Actions tool cache.</li> <li>The tool cache now contains <strong>two</strong> recent CodeQL versions (previously <strong>one</strong>).</li> <li>Each CodeQL version is located under a directory named after the release date and version number, e.g. CodeQL 2.11.6 is now located under <code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously <code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li> </ul> </li> </ul> </li> <li>The maximum number of <a href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF runs</a> per file has been increased from 15 to 20 for users uploading SARIF files to GitHub.com. This change will help ensure that Code Scanning can process SARIF files generated by third-party tools that have many runs. See the <a href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub API documentation</a> for a list of all the limits around uploading SARIF. This change will be released to GitHub Enterprise Server as part of GHES 3.9.</li> <li>Update default CodeQL bundle version to 2.12.1. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1498">#1498</a></li> <li>Fix a bug that forced the <code>init</code> Action to run for at least two minutes on JavaScript. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1494">#1494</a></li> </ul> <h2>2.1.39 - 18 Jan 2023</h2> <ul> <li>CodeQL Action v1 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see <a href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/">this changelog post</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1467</a></li> <li>Python automatic dependency installation will no longer fail for projects using Poetry that specify <code>virtualenvs.options.no-pip = true</code> in their <code>poetry.toml</code>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431">#1431</a></li> <li>Avoid printing a stack trace and error message when the action fails to find the SHA at the current directory. This will happen in several non-error states and so we now avoid cluttering the log with this message. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1485">#1485</a></li> </ul> <h2>2.1.38 - 12 Jan 2023</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`17573ee1cc`"><code>17573ee</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1534">#1534</a> from github/update-v2.2.4-40babc141</li> <li><a href="`b6975b4b1a`"><code>b6975b4</code></a> Update changelog for v2.2.4</li> <li><a href="`40babc141f`"><code>40babc1</code></a> Tools telemetry: accurately report when feature flags were inaccessible (<a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1532">#1532</a>)</li> <li><a href="`7ba5ed7eed`"><code>7ba5ed7</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1531">#1531</a> from github/mergeback/v2.2.3-to-main-8775e868</li> <li><a href="`21f3020df6`"><code>21f3020</code></a> Update checked-in dependencies</li> <li><a href="`b872c5adfd`"><code>b872c5a</code></a> Update changelog and version after v2.2.3</li> <li>See full diff in <a href="`8775e86802...17573ee1cc`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.3&new-version=2.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-13 11:29:01 -03:00
dependabot[bot]	1e46e00899	chore(deps): bump actions/cache from 3.2.4 to 3.2.5 (#3773 ) Bumps [actions/cache](https://github.com/actions/cache) from 3.2.4 to 3.2.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v3.2.5</h2> <h2>What's Changed</h2> <ul> <li>Rewrite readmes by <a href="https://github.com/jsoref"><code>@jsoref</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1085">actions/cache#1085</a></li> <li>Fixed typos and formatting in docs by <a href="https://github.com/kotewar"><code>@kotewar</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1076">actions/cache#1076</a></li> <li>Fixing paths for OSes by <a href="https://github.com/kotewar"><code>@kotewar</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1101">actions/cache#1101</a></li> <li>Release patch version update by <a href="https://github.com/Phantsure"><code>@Phantsure</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1105">actions/cache#1105</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/jsoref"><code>@jsoref</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1085">actions/cache#1085</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v3...v3.2.5">https://github.com/actions/cache/compare/v3...v3.2.5</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h3>3.0.0</h3> <ul> <li>Updated minimum runner version support from node 12 -> node 16</li> </ul> <h3>3.0.1</h3> <ul> <li>Added support for caching from GHES 3.5.</li> <li>Fixed download issue for files > 2GB during restore.</li> </ul> <h3>3.0.2</h3> <ul> <li>Added support for dynamic cache size cap on GHES.</li> </ul> <h3>3.0.3</h3> <ul> <li>Fixed avoiding empty cache save when no files are available for caching. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li> </ul> <h3>3.0.4</h3> <ul> <li>Fixed tar creation error while trying to create tar with path as <code>~/</code> home folder on <code>ubuntu-latest</code>. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li> </ul> <h3>3.0.5</h3> <ul> <li>Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (<a href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li> </ul> <h3>3.0.6</h3> <ul> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a> - zstd -d: no such file or directory error</li> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a> - cache doesn't work with github workspace directory</li> </ul> <h3>3.0.7</h3> <ul> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a> - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.</li> </ul> <h3>3.0.8</h3> <ul> <li>Fix zstd not working for windows on gnu tar in issues <a href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a> and <a href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li> <li>Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable <code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li> </ul> <h3>3.0.9</h3> <ul> <li>Enhanced the warning message for cache unavailablity in case of GHES.</li> </ul> <h3>3.0.10</h3> <ul> <li>Fix a bug with sorting inputs.</li> <li>Update definition for restore-keys in README.md</li> </ul> <h3>3.0.11</h3> <ul> <li>Update toolkit version to 3.0.5 to include <code>@actions/core@^1.10.0</code></li> <li>Update <code>@actions/cache</code> to use updated <code>saveState</code> and <code>setOutput</code> functions from <code>@actions/core@^1.10.0</code></li> </ul> <h3>3.1.0-beta.1</h3> <ul> <li>Update <code>@actions/cache</code> on windows to use gnu tar and zstd by default and fallback to bsdtar and zstd if gnu tar is not available. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li> </ul> <h3>3.1.0-beta.2</h3> <ul> <li>Added support for fallback to gzip to restore old caches on windows.</li> </ul> <h3>3.1.0-beta.3</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`6998d139dd`"><code>6998d13</code></a> Release patch version update (<a href="https://github-redirect.dependabot.com/actions/cache/issues/1105">#1105</a>)</li> <li><a href="`2b8105bdae`"><code>2b8105b</code></a> Fixing paths for OSes (<a href="https://github-redirect.dependabot.com/actions/cache/issues/1101">#1101</a>)</li> <li><a href="`e08330827d`"><code>e083308</code></a> Fixed typos and formatting in docs (<a href="https://github-redirect.dependabot.com/actions/cache/issues/1076">#1076</a>)</li> <li><a href="`22d3da765b`"><code>22d3da7</code></a> Rewrite readmes (<a href="https://github-redirect.dependabot.com/actions/cache/issues/1085">#1085</a>)</li> <li>See full diff in <a href="`627f0f41f6...6998d139dd`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.2.4&new-version=3.2.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-10 10:13:19 -03:00
dependabot[bot]	9d6d85855d	chore(deps): bump github/codeql-action from 2.2.2 to 2.2.3 (#3767 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.2 to 2.2.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.2.3 - 08 Feb 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.2. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1518">#1518</a></li> </ul> <h2>2.2.2 - 06 Feb 2023</h2> <ul> <li>Fix an issue where customers using the CodeQL Action with the <a href="https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access">CodeQL Action sync tool</a> would not be able to obtain the CodeQL tools. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1517">#1517</a></li> </ul> <h2>2.2.1 - 27 Jan 2023</h2> <p>No user facing changes.</p> <h2>2.2.0 - 26 Jan 2023</h2> <ul> <li>Improve stability when choosing the default version of CodeQL to use in code scanning workflow runs on Actions on GitHub.com. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1475">#1475</a> <ul> <li>This change addresses customer reports of code scanning alerts on GitHub.com being closed and reopened during the rollout of new versions of CodeQL in the GitHub Actions <a href="https://github.com/actions/runner-images">runner images</a>.</li> <li><strong>No change is required for the majority of workflows</strong>, including: <ul> <li>Workflows on GitHub.com hosted runners using the latest version (<code>v2</code>) of the CodeQL Action.</li> <li>Workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li> <li>Workflows on GitHub Enterprise Server.</li> </ul> </li> <li><strong>A change may be required</strong> for workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>): <ul> <li>Previously, these workflows would obtain the latest version of CodeQL from the Actions runner image.</li> <li>Now, these workflows will download an older, compatible version of CodeQL from GitHub Releases. To use this older version, no change is required. To use the newest version of CodeQL, please update your workflows to reference the latest version of the CodeQL Action (<code>v2</code>).</li> </ul> </li> <li><strong>Internal changes</strong> <ul> <li>These changes will not affect the majority of code scanning workflows. Continue reading only if your workflow uses <a href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@actions/tool-cache</code></a> or relies on the precise location of CodeQL within the Actions tool cache.</li> <li>The tool cache now contains <strong>two</strong> recent CodeQL versions (previously <strong>one</strong>).</li> <li>Each CodeQL version is located under a directory named after the release date and version number, e.g. CodeQL 2.11.6 is now located under <code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously <code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li> </ul> </li> </ul> </li> <li>The maximum number of <a href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF runs</a> per file has been increased from 15 to 20 for users uploading SARIF files to GitHub.com. This change will help ensure that Code Scanning can process SARIF files generated by third-party tools that have many runs. See the <a href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub API documentation</a> for a list of all the limits around uploading SARIF. This change will be released to GitHub Enterprise Server as part of GHES 3.9.</li> <li>Update default CodeQL bundle version to 2.12.1. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1498">#1498</a></li> <li>Fix a bug that forced the <code>init</code> Action to run for at least two minutes on JavaScript. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1494">#1494</a></li> </ul> <h2>2.1.39 - 18 Jan 2023</h2> <ul> <li>CodeQL Action v1 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see <a href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/">this changelog post</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1467</a></li> <li>Python automatic dependency installation will no longer fail for projects using Poetry that specify <code>virtualenvs.options.no-pip = true</code> in their <code>poetry.toml</code>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431">#1431</a></li> <li>Avoid printing a stack trace and error message when the action fails to find the SHA at the current directory. This will happen in several non-error states and so we now avoid cluttering the log with this message. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1485">#1485</a></li> </ul> <h2>2.1.38 - 12 Jan 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.0. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1466</a></li> </ul> <h2>2.1.37 - 14 Dec 2022</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`8775e86802`"><code>8775e86</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1530">#1530</a> from github/update-v2.2.3-c4e22e9fc</li> <li><a href="`a2ad80b966`"><code>a2ad80b</code></a> Update changelog for v2.2.3</li> <li><a href="`c4e22e9fce`"><code>c4e22e9</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1529">#1529</a> from github/henrymercer/remove-bypass-toolcache-flags</li> <li><a href="`db534af2ae`"><code>db534af</code></a> Remove feature flags for bypassing the toolcache</li> <li><a href="`4369dda4ae`"><code>4369dda</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1518">#1518</a> from github/cklin/codeql-cli-2.12.2</li> <li><a href="`4f08c2cf20`"><code>4f08c2c</code></a> Bump default CodeQL version to 2.12.2</li> <li><a href="`81644f35ff`"><code>81644f3</code></a> Add max line length of 120 to linter (<a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1524">#1524</a>)</li> <li><a href="`9ab6aa64a0`"><code>9ab6aa6</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1526">#1526</a> from github/mergeback/v2.2.2-to-main-39d8d7e7</li> <li><a href="`256973e279`"><code>256973e</code></a> Update checked-in dependencies</li> <li><a href="`59b25b480f`"><code>59b25b4</code></a> Update changelog and version after v2.2.2</li> <li>Additional commits viewable in <a href="`39d8d7e78f...8775e86802`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.2&new-version=2.2.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-09 08:52:59 -03:00
dependabot[bot]	9da9f78537	chore(deps): bump docker/setup-buildx-action from 2.4.0 to 2.4.1 (#3762 )	2023-02-07 14:07:51 +00:00
dependabot[bot]	6ab9fd15e1	chore(deps): bump github/codeql-action from 2.2.1 to 2.2.2 (#3763 )	2023-02-07 13:57:31 +00:00
Carlos A Becker	b0783c7401	build: run test on any workflow change Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2023-02-07 09:48:26 -03:00
Carlos A Becker	addd7c4ceb	build: fix workflow syntax Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2023-02-07 09:44:33 -03:00
Carlos Alexandro Becker	81914757da	build: use go1.20 (#3757 ) update everything to go 1.20 --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-05 13:39:39 -03:00
dependabot[bot]	599f9b4c6a	chore(deps): bump arduino/setup-task from 1.0.2 to 1.0.3 (#3736 ) Bumps [arduino/setup-task](https://github.com/arduino/setup-task) from 1.0.2 to 1.0.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/arduino/setup-task/releases">arduino/setup-task's releases</a>.</em></p> <blockquote> <h2>1.0.3</h2> <h2>Changelog</h2> <h4>Enhancement</h4> <ul> <li>Add support for all Task build architectures (43e1bb8c37ce39c24e88b4622c2f66b6d7d9ebbd)</li> </ul> <h2>Full Changeset</h2> <p><a href="https://github.com/arduino/setup-task/compare/1.0.2...1.0.3">https://github.com/arduino/setup-task/compare/1.0.2...1.0.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`e26d897557`"><code>e26d897</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/arduino/setup-task/issues/636">#636</a> from per1234/arm-arch</li> <li><a href="`43e1bb8c37`"><code>43e1bb8</code></a> Add support for all Task build architectures</li> <li><a href="`bf9d22fbca`"><code>bf9d22f</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/arduino/setup-task/issues/637">#637</a> from arduino/dependabot/npm_and_yarn/eslint-8.33.0</li> <li><a href="`f307193035`"><code>f307193</code></a> build(deps-dev): bump eslint from 8.32.0 to 8.33.0</li> <li><a href="`9a385911a6`"><code>9a38591</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/arduino/setup-task/issues/635">#635</a> from arduino/dependabot/npm_and_yarn/jest-circus-29.4.1</li> <li><a href="`446dc59e7a`"><code>446dc59</code></a> build(deps-dev): bump jest-circus from 29.4.0 to 29.4.1</li> <li><a href="`fe65533e09`"><code>fe65533</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/arduino/setup-task/issues/634">#634</a> from arduino/dependabot/npm_and_yarn/vercel/ncc-0.36.1</li> <li><a href="`af97840bda`"><code>af97840</code></a> build(deps-dev): bump <code>@vercel/ncc</code> from 0.36.0 to 0.36.1</li> <li><a href="`88a5c5cdc0`"><code>88a5c5c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/arduino/setup-task/issues/632">#632</a> from arduino/dependabot/npm_and_yarn/jest-circus-29.4.0</li> <li><a href="`4d2bca9f30`"><code>4d2bca9</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/arduino/setup-task/issues/631">#631</a> from arduino/dependabot/npm_and_yarn/typescript-eslin...</li> <li>Additional commits viewable in <a href="`d665c6beeb...e26d897557`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=arduino/setup-task&package-manager=github_actions&previous-version=1.0.2&new-version=1.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-01 09:19:19 -03:00
dependabot[bot]	ce5826ff36	chore(deps): bump docker/setup-buildx-action from 2.3.0 to 2.4.0 (#3737 ) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.3.0 to 2.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v2.4.0</h2> <h2>What's Changed</h2> <ul> <li>Don't depend on the GitHub API to check release by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> (<a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/196">#196</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v2.3.0...v2.4.0">https://github.com/docker/setup-buildx-action/compare/v2.3.0...v2.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`15c905b16b`"><code>15c905b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/196">#196</a> from crazy-max/dl-no-token</li> <li><a href="`a25d6a0130`"><code>a25d6a0</code></a> update generated content</li> <li><a href="`39322d9057`"><code>39322d9</code></a> don't depend on the GitHub API to check release</li> <li><a href="`0648fd6fd6`"><code>0648fd6</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/195">#195</a> from crazy-max/fix-readme</li> <li><a href="`30d8a59ee0`"><code>30d8a59</code></a> fix action version in README</li> <li><a href="`71320d2e17`"><code>71320d2</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/193">#193</a> from fevrin/update-gh-doc-url</li> <li><a href="`272f8b84cf`"><code>272f8b8</code></a> update GH doc URL</li> <li>See full diff in <a href="`5e716dcfd6...15c905b16b`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.3.0&new-version=2.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-01 09:15:36 -03:00
dependabot[bot]	ca6ee15bb8	chore(deps): bump actions/cache from 3.2.3 to 3.2.4 (#3738 ) Bumps [actions/cache](https://github.com/actions/cache) from 3.2.3 to 3.2.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v3.2.4</h2> <h2>What's Changed</h2> <ul> <li>Update json5 package version by <a href="https://github.com/vsvipul"><code>@vsvipul</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1065">actions/cache#1065</a></li> <li>Cache recipes for cache, restore and save actions by <a href="https://github.com/kotewar"><code>@kotewar</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1055">actions/cache#1055</a></li> <li>Add gnu tar and zstd as pre-requisites for windows self-hosted runners by <a href="https://github.com/pdotl"><code>@pdotl</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1068">actions/cache#1068</a></li> <li>Fix a whitespace typo by <a href="https://github.com/kurtmckee"><code>@kurtmckee</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1074">actions/cache#1074</a></li> <li>📝 <a href="https://github-redirect.dependabot.com/actions/cache/issues/1045">#1045</a> update using the <code>set-output</code> command is deprecated by <a href="https://github.com/siguikesse"><code>@siguikesse</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1046">actions/cache#1046</a></li> <li>Fix referenced output key in save action readme by <a href="https://github.com/ruudk"><code>@ruudk</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1061">actions/cache#1061</a></li> <li>Update workflows to use reusable-workflows by <a href="https://github.com/jongwooo"><code>@jongwooo</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1066">actions/cache#1066</a></li> <li>Introduce add-to-project step & rename workflow files by <a href="https://github.com/pallavx"><code>@pallavx</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1077">actions/cache#1077</a></li> <li>chore: Fix syntax error typo by <a href="https://github.com/vHeemstra"><code>@vHeemstra</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1081">actions/cache#1081</a></li> <li>Update caching-strategies.md by <a href="https://github.com/kpfleming"><code>@kpfleming</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1084">actions/cache#1084</a></li> <li>Added another usage hint to foresee <a href="https://github-redirect.dependabot.com/actions/cache/issues/1072">#1072</a> by <a href="https://github.com/maybeec"><code>@maybeec</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1089">actions/cache#1089</a></li> <li>Add <code>fail-on-cache-miss</code> option by <a href="https://github.com/cdce8p"><code>@cdce8p</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1036">actions/cache#1036</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/kurtmckee"><code>@kurtmckee</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1074">actions/cache#1074</a></li> <li><a href="https://github.com/siguikesse"><code>@siguikesse</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1046">actions/cache#1046</a></li> <li><a href="https://github.com/ruudk"><code>@ruudk</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1061">actions/cache#1061</a></li> <li><a href="https://github.com/pallavx"><code>@pallavx</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1077">actions/cache#1077</a></li> <li><a href="https://github.com/vHeemstra"><code>@vHeemstra</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1081">actions/cache#1081</a></li> <li><a href="https://github.com/kpfleming"><code>@kpfleming</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1084">actions/cache#1084</a></li> <li><a href="https://github.com/maybeec"><code>@maybeec</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1089">actions/cache#1089</a></li> <li><a href="https://github.com/cdce8p"><code>@cdce8p</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1036">actions/cache#1036</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v3...v3.2.4">https://github.com/actions/cache/compare/v3...v3.2.4</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h3>3.0.0</h3> <ul> <li>Updated minimum runner version support from node 12 -> node 16</li> </ul> <h3>3.0.1</h3> <ul> <li>Added support for caching from GHES 3.5.</li> <li>Fixed download issue for files > 2GB during restore.</li> </ul> <h3>3.0.2</h3> <ul> <li>Added support for dynamic cache size cap on GHES.</li> </ul> <h3>3.0.3</h3> <ul> <li>Fixed avoiding empty cache save when no files are available for caching. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li> </ul> <h3>3.0.4</h3> <ul> <li>Fixed tar creation error while trying to create tar with path as <code>~/</code> home folder on <code>ubuntu-latest</code>. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li> </ul> <h3>3.0.5</h3> <ul> <li>Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (<a href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li> </ul> <h3>3.0.6</h3> <ul> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a> - zstd -d: no such file or directory error</li> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a> - cache doesn't work with github workspace directory</li> </ul> <h3>3.0.7</h3> <ul> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a> - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.</li> </ul> <h3>3.0.8</h3> <ul> <li>Fix zstd not working for windows on gnu tar in issues <a href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a> and <a href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li> <li>Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable <code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li> </ul> <h3>3.0.9</h3> <ul> <li>Enhanced the warning message for cache unavailablity in case of GHES.</li> </ul> <h3>3.0.10</h3> <ul> <li>Fix a bug with sorting inputs.</li> <li>Update definition for restore-keys in README.md</li> </ul> <h3>3.0.11</h3> <ul> <li>Update toolkit version to 3.0.5 to include <code>@actions/core@^1.10.0</code></li> <li>Update <code>@actions/cache</code> to use updated <code>saveState</code> and <code>setOutput</code> functions from <code>@actions/core@^1.10.0</code></li> </ul> <h3>3.1.0-beta.1</h3> <ul> <li>Update <code>@actions/cache</code> on windows to use gnu tar and zstd by default and fallback to bsdtar and zstd if gnu tar is not available. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li> </ul> <h3>3.1.0-beta.2</h3> <ul> <li>Added support for fallback to gzip to restore old caches on windows.</li> </ul> <h3>3.1.0-beta.3</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`627f0f41f6`"><code>627f0f4</code></a> Add <code>fail-on-cache-miss</code> option (<a href="https://github-redirect.dependabot.com/actions/cache/issues/1036">#1036</a>)</li> <li><a href="`8e3048d0f7`"><code>8e3048d</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/cache/issues/1089">#1089</a> from maybeec/patch-1</li> <li><a href="`1b004e8a69`"><code>1b004e8</code></a> Update tips-and-workarounds.md</li> <li><a href="`75b110bc85`"><code>75b110b</code></a> Added another hint to foresee <a href="https://github-redirect.dependabot.com/actions/cache/issues/1072">#1072</a></li> <li><a href="`2b5a782c64`"><code>2b5a782</code></a> Update caching-strategies.md (<a href="https://github-redirect.dependabot.com/actions/cache/issues/1084">#1084</a>)</li> <li><a href="`6c2de3ba98`"><code>6c2de3b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/cache/issues/1081">#1081</a> from vHeemstra/patch-1</li> <li><a href="`b63536828e`"><code>b635368</code></a> there as well ;)</li> <li><a href="`cd2aaa9df8`"><code>cd2aaa9</code></a> chore: Fix syntax error typo</li> <li><a href="`9b7ef12f3e`"><code>9b7ef12</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/cache/issues/1077">#1077</a> from actions/pallavx-patch-1</li> <li><a href="`3c08cab74f`"><code>3c08cab</code></a> Introduce add-to-project step & rename add-reviewer-pr workflow file</li> <li>Additional commits viewable in <a href="`58c146cc91...627f0f41f6`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.2.3&new-version=3.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-01 09:12:12 -03:00
dependabot[bot]	5c1fd3582b	chore(deps): bump docker/setup-buildx-action from 2.2.1 to 2.3.0 (#3729 ) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.2.1 to 2.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v2.3.0</h2> <h2>What's Changed</h2> <ul> <li>Use Octokit to check Buildx release on GitHub by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> (<a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/191">#191</a> <a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/192">#192</a>)</li> <li>Add version pinning information to the README by <a href="https://github.com/jedevc"><code>@jedevc</code></a> (<a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/189">#189</a>)</li> <li>Bump minimatch from 3.0.4 to 3.1.2 (<a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/182">#182</a>)</li> <li>Bump csv-parse from 5.3.1 to 5.3.3 (<a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/181">#181</a>)</li> <li>Bump json5 from 2.2.0 to 2.2.3 (<a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/184">#184</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v2.2.1...v2.3.0">https://github.com/docker/setup-buildx-action/compare/v2.2.1...v2.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`5e716dcfd6`"><code>5e716dc</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/192">#192</a> from crazy-max/support-ghes</li> <li><a href="`a83788eef0`"><code>a83788e</code></a> update generated content</li> <li><a href="`d0d9a72195`"><code>d0d9a72</code></a> pass the token input through on GHES</li> <li><a href="`a8165e7b70`"><code>a8165e7</code></a> enforce baseUrl to api.github.com if action used on GHES</li> <li><a href="`a024221c60`"><code>a024221</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/191">#191</a> from crazy-max/fix-dl-release</li> <li><a href="`4c3fce4ab2`"><code>4c3fce4</code></a> update generated content</li> <li><a href="`7c965aebec`"><code>7c965ae</code></a> use Octokit client to download buildx</li> <li><a href="`7932f6210d`"><code>7932f62</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/189">#189</a> from docker/version-pinning-docs</li> <li><a href="`70deadb37a`"><code>70deadb</code></a> docs: add version pinning information to the README</li> <li><a href="`165fe681b8`"><code>165fe68</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/184">#184</a> from docker/dependabot/npm_and_yarn/json5-2.2.3</li> <li>Additional commits viewable in <a href="`8c0edbc76e...5e716dcfd6`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.2.1&new-version=2.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-30 09:50:59 -03:00
dependabot[bot]	b192de9162	chore(deps): bump github/codeql-action from 2.2.0 to 2.2.1 (#3725 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.0 to 2.2.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.2.1 - 27 Jan 2023</h2> <p>No user facing changes.</p> <h2>2.2.0 - 26 Jan 2023</h2> <ul> <li>Improve stability when choosing the default version of CodeQL to use in code scanning workflow runs on Actions on GitHub.com. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1475">#1475</a> <ul> <li>This change addresses customer reports of code scanning alerts on GitHub.com being closed and reopened during the rollout of new versions of CodeQL in the GitHub Actions <a href="https://github.com/actions/runner-images">runner images</a>.</li> <li><strong>No change is required for the majority of workflows</strong>, including: <ul> <li>Workflows on GitHub.com hosted runners using the latest version (<code>v2</code>) of the CodeQL Action.</li> <li>Workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li> <li>Workflows on GitHub Enterprise Server.</li> </ul> </li> <li><strong>A change may be required</strong> for workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>): <ul> <li>Previously, these workflows would obtain the latest version of CodeQL from the Actions runner image.</li> <li>Now, these workflows will download an older, compatible version of CodeQL from GitHub Releases. To use this older version, no change is required. To use the newest version of CodeQL, please update your workflows to reference the latest version of the CodeQL Action (<code>v2</code>).</li> </ul> </li> <li><strong>Internal changes</strong> <ul> <li>These changes will not affect the majority of code scanning workflows. Continue reading only if your workflow uses <a href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@actions/tool-cache</code></a> or relies on the precise location of CodeQL within the Actions tool cache.</li> <li>The tool cache now contains <strong>two</strong> recent CodeQL versions (previously <strong>one</strong>).</li> <li>Each CodeQL version is located under a directory named after the release date and version number, e.g. CodeQL 2.11.6 is now located under <code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously <code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li> </ul> </li> </ul> </li> <li>The maximum number of <a href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF runs</a> per file has been increased from 15 to 20 for users uploading SARIF files to GitHub.com. This change will help ensure that Code Scanning can process SARIF files generated by third-party tools that have many runs. See the <a href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub API documentation</a> for a list of all the limits around uploading SARIF. This change will be released to GitHub Enterprise Server as part of GHES 3.9.</li> <li>Update default CodeQL bundle version to 2.12.1. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1498">#1498</a></li> <li>Fix a bug that forced the <code>init</code> Action to run for at least two minutes on JavaScript. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1494">#1494</a></li> </ul> <h2>2.1.39 - 18 Jan 2023</h2> <ul> <li>CodeQL Action v1 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see <a href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/">this changelog post</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1467</a></li> <li>Python automatic dependency installation will no longer fail for projects using Poetry that specify <code>virtualenvs.options.no-pip = true</code> in their <code>poetry.toml</code>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431">#1431</a></li> <li>Avoid printing a stack trace and error message when the action fails to find the SHA at the current directory. This will happen in several non-error states and so we now avoid cluttering the log with this message. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1485">#1485</a></li> </ul> <h2>2.1.38 - 12 Jan 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.0. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1466</a></li> </ul> <h2>2.1.37 - 14 Dec 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.6. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1433">#1433</a></li> </ul> <h2>2.1.36 - 08 Dec 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.5. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1412">#1412</a></li> <li>Add a step that tries to upload a SARIF file for the workflow run when that workflow run fails. This will help better surface failed code scanning workflow runs. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1393">#1393</a></li> <li>Python automatic dependency installation will no longer consider dependency code installed in venv as user-written, for projects using Poetry that specify <code>virtualenvs.in-project = true</code> in their <code>poetry.toml</code>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1419">#1419</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`3ebbd71c74`"><code>3ebbd71</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1514">#1514</a> from github/update-v2.2.1-4664f3969</li> <li><a href="`2ae6e13cc3`"><code>2ae6e13</code></a> Update changelog for v2.2.1</li> <li><a href="`4664f39699`"><code>4664f39</code></a> Ensure that <code>tools_download_duration_ms</code> is int (<a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1513">#1513</a>)</li> <li><a href="`b2e16761f3`"><code>b2e1676</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1512">#1512</a> from github/mergeback/v2.2.0-to-main-436dbd91</li> <li><a href="`592a896a53`"><code>592a896</code></a> Update checked-in dependencies</li> <li><a href="`4a6b5a54c2`"><code>4a6b5a5</code></a> Update changelog and version after v2.2.0</li> <li>See full diff in <a href="`436dbd9100...3ebbd71c74`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.0&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-27 08:57:40 -03:00
dependabot[bot]	31fbe515c1	chore(deps): bump github/codeql-action from 2.1.39 to 2.2.0 (#3722 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.39 to 2.2.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.2.0 - 26 Jan 2023</h2> <ul> <li>Improve stability when choosing the default version of CodeQL to use in code scanning workflow runs on Actions on GitHub.com. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1475">#1475</a> <ul> <li>This change addresses customer reports of code scanning alerts on GitHub.com being closed and reopened during the rollout of new versions of CodeQL in the GitHub Actions <a href="https://github.com/actions/runner-images">runner images</a>.</li> <li><strong>No change is required for the majority of workflows</strong>, including: <ul> <li>Workflows on GitHub.com hosted runners using the latest version (<code>v2</code>) of the CodeQL Action.</li> <li>Workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li> <li>Workflows on GitHub Enterprise Server.</li> </ul> </li> <li><strong>A change may be required</strong> for workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>): <ul> <li>Previously, these workflows would obtain the latest version of CodeQL from the Actions runner image.</li> <li>Now, these workflows will download an older, compatible version of CodeQL from GitHub Releases. To use this older version, no change is required. To use the newest version of CodeQL, please update your workflows to reference the latest version of the CodeQL Action (<code>v2</code>).</li> </ul> </li> <li><strong>Internal changes</strong> <ul> <li>These changes will not affect the majority of code scanning workflows. Continue reading only if your workflow uses <a href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@actions/tool-cache</code></a> or relies on the precise location of CodeQL within the Actions tool cache.</li> <li>The tool cache now contains <strong>two</strong> recent CodeQL versions (previously <strong>one</strong>).</li> <li>Each CodeQL version is located under a directory named after the release date and version number, e.g. CodeQL 2.11.6 is now located under <code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously <code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li> </ul> </li> </ul> </li> <li>The maximum number of <a href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF runs</a> per file has been increased from 15 to 20 for users uploading SARIF files to GitHub.com. This change will help ensure that Code Scanning can process SARIF files generated by third-party tools that have many runs. See the <a href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub API documentation</a> for a list of all the limits around uploading SARIF. This change will be released to GitHub Enterprise Server as part of GHES 3.9.</li> <li>Update default CodeQL bundle version to 2.12.1. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1498">#1498</a></li> <li>Fix a bug that forced the <code>init</code> Action to run for at least two minutes on JavaScript. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1494">#1494</a></li> </ul> <h2>2.1.39 - 18 Jan 2023</h2> <ul> <li>CodeQL Action v1 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see <a href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/">this changelog post</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1467</a></li> <li>Python automatic dependency installation will no longer fail for projects using Poetry that specify <code>virtualenvs.options.no-pip = true</code> in their <code>poetry.toml</code>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431">#1431</a></li> <li>Avoid printing a stack trace and error message when the action fails to find the SHA at the current directory. This will happen in several non-error states and so we now avoid cluttering the log with this message. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1485">#1485</a></li> </ul> <h2>2.1.38 - 12 Jan 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.0. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1466</a></li> </ul> <h2>2.1.37 - 14 Dec 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.6. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1433">#1433</a></li> </ul> <h2>2.1.36 - 08 Dec 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.5. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1412">#1412</a></li> <li>Add a step that tries to upload a SARIF file for the workflow run when that workflow run fails. This will help better surface failed code scanning workflow runs. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1393">#1393</a></li> <li>Python automatic dependency installation will no longer consider dependency code installed in venv as user-written, for projects using Poetry that specify <code>virtualenvs.in-project = true</code> in their <code>poetry.toml</code>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1419">#1419</a></li> </ul> <h2>2.1.35 - 01 Dec 2022</h2> <p>No user facing changes.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`436dbd9100`"><code>436dbd9</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1511">#1511</a> from github/update-v2.2.0-43f1a6c70</li> <li><a href="`d966969093`"><code>d966969</code></a> Remove $ from version number</li> <li><a href="`f6d03f448d`"><code>f6d03f4</code></a> Update changelog for v2.2.0</li> <li><a href="`43f1a6c701`"><code>43f1a6c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1510">#1510</a> from github/henrymercer/fix-fallback-version-number</li> <li><a href="`75ae065ae6`"><code>75ae065</code></a> Fix computation of fallback version</li> <li><a href="`0a9e9db27f`"><code>0a9e9db</code></a> Add failing regression test</li> <li><a href="`24ca6b0400`"><code>24ca6b0</code></a> Send tools telemetry to <code>init</code> status report (<a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1497">#1497</a>)</li> <li><a href="`ebf6415a7d`"><code>ebf6415</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1493">#1493</a> from github/aeisenberg/upload-sarif-limits</li> <li><a href="`a58e90a9da`"><code>a58e90a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1508">#1508</a> from github/henrymercer/default-version-fallback</li> <li><a href="`fdff4b0a17`"><code>fdff4b0</code></a> Update CHANGELOG.md</li> <li>Additional commits viewable in <a href="`a34ca99b46...436dbd9100`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.39&new-version=2.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-27 08:55:41 -03:00
dependabot[bot]	4192f38550	chore(deps): bump actions/github-script from 6.3.3 to 6.4.0 (#3723 ) Bumps [actions/github-script](https://github.com/actions/github-script) from 6.3.3 to 6.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/github-script/releases">actions/github-script's releases</a>.</em></p> <blockquote> <h2>v6.4.0</h2> <h2>What's Changed</h2> <ul> <li>Bump json5 from 2.1.3 to 2.2.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/actions/github-script/pull/319">actions/github-script#319</a></li> <li>Bump minimatch from 3.0.4 to 3.1.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/actions/github-script/pull/320">actions/github-script#320</a></li> <li>Add node-fetch by <a href="https://github.com/danmichaelo"><code>@danmichaelo</code></a> in <a href="https://github-redirect.dependabot.com/actions/github-script/pull/321">actions/github-script#321</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/jongwooo"><code>@jongwooo</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/github-script/pull/313">actions/github-script#313</a></li> <li><a href="https://github.com/austinvazquez"><code>@austinvazquez</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/github-script/pull/306">actions/github-script#306</a></li> <li><a href="https://github.com/danmichaelo"><code>@danmichaelo</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/github-script/pull/321">actions/github-script#321</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v6.3.3...v6.4.0">https://github.com/actions/github-script/compare/v6.3.3...v6.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`98814c53be`"><code>98814c5</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/github-script/issues/339">#339</a> from actions/joshmgross/bump-package-version</li> <li><a href="`ba6cf3fe7c`"><code>ba6cf3f</code></a> Bump version to 6.4.0</li> <li><a href="`bcc389184d`"><code>bcc3891</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/github-script/issues/321">#321</a> from danmichaelo/node-fetch</li> <li><a href="`da8818015e`"><code>da88180</code></a> Merge <code>main</code></li> <li><a href="`4d93f38890`"><code>4d93f38</code></a> Update dist and audit deps</li> <li><a href="`0550e85801`"><code>0550e85</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/github-script/issues/336">#336</a> from actions/joshmgross/minimatch-license</li> <li><a href="`5420835fff`"><code>5420835</code></a> Merge branch 'main' into joshmgross/minimatch-license</li> <li><a href="`03377835c3`"><code>0337783</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/github-script/issues/338">#338</a> from actions/joshmgross/fix-dist</li> <li><a href="`8c6dda0186`"><code>8c6dda0</code></a> Regenerate <code>dist</code></li> <li><a href="`ee0d992b06`"><code>ee0d992</code></a> Use Node 16 in CI and examples</li> <li>Additional commits viewable in <a href="`d556feaca3...98814c53be`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=6.3.3&new-version=6.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-27 08:55:28 -03:00
dependabot[bot]	71bc3f9ba1	chore(deps): bump anchore/sbom-action from 0.13.2 to 0.13.3 (#3724 ) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.13.2 to 0.13.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's releases</a>.</em></p> <blockquote> <h2>v0.13.3</h2> <h2>Changes in v0.13.3</h2> <ul> <li>Update Syft to v0.68.1 (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/391">#391</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`07978da4bd`"><code>07978da</code></a> Update Syft to v0.68.1 (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/391">#391</a>)</li> <li>See full diff in <a href="https://github.com/anchore/sbom-action/compare/v0.13.2...v0.13.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.13.2&new-version=0.13.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-27 08:55:18 -03:00
dependabot[bot]	d120e4dd36	chore(deps): bump anchore/sbom-action from 0.13.1 to 0.13.2 (#3720 ) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.13.1 to 0.13.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's releases</a>.</em></p> <blockquote> <h2>v0.13.2</h2> <h2>Changes in v0.13.2</h2> <ul> <li>Update Syft to v0.68.0 (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/387">#387</a>) [<a href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`54e36e45f3`"><code>54e36e4</code></a> feat: update Syft to v0.68.0 (<a href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/387">#387</a>)</li> <li>See full diff in <a href="https://github.com/anchore/sbom-action/compare/v0.13.1...v0.13.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.13.1&new-version=0.13.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-26 09:48:38 -03:00
dependabot[bot]	acaf730976	chore(deps): bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 (#3714 ) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.3.1 to 3.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golangci/golangci-lint-action/releases">golangci/golangci-lint-action's releases</a>.</em></p> <blockquote> <h2>v3.4.0</h2> <h2>What's Changed</h2> <ul> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.42.0 to 5.42.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/601">golangci/golangci-lint-action#601</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.42.0 to 5.42.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/602">golangci/golangci-lint-action#602</a></li> <li>build(deps-dev): bump eslint from 8.27.0 to 8.28.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/604">golangci/golangci-lint-action#604</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.42.1 to 5.43.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/605">golangci/golangci-lint-action#605</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.42.1 to 5.43.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/607">golangci/golangci-lint-action#607</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.43.0 to 5.44.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/609">golangci/golangci-lint-action#609</a></li> <li>build(deps-dev): bump prettier from 2.7.1 to 2.8.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/611">golangci/golangci-lint-action#611</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.43.0 to 5.44.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/610">golangci/golangci-lint-action#610</a></li> <li>build(deps-dev): bump typescript from 4.8.4 to 4.9.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/606">golangci/golangci-lint-action#606</a></li> <li>build(deps): bump <code>@types/node</code> from 18.11.9 to 18.11.10 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/614">golangci/golangci-lint-action#614</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.44.0 to 5.45.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/615">golangci/golangci-lint-action#615</a></li> <li>build(deps-dev): bump eslint from 8.28.0 to 8.29.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/617">golangci/golangci-lint-action#617</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.44.0 to 5.45.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/616">golangci/golangci-lint-action#616</a></li> <li>build(deps-dev): bump typescript from 4.9.3 to 4.9.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/619">golangci/golangci-lint-action#619</a></li> <li>build(deps-dev): bump <code>@vercel/ncc</code> from 0.34.0 to 0.36.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/620">golangci/golangci-lint-action#620</a></li> <li>build(deps-dev): bump prettier from 2.8.0 to 2.8.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/622">golangci/golangci-lint-action#622</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.45.0 to 5.46.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/621">golangci/golangci-lint-action#621</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.45.0 to 5.46.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/623">golangci/golangci-lint-action#623</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.46.0 to 5.46.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/625">golangci/golangci-lint-action#625</a></li> <li>build(deps): bump <code>@types/node</code> from 18.11.10 to 18.11.17 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/628">golangci/golangci-lint-action#628</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.46.0 to 5.46.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/626">golangci/golangci-lint-action#626</a></li> <li>build(deps-dev): bump eslint from 8.29.0 to 8.30.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/627">golangci/golangci-lint-action#627</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.46.1 to 5.47.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/633">golangci/golangci-lint-action#633</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.46.1 to 5.47.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/634">golangci/golangci-lint-action#634</a></li> <li>build(deps): bump <code>@actions/cache</code> from 3.0.6 to 3.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/632">golangci/golangci-lint-action#632</a></li> <li>build(deps-dev): bump eslint from 8.30.0 to 8.31.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/635">golangci/golangci-lint-action#635</a></li> <li>build(deps): bump <code>@types/node</code> from 18.11.17 to 18.11.18 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/636">golangci/golangci-lint-action#636</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.47.0 to 5.47.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/637">golangci/golangci-lint-action#637</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.47.0 to 5.47.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/639">golangci/golangci-lint-action#639</a></li> <li>build(deps): bump <code>@actions/cache</code> from 3.1.0 to 3.1.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/638">golangci/golangci-lint-action#638</a></li> <li>build(deps): bump json5 from 1.0.1 to 1.0.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/642">golangci/golangci-lint-action#642</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.47.1 to 5.48.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/643">golangci/golangci-lint-action#643</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.47.1 to 5.48.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/644">golangci/golangci-lint-action#644</a></li> <li>build(deps-dev): bump prettier from 2.8.1 to 2.8.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/645">golangci/golangci-lint-action#645</a></li> <li>build(deps-dev): bump eslint-config-prettier from 8.5.0 to 8.6.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/646">golangci/golangci-lint-action#646</a></li> <li>build(deps): bump <code>@actions/cache</code> from 3.1.1 to 3.1.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/647">golangci/golangci-lint-action#647</a></li> <li>Support Caching in Mono Repo by <a href="https://github.com/bbernays"><code>@bbernays</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/629">golangci/golangci-lint-action#629</a></li> <li>build(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.27.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/650">golangci/golangci-lint-action#650</a></li> <li>build(deps-dev): bump prettier from 2.8.2 to 2.8.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/651">golangci/golangci-lint-action#651</a></li> <li>build(deps-dev): bump eslint from 8.31.0 to 8.32.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/652">golangci/golangci-lint-action#652</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.48.0 to 5.48.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/653">golangci/golangci-lint-action#653</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.48.0 to 5.48.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/654">golangci/golangci-lint-action#654</a></li> <li>build(deps-dev): bump eslint-plugin-import from 2.27.4 to 2.27.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/655">golangci/golangci-lint-action#655</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.48.1 to 5.48.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/656">golangci/golangci-lint-action#656</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.48.1 to 5.48.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/657">golangci/golangci-lint-action#657</a></li> <li>build(deps-dev): bump eslint-plugin-simple-import-sort from 8.0.0 to 9.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/658">golangci/golangci-lint-action#658</a></li> </ul> <h2>New Contributors</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`08e2f20817`"><code>08e2f20</code></a> build(deps-dev): bump eslint-plugin-simple-import-sort from 8.0.0 to 9.0.0 (#...</li> <li><a href="`8d110786c7`"><code>8d11078</code></a> build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.48.1 to 5.48.2 ...</li> <li><a href="`724a5425db`"><code>724a542</code></a> build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.48.1 to 5.48.2 (<a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/656">#656</a>)</li> <li><a href="`ac0edcd804`"><code>ac0edcd</code></a> build(deps-dev): bump eslint-plugin-import from 2.27.4 to 2.27.5 (<a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/655">#655</a>)</li> <li><a href="`d6404ce293`"><code>d6404ce</code></a> build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.48.0 to 5.48.1 ...</li> <li><a href="`cb88bde406`"><code>cb88bde</code></a> build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.48.0 to 5.48.1 (<a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/653">#653</a>)</li> <li><a href="`f26018a9c0`"><code>f26018a</code></a> build(deps-dev): bump eslint from 8.31.0 to 8.32.0 (<a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/652">#652</a>)</li> <li><a href="`78451d099c`"><code>78451d0</code></a> build(deps-dev): bump prettier from 2.8.2 to 2.8.3 (<a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/651">#651</a>)</li> <li><a href="`5570e66705`"><code>5570e66</code></a> build(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.27.4 (<a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/650">#650</a>)</li> <li><a href="`1626f2bd94`"><code>1626f2b</code></a> Support Caching in Mono Repo (<a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/629">#629</a>)</li> <li>Additional commits viewable in <a href="`0ad9a0988b...08e2f20817`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=3.3.1&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-24 09:49:46 -03:00
dependabot[bot]	93b582b4bb	chore(deps): bump github/codeql-action from 2.1.38 to 2.1.39 (#3704 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.38 to 2.1.39. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.1.39 - 18 Jan 2023</h2> <ul> <li>CodeQL Action v1 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see <a href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/">this changelog post</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1467</a></li> <li>Python automatic dependency installation will no longer fail for projects using Poetry that specify <code>virtualenvs.options.no-pip = true</code> in their <code>poetry.toml</code>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431">#1431</a></li> <li>Avoid printing a stack trace and error message when the action fails to find the SHA at the current directory. This will happen in several non-error states and so we now avoid cluttering the log with this message. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1485">#1485</a></li> </ul> <h2>2.1.38 - 12 Jan 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.0. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1466</a></li> </ul> <h2>2.1.37 - 14 Dec 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.6. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1433">#1433</a></li> </ul> <h2>2.1.36 - 08 Dec 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.5. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1412">#1412</a></li> <li>Add a step that tries to upload a SARIF file for the workflow run when that workflow run fails. This will help better surface failed code scanning workflow runs. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1393">#1393</a></li> <li>Python automatic dependency installation will no longer consider dependency code installed in venv as user-written, for projects using Poetry that specify <code>virtualenvs.in-project = true</code> in their <code>poetry.toml</code>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1419">#1419</a></li> </ul> <h2>2.1.35 - 01 Dec 2022</h2> <p>No user facing changes.</p> <h2>2.1.34 - 25 Nov 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.4. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1391">#1391</a></li> <li>Fixed a bug where some the <code>init</code> action and the <code>analyze</code> action would have different sets of experimental feature flags enabled. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1384">#1384</a></li> </ul> <h2>2.1.33 - 16 Nov 2022</h2> <ul> <li>Go is now analyzed in the same way as other compiled languages such as C/C++, C#, and Java. This completes the rollout of the feature described in <a href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL Action version 2.1.27</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li> <li>Bump the minimum CodeQL bundle version to 2.6.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li> </ul> <h2>2.1.32 - 14 Nov 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li> <li>Update the ML-powered additional query pack for JavaScript to version 0.4.0. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li> </ul> <h2>2.1.31 - 04 Nov 2022</h2> <ul> <li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been updated to no longer report uses of hash functions such as <code>MD5</code> and <code>SHA1</code> even if they are known to be weak. These hash algorithms are used very often in non-sensitive contexts, making the query too imprecise in practice. For more information, see the corresponding change in the <a href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql repository</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`a34ca99b46`"><code>a34ca99</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1489">#1489</a> from github/update-v2.1.39-597c2041</li> <li><a href="`48fa82899a`"><code>48fa828</code></a> Update changelog for v2.1.39</li> <li><a href="`597c204127`"><code>597c204</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1481">#1481</a> from github/henrymercer/discontinue-v1</li> <li><a href="`e0fd640b0c`"><code>e0fd640</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1487">#1487</a> from github/aeisenberg/queries-check</li> <li><a href="`d731c012c4`"><code>d731c01</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1486">#1486</a> from github/update-supported-enterprise-server-versions</li> <li><a href="`6dfc772b5f`"><code>6dfc772</code></a> Add link to new changelog post</li> <li><a href="`60e58b4a21`"><code>60e58b4</code></a> Merge branch 'main' into henrymercer/discontinue-v1</li> <li><a href="`9b1206e898`"><code>9b1206e</code></a> Fix a bug in cli config parsing</li> <li><a href="`40cfcb0a3f`"><code>40cfcb0</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1485">#1485</a> from github/aeisenberg/comitoid-message</li> <li><a href="`e199504667`"><code>e199504</code></a> Update supported GitHub Enterprise Server versions.</li> <li>Additional commits viewable in <a href="`515828d974...a34ca99b46`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.38&new-version=2.1.39)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-19 09:42:30 -03:00
dependabot[bot]	8ebefd251e	chore(deps): bump github/codeql-action from 2.1.37 to 2.1.38 (#3696 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.37 to 2.1.38. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.1.38 - 12 Jan 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.0. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1466</a></li> </ul> <h2>2.1.37 - 14 Dec 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.6. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1433">#1433</a></li> </ul> <h2>2.1.36 - 08 Dec 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.5. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1412">#1412</a></li> <li>Add a step that tries to upload a SARIF file for the workflow run when that workflow run fails. This will help better surface failed code scanning workflow runs. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1393">#1393</a></li> <li>Python automatic dependency installation will no longer consider dependecy code installed in venv as user-written, for projects using Poetry that specify <code>virtualenvs.in-project = true</code> in their <code>poetry.toml</code>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1419">#1419</a>.</li> </ul> <h2>2.1.35 - 01 Dec 2022</h2> <p>No user facing changes.</p> <h2>2.1.34 - 25 Nov 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.4. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1391">#1391</a></li> <li>Fixed a bug where some the <code>init</code> action and the <code>analyze</code> action would have different sets of experimental feature flags enabled. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1384">#1384</a></li> </ul> <h2>2.1.33 - 16 Nov 2022</h2> <ul> <li>Go is now analyzed in the same way as other compiled languages such as C/C++, C#, and Java. This completes the rollout of the feature described in <a href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL Action version 2.1.27</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li> <li>Bump the minimum CodeQL bundle version to 2.6.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li> </ul> <h2>2.1.32 - 14 Nov 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li> <li>Update the ML-powered additional query pack for JavaScript to version 0.4.0. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li> </ul> <h2>2.1.31 - 04 Nov 2022</h2> <ul> <li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been updated to no longer report uses of hash functions such as <code>MD5</code> and <code>SHA1</code> even if they are known to be weak. These hash algorithms are used very often in non-sensitive contexts, making the query too imprecise in practice. For more information, see the corresponding change in the <a href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql repository</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li> </ul> <h2>2.1.30 - 02 Nov 2022</h2> <ul> <li>Improve the error message when using CodeQL bundle version 2.7.2 and earlier in a workflow that runs on a runner image such as <code>ubuntu-22.04</code> that uses glibc version 2.34 and later. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1334">#1334</a></li> </ul> <h2>2.1.29 - 26 Oct 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.2. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`515828d974`"><code>515828d</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1476">#1476</a> from github/update-v2.1.38-70fdddff</li> <li><a href="`caa49ae471`"><code>caa49ae</code></a> Update changelog for v2.1.38</li> <li><a href="`70fdddff11`"><code>70fdddf</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1474">#1474</a> from github/henrymercer/fix-ghae-setup-test</li> <li><a href="`6ba0a36550`"><code>6ba0a36</code></a> Add JSDoc for <code>mockDownloadApi</code></li> <li><a href="`4a918790cd`"><code>4a91879</code></a> Merge branch 'main' into henrymercer/fix-ghae-setup-test</li> <li><a href="`42d6d35dd1`"><code>42d6d35</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1464">#1464</a> from github/aeisenberg/externalRepoTokenConfigParsing</li> <li><a href="`e009918fbc`"><code>e009918</code></a> Merge branch 'main' into aeisenberg/externalRepoTokenConfigParsing</li> <li><a href="`70a288daae`"><code>70a288d</code></a> Merge branch 'main' into henrymercer/fix-ghae-setup-test</li> <li><a href="`bdc7c5d203`"><code>bdc7c5d</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1466">#1466</a> from github/dbartol/bundle-20230105</li> <li><a href="`272d916f23`"><code>272d916</code></a> Address comments from PR</li> <li>Additional commits viewable in <a href="`959cbb7472...515828d974`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.37&new-version=2.1.38)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-13 10:20:58 -03:00
Carlos A Becker	e90193b6e8	build: only notify generate-releases on a release Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2023-01-11 09:40:12 -03:00
Carlos A Becker	17cd672149	build: use go 1.19.5 Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2023-01-11 09:18:25 -03:00
Artur Troian	0f8de79473	build: notify goreleaser-cross about new release (#3685 ) Signed-off-by: Artur Troian <troian.ap@gmail.com> Signed-off-by: Artur Troian <troian.ap@gmail.com>	2023-01-09 14:45:29 -03:00
dependabot[bot]	5388005912	chore(deps): bump actions/cache from 3.2.2 to 3.2.3 (#3687 ) Bumps [actions/cache](https://github.com/actions/cache) from 3.2.2 to 3.2.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v3.2.3</h2> <h2>What's Changed</h2> <ul> <li>Add Mint example by <a href="https://github.com/uhooi"><code>@uhooi</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1051">actions/cache#1051</a></li> <li>Fixed broken link by <a href="https://github.com/kotewar"><code>@kotewar</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1057">actions/cache#1057</a></li> <li>Add support to opt-in enable cross-os caching on windows by <a href="https://github.com/Phantsure"><code>@Phantsure</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1056">actions/cache#1056</a></li> <li>Release support for cross-os caching as opt-in feature by <a href="https://github.com/Phantsure"><code>@Phantsure</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1060">actions/cache#1060</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/uhooi"><code>@uhooi</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1051">actions/cache#1051</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v3...v3.2.3">https://github.com/actions/cache/compare/v3...v3.2.3</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h3>3.0.0</h3> <ul> <li>Updated minimum runner version support from node 12 -> node 16</li> </ul> <h3>3.0.1</h3> <ul> <li>Added support for caching from GHES 3.5.</li> <li>Fixed download issue for files > 2GB during restore.</li> </ul> <h3>3.0.2</h3> <ul> <li>Added support for dynamic cache size cap on GHES.</li> </ul> <h3>3.0.3</h3> <ul> <li>Fixed avoiding empty cache save when no files are available for caching. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li> </ul> <h3>3.0.4</h3> <ul> <li>Fixed tar creation error while trying to create tar with path as <code>~/</code> home folder on <code>ubuntu-latest</code>. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li> </ul> <h3>3.0.5</h3> <ul> <li>Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (<a href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li> </ul> <h3>3.0.6</h3> <ul> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a> - zstd -d: no such file or directory error</li> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a> - cache doesn't work with github workspace directory</li> </ul> <h3>3.0.7</h3> <ul> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a> - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.</li> </ul> <h3>3.0.8</h3> <ul> <li>Fix zstd not working for windows on gnu tar in issues <a href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a> and <a href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li> <li>Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable <code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li> </ul> <h3>3.0.9</h3> <ul> <li>Enhanced the warning message for cache unavailablity in case of GHES.</li> </ul> <h3>3.0.10</h3> <ul> <li>Fix a bug with sorting inputs.</li> <li>Update definition for restore-keys in README.md</li> </ul> <h3>3.0.11</h3> <ul> <li>Update toolkit version to 3.0.5 to include <code>@actions/core@^1.10.0</code></li> <li>Update <code>@actions/cache</code> to use updated <code>saveState</code> and <code>setOutput</code> functions from <code>@actions/core@^1.10.0</code></li> </ul> <h3>3.1.0-beta.1</h3> <ul> <li>Update <code>@actions/cache</code> on windows to use gnu tar and zstd by default and fallback to bsdtar and zstd if gnu tar is not available. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li> </ul> <h3>3.1.0-beta.2</h3> <ul> <li>Added support for fallback to gzip to restore old caches on windows.</li> </ul> <h3>3.1.0-beta.3</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`58c146cc91`"><code>58c146c</code></a> Release support for cross-os caching as opt-in feature (<a href="https://github-redirect.dependabot.com/actions/cache/issues/1060">#1060</a>)</li> <li><a href="`6fd2d4538c`"><code>6fd2d45</code></a> Add support to opt-in enable cross-os caching on windows (<a href="https://github-redirect.dependabot.com/actions/cache/issues/1056">#1056</a>)</li> <li><a href="`1f414295fe`"><code>1f41429</code></a> Fixed broken link (<a href="https://github-redirect.dependabot.com/actions/cache/issues/1057">#1057</a>)</li> <li><a href="`365406cb70`"><code>365406c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/cache/issues/1051">#1051</a> from uhooi/feature/add_mint_example</li> <li><a href="`d6217569d5`"><code>d621756</code></a> Update Mint example</li> <li><a href="`84e54000da`"><code>84e5400</code></a> Merge remote-tracking branch 'origin/main' into feature/add_mint_example</li> <li>See full diff in <a href="`4723a57e26...58c146cc91`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.2.2&new-version=3.2.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-09 09:23:07 -03:00
dependabot[bot]	d80b937827	chore(deps): bump actions/checkout from 3.2.0 to 3.3.0 (#3683 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.2.0 to 3.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v3.3.0</h2> <h2>What's Changed</h2> <ul> <li>Implement branch list using callbacks from exec function by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1045">actions/checkout#1045</a></li> <li>Add in explicit reference to private checkout options by <a href="https://github.com/vanZeben"><code>@vanZeben</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1050">actions/checkout#1050</a></li> <li>Fix comment typos (that got added in <a href="https://github-redirect.dependabot.com/actions/checkout/issues/770">#770</a>) by <a href="https://github.com/lurch"><code>@lurch</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1057">actions/checkout#1057</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/vanZeben"><code>@vanZeben</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1050">actions/checkout#1050</a></li> <li><a href="https://github.com/lurch"><code>@lurch</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1057">actions/checkout#1057</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.2.0...v3.3.0">https://github.com/actions/checkout/compare/v3.2.0...v3.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`ac59398561`"><code>ac59398</code></a> Fix comment typos (that got added in <a href="https://github-redirect.dependabot.com/actions/checkout/issues/770">#770</a>) (<a href="https://github-redirect.dependabot.com/actions/checkout/issues/1057">#1057</a>)</li> <li><a href="`3ba5ee6fac`"><code>3ba5ee6</code></a> Add in explicit reference to private checkout options (<a href="https://github-redirect.dependabot.com/actions/checkout/issues/1050">#1050</a>)</li> <li><a href="`8856415920`"><code>8856415</code></a> Implement branch list using callbacks from exec function (<a href="https://github-redirect.dependabot.com/actions/checkout/issues/1045">#1045</a>)</li> <li>See full diff in <a href="`755da8c3cf...ac59398561`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.2.0&new-version=3.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-01-06 09:20:17 -03:00
Carlos A Becker	b4e0439f4d	Merge remote-tracking branch 'origin/main'	2022-12-30 22:50:26 -03:00
dependabot[bot]	3bcd4c6f28	chore(deps): Bump benc-uk/workflow-dispatch from 1 to 121 (#3675 )	2022-12-30 09:13:12 -03:00
Carlos A Becker	09b76aa090	docs: fix descriptions Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2022-12-29 21:57:42 -03:00
Carlos A Becker	02e2dfddf2	docs: update workflows Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2022-12-29 15:02:27 -03:00
Carlos Alexandro Becker	232c982fb0	docs: improve build (#3674 ) - generate releases.json et al on our github actions workflow - use those when building and also on our `run` script - new releases will dispatch the workflow so it re-generates the needed files Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2022-12-29 14:55:45 -03:00
dependabot[bot]	04410be510	chore(deps): Bump actions/cache from 3.2.1 to 3.2.2 (#3664 ) Bumps [actions/cache](https://github.com/actions/cache) from 3.2.1 to 3.2.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v3.2.2</h2> <h2>What's Changed</h2> <ul> <li>Fix formatting error in restore/README.md by <a href="https://github.com/me-and"><code>@me-and</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1044">actions/cache#1044</a></li> <li>save/README.md: Fix typo in example by <a href="https://github.com/mmuetzel"><code>@mmuetzel</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1040">actions/cache#1040</a></li> <li>README.md: remove outdated Windows cache tip link by <a href="https://github.com/me-and"><code>@me-and</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1042">actions/cache#1042</a></li> <li>Revert compression changes related to windows but keep version logging by <a href="https://github.com/Phantsure"><code>@Phantsure</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1049">actions/cache#1049</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/me-and"><code>@me-and</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1044">actions/cache#1044</a></li> <li><a href="https://github.com/mmuetzel"><code>@mmuetzel</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1040">actions/cache#1040</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v3.2.1...v3.2.2">https://github.com/actions/cache/compare/v3.2.1...v3.2.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h3>3.0.0</h3> <ul> <li>Updated minimum runner version support from node 12 -> node 16</li> </ul> <h3>3.0.1</h3> <ul> <li>Added support for caching from GHES 3.5.</li> <li>Fixed download issue for files > 2GB during restore.</li> </ul> <h3>3.0.2</h3> <ul> <li>Added support for dynamic cache size cap on GHES.</li> </ul> <h3>3.0.3</h3> <ul> <li>Fixed avoiding empty cache save when no files are available for caching. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li> </ul> <h3>3.0.4</h3> <ul> <li>Fixed tar creation error while trying to create tar with path as <code>~/</code> home folder on <code>ubuntu-latest</code>. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li> </ul> <h3>3.0.5</h3> <ul> <li>Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (<a href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li> </ul> <h3>3.0.6</h3> <ul> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a> - zstd -d: no such file or directory error</li> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a> - cache doesn't work with github workspace directory</li> </ul> <h3>3.0.7</h3> <ul> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a> - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.</li> </ul> <h3>3.0.8</h3> <ul> <li>Fix zstd not working for windows on gnu tar in issues <a href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a> and <a href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li> <li>Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable <code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li> </ul> <h3>3.0.9</h3> <ul> <li>Enhanced the warning message for cache unavailablity in case of GHES.</li> </ul> <h3>3.0.10</h3> <ul> <li>Fix a bug with sorting inputs.</li> <li>Update definition for restore-keys in README.md</li> </ul> <h3>3.0.11</h3> <ul> <li>Update toolkit version to 3.0.5 to include <code>@actions/core@^1.10.0</code></li> <li>Update <code>@actions/cache</code> to use updated <code>saveState</code> and <code>setOutput</code> functions from <code>@actions/core@^1.10.0</code></li> </ul> <h3>3.1.0-beta.1</h3> <ul> <li>Update <code>@actions/cache</code> on windows to use gnu tar and zstd by default and fallback to bsdtar and zstd if gnu tar is not available. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li> </ul> <h3>3.1.0-beta.2</h3> <ul> <li>Added support for fallback to gzip to restore old caches on windows.</li> </ul> <h3>3.1.0-beta.3</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`4723a57e26`"><code>4723a57</code></a> Revert compression changes related to windows but keep version logging (<a href="https://github-redirect.dependabot.com/actions/cache/issues/1049">#1049</a>)</li> <li><a href="`d1507cccba`"><code>d1507cc</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/cache/issues/1042">#1042</a> from me-and/correct-readme-re-windows</li> <li><a href="`3337563725`"><code>3337563</code></a> Merge branch 'main' into correct-readme-re-windows</li> <li><a href="`60c7666709`"><code>60c7666</code></a> save/README.md: Fix typo in example (<a href="https://github-redirect.dependabot.com/actions/cache/issues/1040">#1040</a>)</li> <li><a href="`b053f2b699`"><code>b053f2b</code></a> Fix formatting error in restore/README.md (<a href="https://github-redirect.dependabot.com/actions/cache/issues/1044">#1044</a>)</li> <li><a href="`501277cfd7`"><code>501277c</code></a> README.md: remove outdated Windows cache tip link</li> <li>See full diff in <a href="`c1a5de879e...4723a57e26`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.2.1&new-version=3.2.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-28 10:02:31 -03:00
dependabot[bot]	89856068b8	chore(deps): Bump actions/cache from 3.2.0 to 3.2.1 (#3658 ) Bumps [actions/cache](https://github.com/actions/cache) from 3.2.0 to 3.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v3.2.1</h2> <h2>What's Changed</h2> <ul> <li>Release compression related changes for windows by <a href="https://github.com/Phantsure"><code>@Phantsure</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1039">actions/cache#1039</a></li> <li>Upgrade codeql to v2 by <a href="https://github.com/Phantsure"><code>@Phantsure</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1023">actions/cache#1023</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v3.2.0...v3.2.1">https://github.com/actions/cache/compare/v3.2.0...v3.2.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h3>3.0.0</h3> <ul> <li>Updated minimum runner version support from node 12 -> node 16</li> </ul> <h3>3.0.1</h3> <ul> <li>Added support for caching from GHES 3.5.</li> <li>Fixed download issue for files > 2GB during restore.</li> </ul> <h3>3.0.2</h3> <ul> <li>Added support for dynamic cache size cap on GHES.</li> </ul> <h3>3.0.3</h3> <ul> <li>Fixed avoiding empty cache save when no files are available for caching. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li> </ul> <h3>3.0.4</h3> <ul> <li>Fixed tar creation error while trying to create tar with path as <code>~/</code> home folder on <code>ubuntu-latest</code>. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li> </ul> <h3>3.0.5</h3> <ul> <li>Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (<a href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li> </ul> <h3>3.0.6</h3> <ul> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a> - zstd -d: no such file or directory error</li> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a> - cache doesn't work with github workspace directory</li> </ul> <h3>3.0.7</h3> <ul> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a> - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.</li> </ul> <h3>3.0.8</h3> <ul> <li>Fix zstd not working for windows on gnu tar in issues <a href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a> and <a href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li> <li>Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable <code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li> </ul> <h3>3.0.9</h3> <ul> <li>Enhanced the warning message for cache unavailablity in case of GHES.</li> </ul> <h3>3.0.10</h3> <ul> <li>Fix a bug with sorting inputs.</li> <li>Update definition for restore-keys in README.md</li> </ul> <h3>3.0.11</h3> <ul> <li>Update toolkit version to 3.0.5 to include <code>@actions/core@^1.10.0</code></li> <li>Update <code>@actions/cache</code> to use updated <code>saveState</code> and <code>setOutput</code> functions from <code>@actions/core@^1.10.0</code></li> </ul> <h3>3.1.0-beta.1</h3> <ul> <li>Update <code>@actions/cache</code> on windows to use gnu tar and zstd by default and fallback to bsdtar and zstd if gnu tar is not available. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li> </ul> <h3>3.1.0-beta.2</h3> <ul> <li>Added support for fallback to gzip to restore old caches on windows.</li> </ul> <h3>3.1.0-beta.3</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`c1a5de879e`"><code>c1a5de8</code></a> Upgrade codeql to v2 (<a href="https://github-redirect.dependabot.com/actions/cache/issues/1023">#1023</a>)</li> <li><a href="`9b0be58822`"><code>9b0be58</code></a> Release compression related changes for windows (<a href="https://github-redirect.dependabot.com/actions/cache/issues/1039">#1039</a>)</li> <li>See full diff in <a href="`c17f4bf466...c1a5de879e`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.2.0&new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-23 08:57:15 -03:00
dependabot[bot]	6c9adcb1c7	chore(deps): bump actions/cache from 3.0.11 to 3.2.0 (#3657 ) Bumps [actions/cache](https://github.com/actions/cache) from 3.0.11 to 3.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v3.2.0</h2> <h2>What's Changed</h2> <ul> <li>fix wrong timeout env var key in README.md by <a href="https://github.com/walterddr"><code>@walterddr</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/959">actions/cache#959</a></li> <li>Updated release doc with correct env variable by <a href="https://github.com/kotewar"><code>@kotewar</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/960">actions/cache#960</a></li> <li>Create pull_request_template.md by <a href="https://github.com/pdotl"><code>@pdotl</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/963">actions/cache#963</a></li> <li>Update README with clearer info about cache-hit and its value by <a href="https://github.com/kotewar"><code>@kotewar</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/961">actions/cache#961</a></li> <li>Change datadog/squid to Ubuntu/squid in CI check by <a href="https://github.com/bishal-pdMSFT"><code>@bishal-pdMSFT</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/976">actions/cache#976</a></li> <li>Add more details to version section in readme by <a href="https://github.com/bishal-pdMSFT"><code>@bishal-pdMSFT</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/971">actions/cache#971</a></li> <li>Update hashFiles documentation reference by <a href="https://github.com/asaf400"><code>@asaf400</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/979">actions/cache#979</a></li> <li>Updated link for cache segment download info by <a href="https://github.com/kotewar"><code>@kotewar</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/986">actions/cache#986</a></li> <li>Readme update for deleting caches by <a href="https://github.com/t-dedah"><code>@t-dedah</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/981">actions/cache#981</a></li> <li>Add oncall logic to assign issues and PRs by <a href="https://github.com/vsvipul"><code>@vsvipul</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/997">actions/cache#997</a></li> <li>Bump minimatch from 3.0.4 to 3.1.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/998">actions/cache#998</a></li> <li>Revert "Bump minimatch from 3.0.4 to 3.1.2" by <a href="https://github.com/vsvipul"><code>@vsvipul</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1005">actions/cache#1005</a></li> <li>Fix npm vulnerability by <a href="https://github.com/Phantsure"><code>@Phantsure</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1007">actions/cache#1007</a></li> <li>refactor: Use early return pattern to avoid nested conditions by <a href="https://github.com/jongwooo"><code>@jongwooo</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1013">actions/cache#1013</a></li> <li>Use cache in check-dist.yml by <a href="https://github.com/jongwooo"><code>@jongwooo</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1004">actions/cache#1004</a></li> <li>chore: Use built-in cache action to cache dependencies by <a href="https://github.com/jongwooo"><code>@jongwooo</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1014">actions/cache#1014</a></li> <li>Updated node example by <a href="https://github.com/t-dedah"><code>@t-dedah</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1008">actions/cache#1008</a></li> <li>Fix: Node npm doc example by <a href="https://github.com/apascualm"><code>@apascualm</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1026">actions/cache#1026</a></li> <li>docs: fix an invalid link in workarounds.md by <a href="https://github.com/teatimeguest"><code>@teatimeguest</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/929">actions/cache#929</a></li> <li>General Availability release for granular cache by <a href="https://github.com/kotewar"><code>@kotewar</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1035">actions/cache#1035</a> More details here on <a href="https://github.com/actions/cache/discussions/1020">beta</a> release.</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/walterddr"><code>@walterddr</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/cache/pull/959">actions/cache#959</a></li> <li><a href="https://github.com/asaf400"><code>@asaf400</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/cache/pull/979">actions/cache#979</a></li> <li><a href="https://github.com/jongwooo"><code>@jongwooo</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1013">actions/cache#1013</a></li> <li><a href="https://github.com/apascualm"><code>@apascualm</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1026">actions/cache#1026</a></li> <li><a href="https://github.com/teatimeguest"><code>@teatimeguest</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/cache/pull/929">actions/cache#929</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v3...v3.2.0">https://github.com/actions/cache/compare/v3...v3.2.0</a></p> <h2>v3.2.0-beta.1</h2> <h2>What's Changed</h2> <ul> <li>Actions Cache Granular Control Implementation by <a href="https://github.com/kotewar"><code>@kotewar</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1006">actions/cache#1006</a></li> </ul> <h2>v3.1.0-beta.3</h2> <h2>What's Changed</h2> <ul> <li>Bug fixes for bsdtar fallback, if gnutar not available, and gzip fallback, if cache saved using old cache action, on windows.</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v3.1.0-beta.2...v3.1.0-beta.3">https://github.com/actions/cache/compare/v3.1.0-beta.2...v3.1.0-beta.3</a></p> <h2>v3.1.0-beta.2</h2> <h2>What's Changed</h2> <ul> <li>Updated node example by <a href="https://github.com/t-dedah"><code>@t-dedah</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1008">actions/cache#1008</a></li> <li>Release cache <code>3.1.0-beta.2</code> with gzip fallback for old cache by <a href="https://github.com/Phantsure"><code>@Phantsure</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1022">actions/cache#1022</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v3.1.0-beta.1...v3.1.0-beta.2">https://github.com/actions/cache/compare/v3.1.0-beta.1...v3.1.0-beta.2</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h3>3.0.0</h3> <ul> <li>Updated minimum runner version support from node 12 -> node 16</li> </ul> <h3>3.0.1</h3> <ul> <li>Added support for caching from GHES 3.5.</li> <li>Fixed download issue for files > 2GB during restore.</li> </ul> <h3>3.0.2</h3> <ul> <li>Added support for dynamic cache size cap on GHES.</li> </ul> <h3>3.0.3</h3> <ul> <li>Fixed avoiding empty cache save when no files are available for caching. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li> </ul> <h3>3.0.4</h3> <ul> <li>Fixed tar creation error while trying to create tar with path as <code>~/</code> home folder on <code>ubuntu-latest</code>. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li> </ul> <h3>3.0.5</h3> <ul> <li>Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (<a href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li> </ul> <h3>3.0.6</h3> <ul> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a> - zstd -d: no such file or directory error</li> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a> - cache doesn't work with github workspace directory</li> </ul> <h3>3.0.7</h3> <ul> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a> - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.</li> </ul> <h3>3.0.8</h3> <ul> <li>Fix zstd not working for windows on gnu tar in issues <a href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a> and <a href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li> <li>Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable <code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li> </ul> <h3>3.0.9</h3> <ul> <li>Enhanced the warning message for cache unavailablity in case of GHES.</li> </ul> <h3>3.0.10</h3> <ul> <li>Fix a bug with sorting inputs.</li> <li>Update definition for restore-keys in README.md</li> </ul> <h3>3.0.11</h3> <ul> <li>Update toolkit version to 3.0.5 to include <code>@actions/core@^1.10.0</code></li> <li>Update <code>@actions/cache</code> to use updated <code>saveState</code> and <code>setOutput</code> functions from <code>@actions/core@^1.10.0</code></li> </ul> <h3>3.1.0-beta.1</h3> <ul> <li>Update <code>@actions/cache</code> on windows to use gnu tar and zstd by default and fallback to bsdtar and zstd if gnu tar is not available. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li> </ul> <h3>3.1.0-beta.2</h3> <ul> <li>Added support for fallback to gzip to restore old caches on windows.</li> </ul> <h3>3.1.0-beta.3</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`c17f4bf466`"><code>c17f4bf</code></a> GA for granular cache (<a href="https://github-redirect.dependabot.com/actions/cache/issues/1035">#1035</a>)</li> <li><a href="`ac25611cae`"><code>ac25611</code></a> docs: fix an invalid link in workarounds.md (<a href="https://github-redirect.dependabot.com/actions/cache/issues/929">#929</a>)</li> <li><a href="`dc097e3bb9`"><code>dc097e3</code></a> Update examples.md (<a href="https://github-redirect.dependabot.com/actions/cache/issues/1026">#1026</a>)</li> <li><a href="`fb86cbf360`"><code>fb86cbf</code></a> Updated node example (<a href="https://github-redirect.dependabot.com/actions/cache/issues/1008">#1008</a>)</li> <li><a href="`a57932faba`"><code>a57932f</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/cache/issues/1014">#1014</a> from jongwooo/chore/use-built-in-cache-action</li> <li><a href="`04b13caea4`"><code>04b13ca</code></a> chore: Use built-in cache action to cache dependencies</li> <li><a href="`941bc71a24`"><code>941bc71</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/cache/issues/1004">#1004</a> from jongwooo/chore/use-cache-in-check-dist</li> <li><a href="`08d8639046`"><code>08d8639</code></a> Merge branch 'main' into chore/use-cache-in-check-dist</li> <li><a href="`a2f324eeb7`"><code>a2f324e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/cache/issues/1013">#1013</a> from jongwooo/refactor/use-early-return-pattern-to-a...</li> <li><a href="`35f4702f6c`"><code>35f4702</code></a> refactor: Use early return pattern to avoid nested conditions</li> <li>Additional commits viewable in <a href="`9b0c1fce7a...c17f4bf466`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.0.11&new-version=3.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-22 09:13:39 -03:00
dependabot[bot]	0d5b669642	chore(deps): bump github/codeql-action from 2.1.36 to 2.1.37 (#3645 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.36 to 2.1.37. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.1.37 - 14 Dec 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.6. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1433">#1433</a></li> </ul> <h2>2.1.36 - 08 Dec 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.5. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1412">#1412</a></li> <li>Add a step that tries to upload a SARIF file for the workflow run when that workflow run fails. This will help better surface failed code scanning workflow runs. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1393">#1393</a></li> <li>Python automatic dependency installation will no longer consider dependecy code installed in venv as user-written, for projects using Poetry that specify <code>virtualenvs.in-project = true</code> in their <code>poetry.toml</code>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1419">#1419</a>.</li> </ul> <h2>2.1.35 - 01 Dec 2022</h2> <p>No user facing changes.</p> <h2>2.1.34 - 25 Nov 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.4. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1391">#1391</a></li> <li>Fixed a bug where some the <code>init</code> action and the <code>analyze</code> action would have different sets of experimental feature flags enabled. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1384">#1384</a></li> </ul> <h2>2.1.33 - 16 Nov 2022</h2> <ul> <li>Go is now analyzed in the same way as other compiled languages such as C/C++, C#, and Java. This completes the rollout of the feature described in <a href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL Action version 2.1.27</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li> <li>Bump the minimum CodeQL bundle version to 2.6.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li> </ul> <h2>2.1.32 - 14 Nov 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li> <li>Update the ML-powered additional query pack for JavaScript to version 0.4.0. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li> </ul> <h2>2.1.31 - 04 Nov 2022</h2> <ul> <li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been updated to no longer report uses of hash functions such as <code>MD5</code> and <code>SHA1</code> even if they are known to be weak. These hash algorithms are used very often in non-sensitive contexts, making the query too imprecise in practice. For more information, see the corresponding change in the <a href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql repository</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li> </ul> <h2>2.1.30 - 02 Nov 2022</h2> <ul> <li>Improve the error message when using CodeQL bundle version 2.7.2 and earlier in a workflow that runs on a runner image such as <code>ubuntu-22.04</code> that uses glibc version 2.34 and later. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1334">#1334</a></li> </ul> <h2>2.1.29 - 26 Oct 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.2. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li> </ul> <h2>2.1.28 - 18 Oct 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.1. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`959cbb7472`"><code>959cbb7</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1436">#1436</a> from github/update-v2.1.37-d58039a1</li> <li><a href="`10ca836463`"><code>10ca836</code></a> Update changelog for v2.1.37</li> <li><a href="`d58039a1e3`"><code>d58039a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1435">#1435</a> from github/orhantoy/add-CODE_SCANNING_REF-tests</li> <li><a href="`37a4496237`"><code>37a4496</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1433">#1433</a> from github/henrymercer/use-codeql-2.11.6</li> <li><a href="`b7028afcb4`"><code>b7028af</code></a> Make sure env is reset between tests</li> <li><a href="`f629dada4c`"><code>f629dad</code></a> Merge branch 'main' into henrymercer/use-codeql-2.11.6</li> <li><a href="`ccee4c68ff`"><code>ccee4c6</code></a> Add tests for CODE_SCANNING_REF</li> <li><a href="`899bf9c076`"><code>899bf9c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1432">#1432</a> from github/henrymercer/init-post-telemetry</li> <li><a href="`dd7c3ef80e`"><code>dd7c3ef</code></a> Remove debugging log statements</li> <li><a href="`b7b875efff`"><code>b7b875e</code></a> Reuse existing fields in post-init status report</li> <li>Additional commits viewable in <a href="`a669cc5936...959cbb7472`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.36&new-version=2.1.37)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-15 10:16:31 -03:00
Carlos Alexandro Becker	cac3f17562	feat(deps): build with go 1.19.4 (#3644 ) latest and greatest Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2022-12-14 15:23:40 -03:00
dependabot[bot]	f05b211b61	chore(deps): bump actions/setup-go from 3.4.0 to 3.5.0 (#3643 ) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.4.0 to 3.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>Add support for stable and oldstable aliases</h2> <p>In scope of this release we introduce aliases for the <code>go-version</code> input. The <code>stable</code> alias instals the latest stable version of Go. The <code>oldstable</code> alias installs previous latest minor release (the stable is 1.19.x -> the oldstable is 1.18.x).</p> <h3>Stable</h3> <pre lang="yaml"><code>steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v3 with: go-version: 'stable' - run: go run hello.go </code></pre> <h3>OldStable</h3> <pre lang="yaml"><code>steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v3 with: go-version: 'oldstable' - run: go run hello.go </code></pre> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`6edd4406fa`"><code>6edd440</code></a> fix log for stable aliases (<a href="https://github-redirect.dependabot.com/actions/setup-go/issues/303">#303</a>)</li> <li><a href="`38dbe75f81`"><code>38dbe75</code></a> Add stable and oldstable aliases (<a href="https://github-redirect.dependabot.com/actions/setup-go/issues/300">#300</a>)</li> <li><a href="`30c39bfe0c`"><code>30c39bf</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/301">#301</a> from jongwooo/chore/use-cache-in-check-dist</li> <li><a href="`8377b69a56`"><code>8377b69</code></a> Use cache in check-dist.yml</li> <li>See full diff in <a href="`d0a58c1c4d...6edd4406fa`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=3.4.0&new-version=3.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-14 12:09:30 -03:00
dependabot[bot]	43e2b3bf69	chore(deps): bump actions/checkout from 3.1.0 to 3.2.0 (#3636 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v3.2.0</h2> <h2>What's Changed</h2> <ul> <li>Add GitHub Action to perform release by <a href="https://github.com/rentziass"><code>@rentziass</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/942">actions/checkout#942</a></li> <li>Fix status badge by <a href="https://github.com/ScottBrenner"><code>@ScottBrenner</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/967">actions/checkout#967</a></li> <li>Replace datadog/squid with ubuntu/squid Docker image by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1002">actions/checkout#1002</a></li> <li>Wrap pipeline commands for submoduleForeach in quotes by <a href="https://github.com/jokreliable"><code>@jokreliable</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/964">actions/checkout#964</a></li> <li>Update <code>@actions/io</code> to 1.1.2 by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1029">actions/checkout#1029</a></li> <li>Upgrading version to 3.2.0 by <a href="https://github.com/vmjoseph"><code>@vmjoseph</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1039">actions/checkout#1039</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ScottBrenner"><code>@ScottBrenner</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/967">actions/checkout#967</a></li> <li><a href="https://github.com/cory-miller"><code>@cory-miller</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1002">actions/checkout#1002</a></li> <li><a href="https://github.com/jokreliable"><code>@jokreliable</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/964">actions/checkout#964</a></li> <li><a href="https://github.com/vmjoseph"><code>@vmjoseph</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1039">actions/checkout#1039</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3...v3.2.0">https://github.com/actions/checkout/compare/v3...v3.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`755da8c3cf`"><code>755da8c</code></a> 3.2.0 (<a href="https://github-redirect.dependabot.com/actions/checkout/issues/1039">#1039</a>)</li> <li><a href="`26d48e8ea1`"><code>26d48e8</code></a> Update <code>@actions/io</code> to 1.1.2 (<a href="https://github-redirect.dependabot.com/actions/checkout/issues/1029">#1029</a>)</li> <li><a href="`bf085276ce`"><code>bf08527</code></a> wrap pipeline commands for submoduleForeach in quotes (<a href="https://github-redirect.dependabot.com/actions/checkout/issues/964">#964</a>)</li> <li><a href="`5c3ccc22eb`"><code>5c3ccc2</code></a> Replace datadog/squid with ubuntu/squid Docker image (<a href="https://github-redirect.dependabot.com/actions/checkout/issues/1002">#1002</a>)</li> <li><a href="`1f9a0c22da`"><code>1f9a0c2</code></a> README - fix status badge (<a href="https://github-redirect.dependabot.com/actions/checkout/issues/967">#967</a>)</li> <li><a href="`8230315d06`"><code>8230315</code></a> Add workflow to update a main version (<a href="https://github-redirect.dependabot.com/actions/checkout/issues/942">#942</a>)</li> <li>See full diff in <a href="`93ea575cb5...755da8c3cf`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.1.0&new-version=3.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-13 09:44:45 -03:00
dependabot[bot]	dae543ff24	chore(deps): bump github/codeql-action from 2.1.35 to 2.1.36 (#3629 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.35 to 2.1.36. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.1.36 - 08 Dec 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.5. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1412">#1412</a></li> <li>Add a step that tries to upload a SARIF file for the workflow run when that workflow run fails. This will help better surface failed code scanning workflow runs. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1393">#1393</a></li> <li>Python automatic dependency installation will no longer consider dependecy code installed in venv as user-written, for projects using Poetry that specify <code>virtualenvs.in-project = true</code> in their <code>poetry.toml</code>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1419">#1419</a>.</li> </ul> <h2>2.1.35 - 01 Dec 2022</h2> <p>No user facing changes.</p> <h2>2.1.34 - 25 Nov 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.4. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1391">#1391</a></li> <li>Fixed a bug where some the <code>init</code> action and the <code>analyze</code> action would have different sets of experimental feature flags enabled. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1384">#1384</a></li> </ul> <h2>2.1.33 - 16 Nov 2022</h2> <ul> <li>Go is now analyzed in the same way as other compiled languages such as C/C++, C#, and Java. This completes the rollout of the feature described in <a href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL Action version 2.1.27</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li> <li>Bump the minimum CodeQL bundle version to 2.6.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li> </ul> <h2>2.1.32 - 14 Nov 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li> <li>Update the ML-powered additional query pack for JavaScript to version 0.4.0. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li> </ul> <h2>2.1.31 - 04 Nov 2022</h2> <ul> <li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been updated to no longer report uses of hash functions such as <code>MD5</code> and <code>SHA1</code> even if they are known to be weak. These hash algorithms are used very often in non-sensitive contexts, making the query too imprecise in practice. For more information, see the corresponding change in the <a href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql repository</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li> </ul> <h2>2.1.30 - 02 Nov 2022</h2> <ul> <li>Improve the error message when using CodeQL bundle version 2.7.2 and earlier in a workflow that runs on a runner image such as <code>ubuntu-22.04</code> that uses glibc version 2.34 and later. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1334">#1334</a></li> </ul> <h2>2.1.29 - 26 Oct 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.2. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li> </ul> <h2>2.1.28 - 18 Oct 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.1. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li> <li>Replace uses of GitHub Actions command <code>set-output</code> because it is now deprecated. See more information in the <a href="https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/">GitHub Changelog</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1301">#1301</a></li> </ul> <h2>2.1.27 - 06 Oct 2022</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`a669cc5936`"><code>a669cc5</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1428">#1428</a> from github/update-v2.1.36-2b971a70</li> <li><a href="`aab7a26877`"><code>aab7a26</code></a> Update changelog for v2.1.36</li> <li><a href="`2b971a70bb`"><code>2b971a7</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1426">#1426</a> from github/dependabot/pip/python-setup/tests/poetry...</li> <li><a href="`bf944d782b`"><code>bf944d7</code></a> Bump certifi in /python-setup/tests/poetry/requests-3</li> <li><a href="`566a5e6727`"><code>566a5e6</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1424">#1424</a> from github/dependabot/pip/python-setup/tests/pipenv...</li> <li><a href="`10c89976dc`"><code>10c8997</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1421">#1421</a> from github/cklin/fix-update-required-checks-sha</li> <li><a href="`8121f62c54`"><code>8121f62</code></a> Bump certifi in /python-setup/tests/pipenv/python-3.8</li> <li><a href="`104319fe98`"><code>104319f</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1423">#1423</a> from github/dependabot/pip/python-setup/tests/pipenv...</li> <li><a href="`aba18b82f7`"><code>aba18b8</code></a> Bump certifi in /python-setup/tests/pipenv/requests-3</li> <li><a href="`4a5ad5af18`"><code>4a5ad5a</code></a> update-required-checks.sh: ignore check-expected-release-files</li> <li>Additional commits viewable in <a href="`b2a92eb56d...a669cc5936`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.35&new-version=2.1.36)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-09 13:53:16 -03:00
Carlos Alexandro Becker	7e9c6a82df	chore: delete lock.yml not really that useful, as we rarely have gravediggers... and its too noisy.	2022-12-05 11:20:01 -03:00
dependabot[bot]	60cbed540e	chore(deps): bump dessant/lock-threads from 3.0.0 to 4.0.0 (#3621 ) [//]: # (dependabot-start) ⚠️ Dependabot is rebasing this PR ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads) from 3.0.0 to 4.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dessant/lock-threads/releases">dessant/lock-threads's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <p>Learn more about this release from the <a href="https://github.com/dessant/lock-threads/blob/master/CHANGELOG.md#changelog">changelog</a>.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/dessant/lock-threads/blob/master/CHANGELOG.md">dessant/lock-threads's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file. See <a href="https://github.com/conventional-changelog/standard-version">standard-version</a> for commit guidelines.</p> <h2><a href="https://github.com/dessant/lock-threads/compare/v3.0.0...v4.0.0">4.0.0</a> (2022-12-04)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li>the action now requires Node.js 16</li> </ul> <h3>Bug Fixes</h3> <ul> <li>update dependencies (<a href="`38e9185581`">38e9185</a>)</li> <li>update docs (<a href="`32986e2696`">32986e2</a>)</li> </ul> <h2><a href="https://github.com/dessant/lock-threads/compare/v2.1.2...v3.0.0">3.0.0</a> (2021-09-27)</h2> <h3>⚠ BREAKING CHANGES</h3> <ul> <li> <p>input parameter names have changed</p> <p>Rename the following input parameters when upgrading from v2 to v3:</p> <ul> <li><code>issue-lock-inactive-days</code> --> <code>issue-inactive-days</code></li> <li><code>issue-exclude-created-before</code> --> <code>exclude-issue-created-before</code></li> <li><code>issue-exclude-labels</code> --> <code>exclude-any-issue-labels</code></li> <li><code>issue-lock-labels</code> --> <code>add-issue-labels</code></li> <li><code>issue-lock-comment</code> --> <code>issue-comment</code></li> <li><code>pr-lock-inactive-days</code> --> <code>pr-inactive-days</code></li> <li><code>pr-exclude-created-before</code> --> <code>exclude-pr-created-before</code></li> <li><code>pr-exclude-labels</code> --> <code>exclude-any-pr-labels</code></li> <li><code>pr-lock-labels</code> --> <code>add-pr-labels</code></li> <li><code>pr-lock-comment</code> --> <code>pr-comment</code></li> </ul> </li> </ul> <h3>Features</h3> <ul> <li>add new filtering and labeling options, update input parameter names (<a href="`26fd836f96`">26fd836</a>)</li> <li>allow manual triggering (<a href="`a0c7da3065`">a0c7da3</a>)</li> </ul> <h3><a href="https://github.com/dessant/lock-threads/compare/v2.1.1...v2.1.2">2.1.2</a> (2021-08-17)</h3> <h3>Bug Fixes</h3> <ul> <li>ignore error when commenting on issue converted to discussion (<a href="`60d2a1a4be`">60d2a1a</a>), closes <a href="https://github-redirect.dependabot.com/dessant/lock-threads/issues/24">#24</a></li> </ul> <h3><a href="https://github.com/dessant/lock-threads/compare/v2.1.0...v2.1.1">2.1.1</a> (2021-07-09)</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`c1b35aecc5`"><code>c1b35ae</code></a> chore(release): 4.0.0</li> <li><a href="`32986e2696`"><code>32986e2</code></a> fix: update docs</li> <li><a href="`b677b85bbb`"><code>b677b85</code></a> chore: update workflows</li> <li><a href="`dc42875c06`"><code>dc42875</code></a> chore: update package</li> <li><a href="`38e9185581`"><code>38e9185</code></a> fix: update dependencies</li> <li><a href="`08e671be8a`"><code>08e671b</code></a> chore: add upgrade guide</li> <li>See full diff in <a href="`e460dfeb36...c1b35aecc5`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dessant/lock-threads&package-manager=github_actions&previous-version=3.0.0&new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>	2022-12-05 09:55:17 -03:00
Engin Diri	e57416e0ab	chore: update lock task parameter due to breaking change (#3623 ) <!-- Hi, thanks for contributing! Please make sure you read our CONTRIBUTING guide. Also, add tests and the respective documentation changes as well. --> <!-- If applied, this commit will... --> Update lock task due to breaking changes https://github.com/dessant/lock-threads/blob/master/CHANGELOG.md#changelog <!-- Why is this change being made? --> Updated the properties <!-- # Provide links to any relevant tickets, URLs or other resources --> ...	2022-12-05 09:54:29 -03:00
dependabot[bot]	2228edc406	chore(deps): bump actions/setup-go from 3.3.1 to 3.4.0 (#3616 ) [//]: # (dependabot-start) ⚠️ Dependabot is rebasing this PR ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.3.1 to 3.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>Add support for go.work and pass the token input through on GHES</h2> <p>In scope of this release we added <a href="https://github-redirect.dependabot.com/actions/setup-go/pull/283">support for go.work file to pass it in go-version-file input</a>.</p> <pre lang="yaml"><code>steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v3 with: go-version-file: go.work - run: go run hello.go </code></pre> <p>Besides, we added support to <a href="https://github-redirect.dependabot.com/actions/setup-go/pull/277">pass the token input through on GHES</a>.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`d0a58c1c4d`"><code>d0a58c1</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/294">#294</a> from JamesMGreene/patch-1</li> <li><a href="`3dcd9d6eb3`"><code>3dcd9d6</code></a> Update to latest <code>actions/publish-action</code></li> <li><a href="`e983b65a44`"><code>e983b65</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/283">#283</a> from koba1t/add_support_gowork_for_go-version-file</li> <li><a href="`27b43e1b0d`"><code>27b43e1</code></a> Pass the token input through on GHES (<a href="https://github-redirect.dependabot.com/actions/setup-go/issues/277">#277</a>)</li> <li><a href="`7678c83214`"><code>7678c83</code></a> add support gowork for go-version-file</li> <li>See full diff in <a href="`c4a742cab1...d0a58c1c4d`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=3.3.1&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-02 09:09:52 -03:00
dependabot[bot]	c26340a267	chore(deps): bump stefanzweifel/git-auto-commit-action from 4.15.4 to 4.16.0 (#3615 ) Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 4.15.4 to 4.16.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/stefanzweifel/git-auto-commit-action/releases">stefanzweifel/git-auto-commit-action's releases</a>.</em></p> <blockquote> <h2>v4.16.0</h2> <h2>Changed</h2> <ul> <li>Don't commit files when only LF/CRLF changes (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/265">#265</a>) <a href="https://github.com/@ZeroRin"><code>@ZeroRin</code></a></li> <li>Update default email address of github-actions[bot] (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/264">#264</a>) <a href="https://github.com/@Teko012"><code>@Teko012</code></a></li> </ul> <h2>Fixed</h2> <ul> <li>Fix link and text for workflow limitation (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/263">#263</a>) <a href="https://github.com/@Teko012"><code>@Teko012</code></a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md">stefanzweifel/git-auto-commit-action's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file.</p> <p>The format is based on <a href="http://keepachangelog.com/en/1.0.0/">Keep a Changelog</a> and this project adheres to <a href="http://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.16.0...HEAD">Unreleased</a></h2> <blockquote> <p>TBD</p> </blockquote> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.4...v4.16.0">v4.16.0</a> - 2022-12-02</h2> <h3>Changed</h3> <ul> <li>Don't commit files when only LF/CRLF changes (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/265">#265</a>) <a href="https://github.com/@ZeroRin"><code>@ZeroRin</code></a></li> <li>Update default email address of github-actions[bot] (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/264">#264</a>) <a href="https://github.com/@Teko012"><code>@Teko012</code></a></li> </ul> <h3>Fixed</h3> <ul> <li>Fix link and text for workflow limitation (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/263">#263</a>) <a href="https://github.com/@Teko012"><code>@Teko012</code></a></li> </ul> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.3...v4.15.4">v4.15.4</a> - 2022-11-05</h2> <h3>Fixed</h3> <ul> <li>Let Action fail if git binary can't be located (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/261">#261</a>) <a href="https://github.com/@stefanzweifel"><code>@stefanzweifel</code></a></li> </ul> <h3>Dependency Updates</h3> <ul> <li>Bump github/super-linter from 3 to 4 (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/258">#258</a>) <a href="https://github.com/@dependabot"><code>@dependabot</code></a></li> <li>Bump bats from 1.7.0 to 1.8.2 (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/259">#259</a>) <a href="https://github.com/@dependabot"><code>@dependabot</code></a></li> <li>Bump actions/checkout from 2 to 3 (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/257">#257</a>) <a href="https://github.com/@dependabot"><code>@dependabot</code></a></li> </ul> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.2...v4.15.3">v4.15.3</a> - 2022-10-26</h2> <h3>Changed</h3> <ul> <li>Use deprecated set-output syntax if GITHUB_OUTPUT environment is not available (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/255">#255</a>) <a href="https://github.com/@stefanzweifel"><code>@stefanzweifel</code></a></li> </ul> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.1...v4.15.2">v4.15.2</a> - 2022-10-22</h2> <h3>Changed</h3> <ul> <li>Replace set-output usage with GITHUB_OUTPUT (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/pull/252">#252</a>) <a href="https://github.com/amonshiz"><code>@amonshiz</code></a></li> </ul> <h2><a href="https://github.com/stefanzweifel/git-auto-commit-action/compare/v4.15.0...v4.15.1">v4.15.1</a> - 2022-10-10</h2> <h3>Fixed</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`3ea6ae190b`"><code>3ea6ae1</code></a> Fix "nothing to commit" error with LF/CRLF changes <a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/241">#241</a> (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/265">#265</a>)</li> <li><a href="`976f22029f`"><code>976f220</code></a> Fix github-actions[bot] email address (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/264">#264</a>)</li> <li><a href="`ebb5756042`"><code>ebb5756</code></a> Fix link and text for workflow limitation (<a href="https://github-redirect.dependabot.com/stefanzweifel/git-auto-commit-action/issues/263">#263</a>)</li> <li><a href="`3dce995a13`"><code>3dce995</code></a> Update CHANGELOG</li> <li>See full diff in <a href="`0b007fbd11...3ea6ae190b`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=stefanzweifel/git-auto-commit-action&package-manager=github_actions&previous-version=4.15.4&new-version=4.16.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-02 09:08:33 -03:00
dependabot[bot]	0a59bc4773	chore(deps): bump github/codeql-action from 2.1.33 to 2.1.35 (#3614 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.33 to 2.1.35. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.1.35 - 01 Dec 2022</h2> <p>No user facing changes.</p> <h2>2.1.34 - 25 Nov 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.4. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1391">#1391</a></li> <li>Fixed a bug where some the <code>init</code> action and the <code>analyze</code> action would have different sets of experimental feature flags enabled. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1384">#1384</a></li> </ul> <h2>2.1.33 - 16 Nov 2022</h2> <ul> <li>Go is now analyzed in the same way as other compiled languages such as C/C++, C#, and Java. This completes the rollout of the feature described in <a href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL Action version 2.1.27</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li> <li>Bump the minimum CodeQL bundle version to 2.6.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li> </ul> <h2>2.1.32 - 14 Nov 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li> <li>Update the ML-powered additional query pack for JavaScript to version 0.4.0. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li> </ul> <h2>2.1.31 - 04 Nov 2022</h2> <ul> <li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been updated to no longer report uses of hash functions such as <code>MD5</code> and <code>SHA1</code> even if they are known to be weak. These hash algorithms are used very often in non-sensitive contexts, making the query too imprecise in practice. For more information, see the corresponding change in the <a href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql repository</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li> </ul> <h2>2.1.30 - 02 Nov 2022</h2> <ul> <li>Improve the error message when using CodeQL bundle version 2.7.2 and earlier in a workflow that runs on a runner image such as <code>ubuntu-22.04</code> that uses glibc version 2.34 and later. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1334">#1334</a></li> </ul> <h2>2.1.29 - 26 Oct 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.2. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li> </ul> <h2>2.1.28 - 18 Oct 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.1. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li> <li>Replace uses of GitHub Actions command <code>set-output</code> because it is now deprecated. See more information in the <a href="https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/">GitHub Changelog</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1301">#1301</a></li> </ul> <h2>2.1.27 - 06 Oct 2022</h2> <ul> <li>We are rolling out a feature of the CodeQL Action in October 2022 that changes the way that Go code is analyzed to be more consistent with other compiled languages like C/C++, C#, and Java. You do not need to alter your code scanning workflows. If you encounter any problems, please <a href="https://github.com/github/codeql-action/issues">file an issue</a> or open a private ticket with GitHub Support and request an escalation to engineering.</li> </ul> <h2>2.1.26 - 29 Sep 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.0. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`b2a92eb56d`"><code>b2a92eb</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1406">#1406</a> from github/update-v2.1.35-9af9a11d</li> <li><a href="`075b74d36e`"><code>075b74d</code></a> Update changelog for v2.1.35</li> <li><a href="`9af9a11da8`"><code>9af9a11</code></a> Stop running fallback Go autobuild if database is finalized (<a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1405">#1405</a>)</li> <li><a href="`a631f4b016`"><code>a631f4b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1400">#1400</a> from github/aeisenberg/fix-test-error</li> <li><a href="`1384ce4ab3`"><code>1384ce4</code></a> Fixes spurious error messages in tests</li> <li><a href="`160613c380`"><code>160613c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1402">#1402</a> from github/rasmuswl/new-virtualenv</li> <li><a href="`caf1c5057b`"><code>caf1c50</code></a> python-setup: Remove outdated comment</li> <li><a href="`c62445de22`"><code>c62445d</code></a> python-setup: rely on new <code>virtualenv</code> for venv creation in Ubuntu 22.04</li> <li><a href="`9dac9f748a`"><code>9dac9f7</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1396">#1396</a> from github/mergeback/v2.1.34-to-main-312e093a</li> <li><a href="`c6e756bb39`"><code>c6e756b</code></a> Update checked-in dependencies</li> <li>Additional commits viewable in <a href="`678fc3afe2...b2a92eb56d`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.33&new-version=2.1.35)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-12-02 09:08:17 -03:00
Carlos Alexandro Becker	127281131a	fix(ci): codeql use go 1.19 (#3570 ) Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2022-11-18 01:02:33 -03:00
Carlos Alexandro Becker	59138b43ce	chore: announce goreleaser releases to mastodon (#3569 ) actually announce goreleaser releases to mastodon as well :) Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2022-11-17 21:42:43 -03:00
dependabot[bot]	bb1fb9a397	chore(deps): bump github/codeql-action from 2.1.32 to 2.1.33 (#3564 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.32 to 2.1.33. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.1.33 - 16 Nov 2022</h2> <ul> <li>Go is now analyzed in the same way as other compiled languages such as C/C++, C#, and Java. This completes the rollout of the feature described in <a href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL Action version 2.1.27</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li> <li>Bump the minimum CodeQL bundle version to 2.6.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li> </ul> <h2>2.1.32 - 14 Nov 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li> <li>Update the ML-powered additional query pack for JavaScript to version 0.4.0. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li> </ul> <h2>2.1.31 - 04 Nov 2022</h2> <ul> <li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been updated to no longer report uses of hash functions such as <code>MD5</code> and <code>SHA1</code> even if they are known to be weak. These hash algorithms are used very often in non-sensitive contexts, making the query too imprecise in practice. For more information, see the corresponding change in the <a href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql repository</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li> </ul> <h2>2.1.30 - 02 Nov 2022</h2> <ul> <li>Improve the error message when using CodeQL bundle version 2.7.2 and earlier in a workflow that runs on a runner image such as <code>ubuntu-22.04</code> that uses glibc version 2.34 and later. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1334">#1334</a></li> </ul> <h2>2.1.29 - 26 Oct 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.2. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li> </ul> <h2>2.1.28 - 18 Oct 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.1. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li> <li>Replace uses of GitHub Actions command <code>set-output</code> because it is now deprecated. See more information in the <a href="https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/">GitHub Changelog</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1301">#1301</a></li> </ul> <h2>2.1.27 - 06 Oct 2022</h2> <ul> <li>We are rolling out a feature of the CodeQL Action in October 2022 that changes the way that Go code is analyzed to be more consistent with other compiled languages like C/C++, C#, and Java. You do not need to alter your code scanning workflows. If you encounter any problems, please <a href="https://github.com/github/codeql-action/issues">file an issue</a> or open a private ticket with GitHub Support and request an escalation to engineering.</li> </ul> <h2>2.1.26 - 29 Sep 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.0. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li> </ul> <h2>2.1.25 - 21 Sep 2022</h2> <ul> <li>We will soon be rolling out a feature of the CodeQL Action that stores some information used to make future runs faster in the GitHub Actions cache. Initially, this will only be enabled on JavaScript repositories, but we plan to add more languages to this soon. The new feature can be disabled by passing the <code>trap-caching: false</code> option to your workflow's <code>init</code> step, for example if you are already using the GitHub Actions cache for a different purpose and are near the storage limit for it.</li> <li>Add support for Python automatic dependency installation with Poetry 1.2 <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1258">#1258</a>.</li> </ul> <h2>2.1.24 - 16 Sep 2022</h2> <p>No user facing changes.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`678fc3afe2`"><code>678fc3a</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1375">#1375</a> from github/update-v2.1.33-c939e661</li> <li><a href="`d13b9b8244`"><code>d13b9b8</code></a> Fix changelog entry</li> <li><a href="`f2c3e7ca4e`"><code>f2c3e7c</code></a> Update changelog for v2.1.33</li> <li><a href="`c939e6615d`"><code>c939e66</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1372">#1372</a> from github/marcogario/prioritize_github_ref</li> <li><a href="`1935d19d61`"><code>1935d19</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1358">#1358</a> from github/henrymercer/require-cli-2.6.3</li> <li><a href="`7484436e5d`"><code>7484436</code></a> Remove Go extraction feature flags (<a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1371">#1371</a>)</li> <li><a href="`0a76b97b28`"><code>0a76b97</code></a> Prefer GITHUB_REF to CODE_SCANNING_REF</li> <li><a href="`f8b607edaa`"><code>f8b607e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1364">#1364</a> from github/henrymercer/delete-runner-part-2</li> <li><a href="`d48707ce53`"><code>d48707c</code></a> Merge branch 'henrymercer/delete-runner-part-2' into henrymercer/require-cli-...</li> <li><a href="`07b9db6a46`"><code>07b9db6</code></a> Explicitly set up Go 1.13.1 in checks running on old runner images</li> <li>Additional commits viewable in <a href="`4238421316...678fc3afe2`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.32&new-version=2.1.33)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-11-17 09:50:23 -03:00
dependabot[bot]	2a46d627c7	chore(deps): bump github/codeql-action from 2.1.31 to 2.1.32 (#3557 )	2022-11-15 07:58:32 -03:00
dependabot[bot]	79b83a133c	chore(deps): bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 (#3550 ) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.3.0 to 3.3.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golangci/golangci-lint-action/releases">golangci/golangci-lint-action's releases</a>.</em></p> <blockquote> <h2>v3.3.1</h2> <h2>What's Changed</h2> <ul> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.40.0 to 5.40.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/590">golangci/golangci-lint-action#590</a></li> <li>build(deps-dev): bump eslint from 8.25.0 to 8.26.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/591">golangci/golangci-lint-action#591</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.40.0 to 5.40.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/592">golangci/golangci-lint-action#592</a></li> <li>build(deps): bump <code>@actions/cache</code> from 3.0.5 to 3.0.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/593">golangci/golangci-lint-action#593</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.40.1 to 5.41.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/594">golangci/golangci-lint-action#594</a></li> <li>build(deps): bump <code>@types/semver</code> from 7.3.12 to 7.3.13 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/595">golangci/golangci-lint-action#595</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.40.1 to 5.41.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/596">golangci/golangci-lint-action#596</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.41.0 to 5.42.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/597">golangci/golangci-lint-action#597</a></li> <li>build(deps-dev): bump eslint from 8.26.0 to 8.27.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/598">golangci/golangci-lint-action#598</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.41.0 to 5.42.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/599">golangci/golangci-lint-action#599</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/golangci/golangci-lint-action/compare/v3...v3.3.1">https://github.com/golangci/golangci-lint-action/compare/v3...v3.3.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`0ad9a0988b`"><code>0ad9a09</code></a> build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.41.0 to 5.42.0 (<a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/599">#599</a>)</li> <li><a href="`235ea57a8f`"><code>235ea57</code></a> build(deps-dev): bump eslint from 8.26.0 to 8.27.0 (<a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/598">#598</a>)</li> <li><a href="`a6ed001163`"><code>a6ed001</code></a> build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.41.0 to 5.42.0 ...</li> <li><a href="`3a7156a1b4`"><code>3a7156a</code></a> build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.40.1 to 5.41.0 (<a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/596">#596</a>)</li> <li><a href="`481f8ba892`"><code>481f8ba</code></a> build(deps): bump <code>@types/semver</code> from 7.3.12 to 7.3.13 (<a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/595">#595</a>)</li> <li><a href="`06edb377a6`"><code>06edb37</code></a> build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.40.1 to 5.41.0 ...</li> <li><a href="`c2f79a722b`"><code>c2f79a7</code></a> build(deps): bump <code>@actions/cache</code> from 3.0.5 to 3.0.6 (<a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/593">#593</a>)</li> <li><a href="`d6eac69936`"><code>d6eac69</code></a> build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.40.0 to 5.40.1 ...</li> <li><a href="`72684341c8`"><code>7268434</code></a> build(deps-dev): bump eslint from 8.25.0 to 8.26.0 (<a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/591">#591</a>)</li> <li><a href="`a926e2b3f3`"><code>a926e2b</code></a> build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.40.0 to 5.40.1 (<a href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/590">#590</a>)</li> <li>See full diff in <a href="`07db5389c9...0ad9a0988b`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=3.3.0&new-version=3.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-11-14 09:38:20 -03:00
dependabot[bot]	4bdf2e9ba6	chore(deps): bump actions/dependency-review-action from 2 to 3 (#3551 ) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2 to 3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's releases</a>.</em></p> <blockquote> <h2>3.0.0</h2> <h2>Breaking Changes</h2> <p>By default the action now expects <a href="https://spdx.org/licenses/">SPDX-compliant licenses</a> everywhere. If you were previously using license names in the allow or deny lists make sure they're valid!</p> <h2>What's Changed</h2> <h3>Support for external configuration files</h3> <p>You can now specify a <a href="https://github.com/actions/dependency-review-action/#configuration-file">configuration file external to your repository</a>. This allows organizations to have a single configuration file for all their repos.</p> <h3>Broader license support</h3> <p>We've added support for a much broader set of project licenses by using GitHub's <a href="https://docs.github.com/en/rest/licenses">Licenses API</a>.</p> <h3>SPDX Compliance</h3> <p>All of our license-related code now expects <a href="https://spdx.org/licenses/">SPDX-compliant licenses or expressions</a>. This allows us to standardize on a license naming scheme that already supports <code>OR</code>/<code>AND</code> expressions.</p> <h3>Disable individual checks</h3> <p>You can now use the boolean options <code>license-check</code> and <code>vulnerability-check</code> to disable either one of the checks. More information in <a href="https://github.com/actions/dependency-review-action/#configuration-options">our configuration options</a>.</p> <h2>Thanks</h2> <p>Contributors for this release include:</p> <ul> <li><a href="https://github.com/cnagadya"><code>@cnagadya</code></a></li> <li><a href="https://github.com/courtneycl"><code>@courtneycl</code></a></li> <li><a href="https://github.com/ericcornelissen"><code>@ericcornelissen</code></a></li> <li><a href="https://github.com/elireisman"><code>@elireisman</code></a></li> <li><a href="https://github.com/hmaurer"><code>@hmaurer</code></a></li> </ul> <p>Thanks everyone! <strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v2...v3.0.0">https://github.com/actions/dependency-review-action/compare/v2...v3.0.0</a></p> <h2>2.5.1</h2> <p>Adding some quality-of-life improvements to the local development experience. You can now pass a flag to the <code>scripts/scan_pr</code> script using the <code>-c/--config-file</code> flags to use an external configuration file:</p> <p>Example:</p> <pre><code> scripts/scan_pr https://github.com/actions/dependency-review-action/pull/294 </code></pre> <h2>2.5.0</h2> <p>Fallback on GitHub Licenses API data for missing Dependency Review API Licenses. This should improve our license coverage.</p> <h2>2.4.1</h2> <p>This patch release fixes the bugs below:</p> <ul> <li>Display the dependency name instead of the manifest name in the detailed list of dependents.</li> <li>Fix an issue where undefined GHSAs would remove filter out all changes.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`30d5821115`"><code>30d5821</code></a> Bumping version number</li> <li><a href="`6e42c3395a`"><code>6e42c33</code></a> Remove defaults from the recently added fields.</li> <li><a href="`a3074cd699`"><code>a3074cd</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/327">#327</a> from actions/adding-extra-options</li> <li><a href="`51a29d6960`"><code>51a29d6</code></a> Updating action.yml to include <code>*-check</code> config</li> <li><a href="`235a221cf4`"><code>235a221</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/324">#324</a> from actions/readme-update</li> <li><a href="`9b3a7f61dd`"><code>9b3a7f6</code></a> Minor README tweaks.</li> <li><a href="`a4761312ac`"><code>a476131</code></a> Add <code>pull_request</code> to the list of events that don't need refs.</li> <li><a href="`28c7c8c314`"><code>28c7c8c</code></a> Set the correct default for license-check in README.</li> <li><a href="`9da0fd4871`"><code>9da0fd4</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/325">#325</a> from actions/dependabot/npm_and_yarn/eslint-plugin-je...</li> <li><a href="`fe45fd6645`"><code>fe45fd6</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/dependency-review-action/issues/326">#326</a> from actions/dependabot/npm_and_yarn/esbuild-register...</li> <li>Additional commits viewable in <a href="https://github.com/actions/dependency-review-action/compare/v2...v3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/dependency-review-action&package-manager=github_actions&previous-version=2&new-version=3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-11-14 09:38:04 -03:00
dependabot[bot]	53fa4773c6	chore(deps): bump github/codeql-action from 2.1.30 to 2.1.31 (#3534 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.30 to 2.1.31. <details> <summary>Commits</summary> <ul> <li><a href="`c3b6fce4ee`"><code>c3b6fce</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1345">#1345</a> from github/update-v2.1.31-a8cabafa</li> <li><a href="`8aa42f1f11`"><code>8aa42f1</code></a> Update CHANGELOG.md</li> <li><a href="`29a5553722`"><code>29a5553</code></a> Update CHANGELOG.md</li> <li><a href="`e260194d76`"><code>e260194</code></a> Update changelog for v2.1.31</li> <li><a href="`a8cabafa56`"><code>a8cabaf</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1344">#1344</a> from github/edoardo/prune-ruby</li> <li><a href="`862a512899`"><code>862a512</code></a> Prune results of Ruby query from SARIF</li> <li><a href="`71510779c2`"><code>7151077</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1342">#1342</a> from github/mergeback/v2.1.30-to-main-18fe527f</li> <li><a href="`81a1ec0fb3`"><code>81a1ec0</code></a> Update checked-in dependencies</li> <li><a href="`60c8cda203`"><code>60c8cda</code></a> Update changelog and version after v2.1.30</li> <li>See full diff in <a href="`18fe527fa8...c3b6fce4ee`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.30&new-version=2.1.31)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-11-07 09:12:17 -03:00

1 2 3 4 5 ...

401 Commits