- improves deprecation warning styles a bit so they caught the readers
eye faster and are easier to read
- warns if the user uses `builds.target` in conjunction with other
options which are ignored in that case
- improved env output
- improved no configuration found warning
some of the changes:
<img width="1263" alt="CleanShot 2023-07-24 at 21 38 41@2x"
src="https://github.com/goreleaser/goreleaser/assets/245435/40465853-7177-44d6-b07b-61b67590669a">
---------
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Bumps the gomod-deps group with 3 updates:
[github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab),
[gocloud.dev](https://github.com/google/go-cloud) and
[go.uber.org/automaxprocs](https://github.com/uber-go/automaxprocs).
Updates `github.com/xanzy/go-gitlab` from 0.86.0 to 0.88.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7e3c23c9c2"><code>7e3c23c</code></a>
Update pipeline tests</li>
<li><a
href="2ac3eea05f"><code>2ac3eea</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1758">#1758</a>
from billiechar/billiechar-snippet-moves</li>
<li><a
href="ddb5ca0974"><code>ddb5ca0</code></a>
Update the PR to make the code consistent</li>
<li><a
href="a4d27d6848"><code>a4d27d6</code></a>
Merge pull request <a
href="https://redirect.github.com/xanzy/go-gitlab/issues/1759">#1759</a>
from PatrickRice-KSC/add-missing-housekeeping-setting</li>
<li><a
href="a42af8593e"><code>a42af85</code></a>
Change PipelineTestCases.SystemOutput to interface{}</li>
<li><a
href="89486a0530"><code>89486a0</code></a>
Add missing housekeeping setting</li>
<li><a
href="852645c772"><code>852645c</code></a>
Update tests</li>
<li><a
href="f2c344ca14"><code>f2c344c</code></a>
Use separate options for each schedule</li>
<li><a
href="86dd6321cd"><code>86dd632</code></a>
Add snippet repository storage move APIs</li>
<li><a
href="3c1f9bfa0d"><code>3c1f9bf</code></a>
Use io.ReadAll instead of ioutil.ReadAll</li>
<li>Additional commits viewable in <a
href="https://github.com/xanzy/go-gitlab/compare/v0.86.0...v0.88.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `gocloud.dev` from 0.30.0 to 0.32.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/go-cloud/releases">gocloud.dev's
releases</a>.</em></p>
<blockquote>
<h2>v0.32.0</h2>
<p>Redoing <code>v0.31.0</code> since I think I messed up the tags.
Copying the release notes:</p>
<p><strong>all</strong></p>
<ul>
<li>Update <code>go</code> version in <code>go.mod</code> to maintain
cleaner <code>go.mod</code> and <code>go.sum</code> files.</li>
</ul>
<p><strong>blob</strong></p>
<ul>
<li><strong>all</strong>: Pass through reader/writer to
<code>WriteTo</code>/<code>ReadFrom</code> if available
(optimization).</li>
<li><strong>all</strong>: Make <code>blob.Bucket</code> implement
<code>io/fs.FS</code> and <code>io/fs.SubFS</code>.</li>
<li><strong>gcsblob</strong>: Add support for forcing an unauthenticated
client.</li>
</ul>
<p><strong>server</strong></p>
<ul>
<li>Make <code>requestlog</code> internal structs implement
<code>http.Flusher</code>.</li>
<li>Don't always read the full request in order to calculate the request
size; use <code>Content-Length</code> when available.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="728b7c1395"><code>728b7c1</code></a>
all: prerelease take 2 (<a
href="https://redirect.github.com/google/go-cloud/issues/3278">#3278</a>)</li>
<li><a
href="838a8fd9b6"><code>838a8fd</code></a>
all: prerelease (<a
href="https://redirect.github.com/google/go-cloud/issues/3277">#3277</a>)</li>
<li><a
href="0f33c81c8d"><code>0f33c81</code></a>
all: add dragonfly build to test suite (<a
href="https://redirect.github.com/google/go-cloud/issues/3268">#3268</a>)</li>
<li><a
href="bfd1b284ad"><code>bfd1b28</code></a>
all: update dependencies (<a
href="https://redirect.github.com/google/go-cloud/issues/3276">#3276</a>)</li>
<li><a
href="8d4590ac1e"><code>8d4590a</code></a>
server/requestlog: Don't consume entire body just to get a request size
(<a
href="https://redirect.github.com/google/go-cloud/issues/3274">#3274</a>)</li>
<li><a
href="a1d9f4295c"><code>a1d9f42</code></a>
server/requestlog: make responseStats implement http.Flusher (<a
href="https://redirect.github.com/google/go-cloud/issues/3275">#3275</a>)</li>
<li><a
href="8cab06ea13"><code>8cab06e</code></a>
blob/gcsblob: add support for forcing an authenticated client (<a
href="https://redirect.github.com/google/go-cloud/issues/3273">#3273</a>)</li>
<li><a
href="0e5728dd33"><code>0e5728d</code></a>
blob: make blob.Bucket implement io/fs.FS and io/fs.SubFS (<a
href="https://redirect.github.com/google/go-cloud/issues/3272">#3272</a>)</li>
<li><a
href="a655179223"><code>a655179</code></a>
all: update go.mod files to go 1.19 (<a
href="https://redirect.github.com/google/go-cloud/issues/3271">#3271</a>)</li>
<li><a
href="8385fc39c7"><code>8385fc3</code></a>
blob: pass through reader/writer to
<code>WriteTo</code>/<code>ReadFrom</code> if available (<a
href="https://redirect.github.com/google/go-cloud/issues/3267">#3267</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/google/go-cloud/compare/v0.30.0...v0.32.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `go.uber.org/automaxprocs` from 1.5.2 to 1.5.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/uber-go/automaxprocs/releases">go.uber.org/automaxprocs's
releases</a>.</em></p>
<blockquote>
<h2>v1.5.3</h2>
<ul>
<li>Fix mountinfo parsing when super options have fields with
spaces.</li>
<li>Fix division by zero while parsing cgroups.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/uber-go/automaxprocs/blob/master/CHANGELOG.md">go.uber.org/automaxprocs's
changelog</a>.</em></p>
<blockquote>
<h2>v1.5.3 (2023-07-19)</h2>
<ul>
<li>Fix mountinfo parsing when super options have fields with
spaces.</li>
<li>Fix division by zero while parsing cgroups.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e83e959d88"><code>e83e959</code></a>
Release v1.5.3 (<a
href="https://redirect.github.com/uber-go/automaxprocs/issues/77">#77</a>)</li>
<li><a
href="94404505e0"><code>9440450</code></a>
Update actions (<a
href="https://redirect.github.com/uber-go/automaxprocs/issues/76">#76</a>)</li>
<li><a
href="4b0a5c9c3c"><code>4b0a5c9</code></a>
set CI perms to readonly (<a
href="https://redirect.github.com/uber-go/automaxprocs/issues/75">#75</a>)</li>
<li><a
href="c64632e175"><code>c64632e</code></a>
Drop Go 1.17 and Go 1.18 from CI (<a
href="https://redirect.github.com/uber-go/automaxprocs/issues/74">#74</a>)</li>
<li><a
href="60f22786b2"><code>60f2278</code></a>
fix: mountinfo parsing (<a
href="https://redirect.github.com/uber-go/automaxprocs/issues/73">#73</a>)</li>
<li><a
href="d064ede19d"><code>d064ede</code></a>
Fix division by zero (<a
href="https://redirect.github.com/uber-go/automaxprocs/issues/71">#71</a>)</li>
<li>See full diff in <a
href="https://github.com/uber-go/automaxprocs/compare/v1.5.2...v1.5.3">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
If an archive filename contains `/` characters, they can sneak into
Winget's `RelativeFilePath`.
In this PR, I make sure that `RelativeFilePath` only uses `\` directory
separators.
Bumps golang from `e959001` to `7839c9f`.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This commit adds a `make_latest` boolean to the release configuration,
to allow signaling to GitHub if the release should be marked as latest.
Albeit being a boolean, the internal Go type is a string to allow
to distinguish an empty string (default behavior: `true`) from an
explicit `false`.
For more information around the GitHub API field, see
https://docs.github.com/en/rest/releases/releases?apiVersion=2022-11-28#create-a-release
I did not include the `legacy` option, to not adopt something which
appears to be scheduled for removal in the future.
In addition, I opted for `make_latest` over `latest` because the
option is only available for GitHub. Which keeps the latter key
reserved for e.g. future use of a config option which is used across
Git providers.
Fixes#4159
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
This commit adds a `make_latest` boolean to the release configuration,
to allow signaling to GitHub if the release should be marked as latest.
Albeit being a boolean, the internal Go type is a string to allow
to distinguish an empty string (default behavior: `true`) from an
explicit `false`.
For more information around the GitHub API field, see
https://docs.github.com/en/rest/releases/releases?apiVersion=2022-11-28#create-a-release
I did not include the `legacy` option, to not adopt something which
appears to be scheduled for removal in the future.
In addition, I opted for `make_latest` over `latest` because the
option is only available for GitHub. Which keeps the latter key
reserved for e.g. future use of a config option which is used across
Git providers.
Fixes#4159
Signed-off-by: Hidde Beydals <hidde@hhh.computer>
Bumps golang from 1.20.5-alpine to 1.20.6-alpine.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the gomod-deps group with 3 updates:
[golang.org/x/crypto](https://github.com/golang/crypto),
[golang.org/x/oauth2](https://github.com/golang/oauth2) and
[golang.org/x/tools](https://github.com/golang/tools).
Updates `golang.org/x/crypto` from 0.10.0 to 0.11.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e98487292d"><code>e984872</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="183630ada7"><code>183630a</code></a>
x509roots: generate a stable sort, for real this time</li>
<li><a
href="a9e447dde7"><code>a9e447d</code></a>
x509roots/fallback: add //go:build go1.20 to bundle.go</li>
<li><a
href="64c3993f5c"><code>64c3993</code></a>
ssh: add hmac-sha2-512</li>
<li><a
href="5fe8145aca"><code>5fe8145</code></a>
x509roots: remove list hash and generation date, change ordering</li>
<li><a
href="043e94c17a"><code>043e94c</code></a>
x509roots: fix generate script argument checking</li>
<li><a
href="0d502d7cd6"><code>0d502d7</code></a>
x509roots: use "generate" build tag</li>
<li><a
href="0ff60057bb"><code>0ff6005</code></a>
ssh/test: set a timeout and WaitDelay on sshd subcommands</li>
<li>See full diff in <a
href="https://github.com/golang/crypto/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `golang.org/x/oauth2` from 0.9.0 to 0.10.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec5679f607"><code>ec5679f</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="989acb1bfe"><code>989acb1</code></a>
all: update dependencies to their latest versions</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.9.0...v0.10.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `golang.org/x/tools` from 0.10.0 to 0.11.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h2>gopls/v0.11.0</h2>
<p>This is a small release containing new integrations of vulnerability
analysis.</p>
<p>Vulnerability analysis for go.mod files can be enabled by configuring
the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a>
setting to <code>"Imports"</code>. For more information on
vulnerability management, see the <a
href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog
post.</p>
<h2>Support changes</h2>
<p>This release removes support for the
<code>"experimentalUseInvalidMetadata"</code> setting, as
described in the <a
href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a>
release. Other settings slated for deprecation in that release remain
temporarily supported, but will be removed in v0.12.0.</p>
<h2>New Features</h2>
<h3>Analyzing dependencies for vulnerabilities</h3>
<p>This release offers two different options for detecting
vulnerabilities in dependencies. Both are backed by the Go vulnerability
database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and
complement each other.</p>
<ul>
<li>Imports-based scanning, enabled by the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck":
"Imports"</code></a> setting, reports vulnerabilities by
scanning the set of packages imported in the workspace. This is fast,
but may report more false positives.</li>
<li>Integration of the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a>
command-line tool performs a more precise analysis based on-call graph
reachability, with fewer false positives. Because it is slower to
compute, it must be manually triggered by using "Run govulncheck to
verify" code actions or the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a>
code lens on <code>go.mod</code> files.</li>
</ul>
<p><a
href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p>
<!-- raw HTML omitted -->
<h3>Additional checks for the <code>loopclosure</code> analyzer</h3>
<p>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a>
analyzer, which reports problematic references from a nested function to
a variable of an enclosing loop, has been improved to catch more cases.
In particular, it now reports when subtests <a
href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with
the loop, a mistake that often results in all but the final test case
being skipped.</p>
<p><img
src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png"
alt="image" /></p>
<h2>Configuration changes</h2>
<ul>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a>
setting controls vulnerability analysis based on the Go vulnerability
database. If set to <code>"Imports"</code>, gopls will compute
diagnostics related to vulnerabilities in dependencies, and will present
them in go.mod files.</li>
<li>The <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a>
setting controls the presence of code lenses that run the <a
href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a>
command, which takes longer but produces more accurate vulnerability
reporting based on call-graph reachability.</li>
</ul>
<h2>Bug fixes</h2>
<p>This version of gopls includes fixes to several bugs, notably:</p>
<ul>
<li><code>golang/go#57053</code></li>
<li><code>golang/go#55837</code><a
href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li>
<li><code>golang/go#54816</code></li>
</ul>
<p>A full list of all issues fixed can be found in the <a
href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a>
milestone.
To report a new problem, please file a new issue at <a
href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p>
<h2>Thank you to our contributors</h2>
<p><a href="https://github.com/Arsen6331"><code>@Arsen6331</code></a>,
<a href="https://github.com/SN9NV"><code>@SN9NV</code></a>, <a
href="https://github.com/adonovan"><code>@adonovan</code></a>, <a
href="https://github.com/bcmills"><code>@bcmills</code></a>, <a
href="https://github.com/dle8"><code>@dle8</code></a>, <a
href="https://github.com/findleyr"><code>@findleyr</code></a>, <a
href="https://github.com/hyangah"><code>@hyangah</code></a>, <a
href="https://github.com/pjweinbgo"><code>@pjweinbgo</code></a>, <a
href="https://github.com/suzmue"><code>@suzmue</code></a></p>
<h2>gopls/v0.10.1</h2>
<p>This release contains a fix for <a
href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>:
a new crash during method completion on variables of type
<code>*error</code>.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="675bf3c243"><code>675bf3c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="ad52c1ca35"><code>ad52c1c</code></a>
go/ssa/interp: support conversions to slices of named bytes</li>
<li><a
href="14ec3c023f"><code>14ec3c0</code></a>
gopls/doc/contributing.md: document error handling strategies</li>
<li><a
href="c495364167"><code>c495364</code></a>
go/packages/gopackages: document -mode flag</li>
<li><a
href="87ad891fe3"><code>87ad891</code></a>
gopls/internal/lsp/source/typerefs: move test into _test.go</li>
<li><a
href="27fd94e099"><code>27fd94e</code></a>
internal/fastwalk: doc formatting fixes (including godoc links)</li>
<li><a
href="d362be0cdb"><code>d362be0</code></a>
gopls/internal/lsp/filecache: reduce GC frequency</li>
<li><a
href="969078be46"><code>969078b</code></a>
Revert "go/analysis: add Sizes that matches gc size
computations"</li>
<li><a
href="5aa6acb96f"><code>5aa6acb</code></a>
go/analysis: add Sizes that matches gc size computations</li>
<li><a
href="5a89a3bf26"><code>5a89a3b</code></a>
go/vcs: delete</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
<!--
Hi, thanks for contributing!
Please make sure you read our CONTRIBUTING guide.
Also, add tests and the respective documentation changes as well.
-->
<!-- If applied, this commit will... -->
As discussed in #4176, this PR adds syft to the Docker image.
<!-- Why is this change being made? -->
As mentioned in #4176, it simplifies CI when SBOM generation is needed.
<!-- # Provide links to any relevant tickets, URLs or other resources
-->
I tried to test by running `task goreleaser` in my dev environment. The
amd64 image has been built properly and syft is available:
```
docker run --rm -it --entrypoint="" goreleaser/goreleaser:v1.19.2-amd64 sh
/go # syft --version
syft 0.84.1
```
However I couldn't test other platforms since I got unrelated errors
when it tried to build the arm64 image.
