mirror of
https://github.com/goreleaser/goreleaser.git
synced 2025-01-10 03:47:03 +02:00
caaf9973ee
9 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
dependabot[bot]
|
d80b937827
|
chore(deps): bump actions/checkout from 3.2.0 to 3.3.0 (#3683)
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.2.0 to 3.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v3.3.0</h2> <h2>What's Changed</h2> <ul> <li>Implement branch list using callbacks from exec function by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1045">actions/checkout#1045</a></li> <li>Add in explicit reference to private checkout options by <a href="https://github.com/vanZeben"><code>@vanZeben</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1050">actions/checkout#1050</a></li> <li>Fix comment typos (that got added in <a href="https://github-redirect.dependabot.com/actions/checkout/issues/770">#770</a>) by <a href="https://github.com/lurch"><code>@lurch</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1057">actions/checkout#1057</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/vanZeben"><code>@vanZeben</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1050">actions/checkout#1050</a></li> <li><a href="https://github.com/lurch"><code>@lurch</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1057">actions/checkout#1057</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.2.0...v3.3.0">https://github.com/actions/checkout/compare/v3.2.0...v3.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
43e2b3bf69
|
chore(deps): bump actions/checkout from 3.1.0 to 3.2.0 (#3636)
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v3.2.0</h2> <h2>What's Changed</h2> <ul> <li>Add GitHub Action to perform release by <a href="https://github.com/rentziass"><code>@rentziass</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/942">actions/checkout#942</a></li> <li>Fix status badge by <a href="https://github.com/ScottBrenner"><code>@ScottBrenner</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/967">actions/checkout#967</a></li> <li>Replace datadog/squid with ubuntu/squid Docker image by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1002">actions/checkout#1002</a></li> <li>Wrap pipeline commands for submoduleForeach in quotes by <a href="https://github.com/jokreliable"><code>@jokreliable</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/964">actions/checkout#964</a></li> <li>Update <code>@actions/io</code> to 1.1.2 by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1029">actions/checkout#1029</a></li> <li>Upgrading version to 3.2.0 by <a href="https://github.com/vmjoseph"><code>@vmjoseph</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1039">actions/checkout#1039</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ScottBrenner"><code>@ScottBrenner</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/967">actions/checkout#967</a></li> <li><a href="https://github.com/cory-miller"><code>@cory-miller</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1002">actions/checkout#1002</a></li> <li><a href="https://github.com/jokreliable"><code>@jokreliable</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/964">actions/checkout#964</a></li> <li><a href="https://github.com/vmjoseph"><code>@vmjoseph</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/1039">actions/checkout#1039</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3...v3.2.0">https://github.com/actions/checkout/compare/v3...v3.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
4bdf2e9ba6
|
chore(deps): bump actions/dependency-review-action from 2 to 3 (#3551)
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 2 to 3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's releases</a>.</em></p> <blockquote> <h2>3.0.0</h2> <h2>Breaking Changes</h2> <p>By default the action now expects <a href="https://spdx.org/licenses/">SPDX-compliant licenses</a> everywhere. If you were previously using license names in the allow or deny lists make sure they're valid!</p> <h2>What's Changed</h2> <h3>Support for external configuration files</h3> <p>You can now specify a <a href="https://github.com/actions/dependency-review-action/#configuration-file">configuration file external to your repository</a>. This allows organizations to have a single configuration file for all their repos.</p> <h3>Broader license support</h3> <p>We've added support for a much broader set of project licenses by using GitHub's <a href="https://docs.github.com/en/rest/licenses">Licenses API</a>.</p> <h3>SPDX Compliance</h3> <p>All of our license-related code now expects <a href="https://spdx.org/licenses/">SPDX-compliant licenses or expressions</a>. This allows us to standardize on a license naming scheme that already supports <code>OR</code>/<code>AND</code> expressions.</p> <h3>Disable individual checks</h3> <p>You can now use the boolean options <code>license-check</code> and <code>vulnerability-check</code> to disable either one of the checks. More information in <a href="https://github.com/actions/dependency-review-action/#configuration-options">our configuration options</a>.</p> <h2>Thanks</h2> <p>Contributors for this release include:</p> <ul> <li><a href="https://github.com/cnagadya"><code>@cnagadya</code></a></li> <li><a href="https://github.com/courtneycl"><code>@courtneycl</code></a></li> <li><a href="https://github.com/ericcornelissen"><code>@ericcornelissen</code></a></li> <li><a href="https://github.com/elireisman"><code>@elireisman</code></a></li> <li><a href="https://github.com/hmaurer"><code>@hmaurer</code></a></li> </ul> <p>Thanks everyone! <strong>Full Changelog</strong>: <a href="https://github.com/actions/dependency-review-action/compare/v2...v3.0.0">https://github.com/actions/dependency-review-action/compare/v2...v3.0.0</a></p> <h2>2.5.1</h2> <p>Adding some quality-of-life improvements to the local development experience. You can now pass a flag to the <code>scripts/scan_pr</code> script using the <code>-c/--config-file</code> flags to use an external configuration file:</p> <p>Example:</p> <pre><code> scripts/scan_pr https://github.com/actions/dependency-review-action/pull/294 </code></pre> <h2>2.5.0</h2> <p>Fallback on GitHub Licenses API data for missing Dependency Review API Licenses. This should improve our license coverage.</p> <h2>2.4.1</h2> <p>This patch release fixes the bugs below:</p> <ul> <li>Display the dependency name instead of the manifest name in the detailed list of dependents.</li> <li>Fix an issue where undefined GHSAs would remove filter out all changes.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
f8da439130
|
chore(deps): bump actions/checkout from 3.0.2 to 3.1.0 (#3441)
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.2 to 3.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v3.1.0</h2> <h2>What's Changed</h2> <ul> <li>Inject GitHub host to be able to clone from another GitHub instance by <a href="https://github.com/peter-murray"><code>@peter-murray</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/922">actions/checkout#922</a></li> <li>Bump <code>@actions/core</code> to 1.10.0 by <a href="https://github.com/rentziass"><code>@rentziass</code></a> in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/939">actions/checkout#939</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/peter-murray"><code>@peter-murray</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/922">actions/checkout#922</a></li> <li><a href="https://github.com/rentziass"><code>@rentziass</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/actions/checkout/pull/939">actions/checkout#939</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.0.2...v3.1.0">https://github.com/actions/checkout/compare/v3.0.2...v3.1.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v3.1.0</h2> <ul> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/939">Use <code>@actions/core</code> <code>saveState</code> and <code>getState</code></a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/922">Add <code>github-server-url</code> input</a></li> </ul> <h2>v3.0.2</h2> <ul> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/770">Add input <code>set-safe-directory</code></a></li> </ul> <h2>v3.0.1</h2> <ul> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/762">Fixed an issue where checkout failed to run in container jobs due to the new git setting <code>safe.directory</code></a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/744">Bumped various npm package versions</a></li> </ul> <h2>v3.0.0</h2> <ul> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/689">Update to node 16</a></li> </ul> <h2>v2.3.1</h2> <ul> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/284">Fix default branch resolution for .wiki and when using SSH</a></li> </ul> <h2>v2.3.0</h2> <ul> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/278">Fallback to the default branch</a></li> </ul> <h2>v2.2.0</h2> <ul> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/258">Fetch all history for all tags and branches when fetch-depth=0</a></li> </ul> <h2>v2.1.1</h2> <ul> <li>Changes to support GHES (<a href="https://github-redirect.dependabot.com/actions/checkout/pull/236">here</a> and <a href="https://github-redirect.dependabot.com/actions/checkout/pull/248">here</a>)</li> </ul> <h2>v2.1.0</h2> <ul> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/191">Group output</a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/199">Changes to support GHES alpha release</a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/184">Persist core.sshCommand for submodules</a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/163">Add support ssh</a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/179">Convert submodule SSH URL to HTTPS, when not using SSH</a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/157">Add submodule support</a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/144">Follow proxy settings</a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/141">Fix ref for pr closed event when a pr is merged</a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/128">Fix issue checking detached when git less than 2.22</a></li> </ul> <h2>v2.0.0</h2> <ul> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/108">Do not pass cred on command line</a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/107">Add input persist-credentials</a></li> <li><a href="https://github-redirect.dependabot.com/actions/checkout/pull/104">Fallback to REST API to download repo</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
2eb6f84f5c
|
chore(deps): bump actions/checkout from 3 to 3.0.2 (#3323)
Bumps actions/checkout from 3 to 3.0.2. Release notes Sourced from actions/checkout's releases. v3.0.2 What's Changed Add set-safe-directory input to allow customers to take control. by @TingluoHuang in actions/checkout#770 Prepare changelog for v3.0.2. by @TingluoHuang in actions/checkout#777 Full Changelog: actions/checkout@v3...v3.0.2 v3.0.1 Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory Bumped various npm package versions Changelog Sourced from actions/checkout's changelog. Changelog v3.0.2 Add input set-safe-directory v3.0.1 Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory Bumped various npm package versions v3.0.0 Update to node 16 v2.3.1 Fix default branch resolution for .wiki and when using SSH v2.3.0 Fallback to the default branch v2.2.0 Fetch all history for all tags and branches when fetch-depth=0 v2.1.1 Changes to support GHES (here and here) v2.1.0 Group output Changes to support GHES alpha release Persist core.sshCommand for submodules Add support ssh Convert submodule SSH URL to HTTPS, when not using SSH Add submodule support Follow proxy settings Fix ref for pr closed event when a pr is merged Fix issue checking detached when git less than 2.22 v2.0.0 Do not pass cred on command line Add input persist-credentials Fallback to REST API to download repo v2 (beta) Improved fetch performance ... (truncated) Commits See full diff in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com> |
||
Carlos A Becker
|
5bcd56bcbd
|
chore(ci): prevent gpl deps
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> |
||
|
dependabot[bot]
|
891e50e6a4
|
chore(deps): bump actions/dependency-review-action from 1 to 2 (#3164)
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1 to 2. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/v1...v2) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Carlos A Becker
|
0836149357
|
chore(ci): gitleaks
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com> |
||
Naveen
|
6289aee804
|
feat(ci): run dependency review action on prs (#3109)
> Dependency Review GitHub Action in your repository to enforce dependency > reviews on your pull requests. > The action scans for vulnerable versions of dependencies introduced by package version > changes in pull requests, > and warns you about the associated security vulnerabilities. > This gives you better visibility of what's changing in a pull request, > and helps prevent vulnerabilities being added to your repository. https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> |