go/goreleaser
go/goreleaser
1
0
Fork 0
mirror of https://github.com/goreleaser/goreleaser.git synced 2025-01-04 03:11:55 +02:00
Code Issues Releases Activity
4,495 Commits 9 Branches 558 Tags 40 MiB
dec5fb8e17
Commit Graph

368 Commits

Author SHA1 Message Date
Carlos Alexandro Becker
c849cfc2a9
build: fix golangci-lint failing (#3874) 
refs https://github.com/golangci/golangci-lint-action/issues/677

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-03-19 22:16:47 -03:00
dependabot[bot]
8f4a6929bd
chore(deps): bump github/codeql-action from 2.2.6 to 2.2.7 (#3870) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.2.6 to 2.2.7.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.2.7 - 15 Mar 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.6 - 10 Mar 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.4.</li>
</ul>
<h2>2.2.5 - 24 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.3. <a
href="https://redirect.github.com/github/codeql-action/pull/1543">#1543</a></li>
</ul>
<h2>2.2.4 - 10 Feb 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.3 - 08 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.2. <a
href="https://redirect.github.com/github/codeql-action/pull/1518">#1518</a></li>
</ul>
<h2>2.2.2 - 06 Feb 2023</h2>
<ul>
<li>Fix an issue where customers using the CodeQL Action with the <a
href="https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access">CodeQL
Action sync tool</a> would not be able to obtain the CodeQL tools. <a
href="https://redirect.github.com/github/codeql-action/pull/1517">#1517</a></li>
</ul>
<h2>2.2.1 - 27 Jan 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.0 - 26 Jan 2023</h2>
<ul>
<li>Improve stability when choosing the default version of CodeQL to use
in code scanning workflow runs on Actions on GitHub.com. <a
href="https://redirect.github.com/github/codeql-action/pull/1475">#1475</a>
<ul>
<li>This change addresses customer reports of code scanning alerts on
GitHub.com being closed and reopened during the rollout of new versions
of CodeQL in the GitHub Actions <a
href="https://github.com/actions/runner-images">runner images</a>.</li>
<li><strong>No change is required for the majority of
workflows</strong>, including:
<ul>
<li>Workflows on GitHub.com hosted runners using the latest version
(<code>v2</code>) of the CodeQL Action.</li>
<li>Workflows on GitHub.com hosted runners that are pinned to specific
versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li>
<li>Workflows on GitHub Enterprise Server.</li>
</ul>
</li>
<li><strong>A change may be required</strong> for workflows on
GitHub.com hosted runners that are pinned to specific versions of the
CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>):
<ul>
<li>Previously, these workflows would obtain the latest version of
CodeQL from the Actions runner image.</li>
<li>Now, these workflows will download an older, compatible version of
CodeQL from GitHub Releases. To use this older version, no change is
required. To use the newest version of CodeQL, please update your
workflows to reference the latest version of the CodeQL Action
(<code>v2</code>).</li>
</ul>
</li>
<li><strong>Internal changes</strong>
<ul>
<li>These changes will not affect the majority of code scanning
workflows. Continue reading only if your workflow uses <a
href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@​actions/tool-cache</code></a>
or relies on the precise location of CodeQL within the Actions tool
cache.</li>
<li>The tool cache now contains <strong>two</strong> recent CodeQL
versions (previously <strong>one</strong>).</li>
<li>Each CodeQL version is located under a directory named after the
release date and version number, e.g. CodeQL 2.11.6 is now located under
<code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously
<code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li>
</ul>
</li>
</ul>
</li>
<li>The maximum number of <a
href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF
runs</a> per file has been increased from 15 to 20 for users uploading
SARIF files to GitHub.com. This change will help ensure that Code
Scanning can process SARIF files generated by third-party tools that
have many runs. See the <a
href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub
API documentation</a> for a list of all the limits around uploading
SARIF. This change will be released to GitHub Enterprise Server as part
of GHES 3.9.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="168b99b3c2"><code>168b99b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1581">#1581</a>
from github/update-v2.2.7-433fe88bf</li>
<li><a
href="bc7318da91"><code>bc7318d</code></a>
Update changelog for v2.2.7</li>
<li><a
href="433fe88bf3"><code>433fe88</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1579">#1579</a>
from github/aeisenberg/no-upload-database</li>
<li><a
href="c208575433"><code>c208575</code></a>
Avoid uploading databases after integration tests</li>
<li><a
href="b8ea587211"><code>b8ea587</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1578">#1578</a>
from github/henrymercer/fix-circular-dependency</li>
<li><a
href="65f42e3768"><code>65f42e3</code></a>
Inline minimum version number to avoid circular dependency</li>
<li><a
href="d9ceda3823"><code>d9ceda3</code></a>
Add debug logging for feature flag enablement</li>
<li><a
href="19f00dc212"><code>19f00dc</code></a>
Bump <code>@​ava/typescript</code> from 3.0.1 to 4.0.0 (<a
href="https://redirect.github.com/github/codeql-action/issues/1576">#1576</a>)</li>
<li><a
href="ec298233c1"><code>ec29823</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1565">#1565</a>
from github/henrymercer/diagnostics-code-scanning-co...</li>
<li><a
href="a92a14621b"><code>a92a146</code></a>
Prefer <code>core.info</code> to <code>console.log</code></li>
<li>Additional commits viewable in <a
href="16964e90ba...168b99b3c2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.6&new-version=2.2.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-03-17 16:09:30 -03:00
Carlos A Becker
b4b6496ea6
build: setup-go update 2023-03-17 16:04:47 -03:00
dependabot[bot]
b623247fb7
chore(deps): bump actions/setup-go from 3.5.0 to 4.0.0 (#3871) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.5.0
to 4.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v4.0.0</h2>
<p>In scope of release we enable cache by default. The action won’t
throw an error if the cache can’t be restored or saved. The action will
throw a warning message but it won’t stop a build process. The cache can
be disabled by specifying <code>cache: false</code>.</p>
<pre lang="yaml"><code>steps:
  - uses: actions/checkout@v3
  - uses: actions/setup-go@v4
    with:
      go-version: ‘1.19’
  - run: go run hello.go
</code></pre>
<p>Besides, we introduce such changes as</p>
<ul>
<li><a
href="https://redirect.github.com/actions/setup-go/pull/305">Allow to
use only GOCACHE for cache</a></li>
<li><a href="https://redirect.github.com/actions/setup-go/pull/315">Bump
json5 from 2.2.1 to 2.2.3</a></li>
<li><a href="https://redirect.github.com/actions/setup-go/pull/323">Use
proper version for primary key in cache</a></li>
<li><a
href="https://redirect.github.com/actions/setup-go/pull/351">Always add
Go bin to the PATH</a></li>
<li><a href="https://redirect.github.com/actions/setup-go/pull/350">Add
step warning if go-version input is empty</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4d34df0c23"><code>4d34df0</code></a>
Update configuration files (<a
href="https://redirect.github.com/actions/setup-go/issues/348">#348</a>)</li>
<li><a
href="fdc0d672a1"><code>fdc0d67</code></a>
Add Go bin if go-version input is empty (<a
href="https://redirect.github.com/actions/setup-go/issues/351">#351</a>)</li>
<li><a
href="ebfdf6ac95"><code>ebfdf6a</code></a>
add warning if go-version is empty (<a
href="https://redirect.github.com/actions/setup-go/issues/350">#350</a>)</li>
<li><a
href="b27d76912e"><code>b27d769</code></a>
fix lockfileVersion (<a
href="https://redirect.github.com/actions/setup-go/issues/349">#349</a>)</li>
<li><a
href="c51a720768"><code>c51a720</code></a>
Enable caching by default with default input (<a
href="https://redirect.github.com/actions/setup-go/issues/332">#332</a>)</li>
<li><a
href="6b848af622"><code>6b848af</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/setup-go/issues/343">#343</a>
from akv-platform/reusable-workflow</li>
<li><a
href="12741cc209"><code>12741cc</code></a>
Format update-config-files.yml</li>
<li><a
href="7a77a6aab6"><code>7a77a6a</code></a>
Merge branch 'main' into reusable-workflow</li>
<li><a
href="42a0cc8e14"><code>42a0cc8</code></a>
Add update-config-files.yml</li>
<li><a
href="7406d654ad"><code>7406d65</code></a>
Add and configure ESLint and update configuration for Prettier (<a
href="https://redirect.github.com/actions/setup-go/issues/341">#341</a>)</li>
<li>Additional commits viewable in <a
href="6edd4406fa...4d34df0c23">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=3.5.0&new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-03-17 00:40:25 -03:00
dependabot[bot]
5773f1a246
chore(deps): bump actions/checkout from 3.3.0 to 3.4.0 (#3872) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.3.0
to 3.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Upgrade codeql actions to v2 by <a
href="https://github.com/Link"><code>@​Link</code></a>- in <a
href="https://redirect.github.com/actions/checkout/pull/1209">actions/checkout#1209</a></li>
<li>Upgrade dependencies by <a
href="https://github.com/Link"><code>@​Link</code></a>- in <a
href="https://redirect.github.com/actions/checkout/pull/1210">actions/checkout#1210</a></li>
<li>Backfill changelog and bump actions/io by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1225">actions/checkout#1225</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Link"><code>@​Link</code></a>- made
their first contribution in <a
href="https://redirect.github.com/actions/checkout/pull/1209">actions/checkout#1209</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v3.3.0...v3.4.0">https://github.com/actions/checkout/compare/v3.3.0...v3.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v3.4.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1209">Upgrade
codeql actions to v2</a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1210">Upgrade
dependencies</a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1225">Upgrade
<code>@​actions/io</code></a></li>
</ul>
<h2>v3.3.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1045">Implement
branch list using callbacks from exec function</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1050">Add
in explicit reference to private checkout options</a></li>
<li>[Fix comment typos (that got added in <a
href="https://redirect.github.com/actions/checkout/issues/770">#770</a>)](<a
href="https://redirect.github.com/actions/checkout/pull/1057">actions/checkout#1057</a>)</li>
</ul>
<h2>v3.2.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/942">Add
GitHub Action to perform release</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/967">Fix
status badge</a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1002">Replace
datadog/squid with ubuntu/squid Docker image</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/964">Wrap
pipeline commands for submoduleForeach in quotes</a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1029">Update
<code>@​actions/io</code> to 1.1.2</a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/1039">Upgrading
version to 3.2.0</a></li>
</ul>
<h2>v3.1.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/939">Use
<code>@​actions/core</code> <code>saveState</code> and
<code>getState</code></a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/922">Add
<code>github-server-url</code> input</a></li>
</ul>
<h2>v3.0.2</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/770">Add
input <code>set-safe-directory</code></a></li>
</ul>
<h2>v3.0.1</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/762">Fixed an
issue where checkout failed to run in container jobs due to the new git
setting <code>safe.directory</code></a></li>
<li><a
href="https://redirect.github.com/actions/checkout/pull/744">Bumped
various npm package versions</a></li>
</ul>
<h2>v3.0.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/689">Update to
node 16</a></li>
</ul>
<h2>v2.3.1</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/284">Fix
default branch resolution for .wiki and when using SSH</a></li>
</ul>
<h2>v2.3.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/278">Fallback to
the default branch</a></li>
</ul>
<h2>v2.2.0</h2>
<ul>
<li><a
href="https://redirect.github.com/actions/checkout/pull/258">Fetch all
history for all tags and branches when fetch-depth=0</a></li>
</ul>
<h2>v2.1.1</h2>
<ul>
<li>Changes to support GHES (<a
href="https://redirect.github.com/actions/checkout/pull/236">here</a>
and <a
href="https://redirect.github.com/actions/checkout/pull/248">here</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="24cb908017"><code>24cb908</code></a>
Bump <code>@​actions/io</code> to v1.1.3 (<a
href="https://redirect.github.com/actions/checkout/issues/1225">#1225</a>)</li>
<li><a
href="27135e314d"><code>27135e3</code></a>
Upgrade dependencies (<a
href="https://redirect.github.com/actions/checkout/issues/1210">#1210</a>)</li>
<li><a
href="7b187184d1"><code>7b18718</code></a>
Upgrade codeql actions to v2 (<a
href="https://redirect.github.com/actions/checkout/issues/1209">#1209</a>)</li>
<li>See full diff in <a
href="ac59398561...24cb908017">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.3.0&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-17 00:11:19 -03:00
dependabot[bot]
2c8d128e1c
chore(deps): bump actions/cache from 3.3.0 to 3.3.1 (#3866) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.3.0 to
3.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.3.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Reduced download segment size to 128 MB and timeout to 10 minutes by
<a href="https://github.com/kotewar"><code>@​kotewar</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1129">actions/cache#1129</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.3.1">https://github.com/actions/cache/compare/v3...v3.3.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://redirect.github.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://redirect.github.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://redirect.github.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://redirect.github.com/actions/cache/issues/809">#809</a> -
zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://redirect.github.com/actions/cache/issues/833">#833</a> -
cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://redirect.github.com/actions/cache/issues/810">#810</a> -
download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://redirect.github.com/actions/cache/issues/888">#888</a> and
<a
href="https://redirect.github.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="88522ab9f3"><code>88522ab</code></a>
Reduced download segment size to 128 MB and timeout to 10 minutes (<a
href="https://redirect.github.com/actions/cache/issues/1129">#1129</a>)</li>
<li>See full diff in <a
href="940f3d7cf1...88522ab9f3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.3.0&new-version=3.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-13 09:25:53 -03:00
dependabot[bot]
f104c143f7
chore(deps): bump github/codeql-action from 2.2.5 to 2.2.6 (#3864) 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.2.5 to 2.2.6.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.2.6 - 10 Mar 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.4.</li>
</ul>
<h2>2.2.5 - 24 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.3. <a
href="https://redirect.github.com/github/codeql-action/pull/1543">#1543</a></li>
</ul>
<h2>2.2.4 - 10 Feb 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.3 - 08 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.2. <a
href="https://redirect.github.com/github/codeql-action/pull/1518">#1518</a></li>
</ul>
<h2>2.2.2 - 06 Feb 2023</h2>
<ul>
<li>Fix an issue where customers using the CodeQL Action with the <a
href="https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access">CodeQL
Action sync tool</a> would not be able to obtain the CodeQL tools. <a
href="https://redirect.github.com/github/codeql-action/pull/1517">#1517</a></li>
</ul>
<h2>2.2.1 - 27 Jan 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.0 - 26 Jan 2023</h2>
<ul>
<li>Improve stability when choosing the default version of CodeQL to use
in code scanning workflow runs on Actions on GitHub.com. <a
href="https://redirect.github.com/github/codeql-action/pull/1475">#1475</a>
<ul>
<li>This change addresses customer reports of code scanning alerts on
GitHub.com being closed and reopened during the rollout of new versions
of CodeQL in the GitHub Actions <a
href="https://github.com/actions/runner-images">runner images</a>.</li>
<li><strong>No change is required for the majority of
workflows</strong>, including:
<ul>
<li>Workflows on GitHub.com hosted runners using the latest version
(<code>v2</code>) of the CodeQL Action.</li>
<li>Workflows on GitHub.com hosted runners that are pinned to specific
versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li>
<li>Workflows on GitHub Enterprise Server.</li>
</ul>
</li>
<li><strong>A change may be required</strong> for workflows on
GitHub.com hosted runners that are pinned to specific versions of the
CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>):
<ul>
<li>Previously, these workflows would obtain the latest version of
CodeQL from the Actions runner image.</li>
<li>Now, these workflows will download an older, compatible version of
CodeQL from GitHub Releases. To use this older version, no change is
required. To use the newest version of CodeQL, please update your
workflows to reference the latest version of the CodeQL Action
(<code>v2</code>).</li>
</ul>
</li>
<li><strong>Internal changes</strong>
<ul>
<li>These changes will not affect the majority of code scanning
workflows. Continue reading only if your workflow uses <a
href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@​actions/tool-cache</code></a>
or relies on the precise location of CodeQL within the Actions tool
cache.</li>
<li>The tool cache now contains <strong>two</strong> recent CodeQL
versions (previously <strong>one</strong>).</li>
<li>Each CodeQL version is located under a directory named after the
release date and version number, e.g. CodeQL 2.11.6 is now located under
<code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously
<code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li>
</ul>
</li>
</ul>
</li>
<li>The maximum number of <a
href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF
runs</a> per file has been increased from 15 to 20 for users uploading
SARIF files to GitHub.com. This change will help ensure that Code
Scanning can process SARIF files generated by third-party tools that
have many runs. See the <a
href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub
API documentation</a> for a list of all the limits around uploading
SARIF. This change will be released to GitHub Enterprise Server as part
of GHES 3.9.</li>
<li>Update default CodeQL bundle version to 2.12.1. <a
href="https://redirect.github.com/github/codeql-action/pull/1498">#1498</a></li>
<li>Fix a bug that forced the <code>init</code> Action to run for at
least two minutes on JavaScript. <a
href="https://redirect.github.com/github/codeql-action/pull/1494">#1494</a></li>
</ul>
<h2>2.1.39 - 18 Jan 2023</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="16964e90ba"><code>16964e9</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1570">#1570</a>
from github/update-v2.2.6-e12a2ecd4</li>
<li><a
href="74cbab4958"><code>74cbab4</code></a>
Update changelog for v2.2.6</li>
<li><a
href="e12a2ecd45"><code>e12a2ec</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1561">#1561</a>
from github/dbartol/bundle-2.12.4</li>
<li><a
href="d47d4c8047"><code>d47d4c8</code></a>
Merge branch 'main' into dbartol/bundle-2.12.4</li>
<li><a
href="f13b180fb8"><code>f13b180</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1567">#1567</a>
from github/aeisenberg/config-parsing-ghes</li>
<li><a
href="a3cf96418e"><code>a3cf964</code></a>
Add <code>security-experimental</code> to <code>codeql-config.yml</code>
(<a
href="https://redirect.github.com/github/codeql-action/issues/1566">#1566</a>)</li>
<li><a
href="0c27d0da4a"><code>0c27d0d</code></a>
Add default values to feature flags</li>
<li><a
href="e4b846c482"><code>e4b846c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/1564">#1564</a>
from github/aeisenberg/qlconfig-file</li>
<li><a
href="c310f094dd"><code>c310f09</code></a>
Fix name of qlconfig file argument</li>
<li><a
href="4366485427"><code>4366485</code></a>
Avoid passing an undefined qlconfig arg</li>
<li>Additional commits viewable in <a
href="32dc499307...16964e90ba">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.5&new-version=2.2.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-13 09:25:41 -03:00
dependabot[bot]
6341c3d0dc
chore(deps): bump docker/setup-buildx-action from 2.4.1 to 2.5.0 (#3865) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.4.1 to 2.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.5.0</h2>
<ul>
<li><code>cleanup</code> input to remove builder and temp files by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/213">docker/setup-buildx-action#213</a></li>
<li>do not remove builder using the <code>docker</code> driver by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/218">docker/setup-buildx-action#218</a></li>
<li>fix current context as builder name for <code>docker</code> driver
by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a>
in <a
href="https://redirect.github.com/docker/setup-buildx-action/pull/209">docker/setup-buildx-action#209</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.4.1...v2.5.0">https://github.com/docker/setup-buildx-action/compare/v2.4.1...v2.5.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4b4e9c3e2d"><code>4b4e9c3</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/216">#216</a>
from awendland/patch-1</li>
<li><a
href="eb27bcbef3"><code>eb27bcb</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/218">#218</a>
from crazy-max/fix-builder-removal</li>
<li><a
href="b7471d4240"><code>b7471d4</code></a>
update generated content</li>
<li><a
href="e2df91e851"><code>e2df91e</code></a>
check builder exists before removal</li>
<li><a
href="85ce96bcbc"><code>85ce96b</code></a>
do not remove builder using the docker driver</li>
<li><a
href="f549413411"><code>f549413</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/217">#217</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="99988698a5"><code>9998869</code></a>
update generated content</li>
<li><a
href="e30725c029"><code>e30725c</code></a>
Bump <code>@​docker/actions-toolkit</code> from 0.1.0-beta.16 to
0.1.0-beta.18</li>
<li><a
href="f1dc97ee10"><code>f1dc97e</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/213">#213</a>
from crazy-max/cleanup-input</li>
<li><a
href="51ecd0a47f"><code>51ecd0a</code></a>
nit typo in README.md, csv is comma-delimited</li>
<li>Additional commits viewable in <a
href="f03ac48505...4b4e9c3e2d">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.4.1&new-version=2.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-13 09:25:22 -03:00
dependabot[bot]
8079a92e39
chore(deps): bump actions/cache from 3.2.6 to 3.3.0 (#3858) 2023-03-10 09:26:14 -03:00
Carlos Alexandro Becker
dd1315b0a7
fix(GO-2023-1621): update from go 1.20.1 to 1.20.2 (#3854) 2023-03-09 08:24:20 -03:00
dependabot[bot]
008d43d72b
chore(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 (#3818) 
Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 2.8.1 to 3.0.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>make cosign v2.0.0 default version by <a
href="https://github.com/developer-guy"><code>@​developer-guy</code></a>
in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/109">sigstore/cosign-installer#109</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v3.0.0...v3.0.1">https://github.com/sigstore/cosign-installer/compare/v3.0.0...v3.0.1</a></p>
<h2>v3.0.0</h2>
<h1>Breaking change</h1>
<p>Cosign v2 has some breaking changes. Please check those: <a
href="https://blog.sigstore.dev/cosign-2-0-released/">https://blog.sigstore.dev/cosign-2-0-released/</a></p>
<h2>What's Changed</h2>
<ul>
<li>test: add logs when downloading the public keys by <a
href="https://github.com/hectorj2f"><code>@​hectorj2f</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/106">sigstore/cosign-installer#106</a></li>
<li>Add support to install v2 and any other cosign release candidate by
<a href="https://github.com/hectorj2f"><code>@​hectorj2f</code></a> in
<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/105">sigstore/cosign-installer#105</a></li>
<li>v2.0.0 release by <a
href="https://github.com/sabre1041"><code>@​sabre1041</code></a> in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/108">sigstore/cosign-installer#108</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/hectorj2f"><code>@​hectorj2f</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/106">sigstore/cosign-installer#106</a></li>
<li><a href="https://github.com/sabre1041"><code>@​sabre1041</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/108">sigstore/cosign-installer#108</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v2...v3.0.0">https://github.com/sigstore/cosign-installer/compare/v2...v3.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c3667d9942"><code>c3667d9</code></a>
make cosign v2.0.0 default version (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/109">#109</a>)</li>
<li><a
href="77560e399f"><code>77560e3</code></a>
v2.0.0 release (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/108">#108</a>)</li>
<li><a
href="4079ad3567"><code>4079ad3</code></a>
Bump actions/checkout from 3.2.0 to 3.3.0 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/107">#107</a>)</li>
<li><a
href="55fd288876"><code>55fd288</code></a>
Add support to install v2 and any other cosign release candidate (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/105">#105</a>)</li>
<li><a
href="651c379c48"><code>651c379</code></a>
test: add logs when downloading the public keys (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/106">#106</a>)</li>
<li><a
href="df6c89e679"><code>df6c89e</code></a>
Bump actions/checkout from 3.1.0 to 3.2.0 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/102">#102</a>)</li>
<li><a
href="31f26445bf"><code>31f2644</code></a>
Bump actions/setup-go from 3.4.0 to 3.5.0 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/103">#103</a>)</li>
<li><a
href="b6757d8360"><code>b6757d8</code></a>
Bump actions/setup-go from 3.3.1 to 3.4.0 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/101">#101</a>)</li>
<li><a
href="7bca8b4116"><code>7bca8b4</code></a>
Bump actions/setup-go from 3.3.0 to 3.3.1 (<a
href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/99">#99</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v2.8.1...v3.0.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=2.8.1&new-version=3.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-03-02 09:36:26 -03:00
dependabot[bot]
6fc205a93b
chore(deps): bump github/codeql-action from 2.2.4 to 2.2.5 (#3808) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.2.4 to 2.2.5.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="32dc499307"><code>32dc499</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1547">#1547</a>
from github/update-v2.2.5-237a258d2</li>
<li><a
href="b742728ac2"><code>b742728</code></a>
Update changelog for v2.2.5</li>
<li><a
href="237a258d2b"><code>237a258</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1543">#1543</a>
from github/alexet/update-2.12.3</li>
<li><a
href="5972e6d72e"><code>5972e6d</code></a>
Fix lib file</li>
<li><a
href="164027e682"><code>164027e</code></a>
Fix bundle versions</li>
<li><a
href="3dde1f3512"><code>3dde1f3</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1540">#1540</a>
from cklin/expect-discarded-cache</li>
<li><a
href="d7d7567b0e"><code>d7d7567</code></a>
Unit tests for optimizeForLastQueryRun</li>
<li><a
href="0e4e857bab"><code>0e4e857</code></a>
Set optimizeForLastQueryRun on last run</li>
<li><a
href="08d1f21d4f"><code>08d1f21</code></a>
Calculate customQueryIndices early</li>
<li><a
href="f3bd25eefa"><code>f3bd25e</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1544">#1544</a>
from github/aeisenberg/clean-cache</li>
<li>Additional commits viewable in <a
href="17573ee1cc...32dc499307">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.4&new-version=2.2.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-27 09:34:34 -03:00
dependabot[bot]
4790e2fe3d
chore(deps): bump actions/cache from 3.2.5 to 3.2.6 (#3798) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.5 to
3.2.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.6</h2>
<h2>What's Changed</h2>
<ul>
<li>Updated branch in Force deletion of caches by <a
href="https://github.com/t-dedah"><code>@​t-dedah</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1108">actions/cache#1108</a></li>
<li>Fix zstd not being used after zstd version upgrade to 1.5.4 on
hosted runners by <a
href="https://github.com/pdotl"><code>@​pdotl</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1118">actions/cache#1118</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.2.6">https://github.com/actions/cache/compare/v3...v3.2.6</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<h3>3.0.11</h3>
<ul>
<li>Update toolkit version to 3.0.5 to include
<code>@actions/core@^1.10.0</code></li>
<li>Update <code>@actions/cache</code> to use updated
<code>saveState</code> and <code>setOutput</code> functions from
<code>@actions/core@^1.10.0</code></li>
</ul>
<h3>3.1.0-beta.1</h3>
<ul>
<li>Update <code>@actions/cache</code> on windows to use gnu tar and
zstd by default and fallback to bsdtar and zstd if gnu tar is not
available. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li>
</ul>
<h3>3.1.0-beta.2</h3>
<ul>
<li>Added support for fallback to gzip to restore old caches on
windows.</li>
</ul>
<h3>3.1.0-beta.3</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="69d9d449ac"><code>69d9d44</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1118">#1118</a>
from actions/pdotl/zstd-hotfix</li>
<li><a
href="8d3a1e02aa"><code>8d3a1e0</code></a>
Fix license</li>
<li><a
href="b1db4b4897"><code>b1db4b4</code></a>
Fix zstd breaking after new version release</li>
<li><a
href="7d4d6f7ffd"><code>7d4d6f7</code></a>
Update package-lock.json</li>
<li><a
href="8f7fa5d715"><code>8f7fa5d</code></a>
Bump <code>@​actions/cache</code> version</li>
<li><a
href="95b455a0fb"><code>95b455a</code></a>
3.2.6</li>
<li><a
href="81b7281936"><code>81b7281</code></a>
Updated branch in Force deletion of caches (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1108">#1108</a>)</li>
<li>See full diff in <a
href="6998d139dd...69d9d449ac">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.2.5&new-version=3.2.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-22 09:15:32 -03:00
Carlos A Becker
6d3eb57c7a
fix: update to go 1.20.1 2023-02-17 10:44:02 -03:00
dependabot[bot]
019364be32
chore(deps): bump github/codeql-action from 2.2.3 to 2.2.4 (#3777) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.2.3 to 2.2.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.2.4 - 10 Feb 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.3 - 08 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1518">#1518</a></li>
</ul>
<h2>2.2.2 - 06 Feb 2023</h2>
<ul>
<li>Fix an issue where customers using the CodeQL Action with the <a
href="https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access">CodeQL
Action sync tool</a> would not be able to obtain the CodeQL tools. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1517">#1517</a></li>
</ul>
<h2>2.2.1 - 27 Jan 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.0 - 26 Jan 2023</h2>
<ul>
<li>Improve stability when choosing the default version of CodeQL to use
in code scanning workflow runs on Actions on GitHub.com. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1475">#1475</a>
<ul>
<li>This change addresses customer reports of code scanning alerts on
GitHub.com being closed and reopened during the rollout of new versions
of CodeQL in the GitHub Actions <a
href="https://github.com/actions/runner-images">runner images</a>.</li>
<li><strong>No change is required for the majority of
workflows</strong>, including:
<ul>
<li>Workflows on GitHub.com hosted runners using the latest version
(<code>v2</code>) of the CodeQL Action.</li>
<li>Workflows on GitHub.com hosted runners that are pinned to specific
versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li>
<li>Workflows on GitHub Enterprise Server.</li>
</ul>
</li>
<li><strong>A change may be required</strong> for workflows on
GitHub.com hosted runners that are pinned to specific versions of the
CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>):
<ul>
<li>Previously, these workflows would obtain the latest version of
CodeQL from the Actions runner image.</li>
<li>Now, these workflows will download an older, compatible version of
CodeQL from GitHub Releases. To use this older version, no change is
required. To use the newest version of CodeQL, please update your
workflows to reference the latest version of the CodeQL Action
(<code>v2</code>).</li>
</ul>
</li>
<li><strong>Internal changes</strong>
<ul>
<li>These changes will not affect the majority of code scanning
workflows. Continue reading only if your workflow uses <a
href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@​actions/tool-cache</code></a>
or relies on the precise location of CodeQL within the Actions tool
cache.</li>
<li>The tool cache now contains <strong>two</strong> recent CodeQL
versions (previously <strong>one</strong>).</li>
<li>Each CodeQL version is located under a directory named after the
release date and version number, e.g. CodeQL 2.11.6 is now located under
<code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously
<code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li>
</ul>
</li>
</ul>
</li>
<li>The maximum number of <a
href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF
runs</a> per file has been increased from 15 to 20 for users uploading
SARIF files to GitHub.com. This change will help ensure that Code
Scanning can process SARIF files generated by third-party tools that
have many runs. See the <a
href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub
API documentation</a> for a list of all the limits around uploading
SARIF. This change will be released to GitHub Enterprise Server as part
of GHES 3.9.</li>
<li>Update default CodeQL bundle version to 2.12.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1498">#1498</a></li>
<li>Fix a bug that forced the <code>init</code> Action to run for at
least two minutes on JavaScript. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1494">#1494</a></li>
</ul>
<h2>2.1.39 - 18 Jan 2023</h2>
<ul>
<li>CodeQL Action v1 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v2. For more information, see <a
href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/">this
changelog post</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1467</a></li>
<li>Python automatic dependency installation will no longer fail for
projects using Poetry that specify <code>virtualenvs.options.no-pip =
true</code> in their <code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431">#1431</a></li>
<li>Avoid printing a stack trace and error message when the action fails
to find the SHA at the
current directory. This will happen in several non-error states and so
we now avoid cluttering the
log with this message. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1485">#1485</a></li>
</ul>
<h2>2.1.38 - 12 Jan 2023</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="17573ee1cc"><code>17573ee</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1534">#1534</a>
from github/update-v2.2.4-40babc141</li>
<li><a
href="b6975b4b1a"><code>b6975b4</code></a>
Update changelog for v2.2.4</li>
<li><a
href="40babc141f"><code>40babc1</code></a>
Tools telemetry: accurately report when feature flags were inaccessible
(<a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1532">#1532</a>)</li>
<li><a
href="7ba5ed7eed"><code>7ba5ed7</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1531">#1531</a>
from github/mergeback/v2.2.3-to-main-8775e868</li>
<li><a
href="21f3020df6"><code>21f3020</code></a>
Update checked-in dependencies</li>
<li><a
href="b872c5adfd"><code>b872c5a</code></a>
Update changelog and version after v2.2.3</li>
<li>See full diff in <a
href="8775e86802...17573ee1cc">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.3&new-version=2.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-13 11:29:01 -03:00
dependabot[bot]
1e46e00899
chore(deps): bump actions/cache from 3.2.4 to 3.2.5 (#3773) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.4 to
3.2.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.5</h2>
<h2>What's Changed</h2>
<ul>
<li>Rewrite readmes by <a
href="https://github.com/jsoref"><code>@​jsoref</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1085">actions/cache#1085</a></li>
<li>Fixed typos and formatting in docs by <a
href="https://github.com/kotewar"><code>@​kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1076">actions/cache#1076</a></li>
<li>Fixing paths for OSes by <a
href="https://github.com/kotewar"><code>@​kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1101">actions/cache#1101</a></li>
<li>Release patch version update by <a
href="https://github.com/Phantsure"><code>@​Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1105">actions/cache#1105</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/jsoref"><code>@​jsoref</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1085">actions/cache#1085</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.2.5">https://github.com/actions/cache/compare/v3...v3.2.5</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<h3>3.0.11</h3>
<ul>
<li>Update toolkit version to 3.0.5 to include
<code>@actions/core@^1.10.0</code></li>
<li>Update <code>@actions/cache</code> to use updated
<code>saveState</code> and <code>setOutput</code> functions from
<code>@actions/core@^1.10.0</code></li>
</ul>
<h3>3.1.0-beta.1</h3>
<ul>
<li>Update <code>@actions/cache</code> on windows to use gnu tar and
zstd by default and fallback to bsdtar and zstd if gnu tar is not
available. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li>
</ul>
<h3>3.1.0-beta.2</h3>
<ul>
<li>Added support for fallback to gzip to restore old caches on
windows.</li>
</ul>
<h3>3.1.0-beta.3</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6998d139dd"><code>6998d13</code></a>
Release patch version update (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1105">#1105</a>)</li>
<li><a
href="2b8105bdae"><code>2b8105b</code></a>
Fixing paths for OSes (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1101">#1101</a>)</li>
<li><a
href="e08330827d"><code>e083308</code></a>
Fixed typos and formatting in docs (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1076">#1076</a>)</li>
<li><a
href="22d3da765b"><code>22d3da7</code></a>
Rewrite readmes (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1085">#1085</a>)</li>
<li>See full diff in <a
href="627f0f41f6...6998d139dd">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.2.4&new-version=3.2.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-10 10:13:19 -03:00
dependabot[bot]
9d6d85855d
chore(deps): bump github/codeql-action from 2.2.2 to 2.2.3 (#3767) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.2.2 to 2.2.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.2.3 - 08 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1518">#1518</a></li>
</ul>
<h2>2.2.2 - 06 Feb 2023</h2>
<ul>
<li>Fix an issue where customers using the CodeQL Action with the <a
href="https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access">CodeQL
Action sync tool</a> would not be able to obtain the CodeQL tools. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1517">#1517</a></li>
</ul>
<h2>2.2.1 - 27 Jan 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.0 - 26 Jan 2023</h2>
<ul>
<li>Improve stability when choosing the default version of CodeQL to use
in code scanning workflow runs on Actions on GitHub.com. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1475">#1475</a>
<ul>
<li>This change addresses customer reports of code scanning alerts on
GitHub.com being closed and reopened during the rollout of new versions
of CodeQL in the GitHub Actions <a
href="https://github.com/actions/runner-images">runner images</a>.</li>
<li><strong>No change is required for the majority of
workflows</strong>, including:
<ul>
<li>Workflows on GitHub.com hosted runners using the latest version
(<code>v2</code>) of the CodeQL Action.</li>
<li>Workflows on GitHub.com hosted runners that are pinned to specific
versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li>
<li>Workflows on GitHub Enterprise Server.</li>
</ul>
</li>
<li><strong>A change may be required</strong> for workflows on
GitHub.com hosted runners that are pinned to specific versions of the
CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>):
<ul>
<li>Previously, these workflows would obtain the latest version of
CodeQL from the Actions runner image.</li>
<li>Now, these workflows will download an older, compatible version of
CodeQL from GitHub Releases. To use this older version, no change is
required. To use the newest version of CodeQL, please update your
workflows to reference the latest version of the CodeQL Action
(<code>v2</code>).</li>
</ul>
</li>
<li><strong>Internal changes</strong>
<ul>
<li>These changes will not affect the majority of code scanning
workflows. Continue reading only if your workflow uses <a
href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@​actions/tool-cache</code></a>
or relies on the precise location of CodeQL within the Actions tool
cache.</li>
<li>The tool cache now contains <strong>two</strong> recent CodeQL
versions (previously <strong>one</strong>).</li>
<li>Each CodeQL version is located under a directory named after the
release date and version number, e.g. CodeQL 2.11.6 is now located under
<code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously
<code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li>
</ul>
</li>
</ul>
</li>
<li>The maximum number of <a
href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF
runs</a> per file has been increased from 15 to 20 for users uploading
SARIF files to GitHub.com. This change will help ensure that Code
Scanning can process SARIF files generated by third-party tools that
have many runs. See the <a
href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub
API documentation</a> for a list of all the limits around uploading
SARIF. This change will be released to GitHub Enterprise Server as part
of GHES 3.9.</li>
<li>Update default CodeQL bundle version to 2.12.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1498">#1498</a></li>
<li>Fix a bug that forced the <code>init</code> Action to run for at
least two minutes on JavaScript. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1494">#1494</a></li>
</ul>
<h2>2.1.39 - 18 Jan 2023</h2>
<ul>
<li>CodeQL Action v1 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v2. For more information, see <a
href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/">this
changelog post</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1467</a></li>
<li>Python automatic dependency installation will no longer fail for
projects using Poetry that specify <code>virtualenvs.options.no-pip =
true</code> in their <code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431">#1431</a></li>
<li>Avoid printing a stack trace and error message when the action fails
to find the SHA at the
current directory. This will happen in several non-error states and so
we now avoid cluttering the
log with this message. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1485">#1485</a></li>
</ul>
<h2>2.1.38 - 12 Jan 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1466</a></li>
</ul>
<h2>2.1.37 - 14 Dec 2022</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8775e86802"><code>8775e86</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1530">#1530</a>
from github/update-v2.2.3-c4e22e9fc</li>
<li><a
href="a2ad80b966"><code>a2ad80b</code></a>
Update changelog for v2.2.3</li>
<li><a
href="c4e22e9fce"><code>c4e22e9</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1529">#1529</a>
from github/henrymercer/remove-bypass-toolcache-flags</li>
<li><a
href="db534af2ae"><code>db534af</code></a>
Remove feature flags for bypassing the toolcache</li>
<li><a
href="4369dda4ae"><code>4369dda</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1518">#1518</a>
from github/cklin/codeql-cli-2.12.2</li>
<li><a
href="4f08c2cf20"><code>4f08c2c</code></a>
Bump default CodeQL version to 2.12.2</li>
<li><a
href="81644f35ff"><code>81644f3</code></a>
Add max line length of 120 to linter (<a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1524">#1524</a>)</li>
<li><a
href="9ab6aa64a0"><code>9ab6aa6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1526">#1526</a>
from github/mergeback/v2.2.2-to-main-39d8d7e7</li>
<li><a
href="256973e279"><code>256973e</code></a>
Update checked-in dependencies</li>
<li><a
href="59b25b480f"><code>59b25b4</code></a>
Update changelog and version after v2.2.2</li>
<li>Additional commits viewable in <a
href="39d8d7e78f...8775e86802">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.2&new-version=2.2.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-09 08:52:59 -03:00
dependabot[bot]
9da9f78537
chore(deps): bump docker/setup-buildx-action from 2.4.0 to 2.4.1 (#3762) 2023-02-07 14:07:51 +00:00
dependabot[bot]
6ab9fd15e1
chore(deps): bump github/codeql-action from 2.2.1 to 2.2.2 (#3763) 2023-02-07 13:57:31 +00:00
Carlos A Becker
b0783c7401
build: run test on any workflow change 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-02-07 09:48:26 -03:00
Carlos A Becker
addd7c4ceb
build: fix workflow syntax 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-02-07 09:44:33 -03:00
Carlos Alexandro Becker
81914757da
build: use go1.20 (#3757) 
update everything to go 1.20

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-05 13:39:39 -03:00
dependabot[bot]
599f9b4c6a
chore(deps): bump arduino/setup-task from 1.0.2 to 1.0.3 (#3736) 
Bumps [arduino/setup-task](https://github.com/arduino/setup-task) from
1.0.2 to 1.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/arduino/setup-task/releases">arduino/setup-task's
releases</a>.</em></p>
<blockquote>
<h2>1.0.3</h2>
<h2>Changelog</h2>
<h4>Enhancement</h4>
<ul>
<li>Add support for all Task build architectures
(43e1bb8c37ce39c24e88b4622c2f66b6d7d9ebbd)</li>
</ul>
<h2>Full Changeset</h2>
<p><a
href="https://github.com/arduino/setup-task/compare/1.0.2...1.0.3">https://github.com/arduino/setup-task/compare/1.0.2...1.0.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e26d897557"><code>e26d897</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/636">#636</a>
from per1234/arm-arch</li>
<li><a
href="43e1bb8c37"><code>43e1bb8</code></a>
Add support for all Task build architectures</li>
<li><a
href="bf9d22fbca"><code>bf9d22f</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/637">#637</a>
from arduino/dependabot/npm_and_yarn/eslint-8.33.0</li>
<li><a
href="f307193035"><code>f307193</code></a>
build(deps-dev): bump eslint from 8.32.0 to 8.33.0</li>
<li><a
href="9a385911a6"><code>9a38591</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/635">#635</a>
from arduino/dependabot/npm_and_yarn/jest-circus-29.4.1</li>
<li><a
href="446dc59e7a"><code>446dc59</code></a>
build(deps-dev): bump jest-circus from 29.4.0 to 29.4.1</li>
<li><a
href="fe65533e09"><code>fe65533</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/634">#634</a>
from arduino/dependabot/npm_and_yarn/vercel/ncc-0.36.1</li>
<li><a
href="af97840bda"><code>af97840</code></a>
build(deps-dev): bump <code>@​vercel/ncc</code> from 0.36.0 to
0.36.1</li>
<li><a
href="88a5c5cdc0"><code>88a5c5c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/632">#632</a>
from arduino/dependabot/npm_and_yarn/jest-circus-29.4.0</li>
<li><a
href="4d2bca9f30"><code>4d2bca9</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/arduino/setup-task/issues/631">#631</a>
from arduino/dependabot/npm_and_yarn/typescript-eslin...</li>
<li>Additional commits viewable in <a
href="d665c6beeb...e26d897557">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=arduino/setup-task&package-manager=github_actions&previous-version=1.0.2&new-version=1.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-01 09:19:19 -03:00
dependabot[bot]
ce5826ff36
chore(deps): bump docker/setup-buildx-action from 2.3.0 to 2.4.0 (#3737) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.3.0 to 2.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.4.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Don't depend on the GitHub API to check release by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/196">#196</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.3.0...v2.4.0">https://github.com/docker/setup-buildx-action/compare/v2.3.0...v2.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="15c905b16b"><code>15c905b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/196">#196</a>
from crazy-max/dl-no-token</li>
<li><a
href="a25d6a0130"><code>a25d6a0</code></a>
update generated content</li>
<li><a
href="39322d9057"><code>39322d9</code></a>
don't depend on the GitHub API to check release</li>
<li><a
href="0648fd6fd6"><code>0648fd6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/195">#195</a>
from crazy-max/fix-readme</li>
<li><a
href="30d8a59ee0"><code>30d8a59</code></a>
fix action version in README</li>
<li><a
href="71320d2e17"><code>71320d2</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/193">#193</a>
from fevrin/update-gh-doc-url</li>
<li><a
href="272f8b84cf"><code>272f8b8</code></a>
update GH doc URL</li>
<li>See full diff in <a
href="5e716dcfd6...15c905b16b">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.3.0&new-version=2.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-01 09:15:36 -03:00
dependabot[bot]
ca6ee15bb8
chore(deps): bump actions/cache from 3.2.3 to 3.2.4 (#3738) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.3 to
3.2.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Update json5 package version by <a
href="https://github.com/vsvipul"><code>@​vsvipul</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1065">actions/cache#1065</a></li>
<li>Cache recipes for cache, restore and save actions by <a
href="https://github.com/kotewar"><code>@​kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1055">actions/cache#1055</a></li>
<li>Add gnu tar and zstd as pre-requisites for windows self-hosted
runners by <a href="https://github.com/pdotl"><code>@​pdotl</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1068">actions/cache#1068</a></li>
<li>Fix a whitespace typo by <a
href="https://github.com/kurtmckee"><code>@​kurtmckee</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1074">actions/cache#1074</a></li>
<li>📝 <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1045">#1045</a>
update using the <code>set-output</code> command is deprecated by <a
href="https://github.com/siguikesse"><code>@​siguikesse</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1046">actions/cache#1046</a></li>
<li>Fix referenced output key in save action readme by <a
href="https://github.com/ruudk"><code>@​ruudk</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1061">actions/cache#1061</a></li>
<li>Update workflows to use reusable-workflows by <a
href="https://github.com/jongwooo"><code>@​jongwooo</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1066">actions/cache#1066</a></li>
<li>Introduce add-to-project step &amp; rename workflow files by <a
href="https://github.com/pallavx"><code>@​pallavx</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1077">actions/cache#1077</a></li>
<li>chore: Fix syntax error typo by <a
href="https://github.com/vHeemstra"><code>@​vHeemstra</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1081">actions/cache#1081</a></li>
<li>Update caching-strategies.md by <a
href="https://github.com/kpfleming"><code>@​kpfleming</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1084">actions/cache#1084</a></li>
<li>Added another usage hint to foresee <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1072">#1072</a>
by <a href="https://github.com/maybeec"><code>@​maybeec</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1089">actions/cache#1089</a></li>
<li>Add <code>fail-on-cache-miss</code> option by <a
href="https://github.com/cdce8p"><code>@​cdce8p</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1036">actions/cache#1036</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/kurtmckee"><code>@​kurtmckee</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1074">actions/cache#1074</a></li>
<li><a
href="https://github.com/siguikesse"><code>@​siguikesse</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1046">actions/cache#1046</a></li>
<li><a href="https://github.com/ruudk"><code>@​ruudk</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1061">actions/cache#1061</a></li>
<li><a href="https://github.com/pallavx"><code>@​pallavx</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1077">actions/cache#1077</a></li>
<li><a href="https://github.com/vHeemstra"><code>@​vHeemstra</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1081">actions/cache#1081</a></li>
<li><a href="https://github.com/kpfleming"><code>@​kpfleming</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1084">actions/cache#1084</a></li>
<li><a href="https://github.com/maybeec"><code>@​maybeec</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1089">actions/cache#1089</a></li>
<li><a href="https://github.com/cdce8p"><code>@​cdce8p</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1036">actions/cache#1036</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.2.4">https://github.com/actions/cache/compare/v3...v3.2.4</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<h3>3.0.11</h3>
<ul>
<li>Update toolkit version to 3.0.5 to include
<code>@actions/core@^1.10.0</code></li>
<li>Update <code>@actions/cache</code> to use updated
<code>saveState</code> and <code>setOutput</code> functions from
<code>@actions/core@^1.10.0</code></li>
</ul>
<h3>3.1.0-beta.1</h3>
<ul>
<li>Update <code>@actions/cache</code> on windows to use gnu tar and
zstd by default and fallback to bsdtar and zstd if gnu tar is not
available. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li>
</ul>
<h3>3.1.0-beta.2</h3>
<ul>
<li>Added support for fallback to gzip to restore old caches on
windows.</li>
</ul>
<h3>3.1.0-beta.3</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="627f0f41f6"><code>627f0f4</code></a>
Add <code>fail-on-cache-miss</code> option (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1036">#1036</a>)</li>
<li><a
href="8e3048d0f7"><code>8e3048d</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1089">#1089</a>
from maybeec/patch-1</li>
<li><a
href="1b004e8a69"><code>1b004e8</code></a>
Update tips-and-workarounds.md</li>
<li><a
href="75b110bc85"><code>75b110b</code></a>
Added another hint to foresee <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1072">#1072</a></li>
<li><a
href="2b5a782c64"><code>2b5a782</code></a>
Update caching-strategies.md (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1084">#1084</a>)</li>
<li><a
href="6c2de3ba98"><code>6c2de3b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1081">#1081</a>
from vHeemstra/patch-1</li>
<li><a
href="b63536828e"><code>b635368</code></a>
there as well ;)</li>
<li><a
href="cd2aaa9df8"><code>cd2aaa9</code></a>
chore: Fix syntax error typo</li>
<li><a
href="9b7ef12f3e"><code>9b7ef12</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1077">#1077</a>
from actions/pallavx-patch-1</li>
<li><a
href="3c08cab74f"><code>3c08cab</code></a>
Introduce add-to-project step &amp; rename add-reviewer-pr workflow
file</li>
<li>Additional commits viewable in <a
href="58c146cc91...627f0f41f6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.2.3&new-version=3.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-01 09:12:12 -03:00
dependabot[bot]
5c1fd3582b
chore(deps): bump docker/setup-buildx-action from 2.2.1 to 2.3.0 (#3729) 
Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 2.2.1 to 2.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Use Octokit to check Buildx release on GitHub by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/191">#191</a>
<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/192">#192</a>)</li>
<li>Add version pinning information to the README by <a
href="https://github.com/jedevc"><code>@​jedevc</code></a> (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/189">#189</a>)</li>
<li>Bump minimatch from 3.0.4 to 3.1.2 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/182">#182</a>)</li>
<li>Bump csv-parse from 5.3.1 to 5.3.3 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/181">#181</a>)</li>
<li>Bump json5 from 2.2.0 to 2.2.3 (<a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/184">#184</a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v2.2.1...v2.3.0">https://github.com/docker/setup-buildx-action/compare/v2.2.1...v2.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e716dcfd6"><code>5e716dc</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/192">#192</a>
from crazy-max/support-ghes</li>
<li><a
href="a83788eef0"><code>a83788e</code></a>
update generated content</li>
<li><a
href="d0d9a72195"><code>d0d9a72</code></a>
pass the token input through on GHES</li>
<li><a
href="a8165e7b70"><code>a8165e7</code></a>
enforce baseUrl to api.github.com if action used on GHES</li>
<li><a
href="a024221c60"><code>a024221</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/191">#191</a>
from crazy-max/fix-dl-release</li>
<li><a
href="4c3fce4ab2"><code>4c3fce4</code></a>
update generated content</li>
<li><a
href="7c965aebec"><code>7c965ae</code></a>
use Octokit client to download buildx</li>
<li><a
href="7932f6210d"><code>7932f62</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/189">#189</a>
from docker/version-pinning-docs</li>
<li><a
href="70deadb37a"><code>70deadb</code></a>
docs: add version pinning information to the README</li>
<li><a
href="165fe681b8"><code>165fe68</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/docker/setup-buildx-action/issues/184">#184</a>
from docker/dependabot/npm_and_yarn/json5-2.2.3</li>
<li>Additional commits viewable in <a
href="8c0edbc76e...5e716dcfd6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.2.1&new-version=2.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-30 09:50:59 -03:00
dependabot[bot]
b192de9162
chore(deps): bump github/codeql-action from 2.2.0 to 2.2.1 (#3725) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.2.0 to 2.2.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.2.1 - 27 Jan 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.0 - 26 Jan 2023</h2>
<ul>
<li>Improve stability when choosing the default version of CodeQL to use
in code scanning workflow runs on Actions on GitHub.com. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1475">#1475</a>
<ul>
<li>This change addresses customer reports of code scanning alerts on
GitHub.com being closed and reopened during the rollout of new versions
of CodeQL in the GitHub Actions <a
href="https://github.com/actions/runner-images">runner images</a>.</li>
<li><strong>No change is required for the majority of
workflows</strong>, including:
<ul>
<li>Workflows on GitHub.com hosted runners using the latest version
(<code>v2</code>) of the CodeQL Action.</li>
<li>Workflows on GitHub.com hosted runners that are pinned to specific
versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li>
<li>Workflows on GitHub Enterprise Server.</li>
</ul>
</li>
<li><strong>A change may be required</strong> for workflows on
GitHub.com hosted runners that are pinned to specific versions of the
CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>):
<ul>
<li>Previously, these workflows would obtain the latest version of
CodeQL from the Actions runner image.</li>
<li>Now, these workflows will download an older, compatible version of
CodeQL from GitHub Releases. To use this older version, no change is
required. To use the newest version of CodeQL, please update your
workflows to reference the latest version of the CodeQL Action
(<code>v2</code>).</li>
</ul>
</li>
<li><strong>Internal changes</strong>
<ul>
<li>These changes will not affect the majority of code scanning
workflows. Continue reading only if your workflow uses <a
href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@​actions/tool-cache</code></a>
or relies on the precise location of CodeQL within the Actions tool
cache.</li>
<li>The tool cache now contains <strong>two</strong> recent CodeQL
versions (previously <strong>one</strong>).</li>
<li>Each CodeQL version is located under a directory named after the
release date and version number, e.g. CodeQL 2.11.6 is now located under
<code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously
<code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li>
</ul>
</li>
</ul>
</li>
<li>The maximum number of <a
href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF
runs</a> per file has been increased from 15 to 20 for users uploading
SARIF files to GitHub.com. This change will help ensure that Code
Scanning can process SARIF files generated by third-party tools that
have many runs. See the <a
href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub
API documentation</a> for a list of all the limits around uploading
SARIF. This change will be released to GitHub Enterprise Server as part
of GHES 3.9.</li>
<li>Update default CodeQL bundle version to 2.12.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1498">#1498</a></li>
<li>Fix a bug that forced the <code>init</code> Action to run for at
least two minutes on JavaScript. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1494">#1494</a></li>
</ul>
<h2>2.1.39 - 18 Jan 2023</h2>
<ul>
<li>CodeQL Action v1 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v2. For more information, see <a
href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/">this
changelog post</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1467</a></li>
<li>Python automatic dependency installation will no longer fail for
projects using Poetry that specify <code>virtualenvs.options.no-pip =
true</code> in their <code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431">#1431</a></li>
<li>Avoid printing a stack trace and error message when the action fails
to find the SHA at the
current directory. This will happen in several non-error states and so
we now avoid cluttering the
log with this message. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1485">#1485</a></li>
</ul>
<h2>2.1.38 - 12 Jan 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1466</a></li>
</ul>
<h2>2.1.37 - 14 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.6. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1433">#1433</a></li>
</ul>
<h2>2.1.36 - 08 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1412">#1412</a></li>
<li>Add a step that tries to upload a SARIF file for the workflow run
when that workflow run fails. This will help better surface failed code
scanning workflow runs. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1393">#1393</a></li>
<li>Python automatic dependency installation will no longer consider
dependency code installed in venv as user-written, for projects using
Poetry that specify <code>virtualenvs.in-project = true</code> in their
<code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1419">#1419</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3ebbd71c74"><code>3ebbd71</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1514">#1514</a>
from github/update-v2.2.1-4664f3969</li>
<li><a
href="2ae6e13cc3"><code>2ae6e13</code></a>
Update changelog for v2.2.1</li>
<li><a
href="4664f39699"><code>4664f39</code></a>
Ensure that <code>tools_download_duration_ms</code> is int (<a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1513">#1513</a>)</li>
<li><a
href="b2e16761f3"><code>b2e1676</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1512">#1512</a>
from github/mergeback/v2.2.0-to-main-436dbd91</li>
<li><a
href="592a896a53"><code>592a896</code></a>
Update checked-in dependencies</li>
<li><a
href="4a6b5a54c2"><code>4a6b5a5</code></a>
Update changelog and version after v2.2.0</li>
<li>See full diff in <a
href="436dbd9100...3ebbd71c74">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.0&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-27 08:57:40 -03:00
dependabot[bot]
31fbe515c1
chore(deps): bump github/codeql-action from 2.1.39 to 2.2.0 (#3722) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.39 to 2.2.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.2.0 - 26 Jan 2023</h2>
<ul>
<li>Improve stability when choosing the default version of CodeQL to use
in code scanning workflow runs on Actions on GitHub.com. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1475">#1475</a>
<ul>
<li>This change addresses customer reports of code scanning alerts on
GitHub.com being closed and reopened during the rollout of new versions
of CodeQL in the GitHub Actions <a
href="https://github.com/actions/runner-images">runner images</a>.</li>
<li><strong>No change is required for the majority of
workflows</strong>, including:
<ul>
<li>Workflows on GitHub.com hosted runners using the latest version
(<code>v2</code>) of the CodeQL Action.</li>
<li>Workflows on GitHub.com hosted runners that are pinned to specific
versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li>
<li>Workflows on GitHub Enterprise Server.</li>
</ul>
</li>
<li><strong>A change may be required</strong> for workflows on
GitHub.com hosted runners that are pinned to specific versions of the
CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>):
<ul>
<li>Previously, these workflows would obtain the latest version of
CodeQL from the Actions runner image.</li>
<li>Now, these workflows will download an older, compatible version of
CodeQL from GitHub Releases. To use this older version, no change is
required. To use the newest version of CodeQL, please update your
workflows to reference the latest version of the CodeQL Action
(<code>v2</code>).</li>
</ul>
</li>
<li><strong>Internal changes</strong>
<ul>
<li>These changes will not affect the majority of code scanning
workflows. Continue reading only if your workflow uses <a
href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@​actions/tool-cache</code></a>
or relies on the precise location of CodeQL within the Actions tool
cache.</li>
<li>The tool cache now contains <strong>two</strong> recent CodeQL
versions (previously <strong>one</strong>).</li>
<li>Each CodeQL version is located under a directory named after the
release date and version number, e.g. CodeQL 2.11.6 is now located under
<code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously
<code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li>
</ul>
</li>
</ul>
</li>
<li>The maximum number of <a
href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF
runs</a> per file has been increased from 15 to 20 for users uploading
SARIF files to GitHub.com. This change will help ensure that Code
Scanning can process SARIF files generated by third-party tools that
have many runs. See the <a
href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub
API documentation</a> for a list of all the limits around uploading
SARIF. This change will be released to GitHub Enterprise Server as part
of GHES 3.9.</li>
<li>Update default CodeQL bundle version to 2.12.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1498">#1498</a></li>
<li>Fix a bug that forced the <code>init</code> Action to run for at
least two minutes on JavaScript. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1494">#1494</a></li>
</ul>
<h2>2.1.39 - 18 Jan 2023</h2>
<ul>
<li>CodeQL Action v1 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v2. For more information, see <a
href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/">this
changelog post</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1467</a></li>
<li>Python automatic dependency installation will no longer fail for
projects using Poetry that specify <code>virtualenvs.options.no-pip =
true</code> in their <code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431">#1431</a></li>
<li>Avoid printing a stack trace and error message when the action fails
to find the SHA at the
current directory. This will happen in several non-error states and so
we now avoid cluttering the
log with this message. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1485">#1485</a></li>
</ul>
<h2>2.1.38 - 12 Jan 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1466</a></li>
</ul>
<h2>2.1.37 - 14 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.6. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1433">#1433</a></li>
</ul>
<h2>2.1.36 - 08 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1412">#1412</a></li>
<li>Add a step that tries to upload a SARIF file for the workflow run
when that workflow run fails. This will help better surface failed code
scanning workflow runs. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1393">#1393</a></li>
<li>Python automatic dependency installation will no longer consider
dependency code installed in venv as user-written, for projects using
Poetry that specify <code>virtualenvs.in-project = true</code> in their
<code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1419">#1419</a></li>
</ul>
<h2>2.1.35 - 01 Dec 2022</h2>
<p>No user facing changes.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="436dbd9100"><code>436dbd9</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1511">#1511</a>
from github/update-v2.2.0-43f1a6c70</li>
<li><a
href="d966969093"><code>d966969</code></a>
Remove $ from version number</li>
<li><a
href="f6d03f448d"><code>f6d03f4</code></a>
Update changelog for v2.2.0</li>
<li><a
href="43f1a6c701"><code>43f1a6c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1510">#1510</a>
from github/henrymercer/fix-fallback-version-number</li>
<li><a
href="75ae065ae6"><code>75ae065</code></a>
Fix computation of fallback version</li>
<li><a
href="0a9e9db27f"><code>0a9e9db</code></a>
Add failing regression test</li>
<li><a
href="24ca6b0400"><code>24ca6b0</code></a>
Send tools telemetry to <code>init</code> status report (<a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1497">#1497</a>)</li>
<li><a
href="ebf6415a7d"><code>ebf6415</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1493">#1493</a>
from github/aeisenberg/upload-sarif-limits</li>
<li><a
href="a58e90a9da"><code>a58e90a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1508">#1508</a>
from github/henrymercer/default-version-fallback</li>
<li><a
href="fdff4b0a17"><code>fdff4b0</code></a>
Update CHANGELOG.md</li>
<li>Additional commits viewable in <a
href="a34ca99b46...436dbd9100">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.39&new-version=2.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-27 08:55:41 -03:00
dependabot[bot]
4192f38550
chore(deps): bump actions/github-script from 6.3.3 to 6.4.0 (#3723) 
Bumps [actions/github-script](https://github.com/actions/github-script)
from 6.3.3 to 6.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v6.4.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump json5 from 2.1.3 to 2.2.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/319">actions/github-script#319</a></li>
<li>Bump minimatch from 3.0.4 to 3.1.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/320">actions/github-script#320</a></li>
<li>Add node-fetch by <a
href="https://github.com/danmichaelo"><code>@​danmichaelo</code></a> in
<a
href="https://github-redirect.dependabot.com/actions/github-script/pull/321">actions/github-script#321</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/jongwooo"><code>@​jongwooo</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/313">actions/github-script#313</a></li>
<li><a
href="https://github.com/austinvazquez"><code>@​austinvazquez</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/306">actions/github-script#306</a></li>
<li><a
href="https://github.com/danmichaelo"><code>@​danmichaelo</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/321">actions/github-script#321</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v6.3.3...v6.4.0">https://github.com/actions/github-script/compare/v6.3.3...v6.4.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="98814c53be"><code>98814c5</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/339">#339</a>
from actions/joshmgross/bump-package-version</li>
<li><a
href="ba6cf3fe7c"><code>ba6cf3f</code></a>
Bump version to 6.4.0</li>
<li><a
href="bcc389184d"><code>bcc3891</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/321">#321</a>
from danmichaelo/node-fetch</li>
<li><a
href="da8818015e"><code>da88180</code></a>
Merge <code>main</code></li>
<li><a
href="4d93f38890"><code>4d93f38</code></a>
Update dist and audit deps</li>
<li><a
href="0550e85801"><code>0550e85</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/336">#336</a>
from actions/joshmgross/minimatch-license</li>
<li><a
href="5420835fff"><code>5420835</code></a>
Merge branch 'main' into joshmgross/minimatch-license</li>
<li><a
href="03377835c3"><code>0337783</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/338">#338</a>
from actions/joshmgross/fix-dist</li>
<li><a
href="8c6dda0186"><code>8c6dda0</code></a>
Regenerate <code>dist</code></li>
<li><a
href="ee0d992b06"><code>ee0d992</code></a>
Use Node 16 in CI and examples</li>
<li>Additional commits viewable in <a
href="d556feaca3...98814c53be">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=6.3.3&new-version=6.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-27 08:55:28 -03:00
dependabot[bot]
71bc3f9ba1
chore(deps): bump anchore/sbom-action from 0.13.2 to 0.13.3 (#3724) 
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from
0.13.2 to 0.13.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.13.3</h2>
<h2>Changes in v0.13.3</h2>
<ul>
<li>Update Syft to v0.68.1 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/391">#391</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="07978da4bd"><code>07978da</code></a>
Update Syft to v0.68.1 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/391">#391</a>)</li>
<li>See full diff in <a
href="https://github.com/anchore/sbom-action/compare/v0.13.2...v0.13.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.13.2&new-version=0.13.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-27 08:55:18 -03:00
dependabot[bot]
d120e4dd36
chore(deps): bump anchore/sbom-action from 0.13.1 to 0.13.2 (#3720) 
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from
0.13.1 to 0.13.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.13.2</h2>
<h2>Changes in v0.13.2</h2>
<ul>
<li>Update Syft to v0.68.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/387">#387</a>)
[<a
href="https://github.com/anchore-actions-token-generator">anchore-actions-token-generator</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="54e36e45f3"><code>54e36e4</code></a>
feat: update Syft to v0.68.0 (<a
href="https://github-redirect.dependabot.com/anchore/sbom-action/issues/387">#387</a>)</li>
<li>See full diff in <a
href="https://github.com/anchore/sbom-action/compare/v0.13.1...v0.13.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.13.1&new-version=0.13.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-26 09:48:38 -03:00
dependabot[bot]
acaf730976
chore(deps): bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 (#3714) 
Bumps
[golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action)
from 3.3.1 to 3.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golangci/golangci-lint-action/releases">golangci/golangci-lint-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.4.0</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.42.0 to 5.42.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/601">golangci/golangci-lint-action#601</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.42.0 to 5.42.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/602">golangci/golangci-lint-action#602</a></li>
<li>build(deps-dev): bump eslint from 8.27.0 to 8.28.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/604">golangci/golangci-lint-action#604</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.42.1 to 5.43.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/605">golangci/golangci-lint-action#605</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.42.1 to 5.43.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/607">golangci/golangci-lint-action#607</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.43.0 to 5.44.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/609">golangci/golangci-lint-action#609</a></li>
<li>build(deps-dev): bump prettier from 2.7.1 to 2.8.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/611">golangci/golangci-lint-action#611</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.43.0 to 5.44.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/610">golangci/golangci-lint-action#610</a></li>
<li>build(deps-dev): bump typescript from 4.8.4 to 4.9.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/606">golangci/golangci-lint-action#606</a></li>
<li>build(deps): bump <code>@​types/node</code> from 18.11.9 to 18.11.10
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/614">golangci/golangci-lint-action#614</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.44.0 to 5.45.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/615">golangci/golangci-lint-action#615</a></li>
<li>build(deps-dev): bump eslint from 8.28.0 to 8.29.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/617">golangci/golangci-lint-action#617</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.44.0 to 5.45.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/616">golangci/golangci-lint-action#616</a></li>
<li>build(deps-dev): bump typescript from 4.9.3 to 4.9.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/619">golangci/golangci-lint-action#619</a></li>
<li>build(deps-dev): bump <code>@​vercel/ncc</code> from 0.34.0 to
0.36.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/620">golangci/golangci-lint-action#620</a></li>
<li>build(deps-dev): bump prettier from 2.8.0 to 2.8.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/622">golangci/golangci-lint-action#622</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.45.0 to 5.46.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/621">golangci/golangci-lint-action#621</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.45.0 to 5.46.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/623">golangci/golangci-lint-action#623</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.46.0 to 5.46.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/625">golangci/golangci-lint-action#625</a></li>
<li>build(deps): bump <code>@​types/node</code> from 18.11.10 to
18.11.17 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/628">golangci/golangci-lint-action#628</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.46.0 to 5.46.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/626">golangci/golangci-lint-action#626</a></li>
<li>build(deps-dev): bump eslint from 8.29.0 to 8.30.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/627">golangci/golangci-lint-action#627</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.46.1 to 5.47.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/633">golangci/golangci-lint-action#633</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.46.1 to 5.47.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/634">golangci/golangci-lint-action#634</a></li>
<li>build(deps): bump <code>@​actions/cache</code> from 3.0.6 to 3.1.0
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/632">golangci/golangci-lint-action#632</a></li>
<li>build(deps-dev): bump eslint from 8.30.0 to 8.31.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/635">golangci/golangci-lint-action#635</a></li>
<li>build(deps): bump <code>@​types/node</code> from 18.11.17 to
18.11.18 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/636">golangci/golangci-lint-action#636</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.47.0 to 5.47.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/637">golangci/golangci-lint-action#637</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.47.0 to 5.47.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/639">golangci/golangci-lint-action#639</a></li>
<li>build(deps): bump <code>@​actions/cache</code> from 3.1.0 to 3.1.1
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/638">golangci/golangci-lint-action#638</a></li>
<li>build(deps): bump json5 from 1.0.1 to 1.0.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/642">golangci/golangci-lint-action#642</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.47.1 to 5.48.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/643">golangci/golangci-lint-action#643</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.47.1 to 5.48.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/644">golangci/golangci-lint-action#644</a></li>
<li>build(deps-dev): bump prettier from 2.8.1 to 2.8.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/645">golangci/golangci-lint-action#645</a></li>
<li>build(deps-dev): bump eslint-config-prettier from 8.5.0 to 8.6.0 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/646">golangci/golangci-lint-action#646</a></li>
<li>build(deps): bump <code>@​actions/cache</code> from 3.1.1 to 3.1.2
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/647">golangci/golangci-lint-action#647</a></li>
<li>Support Caching in Mono Repo by <a
href="https://github.com/bbernays"><code>@​bbernays</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/629">golangci/golangci-lint-action#629</a></li>
<li>build(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.27.4 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/650">golangci/golangci-lint-action#650</a></li>
<li>build(deps-dev): bump prettier from 2.8.2 to 2.8.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/651">golangci/golangci-lint-action#651</a></li>
<li>build(deps-dev): bump eslint from 8.31.0 to 8.32.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/652">golangci/golangci-lint-action#652</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.48.0 to 5.48.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/653">golangci/golangci-lint-action#653</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.48.0 to 5.48.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/654">golangci/golangci-lint-action#654</a></li>
<li>build(deps-dev): bump eslint-plugin-import from 2.27.4 to 2.27.5 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/655">golangci/golangci-lint-action#655</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.48.1 to 5.48.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/656">golangci/golangci-lint-action#656</a></li>
<li>build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.48.1 to 5.48.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/657">golangci/golangci-lint-action#657</a></li>
<li>build(deps-dev): bump eslint-plugin-simple-import-sort from 8.0.0 to
9.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/pull/658">golangci/golangci-lint-action#658</a></li>
</ul>
<h2>New Contributors</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="08e2f20817"><code>08e2f20</code></a>
build(deps-dev): bump eslint-plugin-simple-import-sort from 8.0.0 to
9.0.0 (#...</li>
<li><a
href="8d110786c7"><code>8d11078</code></a>
build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.48.1 to 5.48.2 ...</li>
<li><a
href="724a5425db"><code>724a542</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.48.1 to 5.48.2 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/656">#656</a>)</li>
<li><a
href="ac0edcd804"><code>ac0edcd</code></a>
build(deps-dev): bump eslint-plugin-import from 2.27.4 to 2.27.5 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/655">#655</a>)</li>
<li><a
href="d6404ce293"><code>d6404ce</code></a>
build(deps-dev): bump <code>@​typescript-eslint/eslint-plugin</code>
from 5.48.0 to 5.48.1 ...</li>
<li><a
href="cb88bde406"><code>cb88bde</code></a>
build(deps-dev): bump <code>@​typescript-eslint/parser</code> from
5.48.0 to 5.48.1 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/653">#653</a>)</li>
<li><a
href="f26018a9c0"><code>f26018a</code></a>
build(deps-dev): bump eslint from 8.31.0 to 8.32.0 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/652">#652</a>)</li>
<li><a
href="78451d099c"><code>78451d0</code></a>
build(deps-dev): bump prettier from 2.8.2 to 2.8.3 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/651">#651</a>)</li>
<li><a
href="5570e66705"><code>5570e66</code></a>
build(deps-dev): bump eslint-plugin-import from 2.26.0 to 2.27.4 (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/650">#650</a>)</li>
<li><a
href="1626f2bd94"><code>1626f2b</code></a>
Support Caching in Mono Repo (<a
href="https://github-redirect.dependabot.com/golangci/golangci-lint-action/issues/629">#629</a>)</li>
<li>Additional commits viewable in <a
href="0ad9a0988b...08e2f20817">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=3.3.1&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-24 09:49:46 -03:00
dependabot[bot]
93b582b4bb
chore(deps): bump github/codeql-action from 2.1.38 to 2.1.39 (#3704) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.38 to 2.1.39.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.39 - 18 Jan 2023</h2>
<ul>
<li>CodeQL Action v1 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v2. For more information, see <a
href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/">this
changelog post</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1467</a></li>
<li>Python automatic dependency installation will no longer fail for
projects using Poetry that specify <code>virtualenvs.options.no-pip =
true</code> in their <code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431">#1431</a></li>
<li>Avoid printing a stack trace and error message when the action fails
to find the SHA at the
current directory. This will happen in several non-error states and so
we now avoid cluttering the
log with this message. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1485">#1485</a></li>
</ul>
<h2>2.1.38 - 12 Jan 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1466</a></li>
</ul>
<h2>2.1.37 - 14 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.6. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1433">#1433</a></li>
</ul>
<h2>2.1.36 - 08 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1412">#1412</a></li>
<li>Add a step that tries to upload a SARIF file for the workflow run
when that workflow run fails. This will help better surface failed code
scanning workflow runs. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1393">#1393</a></li>
<li>Python automatic dependency installation will no longer consider
dependency code installed in venv as user-written, for projects using
Poetry that specify <code>virtualenvs.in-project = true</code> in their
<code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1419">#1419</a></li>
</ul>
<h2>2.1.35 - 01 Dec 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.34 - 25 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1391">#1391</a></li>
<li>Fixed a bug where some the <code>init</code> action and the
<code>analyze</code> action would have different sets of experimental
feature flags enabled. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1384">#1384</a></li>
</ul>
<h2>2.1.33 - 16 Nov 2022</h2>
<ul>
<li>Go is now analyzed in the same way as other compiled languages such
as C/C++, C#, and Java. This completes the rollout of the feature
described in <a
href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL
Action version 2.1.27</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li>
<li>Bump the minimum CodeQL bundle version to 2.6.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li>
</ul>
<h2>2.1.32 - 14 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li>
<li>Update the ML-powered additional query pack for JavaScript to
version 0.4.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li>
</ul>
<h2>2.1.31 - 04 Nov 2022</h2>
<ul>
<li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been
updated to no longer report uses of hash functions such as
<code>MD5</code> and <code>SHA1</code> even if they are known to be
weak. These hash algorithms are used very often in non-sensitive
contexts, making the query too imprecise in practice. For more
information, see the corresponding change in the <a
href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql
repository</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a34ca99b46"><code>a34ca99</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1489">#1489</a>
from github/update-v2.1.39-597c2041</li>
<li><a
href="48fa82899a"><code>48fa828</code></a>
Update changelog for v2.1.39</li>
<li><a
href="597c204127"><code>597c204</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1481">#1481</a>
from github/henrymercer/discontinue-v1</li>
<li><a
href="e0fd640b0c"><code>e0fd640</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1487">#1487</a>
from github/aeisenberg/queries-check</li>
<li><a
href="d731c012c4"><code>d731c01</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1486">#1486</a>
from github/update-supported-enterprise-server-versions</li>
<li><a
href="6dfc772b5f"><code>6dfc772</code></a>
Add link to new changelog post</li>
<li><a
href="60e58b4a21"><code>60e58b4</code></a>
Merge branch 'main' into henrymercer/discontinue-v1</li>
<li><a
href="9b1206e898"><code>9b1206e</code></a>
Fix a bug in cli config parsing</li>
<li><a
href="40cfcb0a3f"><code>40cfcb0</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1485">#1485</a>
from github/aeisenberg/comitoid-message</li>
<li><a
href="e199504667"><code>e199504</code></a>
Update supported GitHub Enterprise Server versions.</li>
<li>Additional commits viewable in <a
href="515828d974...a34ca99b46">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.38&new-version=2.1.39)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-19 09:42:30 -03:00
dependabot[bot]
8ebefd251e
chore(deps): bump github/codeql-action from 2.1.37 to 2.1.38 (#3696) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.37 to 2.1.38.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.38 - 12 Jan 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1466</a></li>
</ul>
<h2>2.1.37 - 14 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.6. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1433">#1433</a></li>
</ul>
<h2>2.1.36 - 08 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1412">#1412</a></li>
<li>Add a step that tries to upload a SARIF file for the workflow run
when that workflow run fails. This will help better surface failed code
scanning workflow runs. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1393">#1393</a></li>
<li>Python automatic dependency installation will no longer consider
dependecy code installed in venv as user-written, for projects using
Poetry that specify <code>virtualenvs.in-project = true</code> in their
<code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1419">#1419</a>.</li>
</ul>
<h2>2.1.35 - 01 Dec 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.34 - 25 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1391">#1391</a></li>
<li>Fixed a bug where some the <code>init</code> action and the
<code>analyze</code> action would have different sets of experimental
feature flags enabled. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1384">#1384</a></li>
</ul>
<h2>2.1.33 - 16 Nov 2022</h2>
<ul>
<li>Go is now analyzed in the same way as other compiled languages such
as C/C++, C#, and Java. This completes the rollout of the feature
described in <a
href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL
Action version 2.1.27</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li>
<li>Bump the minimum CodeQL bundle version to 2.6.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li>
</ul>
<h2>2.1.32 - 14 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li>
<li>Update the ML-powered additional query pack for JavaScript to
version 0.4.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li>
</ul>
<h2>2.1.31 - 04 Nov 2022</h2>
<ul>
<li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been
updated to no longer report uses of hash functions such as
<code>MD5</code> and <code>SHA1</code> even if they are known to be
weak. These hash algorithms are used very often in non-sensitive
contexts, making the query too imprecise in practice. For more
information, see the corresponding change in the <a
href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql
repository</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li>
</ul>
<h2>2.1.30 - 02 Nov 2022</h2>
<ul>
<li>Improve the error message when using CodeQL bundle version 2.7.2 and
earlier in a workflow that runs on a runner image such as
<code>ubuntu-22.04</code> that uses glibc version 2.34 and later. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1334">#1334</a></li>
</ul>
<h2>2.1.29 - 26 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="515828d974"><code>515828d</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1476">#1476</a>
from github/update-v2.1.38-70fdddff</li>
<li><a
href="caa49ae471"><code>caa49ae</code></a>
Update changelog for v2.1.38</li>
<li><a
href="70fdddff11"><code>70fdddf</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1474">#1474</a>
from github/henrymercer/fix-ghae-setup-test</li>
<li><a
href="6ba0a36550"><code>6ba0a36</code></a>
Add JSDoc for <code>mockDownloadApi</code></li>
<li><a
href="4a918790cd"><code>4a91879</code></a>
Merge branch 'main' into henrymercer/fix-ghae-setup-test</li>
<li><a
href="42d6d35dd1"><code>42d6d35</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1464">#1464</a>
from github/aeisenberg/externalRepoTokenConfigParsing</li>
<li><a
href="e009918fbc"><code>e009918</code></a>
Merge branch 'main' into aeisenberg/externalRepoTokenConfigParsing</li>
<li><a
href="70a288daae"><code>70a288d</code></a>
Merge branch 'main' into henrymercer/fix-ghae-setup-test</li>
<li><a
href="bdc7c5d203"><code>bdc7c5d</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1466">#1466</a>
from github/dbartol/bundle-20230105</li>
<li><a
href="272d916f23"><code>272d916</code></a>
Address comments from PR</li>
<li>Additional commits viewable in <a
href="959cbb7472...515828d974">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.37&new-version=2.1.38)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-13 10:20:58 -03:00
Carlos A Becker
e90193b6e8
build: only notify generate-releases on a release 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-01-11 09:40:12 -03:00
Carlos A Becker
17cd672149
build: use go 1.19.5 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2023-01-11 09:18:25 -03:00
Artur Troian
0f8de79473
build: notify goreleaser-cross about new release (#3685) 
Signed-off-by: Artur Troian <troian.ap@gmail.com>

Signed-off-by: Artur Troian <troian.ap@gmail.com>
 2023-01-09 14:45:29 -03:00
dependabot[bot]
5388005912
chore(deps): bump actions/cache from 3.2.2 to 3.2.3 (#3687) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.2 to
3.2.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Add Mint example by <a
href="https://github.com/uhooi"><code>@​uhooi</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1051">actions/cache#1051</a></li>
<li>Fixed broken link by <a
href="https://github.com/kotewar"><code>@​kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1057">actions/cache#1057</a></li>
<li>Add support to opt-in enable cross-os caching on windows by <a
href="https://github.com/Phantsure"><code>@​Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1056">actions/cache#1056</a></li>
<li>Release support for cross-os caching as opt-in feature by <a
href="https://github.com/Phantsure"><code>@​Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1060">actions/cache#1060</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/uhooi"><code>@​uhooi</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1051">actions/cache#1051</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.2.3">https://github.com/actions/cache/compare/v3...v3.2.3</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<h3>3.0.11</h3>
<ul>
<li>Update toolkit version to 3.0.5 to include
<code>@actions/core@^1.10.0</code></li>
<li>Update <code>@actions/cache</code> to use updated
<code>saveState</code> and <code>setOutput</code> functions from
<code>@actions/core@^1.10.0</code></li>
</ul>
<h3>3.1.0-beta.1</h3>
<ul>
<li>Update <code>@actions/cache</code> on windows to use gnu tar and
zstd by default and fallback to bsdtar and zstd if gnu tar is not
available. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li>
</ul>
<h3>3.1.0-beta.2</h3>
<ul>
<li>Added support for fallback to gzip to restore old caches on
windows.</li>
</ul>
<h3>3.1.0-beta.3</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="58c146cc91"><code>58c146c</code></a>
Release support for cross-os caching as opt-in feature (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1060">#1060</a>)</li>
<li><a
href="6fd2d4538c"><code>6fd2d45</code></a>
Add support to opt-in enable cross-os caching on windows (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1056">#1056</a>)</li>
<li><a
href="1f414295fe"><code>1f41429</code></a>
Fixed broken link (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1057">#1057</a>)</li>
<li><a
href="365406cb70"><code>365406c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1051">#1051</a>
from uhooi/feature/add_mint_example</li>
<li><a
href="d6217569d5"><code>d621756</code></a>
Update Mint example</li>
<li><a
href="84e54000da"><code>84e5400</code></a>
Merge remote-tracking branch 'origin/main' into
feature/add_mint_example</li>
<li>See full diff in <a
href="4723a57e26...58c146cc91">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.2.2&new-version=3.2.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-09 09:23:07 -03:00
dependabot[bot]
d80b937827
chore(deps): bump actions/checkout from 3.2.0 to 3.3.0 (#3683) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.2.0
to 3.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v3.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Implement branch list using callbacks from exec function by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1045">actions/checkout#1045</a></li>
<li>Add in explicit reference to private checkout options by <a
href="https://github.com/vanZeben"><code>@​vanZeben</code></a> in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1050">actions/checkout#1050</a></li>
<li>Fix comment typos (that got added in <a
href="https://github-redirect.dependabot.com/actions/checkout/issues/770">#770</a>)
by <a href="https://github.com/lurch"><code>@​lurch</code></a> in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1057">actions/checkout#1057</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/vanZeben"><code>@​vanZeben</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1050">actions/checkout#1050</a></li>
<li><a href="https://github.com/lurch"><code>@​lurch</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/checkout/pull/1057">actions/checkout#1057</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v3.2.0...v3.3.0">https://github.com/actions/checkout/compare/v3.2.0...v3.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ac59398561"><code>ac59398</code></a>
Fix comment typos (that got added in <a
href="https://github-redirect.dependabot.com/actions/checkout/issues/770">#770</a>)
(<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/1057">#1057</a>)</li>
<li><a
href="3ba5ee6fac"><code>3ba5ee6</code></a>
Add in explicit reference to private checkout options (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/1050">#1050</a>)</li>
<li><a
href="8856415920"><code>8856415</code></a>
Implement branch list using callbacks from exec function (<a
href="https://github-redirect.dependabot.com/actions/checkout/issues/1045">#1045</a>)</li>
<li>See full diff in <a
href="755da8c3cf...ac59398561">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.2.0&new-version=3.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-06 09:20:17 -03:00
Carlos A Becker
b4e0439f4d
Merge remote-tracking branch 'origin/main' 2022-12-30 22:50:26 -03:00
dependabot[bot]
3bcd4c6f28
chore(deps): Bump benc-uk/workflow-dispatch from 1 to 121 (#3675) 2022-12-30 09:13:12 -03:00
Carlos A Becker
09b76aa090
docs: fix descriptions 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-12-29 21:57:42 -03:00
Carlos A Becker
02e2dfddf2
docs: update workflows 
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-12-29 15:02:27 -03:00
Carlos Alexandro Becker
232c982fb0
docs: improve build (#3674) 
- generate releases.json et al on our github actions workflow
- use those when building and also on our `run` script
- new releases will dispatch the workflow so it re-generates the needed
files

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-12-29 14:55:45 -03:00
dependabot[bot]
04410be510
chore(deps): Bump actions/cache from 3.2.1 to 3.2.2 (#3664) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.1 to
3.2.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix formatting error in restore/README.md by <a
href="https://github.com/me-and"><code>@​me-and</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1044">actions/cache#1044</a></li>
<li>save/README.md: Fix typo in example by <a
href="https://github.com/mmuetzel"><code>@​mmuetzel</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1040">actions/cache#1040</a></li>
<li>README.md: remove outdated Windows cache tip link by <a
href="https://github.com/me-and"><code>@​me-and</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1042">actions/cache#1042</a></li>
<li>Revert compression changes related to windows but keep version
logging by <a
href="https://github.com/Phantsure"><code>@​Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1049">actions/cache#1049</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/me-and"><code>@​me-and</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1044">actions/cache#1044</a></li>
<li><a href="https://github.com/mmuetzel"><code>@​mmuetzel</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1040">actions/cache#1040</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3.2.1...v3.2.2">https://github.com/actions/cache/compare/v3.2.1...v3.2.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<h3>3.0.11</h3>
<ul>
<li>Update toolkit version to 3.0.5 to include
<code>@actions/core@^1.10.0</code></li>
<li>Update <code>@actions/cache</code> to use updated
<code>saveState</code> and <code>setOutput</code> functions from
<code>@actions/core@^1.10.0</code></li>
</ul>
<h3>3.1.0-beta.1</h3>
<ul>
<li>Update <code>@actions/cache</code> on windows to use gnu tar and
zstd by default and fallback to bsdtar and zstd if gnu tar is not
available. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li>
</ul>
<h3>3.1.0-beta.2</h3>
<ul>
<li>Added support for fallback to gzip to restore old caches on
windows.</li>
</ul>
<h3>3.1.0-beta.3</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4723a57e26"><code>4723a57</code></a>
Revert compression changes related to windows but keep version logging
(<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1049">#1049</a>)</li>
<li><a
href="d1507cccba"><code>d1507cc</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1042">#1042</a>
from me-and/correct-readme-re-windows</li>
<li><a
href="3337563725"><code>3337563</code></a>
Merge branch 'main' into correct-readme-re-windows</li>
<li><a
href="60c7666709"><code>60c7666</code></a>
save/README.md: Fix typo in example (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1040">#1040</a>)</li>
<li><a
href="b053f2b699"><code>b053f2b</code></a>
Fix formatting error in restore/README.md (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1044">#1044</a>)</li>
<li><a
href="501277cfd7"><code>501277c</code></a>
README.md: remove outdated Windows cache tip link</li>
<li>See full diff in <a
href="c1a5de879e...4723a57e26">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.2.1&new-version=3.2.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-28 10:02:31 -03:00
dependabot[bot]
89856068b8
chore(deps): Bump actions/cache from 3.2.0 to 3.2.1 (#3658) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.0 to
3.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Release compression related changes for windows by <a
href="https://github.com/Phantsure"><code>@​Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1039">actions/cache#1039</a></li>
<li>Upgrade codeql to v2 by <a
href="https://github.com/Phantsure"><code>@​Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1023">actions/cache#1023</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3.2.0...v3.2.1">https://github.com/actions/cache/compare/v3.2.0...v3.2.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<h3>3.0.11</h3>
<ul>
<li>Update toolkit version to 3.0.5 to include
<code>@actions/core@^1.10.0</code></li>
<li>Update <code>@actions/cache</code> to use updated
<code>saveState</code> and <code>setOutput</code> functions from
<code>@actions/core@^1.10.0</code></li>
</ul>
<h3>3.1.0-beta.1</h3>
<ul>
<li>Update <code>@actions/cache</code> on windows to use gnu tar and
zstd by default and fallback to bsdtar and zstd if gnu tar is not
available. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li>
</ul>
<h3>3.1.0-beta.2</h3>
<ul>
<li>Added support for fallback to gzip to restore old caches on
windows.</li>
</ul>
<h3>3.1.0-beta.3</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c1a5de879e"><code>c1a5de8</code></a>
Upgrade codeql to v2 (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1023">#1023</a>)</li>
<li><a
href="9b0be58822"><code>9b0be58</code></a>
Release compression related changes for windows (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1039">#1039</a>)</li>
<li>See full diff in <a
href="c17f4bf466...c1a5de879e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.2.0&new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-23 08:57:15 -03:00
dependabot[bot]
6c9adcb1c7
chore(deps): bump actions/cache from 3.0.11 to 3.2.0 (#3657) 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.11 to
3.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>fix wrong timeout env var key in README.md by <a
href="https://github.com/walterddr"><code>@​walterddr</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/959">actions/cache#959</a></li>
<li>Updated release doc with correct env variable by <a
href="https://github.com/kotewar"><code>@​kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/960">actions/cache#960</a></li>
<li>Create pull_request_template.md by <a
href="https://github.com/pdotl"><code>@​pdotl</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/963">actions/cache#963</a></li>
<li>Update README with clearer info about cache-hit and its value by <a
href="https://github.com/kotewar"><code>@​kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/961">actions/cache#961</a></li>
<li>Change datadog/squid to Ubuntu/squid in CI check by <a
href="https://github.com/bishal-pdMSFT"><code>@​bishal-pdMSFT</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/976">actions/cache#976</a></li>
<li>Add more details to version section in readme by <a
href="https://github.com/bishal-pdMSFT"><code>@​bishal-pdMSFT</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/971">actions/cache#971</a></li>
<li>Update hashFiles documentation reference by <a
href="https://github.com/asaf400"><code>@​asaf400</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/979">actions/cache#979</a></li>
<li>Updated link for cache segment download info by <a
href="https://github.com/kotewar"><code>@​kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/986">actions/cache#986</a></li>
<li>Readme update for deleting caches by <a
href="https://github.com/t-dedah"><code>@​t-dedah</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/981">actions/cache#981</a></li>
<li>Add oncall logic to assign issues and PRs by <a
href="https://github.com/vsvipul"><code>@​vsvipul</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/997">actions/cache#997</a></li>
<li>Bump minimatch from 3.0.4 to 3.1.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/998">actions/cache#998</a></li>
<li>Revert &quot;Bump minimatch from 3.0.4 to 3.1.2&quot; by <a
href="https://github.com/vsvipul"><code>@​vsvipul</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1005">actions/cache#1005</a></li>
<li>Fix npm vulnerability by <a
href="https://github.com/Phantsure"><code>@​Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1007">actions/cache#1007</a></li>
<li>refactor: Use early return pattern to avoid nested conditions by <a
href="https://github.com/jongwooo"><code>@​jongwooo</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1013">actions/cache#1013</a></li>
<li>Use cache in check-dist.yml by <a
href="https://github.com/jongwooo"><code>@​jongwooo</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1004">actions/cache#1004</a></li>
<li>chore: Use built-in cache action to cache dependencies by <a
href="https://github.com/jongwooo"><code>@​jongwooo</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1014">actions/cache#1014</a></li>
<li>Updated node example by <a
href="https://github.com/t-dedah"><code>@​t-dedah</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1008">actions/cache#1008</a></li>
<li>Fix: Node npm doc example by <a
href="https://github.com/apascualm"><code>@​apascualm</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1026">actions/cache#1026</a></li>
<li>docs: fix an invalid link in workarounds.md by <a
href="https://github.com/teatimeguest"><code>@​teatimeguest</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/929">actions/cache#929</a></li>
<li>General Availability release for granular cache by <a
href="https://github.com/kotewar"><code>@​kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1035">actions/cache#1035</a>
More details here on <a
href="https://github.com/actions/cache/discussions/1020">beta</a>
release.</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/walterddr"><code>@​walterddr</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/959">actions/cache#959</a></li>
<li><a href="https://github.com/asaf400"><code>@​asaf400</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/979">actions/cache#979</a></li>
<li><a href="https://github.com/jongwooo"><code>@​jongwooo</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1013">actions/cache#1013</a></li>
<li><a href="https://github.com/apascualm"><code>@​apascualm</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1026">actions/cache#1026</a></li>
<li><a
href="https://github.com/teatimeguest"><code>@​teatimeguest</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/929">actions/cache#929</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.2.0">https://github.com/actions/cache/compare/v3...v3.2.0</a></p>
<h2>v3.2.0-beta.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Actions Cache Granular Control Implementation by <a
href="https://github.com/kotewar"><code>@​kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1006">actions/cache#1006</a></li>
</ul>
<h2>v3.1.0-beta.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Bug fixes for bsdtar fallback, if gnutar not available, and gzip
fallback, if cache saved using old cache action, on windows.</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3.1.0-beta.2...v3.1.0-beta.3">https://github.com/actions/cache/compare/v3.1.0-beta.2...v3.1.0-beta.3</a></p>
<h2>v3.1.0-beta.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Updated node example by <a
href="https://github.com/t-dedah"><code>@​t-dedah</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1008">actions/cache#1008</a></li>
<li>Release cache <code>3.1.0-beta.2</code> with gzip fallback for old
cache by <a
href="https://github.com/Phantsure"><code>@​Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1022">actions/cache#1022</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3.1.0-beta.1...v3.1.0-beta.2">https://github.com/actions/cache/compare/v3.1.0-beta.1...v3.1.0-beta.2</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files &gt; 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<h3>3.0.11</h3>
<ul>
<li>Update toolkit version to 3.0.5 to include
<code>@actions/core@^1.10.0</code></li>
<li>Update <code>@actions/cache</code> to use updated
<code>saveState</code> and <code>setOutput</code> functions from
<code>@actions/core@^1.10.0</code></li>
</ul>
<h3>3.1.0-beta.1</h3>
<ul>
<li>Update <code>@actions/cache</code> on windows to use gnu tar and
zstd by default and fallback to bsdtar and zstd if gnu tar is not
available. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li>
</ul>
<h3>3.1.0-beta.2</h3>
<ul>
<li>Added support for fallback to gzip to restore old caches on
windows.</li>
</ul>
<h3>3.1.0-beta.3</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c17f4bf466"><code>c17f4bf</code></a>
GA for granular cache (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1035">#1035</a>)</li>
<li><a
href="ac25611cae"><code>ac25611</code></a>
docs: fix an invalid link in workarounds.md (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/929">#929</a>)</li>
<li><a
href="dc097e3bb9"><code>dc097e3</code></a>
Update examples.md (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1026">#1026</a>)</li>
<li><a
href="fb86cbf360"><code>fb86cbf</code></a>
Updated node example (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1008">#1008</a>)</li>
<li><a
href="a57932faba"><code>a57932f</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1014">#1014</a>
from jongwooo/chore/use-built-in-cache-action</li>
<li><a
href="04b13caea4"><code>04b13ca</code></a>
chore: Use built-in cache action to cache dependencies</li>
<li><a
href="941bc71a24"><code>941bc71</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1004">#1004</a>
from jongwooo/chore/use-cache-in-check-dist</li>
<li><a
href="08d8639046"><code>08d8639</code></a>
Merge branch 'main' into chore/use-cache-in-check-dist</li>
<li><a
href="a2f324eeb7"><code>a2f324e</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1013">#1013</a>
from jongwooo/refactor/use-early-return-pattern-to-a...</li>
<li><a
href="35f4702f6c"><code>35f4702</code></a>
refactor: Use early return pattern to avoid nested conditions</li>
<li>Additional commits viewable in <a
href="9b0c1fce7a...c17f4bf466">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.0.11&new-version=3.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-22 09:13:39 -03:00
dependabot[bot]
0d5b669642
chore(deps): bump github/codeql-action from 2.1.36 to 2.1.37 (#3645) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.36 to 2.1.37.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.37 - 14 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.6. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1433">#1433</a></li>
</ul>
<h2>2.1.36 - 08 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1412">#1412</a></li>
<li>Add a step that tries to upload a SARIF file for the workflow run
when that workflow run fails. This will help better surface failed code
scanning workflow runs. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1393">#1393</a></li>
<li>Python automatic dependency installation will no longer consider
dependecy code installed in venv as user-written, for projects using
Poetry that specify <code>virtualenvs.in-project = true</code> in their
<code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1419">#1419</a>.</li>
</ul>
<h2>2.1.35 - 01 Dec 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.34 - 25 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1391">#1391</a></li>
<li>Fixed a bug where some the <code>init</code> action and the
<code>analyze</code> action would have different sets of experimental
feature flags enabled. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1384">#1384</a></li>
</ul>
<h2>2.1.33 - 16 Nov 2022</h2>
<ul>
<li>Go is now analyzed in the same way as other compiled languages such
as C/C++, C#, and Java. This completes the rollout of the feature
described in <a
href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL
Action version 2.1.27</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li>
<li>Bump the minimum CodeQL bundle version to 2.6.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li>
</ul>
<h2>2.1.32 - 14 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li>
<li>Update the ML-powered additional query pack for JavaScript to
version 0.4.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li>
</ul>
<h2>2.1.31 - 04 Nov 2022</h2>
<ul>
<li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been
updated to no longer report uses of hash functions such as
<code>MD5</code> and <code>SHA1</code> even if they are known to be
weak. These hash algorithms are used very often in non-sensitive
contexts, making the query too imprecise in practice. For more
information, see the corresponding change in the <a
href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql
repository</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li>
</ul>
<h2>2.1.30 - 02 Nov 2022</h2>
<ul>
<li>Improve the error message when using CodeQL bundle version 2.7.2 and
earlier in a workflow that runs on a runner image such as
<code>ubuntu-22.04</code> that uses glibc version 2.34 and later. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1334">#1334</a></li>
</ul>
<h2>2.1.29 - 26 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li>
</ul>
<h2>2.1.28 - 18 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="959cbb7472"><code>959cbb7</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1436">#1436</a>
from github/update-v2.1.37-d58039a1</li>
<li><a
href="10ca836463"><code>10ca836</code></a>
Update changelog for v2.1.37</li>
<li><a
href="d58039a1e3"><code>d58039a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1435">#1435</a>
from github/orhantoy/add-CODE_SCANNING_REF-tests</li>
<li><a
href="37a4496237"><code>37a4496</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1433">#1433</a>
from github/henrymercer/use-codeql-2.11.6</li>
<li><a
href="b7028afcb4"><code>b7028af</code></a>
Make sure env is reset between tests</li>
<li><a
href="f629dada4c"><code>f629dad</code></a>
Merge branch 'main' into henrymercer/use-codeql-2.11.6</li>
<li><a
href="ccee4c68ff"><code>ccee4c6</code></a>
Add tests for CODE_SCANNING_REF</li>
<li><a
href="899bf9c076"><code>899bf9c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1432">#1432</a>
from github/henrymercer/init-post-telemetry</li>
<li><a
href="dd7c3ef80e"><code>dd7c3ef</code></a>
Remove debugging log statements</li>
<li><a
href="b7b875efff"><code>b7b875e</code></a>
Reuse existing fields in post-init status report</li>
<li>Additional commits viewable in <a
href="a669cc5936...959cbb7472">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.36&new-version=2.1.37)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-15 10:16:31 -03:00
Carlos Alexandro Becker
cac3f17562
feat(deps): build with go 1.19.4 (#3644) 
latest and greatest

Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
 2022-12-14 15:23:40 -03:00
dependabot[bot]
f05b211b61
chore(deps): bump actions/setup-go from 3.4.0 to 3.5.0 (#3643) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.4.0
to 3.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>Add support for stable and oldstable aliases</h2>
<p>In scope of this release we introduce aliases for the
<code>go-version</code> input. The <code>stable</code> alias instals the
latest stable version of Go. The <code>oldstable</code> alias installs
previous latest minor release (the stable is 1.19.x -&gt; the oldstable
is 1.18.x).</p>
<h3>Stable</h3>
<pre lang="yaml"><code>steps:
  - uses: actions/checkout@v3
  - uses: actions/setup-go@v3
    with:
      go-version: 'stable'
  - run: go run hello.go
</code></pre>
<h3>OldStable</h3>
<pre lang="yaml"><code>steps:
  - uses: actions/checkout@v3
  - uses: actions/setup-go@v3
    with:
      go-version: 'oldstable'
  - run: go run hello.go
</code></pre>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6edd4406fa"><code>6edd440</code></a>
fix log for stable aliases (<a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/303">#303</a>)</li>
<li><a
href="38dbe75f81"><code>38dbe75</code></a>
Add stable and oldstable aliases (<a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/300">#300</a>)</li>
<li><a
href="30c39bfe0c"><code>30c39bf</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/setup-go/issues/301">#301</a>
from jongwooo/chore/use-cache-in-check-dist</li>
<li><a
href="8377b69a56"><code>8377b69</code></a>
Use cache in check-dist.yml</li>
<li>See full diff in <a
href="d0a58c1c4d...6edd4406fa">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=3.4.0&new-version=3.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-12-14 12:09:30 -03:00