Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 3.1.0 to 3.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v3.1.1</h2>
<h2>What's Changed</h2>
<ul>
<li>default cosign to v2.1.1 by <a
href="https://github.com/cpanato"><code>@cpanato</code></a> in <a
href="https://redirect.github.com/sigstore/cosign-installer/pull/137">sigstore/cosign-installer#137</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v3.1.0...v3.1.1">https://github.com/sigstore/cosign-installer/compare/v3.1.0...v3.1.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6e04d228eb"><code>6e04d22</code></a>
default cosign to v2.1.1 (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/137">#137</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v3.1.0...v3.1.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[cachix/install-nix-action](https://github.com/cachix/install-nix-action)
from 21 to 22.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cachix/install-nix-action/releases">cachix/install-nix-action's
releases</a>.</em></p>
<blockquote>
<h2>install-nix-action-v22</h2>
<ul>
<li>Nix 2.16.1</li>
<li>Fix issues with System Integrity Protection when using macos-12</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6ed004b9cc"><code>6ed004b</code></a>
Merge pull request <a
href="https://redirect.github.com/cachix/install-nix-action/issues/184">#184</a>
from cachix/macos-bump</li>
<li><a
href="e27879448e"><code>e278794</code></a>
Nix: 2.15.1 -> 2.16.1</li>
<li><a
href="8ab3881720"><code>8ab3881</code></a>
use system certs</li>
<li><a
href="16b951426e"><code>16b9514</code></a>
Merge pull request <a
href="https://redirect.github.com/cachix/install-nix-action/issues/182">#182</a>
from l0b0/feat/configure-editors</li>
<li><a
href="2c203fd87b"><code>2c203fd</code></a>
feat: Configure editors</li>
<li>See full diff in <a
href="https://github.com/cachix/install-nix-action/compare/v21...v22">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.6.0 to 2.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.7.0</h2>
<ul>
<li>Bump <code>@docker/actions-toolkit</code> from 0.3.0 to 0.5.0 in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/237">docker/setup-buildx-action#237</a>
<a
href="https://redirect.github.com/docker/setup-buildx-action/pull/238">docker/setup-buildx-action#238</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.6.0...v2.7.0">https://github.com/docker/setup-buildx-action/compare/v2.6.0...v2.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ecf95283f0"><code>ecf9528</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/238">#238</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="b2a38ee0c6"><code>b2a38ee</code></a>
update generated content</li>
<li><a
href="7f79690cac"><code>7f79690</code></a>
Bump <code>@docker/actions-toolkit</code> from 0.4.0 to 0.5.0</li>
<li><a
href="bdd549bec0"><code>bdd549b</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/237">#237</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="be4a3855af"><code>be4a385</code></a>
update generated content</li>
<li><a
href="6c4dbb29f6"><code>6c4dbb2</code></a>
Bump <code>@docker/actions-toolkit</code> from 0.3.0 to 0.4.0</li>
<li>See full diff in <a
href="6a58db7e0d...ecf95283f0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[cachix/install-nix-action](https://github.com/cachix/install-nix-action)
from 20 to 21.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cachix/install-nix-action/releases">cachix/install-nix-action's
releases</a>.</em></p>
<blockquote>
<h2>install-nix-action-v21</h2>
<ul>
<li>pin Nix to 2.15.1 (recent releases broke too many things)</li>
<li>fix the action to work on custom containers</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4b933aa7eb"><code>4b933aa</code></a>
Nix: 2.15.1</li>
<li><a
href="35806937f1"><code>3580693</code></a>
Merge pull request <a
href="https://redirect.github.com/cachix/install-nix-action/issues/179">#179</a>
from joergdw/fix-action-path</li>
<li><a
href="3eb7a24508"><code>3eb7a24</code></a>
Merge pull request <a
href="https://redirect.github.com/cachix/install-nix-action/issues/178">#178</a>
from cachix/docs/149</li>
<li><a
href="840ed7ce9a"><code>840ed7c</code></a>
Document how to pass env vars to modern nix commands</li>
<li><a
href="b2f4229533"><code>b2f4229</code></a>
Fix action to make it work on custom containers;</li>
<li><a
href="e304541747"><code>e304541</code></a>
fix <a
href="https://redirect.github.com/cachix/install-nix-action/issues/170">#170</a></li>
<li><a
href="3988b729f9"><code>3988b72</code></a>
pin Nix to 2.15.0</li>
<li><a
href="763a380571"><code>763a380</code></a>
Bump revision in README</li>
<li><a
href="67e9fd765d"><code>67e9fd7</code></a>
bump revision in readme</li>
<li><a
href="be4cef7b77"><code>be4cef7</code></a>
Merge pull request <a
href="https://redirect.github.com/cachix/install-nix-action/issues/166">#166</a>
from l0b0/refactor/linting</li>
<li>Additional commits viewable in <a
href="https://github.com/cachix/install-nix-action/compare/v20...v21">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
very, very, very WIP implementation of nixpkgs for GoReleaser.
**Decisions made for this first version:**
- only linux and darwin, arm64, 386 and amd64
- only support pkgs from goreleaser-generated archives
- no support to push into default nixpkgs repository
- no support to automatically add the _maybe_ new pkg to the root
`default.nix`
- the generated nixpkg will be rather verbose, which shouldn't be too
much of an issue as it is autogenerated anyway
**TODOs**:
- [x] macos universal binary support
- [x] custom pkg path (e.g. pkgs/misc/foo/bar/default.nix)
- [x] handle archives with a folder in them
- [x] add more options: postInstall, ??
**Will be handled in future versions**:
- [ ] archives.format=binary support
- [ ] compile from source
- [ ] PR-ing into nixpkgs
- [ ] armv6l-linux & armv7l-linux support
closes#3537
---------
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
this adds a new root-level `upx` config, so users can pack their
binaries with upx :)
---------
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.5.0
to 4.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v4.0.0</h2>
<p>In scope of release we enable cache by default. The action won’t
throw an error if the cache can’t be restored or saved. The action will
throw a warning message but it won’t stop a build process. The cache can
be disabled by specifying <code>cache: false</code>.</p>
<pre lang="yaml"><code>steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version: ‘1.19’
- run: go run hello.go
</code></pre>
<p>Besides, we introduce such changes as</p>
<ul>
<li><a
href="https://redirect.github.com/actions/setup-go/pull/305">Allow to
use only GOCACHE for cache</a></li>
<li><a href="https://redirect.github.com/actions/setup-go/pull/315">Bump
json5 from 2.2.1 to 2.2.3</a></li>
<li><a href="https://redirect.github.com/actions/setup-go/pull/323">Use
proper version for primary key in cache</a></li>
<li><a
href="https://redirect.github.com/actions/setup-go/pull/351">Always add
Go bin to the PATH</a></li>
<li><a href="https://redirect.github.com/actions/setup-go/pull/350">Add
step warning if go-version input is empty</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4d34df0c23"><code>4d34df0</code></a>
Update configuration files (<a
href="https://redirect.github.com/actions/setup-go/issues/348">#348</a>)</li>
<li><a
href="fdc0d672a1"><code>fdc0d67</code></a>
Add Go bin if go-version input is empty (<a
href="https://redirect.github.com/actions/setup-go/issues/351">#351</a>)</li>
<li><a
href="ebfdf6ac95"><code>ebfdf6a</code></a>
add warning if go-version is empty (<a
href="https://redirect.github.com/actions/setup-go/issues/350">#350</a>)</li>
<li><a
href="b27d76912e"><code>b27d769</code></a>
fix lockfileVersion (<a
href="https://redirect.github.com/actions/setup-go/issues/349">#349</a>)</li>
<li><a
href="c51a720768"><code>c51a720</code></a>
Enable caching by default with default input (<a
href="https://redirect.github.com/actions/setup-go/issues/332">#332</a>)</li>
<li><a
href="6b848af622"><code>6b848af</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/setup-go/issues/343">#343</a>
from akv-platform/reusable-workflow</li>
<li><a
href="12741cc209"><code>12741cc</code></a>
Format update-config-files.yml</li>
<li><a
href="7a77a6aab6"><code>7a77a6a</code></a>
Merge branch 'main' into reusable-workflow</li>
<li><a
href="42a0cc8e14"><code>42a0cc8</code></a>
Add update-config-files.yml</li>
<li><a
href="7406d654ad"><code>7406d65</code></a>
Add and configure ESLint and update configuration for Prettier (<a
href="https://redirect.github.com/actions/setup-go/issues/341">#341</a>)</li>
<li>Additional commits viewable in <a
href="6edd4406fa...4d34df0c23">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
update everything to go 1.20
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [arduino/setup-task](https://github.com/arduino/setup-task) from
1.0.2 to 1.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/arduino/setup-task/releases">arduino/setup-task's
releases</a>.</em></p>
<blockquote>
<h2>1.0.3</h2>
<h2>Changelog</h2>
<h4>Enhancement</h4>
<ul>
<li>Add support for all Task build architectures
(43e1bb8c37ce39c24e88b4622c2f66b6d7d9ebbd)</li>
</ul>
<h2>Full Changeset</h2>
<p><a
href="https://github.com/arduino/setup-task/compare/1.0.2...1.0.3">https://github.com/arduino/setup-task/compare/1.0.2...1.0.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e26d897557"><code>e26d897</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/636">#636</a>
from per1234/arm-arch</li>
<li><a
href="43e1bb8c37"><code>43e1bb8</code></a>
Add support for all Task build architectures</li>
<li><a
href="bf9d22fbca"><code>bf9d22f</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/637">#637</a>
from arduino/dependabot/npm_and_yarn/eslint-8.33.0</li>
<li><a
href="f307193035"><code>f307193</code></a>
build(deps-dev): bump eslint from 8.32.0 to 8.33.0</li>
<li><a
href="9a385911a6"><code>9a38591</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/635">#635</a>
from arduino/dependabot/npm_and_yarn/jest-circus-29.4.1</li>
<li><a
href="446dc59e7a"><code>446dc59</code></a>
build(deps-dev): bump jest-circus from 29.4.0 to 29.4.1</li>
<li><a
href="fe65533e09"><code>fe65533</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/634">#634</a>
from arduino/dependabot/npm_and_yarn/vercel/ncc-0.36.1</li>
<li><a
href="af97840bda"><code>af97840</code></a>
build(deps-dev): bump <code>@vercel/ncc</code> from 0.36.0 to
0.36.1</li>
<li><a
href="88a5c5cdc0"><code>88a5c5c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/632">#632</a>
from arduino/dependabot/npm_and_yarn/jest-circus-29.4.0</li>
<li><a
href="4d2bca9f30"><code>4d2bca9</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/631">#631</a>
from arduino/dependabot/npm_and_yarn/typescript-eslin...</li>
<li>Additional commits viewable in <a
href="d665c6beeb...e26d897557">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from
0.13.2 to 0.13.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.13.3</h2>
<h2>Changes in v0.13.3</h2>
<ul>
<li>Update Syft to v0.68.1 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/391">#391</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="07978da4bd"><code>07978da</code></a>
Update Syft to v0.68.1 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/391">#391</a>)</li>
<li>See full diff in <a
href="https://github.com/anchore/sbom-action/compare/v0.13.2...v0.13.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from
0.13.1 to 0.13.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.13.2</h2>
<h2>Changes in v0.13.2</h2>
<ul>
<li>Update Syft to v0.68.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/387">#387</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="54e36e45f3"><code>54e36e4</code></a>
feat: update Syft to v0.68.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/387">#387</a>)</li>
<li>See full diff in <a
href="https://github.com/anchore/sbom-action/compare/v0.13.1...v0.13.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.4.0
to 3.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>Add support for stable and oldstable aliases</h2>
<p>In scope of this release we introduce aliases for the
<code>go-version</code> input. The <code>stable</code> alias instals the
latest stable version of Go. The <code>oldstable</code> alias installs
previous latest minor release (the stable is 1.19.x -> the oldstable
is 1.18.x).</p>
<h3>Stable</h3>
<pre lang="yaml"><code>steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 'stable'
- run: go run hello.go
</code></pre>
<h3>OldStable</h3>
<pre lang="yaml"><code>steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 'oldstable'
- run: go run hello.go
</code></pre>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6edd4406fa"><code>6edd440</code></a>
fix log for stable aliases (<a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/303">#303</a>)</li>
<li><a
href="38dbe75f81"><code>38dbe75</code></a>
Add stable and oldstable aliases (<a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/300">#300</a>)</li>
<li><a
href="30c39bfe0c"><code>30c39bf</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/301">#301</a>
from jongwooo/chore/use-cache-in-check-dist</li>
<li><a
href="8377b69a56"><code>8377b69</code></a>
Use cache in check-dist.yml</li>
<li>See full diff in <a
href="d0a58c1c4d...6edd4406fa">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.3.1
to 3.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>Add support for go.work and pass the token input through on
GHES</h2>
<p>In scope of this release we added <a
href="https://github-redirect.dependabot.com/actions/setup-go/pull/283">support
for go.work file to pass it in go-version-file input</a>.</p>
<pre lang="yaml"><code>steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version-file: go.work
- run: go run hello.go
</code></pre>
<p>Besides, we added support to <a
href="https://github-redirect.dependabot.com/actions/setup-go/pull/277">pass
the token input through on GHES</a>.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d0a58c1c4d"><code>d0a58c1</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/294">#294</a>
from JamesMGreene/patch-1</li>
<li><a
href="3dcd9d6eb3"><code>3dcd9d6</code></a>
Update to latest <code>actions/publish-action</code></li>
<li><a
href="e983b65a44"><code>e983b65</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/283">#283</a>
from koba1t/add_support_gowork_for_go-version-file</li>
<li><a
href="27b43e1b0d"><code>27b43e1</code></a>
Pass the token input through on GHES (<a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/277">#277</a>)</li>
<li><a
href="7678c83214"><code>7678c83</code></a>
add support gowork for go-version-file</li>
<li>See full diff in <a
href="c4a742cab1...d0a58c1c4d">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.3.0
to 3.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>Fix cache issues and update dependencies</h2>
<p>In scope of this release we fixed the issue with the correct
generation of the cache key when the <code>go-version-file</code> input
is set (<a
href="https://github-redirect.dependabot.com/actions/setup-go/pull/267">actions/setup-go#267</a>).
Moreover, we fixed an issue when <a
href="https://github-redirect.dependabot.com/actions/setup-go/pull/264">the
cache folder was not found</a>. Besides, we updated
<code>actions/core</code> to 1.10.0 version (<a
href="https://github-redirect.dependabot.com/actions/setup-go/pull/273">actions/setup-go#273</a>).</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c4a742cab1"><code>c4a742c</code></a>
fix(): cache resolve version input (<a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/267">#267</a>)</li>
<li><a
href="f556e5b7e0"><code>f556e5b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/273">#273</a>
from rentziass/rentziass/update-actions-core</li>
<li><a
href="514ae57904"><code>514ae57</code></a>
Update <code>@actions/core</code> to 1.10.0</li>
<li><a
href="30b9ddff11"><code>30b9ddf</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/264">#264</a>
from e-korolevskii/258-not-throw-err-no-cache-folders</li>
<li><a
href="c4e169859f"><code>c4e1698</code></a>
prettier format</li>
<li><a
href="db58e98a43"><code>db58e98</code></a>
format</li>
<li><a
href="2905db4069"><code>2905db4</code></a>
update build</li>
<li><a
href="57452eb902"><code>57452eb</code></a>
fix debug lines in test</li>
<li><a
href="5547b9ed8d"><code>5547b9e</code></a>
fix(cache): Not throw err if no cache folders</li>
<li><a
href="be45b2722d"><code>be45b27</code></a>
build</li>
<li>Additional commits viewable in <a
href="268d8c0ca0...c4a742cab1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot]
Carlos Alexandro Becker