goreleaser

mirror of https://github.com/goreleaser/goreleaser.git synced 2025-01-06 03:13:48 +02:00

Author	SHA1	Message	Date
dependabot[bot]	b95fd39486	chore(deps): bump the github-actions group with 1 update (#4168 ) Bumps the github-actions group with 1 update: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action). <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v2.9.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.6.0 to 0.7.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/246">docker/setup-buildx-action#246</a> <ul> <li>Adds support to cache Buildx binary to hosted tool cache and GHA cache backend</li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v2.8.0...v2.9.0">https://github.com/docker/setup-buildx-action/compare/v2.8.0...v2.9.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`2a1a44ac4a`"><code>2a1a44a</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/246">#246</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="`a6c26a99ef`"><code>a6c26a9</code></a> update ci workflow</li> <li><a href="`a5a7f565d9`"><code>a5a7f56</code></a> update generated content</li> <li><a href="`7d7611f95b`"><code>7d7611f</code></a> Bump <code>@docker/actions-toolkit</code> from 0.6.0 to 0.7.0</li> <li>See full diff in <a href="`16c0bc4a6e...2a1a44ac4a`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.8.0&new-version=2.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-07 10:32:08 -03:00
Carlos Alexandro Becker	4c9314b06f	build(dependabot): group dependency updates	2023-07-06 01:03:53 +00:00
dependabot[bot]	c16ffc40a1	chore(deps): bump docker/setup-buildx-action from 2.7.0 to 2.8.0 (#4155 ) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.7.0 to 2.8.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v2.8.0</h2> <ul> <li>Only set specific flags for drivers supporting them by <a href="https://github.com/nicks"><code>@nicks</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/241">docker/setup-buildx-action#241</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.5.0 to 0.6.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/242">docker/setup-buildx-action#242</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v2.7.0...v2.8.0">https://github.com/docker/setup-buildx-action/compare/v2.7.0...v2.8.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`16c0bc4a6e`"><code>16c0bc4</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/242">#242</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="`ebcacb9c21`"><code>ebcacb9</code></a> update generated content</li> <li><a href="`496a823b8b`"><code>496a823</code></a> Bump <code>@docker/actions-toolkit</code> from 0.5.0 to 0.6.0</li> <li><a href="`a56031a493`"><code>a56031a</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/241">#241</a> from nicks/nicks/driver</li> <li><a href="`922550f064`"><code>922550f</code></a> context: only append flags if we know the driver supports them</li> <li>See full diff in <a href="`ecf95283f0...16c0bc4a6e`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.7.0&new-version=2.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-29 13:34:00 -03:00
dependabot[bot]	d827252bd3	chore(deps): bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#4147 ) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.0 to 3.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's releases</a>.</em></p> <blockquote> <h2>v3.1.1</h2> <h2>What's Changed</h2> <ul> <li>default cosign to v2.1.1 by <a href="https://github.com/cpanato"><code>@cpanato</code></a> in <a href="https://redirect.github.com/sigstore/cosign-installer/pull/137">sigstore/cosign-installer#137</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v3.1.0...v3.1.1">https://github.com/sigstore/cosign-installer/compare/v3.1.0...v3.1.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`6e04d228eb`"><code>6e04d22</code></a> default cosign to v2.1.1 (<a href="https://redirect.github.com/sigstore/cosign-installer/issues/137">#137</a>)</li> <li>See full diff in <a href="https://github.com/sigstore/cosign-installer/compare/v3.1.0...v3.1.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=3.1.0&new-version=3.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-28 09:46:15 -03:00
dependabot[bot]	e9eda52291	chore(deps): bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#4141 )	2023-06-26 13:17:09 +00:00
Carlos Alexandro Becker	4c96bf5ecd	docs: typo fix	2023-06-25 05:34:14 +00:00
Carlos Alexandro Becker	0b1a6bbfea	chore: fmt Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>	2023-06-21 22:09:27 +00:00
dependabot[bot]	cb77f8d667	chore(deps): bump anchore/sbom-action from 0.14.2 to 0.14.3 (#4130 )	2023-06-21 19:13:11 +00:00
dependabot[bot]	db6a1704ed	chore(deps): bump cachix/install-nix-action from 21 to 22 (#4125 ) Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 21 to 22. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cachix/install-nix-action/releases">cachix/install-nix-action's releases</a>.</em></p> <blockquote> <h2>install-nix-action-v22</h2> <ul> <li>Nix 2.16.1</li> <li>Fix issues with System Integrity Protection when using macos-12</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`6ed004b9cc`"><code>6ed004b</code></a> Merge pull request <a href="https://redirect.github.com/cachix/install-nix-action/issues/184">#184</a> from cachix/macos-bump</li> <li><a href="`e27879448e`"><code>e278794</code></a> Nix: 2.15.1 -> 2.16.1</li> <li><a href="`8ab3881720`"><code>8ab3881</code></a> use system certs</li> <li><a href="`16b951426e`"><code>16b9514</code></a> Merge pull request <a href="https://redirect.github.com/cachix/install-nix-action/issues/182">#182</a> from l0b0/feat/configure-editors</li> <li><a href="`2c203fd87b`"><code>2c203fd</code></a> feat: Configure editors</li> <li>See full diff in <a href="https://github.com/cachix/install-nix-action/compare/v21...v22">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cachix/install-nix-action&package-manager=github_actions&previous-version=21&new-version=22)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-19 08:59:24 -03:00
dependabot[bot]	605467bfa4	chore(deps): bump docker/setup-buildx-action from 2.6.0 to 2.7.0 (#4100 ) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.6.0 to 2.7.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v2.7.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.3.0 to 0.5.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/237">docker/setup-buildx-action#237</a> <a href="https://redirect.github.com/docker/setup-buildx-action/pull/238">docker/setup-buildx-action#238</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v2.6.0...v2.7.0">https://github.com/docker/setup-buildx-action/compare/v2.6.0...v2.7.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`ecf95283f0`"><code>ecf9528</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/238">#238</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="`b2a38ee0c6`"><code>b2a38ee</code></a> update generated content</li> <li><a href="`7f79690cac`"><code>7f79690</code></a> Bump <code>@docker/actions-toolkit</code> from 0.4.0 to 0.5.0</li> <li><a href="`bdd549bec0`"><code>bdd549b</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/237">#237</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="`be4a3855af`"><code>be4a385</code></a> update generated content</li> <li><a href="`6c4dbb29f6`"><code>6c4dbb2</code></a> Bump <code>@docker/actions-toolkit</code> from 0.3.0 to 0.4.0</li> <li>See full diff in <a href="`6a58db7e0d...ecf95283f0`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.6.0&new-version=2.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-14 09:35:59 -03:00
dependabot[bot]	28a7e5309d	chore(deps): bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (#4093 ) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.5.0 to 3.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golangci/golangci-lint-action/releases">golangci/golangci-lint-action's releases</a>.</em></p> <blockquote> <h2>v3.6.0</h2> <h2>What's Changed</h2> <ul> <li>docs: fix example by <a href="https://github.com/yuki0920"><code>@yuki0920</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/762">golangci/golangci-lint-action#762</a></li> <li>doc: Add custom configuration file path to args by <a href="https://github.com/Aisuko"><code>@Aisuko</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/767">golangci/golangci-lint-action#767</a></li> <li>feat: add install-mode by <a href="https://github.com/ldez"><code>@ldez</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/768">golangci/golangci-lint-action#768</a></li> <li>feat: support out-format as args by <a href="https://github.com/jrehwaldt"><code>@jrehwaldt</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/769">golangci/golangci-lint-action#769</a></li> <li>fix: out-format by <a href="https://github.com/ldez"><code>@ldez</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/770">golangci/golangci-lint-action#770</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/yuki0920"><code>@yuki0920</code></a> made their first contribution in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/762">golangci/golangci-lint-action#762</a></li> <li><a href="https://github.com/Aisuko"><code>@Aisuko</code></a> made their first contribution in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/767">golangci/golangci-lint-action#767</a></li> <li><a href="https://github.com/ldez"><code>@ldez</code></a> made their first contribution in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/768">golangci/golangci-lint-action#768</a></li> <li><a href="https://github.com/jrehwaldt"><code>@jrehwaldt</code></a> made their first contribution in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/769">golangci/golangci-lint-action#769</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/golangci/golangci-lint-action/compare/v3.5.0...v3.6.0">https://github.com/golangci/golangci-lint-action/compare/v3.5.0...v3.6.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`639cd343e1`"><code>639cd34</code></a> tests: increase timeout</li> <li><a href="`569abaa281`"><code>569abaa</code></a> fix: out-format (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/770">#770</a>)</li> <li><a href="`c57cc43669`"><code>c57cc43</code></a> build(deps-dev): bump typescript from 5.0.4 to 5.1.3 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/764">#764</a>)</li> <li><a href="`322510a3ea`"><code>322510a</code></a> feat: support out-format as args (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/769">#769</a>)</li> <li><a href="`185e7a2f8f`"><code>185e7a2</code></a> feat: add install-mode (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/768">#768</a>)</li> <li><a href="`5be60c708e`"><code>5be60c7</code></a> docs: improve args examples</li> <li><a href="`825a50d3a2`"><code>825a50d</code></a> chore: update workflow and doc</li> <li><a href="`8c13ec4e5d`"><code>8c13ec4</code></a> doc: Add custom configuration file path to args (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/767">#767</a>)</li> <li><a href="`416b5d0b48`"><code>416b5d0</code></a> build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.59.7 to 5.59.8 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/765">#765</a>)</li> <li><a href="`66a608006f`"><code>66a6080</code></a> build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.59.7 to 5.59.8 ...</li> <li>Additional commits viewable in <a href="`5f1fec7010...639cd343e1`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=3.5.0&new-version=3.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @caarlos0. [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-13 14:22:58 +00:00
dependabot[bot]	215b96af55	chore(deps): bump github/codeql-action from 2.3.6 to 2.13.4 (#4087 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.6 to 2.13.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases">github/codeql-action's releases</a>.</em></p> <blockquote> <h2>CodeQL Bundle</h2> <p>Bundles CodeQL CLI v2.13.4</p> <ul> <li>(<a href="https://github.com/github/codeql-cli-binaries/blob/HEAD/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.13.4">release</a>)</li> </ul> <p>Includes the following CodeQL language packs from <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4"><code>github/codeql@codeql-cli/v2.13.4</code></a>:</p> <ul> <li><code>codeql/cpp-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/src">source</a>)</li> <li><code>codeql/cpp-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/cpp/ql/lib">source</a>)</li> <li><code>codeql/csharp-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/src">source</a>)</li> <li><code>codeql/csharp-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/csharp/ql/lib">source</a>)</li> <li><code>codeql/go-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/src">source</a>)</li> <li><code>codeql/go-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/go/ql/lib">source</a>)</li> <li><code>codeql/java-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/src">source</a>)</li> <li><code>codeql/java-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/java/ql/lib">source</a>)</li> <li><code>codeql/javascript-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/src">source</a>)</li> <li><code>codeql/javascript-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/javascript/ql/lib">source</a>)</li> <li><code>codeql/python-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/src">source</a>)</li> <li><code>codeql/python-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/python/ql/lib">source</a>)</li> <li><code>codeql/ruby-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/src">source</a>)</li> <li><code>codeql/ruby-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/ruby/ql/lib">source</a>)</li> <li><code>codeql/swift-queries</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/src/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/src">source</a>)</li> <li><code>codeql/swift-all</code> (<a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/lib/CHANGELOG.md">changelog</a>, <a href="https://github.com/github/codeql/tree/codeql-cli/v2.13.4/swift/ql/lib">source</a>)</li> </ul> <h2>CodeQL Bundle v2.6.0-beta.1</h2> <p>Bundles CodeQL CLI <a href="https://github.com/github/codeql-cli-binaries/releases/tag/v2.6.0-beta.1">v2.6.0-beta.1</a></p> <h3>⚠️ This is a beta release containing a new CodeQL packaging feature. It may not be compatible with existing workflows.</h3> <p>This release contains beta support for <strong>CodeQL packs</strong>. Please read the documentation below for more information:</p> <ul> <li><a href="https://codeql.github.com/docs/codeql-cli/about-codeql-packs">Using CodeQL packs with the CodeQL CLI</a></li> <li><a href="https://docs.github.com/en/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-codeql-query-packs">Using CodeQL packs in Code Scanning on GitHub Actions</a></li> <li><a href="https://docs.github.com/en/code-security/secure-coding/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system#downloading-and-using-codeql-query-packs">Using CodeQL packs in Code Scanning on 3rd-party CI systems</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.3.6 - 01 Jun 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.3. <a href="https://redirect.github.com/github/codeql-action/pull/1698">#1698</a></li> </ul> <h2>2.3.5 - 25 May 2023</h2> <ul> <li>Allow invalid URIs to be used as values to <code>artifactLocation.uri</code> properties. This reverses a change from <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a> that inadvertently led to stricter validation of some URI values. <a href="https://redirect.github.com/github/codeql-action/pull/1705">#1705</a></li> <li>Gracefully handle invalid URIs when fingerprinting. <a href="https://redirect.github.com/github/codeql-action/pull/1694">#1694</a></li> </ul> <h2>2.3.4 - 24 May 2023</h2> <ul> <li>Updated the SARIF 2.1.0 JSON schema file to the latest from <a href="`123e95847b/Schemata/sarif-schema-2.1.0.json`">oasis-tcs/sarif-spec</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a></li> <li>We are rolling out a feature in May 2023 that will disable Python dependency installation for new users of the CodeQL Action. This improves the speed of analysis while having only a very minor impact on results. <a href="https://redirect.github.com/github/codeql-action/pull/1676">#1676</a></li> <li>We are improving the way that <a href="https://github.com/github/codeql-action/releases">CodeQL bundles</a> are tagged to make it possible to easily identify bundles by their CodeQL semantic version. <a href="https://redirect.github.com/github/codeql-action/pull/1682">#1682</a> <ul> <li>As of CodeQL CLI 2.13.4, CodeQL bundles will be tagged using semantic versions, for example <code>codeql-bundle-v2.13.4</code>, instead of timestamps, like <code>codeql-bundle-20230615</code>.</li> <li>This change does not affect the majority of workflows, and we will not be changing tags for existing bundle releases.</li> <li>Some workflows with custom logic that depends on the specific format of the CodeQL bundle tag may need to be updated. For example, if your workflow matches CodeQL bundle tag names against a <code>codeql-bundle-yyyymmdd</code> pattern, you should update it to also recognize <code>codeql-bundle-vx.y.z</code> tags.</li> </ul> </li> <li>Remove the requirement for <code>on.push</code> and <code>on.pull_request</code> to trigger on the same branches. <a href="https://redirect.github.com/github/codeql-action/pull/1675">#1675</a></li> </ul> <h2>2.3.3 - 04 May 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.1. <a href="https://redirect.github.com/github/codeql-action/pull/1664">#1664</a></li> <li>You can now configure CodeQL within your code scanning workflow by passing a <code>config</code> input to the <code>init</code> Action. See <a href="https://aka.ms/code-scanning-docs/config-file">Using a custom configuration file</a> for more information about configuring code scanning. <a href="https://redirect.github.com/github/codeql-action/pull/1590">#1590</a></li> </ul> <h2>2.3.2 - 27 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.3.1 - 26 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.3.0 - 21 Apr 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.0. <a href="https://redirect.github.com/github/codeql-action/pull/1649">#1649</a></li> <li>Bump the minimum CodeQL bundle version to 2.8.5. <a href="https://redirect.github.com/github/codeql-action/pull/1618">#1618</a></li> </ul> <h2>2.2.12 - 13 Apr 2023</h2> <ul> <li>Include the value of the <code>GITHUB_RUN_ATTEMPT</code> environment variable in the telemetry sent to GitHub. <a href="https://redirect.github.com/github/codeql-action/pull/1640">#1640</a></li> <li>Improve the ease of debugging failed runs configured using <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically">default setup</a>. The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page">tool status page</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1619">#1619</a></li> </ul> <h2>2.2.11 - 06 Apr 2023</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`cdcdbb5797`"><code>cdcdbb5</code></a> PR checks: stop setting experimental Swift var for new CLI versions (<a href="https://redirect.github.com/github/codeql-action/issues/1718">#1718</a>)</li> <li><a href="`8b0f2cf9da`"><code>8b0f2cf</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1717">#1717</a> from github/henrymercer/fix-changelog</li> <li><a href="`a35a881b65`"><code>a35a881</code></a> Fix changelog for 2.3.6</li> <li><a href="`d8667207b6`"><code>d866720</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1714">#1714</a> from github/mergeback/v2.3.6-to-main-83f0fe6c</li> <li><a href="`926a4898bc`"><code>926a489</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1712">#1712</a> from github/henrymercer/remove-unused-env-var</li> <li><a href="`5c63cc5b1c`"><code>5c63cc5</code></a> Update checked-in dependencies</li> <li><a href="`30a3b9a904`"><code>30a3b9a</code></a> Update changelog and version after v2.3.6</li> <li><a href="`dfc31c9995`"><code>dfc31c9</code></a> Convert <code>actions-util</code> docs to JSDoc</li> <li><a href="`019a40b91a`"><code>019a40b</code></a> Inline checks for producing a better error message for Dependabot PRs</li> <li><a href="`ae005db7f8`"><code>ae005db</code></a> Merge branch 'main' into henrymercer/remove-unused-env-var</li> <li>Additional commits viewable in <a href="`83f0fe6c49...cdcdbb5797`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.3.6&new-version=2.13.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-12 08:57:35 -03:00
dependabot[bot]	980bccd1fe	chore(deps): bump actions/checkout from 3.4.0 to 3.5.3 (#4088 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.4.0 to 3.5.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v3.5.3</h2> <h2>What's Changed</h2> <ul> <li>Fix: Checkout Issue in self hosted runner due to faulty submodule check-ins by <a href="https://github.com/megamanics"><code>@megamanics</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1196">actions/checkout#1196</a></li> <li>Fix typos found by codespell by <a href="https://github.com/DimitriPapadopoulos"><code>@DimitriPapadopoulos</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1287">actions/checkout#1287</a></li> <li>Add support for sparse checkouts by <a href="https://github.com/dscho"><code>@dscho</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1369">actions/checkout#1369</a></li> <li>Release v3.5.3 by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1376">actions/checkout#1376</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/megamanics"><code>@megamanics</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1196">actions/checkout#1196</a></li> <li><a href="https://github.com/DimitriPapadopoulos"><code>@DimitriPapadopoulos</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1287">actions/checkout#1287</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3...v3.5.3">https://github.com/actions/checkout/compare/v3...v3.5.3</a></p> <h2>v3.5.2</h2> <h2>What's Changed</h2> <ul> <li>Fix: Use correct API url / endpoint in GHES by <a href="https://github.com/fhammerl"><code>@fhammerl</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1289">actions/checkout#1289</a> based on <a href="https://redirect.github.com/actions/checkout/issues/1286">#1286</a> by <a href="https://github.com/1newsr"><code>@1newsr</code></a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.5.1...v3.5.2">https://github.com/actions/checkout/compare/v3.5.1...v3.5.2</a></p> <h2>v3.5.1</h2> <h2>What's Changed</h2> <ul> <li>Improve checkout performance on Windows runners by upgrading <code>@actions/github</code> dependency by <a href="https://github.com/BrettDong"><code>@BrettDong</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1246">actions/checkout#1246</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/BrettDong"><code>@BrettDong</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1246">actions/checkout#1246</a></li> <li><a href="https://github.com/fhammerl"><code>@fhammerl</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1284">actions/checkout#1284</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.5.0...v3.5.1">https://github.com/actions/checkout/compare/v3.5.0...v3.5.1</a></p> <h2>v3.5.0</h2> <h2>What's Changed</h2> <ul> <li>Add new public key for known_hosts by <a href="https://github.com/cdb"><code>@cdb</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1237">actions/checkout#1237</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/cdb"><code>@cdb</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1237">actions/checkout#1237</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.4.0...v3.5.0">https://github.com/actions/checkout/compare/v3.4.0...v3.5.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v3.5.3</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1196">Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1287">Fix typos found by codespell</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1369">Add support for sparse checkouts</a></li> </ul> <h2>v3.5.2</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1289">Fix api endpoint for GHES</a></li> </ul> <h2>v3.5.1</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1246">Fix slow checkout on Windows</a></li> </ul> <h2>v3.5.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1237">Add new public key for known_hosts</a></li> </ul> <h2>v3.4.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1209">Upgrade codeql actions to v2</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1210">Upgrade dependencies</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1225">Upgrade <code>@actions/io</code></a></li> </ul> <h2>v3.3.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1045">Implement branch list using callbacks from exec function</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1050">Add in explicit reference to private checkout options</a></li> <li>[Fix comment typos (that got added in <a href="https://redirect.github.com/actions/checkout/issues/770">#770</a>)](<a href="https://redirect.github.com/actions/checkout/pull/1057">actions/checkout#1057</a>)</li> </ul> <h2>v3.2.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/942">Add GitHub Action to perform release</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/967">Fix status badge</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1002">Replace datadog/squid with ubuntu/squid Docker image</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/964">Wrap pipeline commands for submoduleForeach in quotes</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1029">Update <code>@actions/io</code> to 1.1.2</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1039">Upgrading version to 3.2.0</a></li> </ul> <h2>v3.1.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/939">Use <code>@actions/core</code> <code>saveState</code> and <code>getState</code></a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/922">Add <code>github-server-url</code> input</a></li> </ul> <h2>v3.0.2</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/770">Add input <code>set-safe-directory</code></a></li> </ul> <h2>v3.0.1</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/762">Fixed an issue where checkout failed to run in container jobs due to the new git setting <code>safe.directory</code></a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/744">Bumped various npm package versions</a></li> </ul> <h2>v3.0.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/689">Update to node 16</a></li> </ul> <h2>v2.3.1</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`c85c95e3d7`"><code>c85c95e</code></a> Release v3.5.3 (<a href="https://redirect.github.com/actions/checkout/issues/1376">#1376</a>)</li> <li><a href="`d106d4669b`"><code>d106d46</code></a> Add support for sparse checkouts (<a href="https://redirect.github.com/actions/checkout/issues/1369">#1369</a>)</li> <li><a href="`f095bcc56b`"><code>f095bcc</code></a> Fix typos found by codespell (<a href="https://redirect.github.com/actions/checkout/issues/1287">#1287</a>)</li> <li><a href="`47fbe2df0a`"><code>47fbe2d</code></a> Fix: Checkout fail in self-hosted runners when faulty submodule are checked-i...</li> <li><a href="`8e5e7e5ab8`"><code>8e5e7e5</code></a> Release v3.5.2 (<a href="https://redirect.github.com/actions/checkout/issues/1291">#1291</a>)</li> <li><a href="`eb35239ec2`"><code>eb35239</code></a> Fix: convert baseUrl to serverApiUrl 'formatted' (<a href="https://redirect.github.com/actions/checkout/issues/1289">#1289</a>)</li> <li><a href="`83b7061638`"><code>83b7061</code></a> Release v3.5.1 (<a href="https://redirect.github.com/actions/checkout/issues/1284">#1284</a>)</li> <li><a href="`40a16ebeed`"><code>40a16eb</code></a> Improve checkout performance on Windows runners by upgrading <code>@actions/github</code> ...</li> <li><a href="`8f4b7f8486`"><code>8f4b7f8</code></a> Add new public key for known_hosts (<a href="https://redirect.github.com/actions/checkout/issues/1237">#1237</a>)</li> <li><a href="`cd6a9fd493`"><code>cd6a9fd</code></a> Update update-main-version.yml</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/v3.4.0...c85c95e3d7251135ab7dc9ce3241c5835cc595a9">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.4.0&new-version=3.5.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-12 08:57:05 -03:00
dependabot[bot]	25c3ed2a7f	chore(deps): bump docker/login-action from 2.1.0 to 2.2.0 (#4082 ) [//]: # (dependabot-start) ⚠️ Dependabot is rebasing this PR ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [docker/login-action](https://github.com/docker/login-action) from 2.1.0 to 2.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v2.2.0</h2> <h2>What's Changed</h2> <ul> <li>Switch to actions-toolkit implementation by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/409">docker/login-action#409</a> <a href="https://redirect.github.com/docker/login-action/pull/470">docker/login-action#470</a> <a href="https://redirect.github.com/docker/login-action/pull/476">docker/login-action#476</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> and <code>@aws-sdk/client-ecr-public</code> to 3.347.1 in <a href="https://redirect.github.com/docker/login-action/pull/524">docker/login-action#524</a> <a href="https://redirect.github.com/docker/login-action/pull/364">docker/login-action#364</a> <a href="https://redirect.github.com/docker/login-action/pull/363">docker/login-action#363</a></li> <li>Bump minimatch from 3.0.4 to 3.1.2 in <a href="https://redirect.github.com/docker/login-action/pull/354">docker/login-action#354</a></li> <li>Bump json5 from 2.2.0 to 2.2.3 in <a href="https://redirect.github.com/docker/login-action/pull/378">docker/login-action#378</a></li> <li>Bump http-proxy-agent from 5.0.0 to 7.0.0 in <a href="https://redirect.github.com/docker/login-action/pull/509">docker/login-action#509</a></li> <li>Bump https-proxy-agent from 5.0.1 to 7.0.0 in <a href="https://redirect.github.com/docker/login-action/pull/508">docker/login-action#508</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v2.1.0...v2.2.0">https://github.com/docker/login-action/compare/v2.1.0...v2.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`465a07811f`"><code>465a078</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/524">#524</a> from crazy-max/bump-aws</li> <li><a href="`360b4b5fef`"><code>360b4b5</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/512">#512</a> from jhihruei/change/update-gitlab-readme</li> <li><a href="`c156700b23`"><code>c156700</code></a> update generated content</li> <li><a href="`f605cf145e`"><code>f605cf1</code></a> bump <code>@aws-sdk/client-ecr</code> and <code>@aws-sdk/client-ecr-public</code> to 3.347.1</li> <li><a href="`2a93a3eddb`"><code>2a93a3e</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/508">#508</a> from docker/dependabot/npm_and_yarn/https-proxy-agent...</li> <li><a href="`422e90f610`"><code>422e90f</code></a> update generated content</li> <li><a href="`bc8c4d08b4`"><code>bc8c4d0</code></a> build(deps): bump https-proxy-agent from 5.0.1 to 7.0.0</li> <li><a href="`052c2c4268`"><code>052c2c4</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/509">#509</a> from docker/dependabot/npm_and_yarn/http-proxy-agent-...</li> <li><a href="`beabccd65a`"><code>beabccd</code></a> update generated content</li> <li><a href="`b56ed1c88d`"><code>b56ed1c</code></a> build(deps): bump http-proxy-agent from 5.0.0 to 7.0.0</li> <li>Additional commits viewable in <a href="`f4ef78c080...465a07811f`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/login-action&package-manager=github_actions&previous-version=2.1.0&new-version=2.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>	2023-06-08 09:41:57 -03:00
dependabot[bot]	6f0cb99477	chore(deps): bump docker/setup-buildx-action from 2.5.0 to 2.6.0 (#4083 ) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.5.0 to 2.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v2.6.0</h2> <h2>What's Changed</h2> <ul> <li>Set node name for k8s driver when appending nodes by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/219">docker/setup-buildx-action#219</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.1.0-beta.18 to 0.3.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/220">docker/setup-buildx-action#220</a> <a href="https://redirect.github.com/docker/setup-buildx-action/pull/229">docker/setup-buildx-action#229</a> <a href="https://redirect.github.com/docker/setup-buildx-action/pull/231">docker/setup-buildx-action#231</a> <a href="https://redirect.github.com/docker/setup-buildx-action/pull/236">docker/setup-buildx-action#236</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v2.5.0...v2.6.0">https://github.com/docker/setup-buildx-action/compare/v2.5.0...v2.6.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`6a58db7e0d`"><code>6a58db7</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/236">#236</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="`d56292e348`"><code>d56292e</code></a> update generated content</li> <li><a href="`790eb2db47`"><code>790eb2d</code></a> Bump <code>@docker/actions-toolkit</code> from 0.2.0 to 0.3.0</li> <li><a href="`2a81c53912`"><code>2a81c53</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/231">#231</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="`00b2400aad`"><code>00b2400</code></a> update generated content</li> <li><a href="`484614d7a1`"><code>484614d</code></a> Bump <code>@docker/actions-toolkit</code> from 0.1.0 to 0.2.0</li> <li><a href="`d95759405f`"><code>d957594</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/219">#219</a> from crazy-max/ci-k3s-append</li> <li><a href="`5bb6d36be0`"><code>5bb6d36</code></a> ci: set up and build with k3s</li> <li><a href="`a99c5e53ef`"><code>a99c5e5</code></a> update generated content</li> <li><a href="`fc1a41d2e5`"><code>fc1a41d</code></a> set node name for k8s driver when appending nodes</li> <li>Additional commits viewable in <a href="`4b4e9c3e2d...6a58db7e0d`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.5.0&new-version=2.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-08 09:41:17 -03:00
dependabot[bot]	8498279c5b	chore(deps): bump docker/setup-qemu-action from 2.1.0 to 2.2.0 (#4084 )	2023-06-08 09:10:29 -03:00
dependabot[bot]	0e92d1dae2	chore(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (#4072 ) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.4.0 to 3.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golangci/golangci-lint-action/releases">golangci/golangci-lint-action's releases</a>.</em></p> <blockquote> <h2>v3.5.0</h2> <h2>What's Changed</h2> <ul> <li>build(deps-dev): bump eslint from 8.32.0 to 8.33.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/659">golangci/golangci-lint-action#659</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.48.2 to 5.49.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/661">golangci/golangci-lint-action#661</a></li> <li>build(deps-dev): bump eslint-plugin-simple-import-sort from 9.0.0 to 10.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/662">golangci/golangci-lint-action#662</a></li> <li>build(deps-dev): bump <code>@vercel/ncc</code> from 0.36.0 to 0.36.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/660">golangci/golangci-lint-action#660</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.48.2 to 5.49.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/663">golangci/golangci-lint-action#663</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.49.0 to 5.50.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/665">golangci/golangci-lint-action#665</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.49.0 to 5.50.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/666">golangci/golangci-lint-action#666</a></li> <li>build(deps-dev): bump typescript from 4.9.4 to 4.9.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/667">golangci/golangci-lint-action#667</a></li> <li>build(deps): bump <code>@types/node</code> from 18.11.18 to 18.11.19 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/668">golangci/golangci-lint-action#668</a></li> <li>doc: add quote aroung go version by <a href="https://github.com/vaughany"><code>@vaughany</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/670">golangci/golangci-lint-action#670</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.50.0 to 5.51.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/671">golangci/golangci-lint-action#671</a></li> <li>build(deps-dev): bump prettier from 2.8.3 to 2.8.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/673">golangci/golangci-lint-action#673</a></li> <li>build(deps): bump <code>@types/node</code> from 18.11.19 to 18.13.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/674">golangci/golangci-lint-action#674</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.50.0 to 5.51.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/675">golangci/golangci-lint-action#675</a></li> <li>build(deps): bump <code>@actions/cache</code> from 3.1.2 to 3.1.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/672">golangci/golangci-lint-action#672</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.51.0 to 5.52.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/678">golangci/golangci-lint-action#678</a></li> <li>build(deps): bump <code>@types/node</code> from 18.13.0 to 18.14.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/679">golangci/golangci-lint-action#679</a></li> <li>build(deps-dev): bump eslint from 8.33.0 to 8.34.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/680">golangci/golangci-lint-action#680</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.51.0 to 5.52.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/681">golangci/golangci-lint-action#681</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.52.0 to 5.53.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/684">golangci/golangci-lint-action#684</a></li> <li>build(deps-dev): bump eslint from 8.34.0 to 8.35.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/685">golangci/golangci-lint-action#685</a></li> <li>build(deps): bump <code>@types/node</code> from 18.14.0 to 18.14.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/688">golangci/golangci-lint-action#688</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.52.0 to 5.53.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/687">golangci/golangci-lint-action#687</a></li> <li>build(deps): bump <code>@actions/cache</code> from 3.1.3 to 3.1.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/686">golangci/golangci-lint-action#686</a></li> <li>build(deps): bump <code>@types/node</code> from 18.14.2 to 18.14.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/691">golangci/golangci-lint-action#691</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.53.0 to 5.54.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/692">golangci/golangci-lint-action#692</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.53.0 to 5.54.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/693">golangci/golangci-lint-action#693</a></li> <li>build(deps-dev): bump eslint-config-prettier from 8.6.0 to 8.7.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/694">golangci/golangci-lint-action#694</a></li> <li>build(deps-dev): bump eslint from 8.35.0 to 8.36.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/699">golangci/golangci-lint-action#699</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.54.0 to 5.54.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/700">golangci/golangci-lint-action#700</a></li> <li>build(deps): bump <code>@types/node</code> from 18.14.6 to 18.15.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/701">golangci/golangci-lint-action#701</a></li> <li>docs/build: update to setup-go@v4 by <a href="https://github.com/caarlos0"><code>@caarlos0</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/704">golangci/golangci-lint-action#704</a></li> <li>build(deps-dev): bump typescript from 4.9.5 to 5.0.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/705">golangci/golangci-lint-action#705</a></li> <li>build(deps): bump <code>@types/node</code> from 18.15.1 to 18.15.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/706">golangci/golangci-lint-action#706</a></li> <li>build(deps): bump <code>@actions/http-client</code> from 2.0.1 to 2.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/697">golangci/golangci-lint-action#697</a></li> <li>build(deps-dev): bump prettier from 2.8.4 to 2.8.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/707">golangci/golangci-lint-action#707</a></li> <li>build(deps): bump <code>@actions/cache</code> from 3.1.4 to 3.2.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/698">golangci/golangci-lint-action#698</a></li> <li>build(deps-dev): bump eslint-config-prettier from 8.7.0 to 8.8.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/709">golangci/golangci-lint-action#709</a></li> <li>build(deps): bump <code>@types/node</code> from 18.15.3 to 18.15.10 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/710">golangci/golangci-lint-action#710</a></li> <li>build(deps-dev): bump prettier from 2.8.5 to 2.8.7 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/711">golangci/golangci-lint-action#711</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.54.1 to 5.56.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/712">golangci/golangci-lint-action#712</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.54.0 to 5.56.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/713">golangci/golangci-lint-action#713</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.56.0 to 5.57.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/718">golangci/golangci-lint-action#718</a></li> <li>build(deps-dev): bump typescript from 5.0.2 to 5.0.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/717">golangci/golangci-lint-action#717</a></li> <li>build(deps-dev): bump eslint from 8.36.0 to 8.37.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/719">golangci/golangci-lint-action#719</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.56.0 to 5.57.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/720">golangci/golangci-lint-action#720</a></li> <li>build(deps): bump <code>@types/node</code> from 18.15.10 to 18.15.11 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/721">golangci/golangci-lint-action#721</a></li> <li>build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.57.0 to 5.57.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/722">golangci/golangci-lint-action#722</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`5f1fec7010`"><code>5f1fec7</code></a> build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.59.6 to 5.59.7 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/758">#758</a>)</li> <li><a href="`601007b788`"><code>601007b</code></a> build(deps): bump <code>@types/node</code> from 20.2.3 to 20.2.5 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/756">#756</a>)</li> <li><a href="`d2a913e97b`"><code>d2a913e</code></a> build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.59.6 to 5.59.7 ...</li> <li><a href="`7233bd71cb`"><code>7233bd7</code></a> build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.59.5 to 5.59.6 ...</li> <li><a href="`687f029324`"><code>687f029</code></a> build(deps): bump <code>@types/node</code> from 20.1.4 to 20.2.3 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/755">#755</a>)</li> <li><a href="`f9990cd216`"><code>f9990cd</code></a> build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.59.5 to 5.59.6 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/754">#754</a>)</li> <li><a href="`f30aa514f9`"><code>f30aa51</code></a> build(deps-dev): bump eslint from 8.40.0 to 8.41.0 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/753">#753</a>)</li> <li><a href="`6b21f586ed`"><code>6b21f58</code></a> build(deps-dev): bump <code>@typescript-eslint/eslint-plugin</code> from 5.59.2 to 5.59.5 ...</li> <li><a href="`535ed3a04b`"><code>535ed3a</code></a> build(deps): bump <code>@types/semver</code> from 7.3.13 to 7.5.0 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/748">#748</a>)</li> <li><a href="`0078ef00ab`"><code>0078ef0</code></a> build(deps-dev): bump <code>@typescript-eslint/parser</code> from 5.59.1 to 5.59.5 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/750">#750</a>)</li> <li>Additional commits viewable in <a href="`08e2f20817...5f1fec7010`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=3.4.0&new-version=3.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-05 13:13:31 -03:00
dependabot[bot]	7886f35f54	chore(deps): bump github/codeql-action from 2.3.5 to 2.3.6 (#4066 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.5 to 2.3.6. <details> <summary>Commits</summary> <ul> <li><a href="`83f0fe6c49`"><code>83f0fe6</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1713">#1713</a> from github/update-v2.3.6-96f284028</li> <li><a href="`5c8f4be0e9`"><code>5c8f4be</code></a> Update changelog for v2.3.6</li> <li><a href="`96f2840282`"><code>96f2840</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1711">#1711</a> from github/henrymercer/improve-supported-versions-u...</li> <li><a href="`89c4c9e65c`"><code>89c4c9e</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1678">#1678</a> from github/henrymercer/default-setup-safeguarding</li> <li><a href="`26f16a5e63`"><code>26f16a5</code></a> Rephrase the still supported calculation to make it clearer</li> <li><a href="`955f8596ae`"><code>955f859</code></a> Fix sign error</li> <li><a href="`e7cff66ce1`"><code>e7cff66</code></a> Fix push</li> <li><a href="`afdba76326`"><code>afdba76</code></a> Wait a week before dropping support for end of life GHES versions</li> <li><a href="`07e43a2208`"><code>07e43a2</code></a> Open PR with gh CLI</li> <li><a href="`9632771630`"><code>9632771</code></a> Address review comments</li> <li>Additional commits viewable in <a href="`0225834cc5...83f0fe6c49`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.3.5&new-version=2.3.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-06-05 13:05:48 -03:00
Carlos Alexandro Becker	bceb69cfe2	chore: fix issue templates (#4055 )	2023-05-29 18:37:42 -03:00
dependabot[bot]	86a8317ff6	chore(deps): bump github/codeql-action from 2.3.4 to 2.3.5 (#4041 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.4 to 2.3.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.3.5 - 25 May 2023</h2> <ul> <li>Allow invalid URIs to be used as values to <code>artifactLocation.uri</code> properties. This reverses a change from <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a> that inadvertently led to stricter validation of some URI values. <a href="https://redirect.github.com/github/codeql-action/pull/1705">#1705</a></li> <li>Gracefully handle invalid URIs when fingerprinting. <a href="https://redirect.github.com/github/codeql-action/pull/1694">#1694</a></li> </ul> <h2>2.3.4 - 24 May 2023</h2> <ul> <li>Updated the SARIF 2.1.0 JSON schema file to the latest from <a href="`123e95847b/Schemata/sarif-schema-2.1.0.json`">oasis-tcs/sarif-spec</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a></li> <li>We are rolling out a feature in May 2023 that will disable Python dependency installation for new users of the CodeQL Action. This improves the speed of analysis while having only a very minor impact on results. <a href="https://redirect.github.com/github/codeql-action/pull/1676">#1676</a></li> <li>We are improving the way that <a href="https://github.com/github/codeql-action/releases">CodeQL bundles</a> are tagged to make it possible to easily identify bundles by their CodeQL semantic version. <a href="https://redirect.github.com/github/codeql-action/pull/1682">#1682</a> <ul> <li>As of CodeQL CLI 2.13.4, CodeQL bundles will be tagged using semantic versions, for example <code>codeql-bundle-v2.13.4</code>, instead of timestamps, like <code>codeql-bundle-20230615</code>.</li> <li>This change does not affect the majority of workflows, and we will not be changing tags for existing bundle releases.</li> <li>Some workflows with custom logic that depends on the specific format of the CodeQL bundle tag may need to be updated. For example, if your workflow matches CodeQL bundle tag names against a <code>codeql-bundle-yyyymmdd</code> pattern, you should update it to also recognize <code>codeql-bundle-vx.y.z</code> tags.</li> </ul> </li> <li>Remove the requirement for <code>on.push</code> and <code>on.pull_request</code> to trigger on the same branches. <a href="https://redirect.github.com/github/codeql-action/pull/1675">#1675</a></li> </ul> <h2>2.3.3 - 04 May 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.1. <a href="https://redirect.github.com/github/codeql-action/pull/1664">#1664</a></li> <li>You can now configure CodeQL within your code scanning workflow by passing a <code>config</code> input to the <code>init</code> Action. See <a href="https://aka.ms/code-scanning-docs/config-file">Using a custom configuration file</a> for more information about configuring code scanning. <a href="https://redirect.github.com/github/codeql-action/pull/1590">#1590</a></li> </ul> <h2>2.3.2 - 27 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.3.1 - 26 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.3.0 - 21 Apr 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.0. <a href="https://redirect.github.com/github/codeql-action/pull/1649">#1649</a></li> <li>Bump the minimum CodeQL bundle version to 2.8.5. <a href="https://redirect.github.com/github/codeql-action/pull/1618">#1618</a></li> </ul> <h2>2.2.12 - 13 Apr 2023</h2> <ul> <li>Include the value of the <code>GITHUB_RUN_ATTEMPT</code> environment variable in the telemetry sent to GitHub. <a href="https://redirect.github.com/github/codeql-action/pull/1640">#1640</a></li> <li>Improve the ease of debugging failed runs configured using <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically">default setup</a>. The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page">tool status page</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1619">#1619</a></li> </ul> <h2>2.2.11 - 06 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.2.10 - 05 Apr 2023</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`0225834cc5`"><code>0225834</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1706">#1706</a> from github/update-v2.3.5-d3314cca2</li> <li><a href="`15f9b00614`"><code>15f9b00</code></a> Apply suggestions from code review</li> <li><a href="`ff82fd0736`"><code>ff82fd0</code></a> Update changelog for v2.3.5</li> <li><a href="`d3314cca22`"><code>d3314cc</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1705">#1705</a> from github/aeisenberg/location-uri-schema-fix</li> <li><a href="`42add7b4d7`"><code>42add7b</code></a> Update changelog</li> <li><a href="`9c5706e1a2`"><code>9c5706e</code></a> Avoid throwing validation error on invalid URIs</li> <li><a href="`3912995667`"><code>3912995</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1704">#1704</a> from github/henrymercer/contributions-updates</li> <li><a href="`8d7f61b8f2`"><code>8d7f61b</code></a> Update npm version</li> <li><a href="`50bc388cfc`"><code>50bc388</code></a> Update Node version</li> <li><a href="`4a409ace8f`"><code>4a409ac</code></a> Link to CONTRIBUTING doc from README</li> <li>Additional commits viewable in <a href="`f0e3dfb303...0225834cc5`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.3.4&new-version=2.3.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-26 10:00:20 -03:00
dependabot[bot]	967bd7b06c	chore(deps): bump cachix/install-nix-action from 20 to 21 (#4040 ) Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 20 to 21. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cachix/install-nix-action/releases">cachix/install-nix-action's releases</a>.</em></p> <blockquote> <h2>install-nix-action-v21</h2> <ul> <li>pin Nix to 2.15.1 (recent releases broke too many things)</li> <li>fix the action to work on custom containers</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`4b933aa7eb`"><code>4b933aa</code></a> Nix: 2.15.1</li> <li><a href="`35806937f1`"><code>3580693</code></a> Merge pull request <a href="https://redirect.github.com/cachix/install-nix-action/issues/179">#179</a> from joergdw/fix-action-path</li> <li><a href="`3eb7a24508`"><code>3eb7a24</code></a> Merge pull request <a href="https://redirect.github.com/cachix/install-nix-action/issues/178">#178</a> from cachix/docs/149</li> <li><a href="`840ed7ce9a`"><code>840ed7c</code></a> Document how to pass env vars to modern nix commands</li> <li><a href="`b2f4229533`"><code>b2f4229</code></a> Fix action to make it work on custom containers;</li> <li><a href="`e304541747`"><code>e304541</code></a> fix <a href="https://redirect.github.com/cachix/install-nix-action/issues/170">#170</a></li> <li><a href="`3988b729f9`"><code>3988b72</code></a> pin Nix to 2.15.0</li> <li><a href="`763a380571`"><code>763a380</code></a> Bump revision in README</li> <li><a href="`67e9fd765d`"><code>67e9fd7</code></a> bump revision in readme</li> <li><a href="`be4cef7b77`"><code>be4cef7</code></a> Merge pull request <a href="https://redirect.github.com/cachix/install-nix-action/issues/166">#166</a> from l0b0/refactor/linting</li> <li>Additional commits viewable in <a href="https://github.com/cachix/install-nix-action/compare/v20...v21">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cachix/install-nix-action&package-manager=github_actions&previous-version=20&new-version=21)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-26 10:00:14 -03:00
Carlos Alexandro Becker	99afc8d62e	feat: nix support (#4012 ) very, very, very WIP implementation of nixpkgs for GoReleaser. Decisions made for this first version: - only linux and darwin, arm64, 386 and amd64 - only support pkgs from goreleaser-generated archives - no support to push into default nixpkgs repository - no support to automatically add the _maybe_ new pkg to the root `default.nix` - the generated nixpkg will be rather verbose, which shouldn't be too much of an issue as it is autogenerated anyway TODOs: - [x] macos universal binary support - [x] custom pkg path (e.g. pkgs/misc/foo/bar/default.nix) - [x] handle archives with a folder in them - [x] add more options: postInstall, ?? Will be handled in future versions: - [ ] archives.format=binary support - [ ] compile from source - [ ] PR-ing into nixpkgs - [ ] armv6l-linux & armv7l-linux support closes #3537 --------- Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>	2023-05-25 23:07:10 -03:00
dependabot[bot]	9d3603a7e2	chore(deps): bump github/codeql-action from 2.3.3 to 2.3.4 (#4032 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.3 to 2.3.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.3.4 - 24 May 2023</h2> <ul> <li>Updated the SARIF 2.1.0 JSON schema file to the latest from <a href="`123e95847b/Schemata/sarif-schema-2.1.0.json`">oasis-tcs/sarif-spec</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1668">#1668</a></li> <li>We are rolling out a feature in May 2023 that will disable Python dependency installation for new users of the CodeQL Action. This improves the speed of analysis while having only a very minor impact on results. <a href="https://redirect.github.com/github/codeql-action/pull/1676">#1676</a></li> <li>We are improving the way that <a href="https://github.com/github/codeql-action/releases">CodeQL bundles</a> are tagged to make it possible to easily identify bundles by their CodeQL semantic version. <a href="https://redirect.github.com/github/codeql-action/pull/1682">#1682</a> <ul> <li>As of CodeQL CLI 2.13.4, CodeQL bundles will be tagged using semantic versions, for example <code>codeql-bundle-v2.13.4</code>, instead of timestamps, like <code>codeql-bundle-20230615</code>.</li> <li>This change does not affect the majority of workflows, and we will not be changing tags for existing bundle releases.</li> <li>Some workflows with custom logic that depends on the specific format of the CodeQL bundle tag may need to be updated. For example, if your workflow matches CodeQL bundle tag names against a <code>codeql-bundle-yyyymmdd</code> pattern, you should update it to also recognize <code>codeql-bundle-vx.y.z</code> tags.</li> </ul> </li> <li>Remove the requirement for <code>on.push</code> and <code>on.pull_request</code> to trigger on the same branches. <a href="https://redirect.github.com/github/codeql-action/pull/1675">#1675</a></li> </ul> <h2>2.3.3 - 04 May 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.1. <a href="https://redirect.github.com/github/codeql-action/pull/1664">#1664</a></li> <li>You can now configure CodeQL within your code scanning workflow by passing a <code>config</code> input to the <code>init</code> Action. See <a href="https://aka.ms/code-scanning-docs/config-file">Using a custom configuration file</a> for more information about configuring code scanning. <a href="https://redirect.github.com/github/codeql-action/pull/1590">#1590</a></li> </ul> <h2>2.3.2 - 27 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.3.1 - 26 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.3.0 - 21 Apr 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.0. <a href="https://redirect.github.com/github/codeql-action/pull/1649">#1649</a></li> <li>Bump the minimum CodeQL bundle version to 2.8.5. <a href="https://redirect.github.com/github/codeql-action/pull/1618">#1618</a></li> </ul> <h2>2.2.12 - 13 Apr 2023</h2> <ul> <li>Include the value of the <code>GITHUB_RUN_ATTEMPT</code> environment variable in the telemetry sent to GitHub. <a href="https://redirect.github.com/github/codeql-action/pull/1640">#1640</a></li> <li>Improve the ease of debugging failed runs configured using <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically">default setup</a>. The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page">tool status page</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1619">#1619</a></li> </ul> <h2>2.2.11 - 06 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.2.10 - 05 Apr 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.6. <a href="https://redirect.github.com/github/codeql-action/pull/1629">#1629</a></li> </ul> <h2>2.2.9 - 27 Mar 2023</h2> <ul> <li>Customers post-processing the SARIF output of the <code>analyze</code> Action before uploading it to Code Scanning will benefit from an improved debugging experience. <a href="https://redirect.github.com/github/codeql-action/pull/1598">#1598</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`f0e3dfb303`"><code>f0e3dfb</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1700">#1700</a> from github/update-v2.3.4-570734c55</li> <li><a href="`0d65621757`"><code>0d65621</code></a> Update CHANGELOG.md</li> <li><a href="`c3ae9dcd15`"><code>c3ae9dc</code></a> Update changelog for v2.3.4</li> <li><a href="`570734c55c`"><code>570734c</code></a> Remove unnecessary conditional for Ruby autodetect (<a href="https://redirect.github.com/github/codeql-action/issues/1699">#1699</a>)</li> <li><a href="`8c923c00a3`"><code>8c923c0</code></a> Fix Swift PR Checks on <code>nightly-latest</code> CLI (<a href="https://redirect.github.com/github/codeql-action/issues/1696">#1696</a>)</li> <li><a href="`1245696032`"><code>1245696</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1687">#1687</a> from github/henrymercer/update-changelog-note</li> <li><a href="`317cd34a7a`"><code>317cd34</code></a> Push back semver CodeQL bundles</li> <li><a href="`6cfb483131`"><code>6cfb483</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1682">#1682</a> from github/henrymercer/semver-bundles</li> <li><a href="`a5f4123fb0`"><code>a5f4123</code></a> Improve changelog note</li> <li><a href="`50931b43dd`"><code>50931b4</code></a> Add changelog note</li> <li>Additional commits viewable in <a href="`29b1f65c5e...f0e3dfb303`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.3.3&new-version=2.3.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-25 09:38:55 -03:00
Carlos Alexandro Becker	46072c6047	docs: add banner asking for support to the website, release notes, etc Sounds a bit like begging, but I was told it actually works. Let's see...	2023-05-19 19:33:37 +00:00
dependabot[bot]	4227c194f8	chore(deps): bump sigstore/cosign-installer from 3.0.4 to 3.0.5 (#4020 )	2023-05-18 09:34:13 -03:00
dependabot[bot]	670238c3ea	chore(deps): bump sigstore/cosign-installer from 3.0.3 to 3.0.4 (#4018 )	2023-05-17 09:02:19 -03:00
dependabot[bot]	234e1d8ce5	chore(deps): bump codecov/codecov-action from 3.1.3 to 3.1.4 (#4014 ) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.3 to 3.1.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/codecov/codecov-action/releases">codecov/codecov-action's releases</a>.</em></p> <blockquote> <h2>3.1.4</h2> <h2>What's Changed</h2> <ul> <li>build(deps-dev): bump <code>@types/node</code> from 18.15.12 to 18.16.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/970">codecov/codecov-action#970</a></li> <li>Fix typo in README.md by <a href="https://github.com/hisaac"><code>@hisaac</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/967">codecov/codecov-action#967</a></li> <li>fix: add back in working dir by <a href="https://github.com/thomasrockhu-codecov"><code>@thomasrockhu-codecov</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/971">codecov/codecov-action#971</a></li> <li>fix: CLI option names for uploader by <a href="https://github.com/kleisauke"><code>@kleisauke</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/969">codecov/codecov-action#969</a></li> <li>build(deps-dev): bump <code>@types/node</code> from 18.16.3 to 20.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/975">codecov/codecov-action#975</a></li> <li>build(deps-dev): bump <code>@types/node</code> from 20.1.0 to 20.1.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/979">codecov/codecov-action#979</a></li> <li>build(deps-dev): bump <code>@types/node</code> from 20.1.2 to 20.1.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/981">codecov/codecov-action#981</a></li> <li>release: 3.1.4 by <a href="https://github.com/thomasrockhu-codecov"><code>@thomasrockhu-codecov</code></a> in <a href="https://redirect.github.com/codecov/codecov-action/pull/983">codecov/codecov-action#983</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/hisaac"><code>@hisaac</code></a> made their first contribution in <a href="https://redirect.github.com/codecov/codecov-action/pull/967">codecov/codecov-action#967</a></li> <li><a href="https://github.com/kleisauke"><code>@kleisauke</code></a> made their first contribution in <a href="https://redirect.github.com/codecov/codecov-action/pull/969">codecov/codecov-action#969</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/codecov/codecov-action/compare/v3.1.3...v3.1.4">https://github.com/codecov/codecov-action/compare/v3.1.3...v3.1.4</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md">codecov/codecov-action's changelog</a>.</em></p> <blockquote> <h2>3.1.4</h2> <h3>Fixes</h3> <ul> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/967">#967</a> Fix typo in README.md</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/971">#971</a> fix: add back in working dir</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/969">#969</a> fix: CLI option names for uploader</li> </ul> <h3>Dependencies</h3> <ul> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/970">#970</a> build(deps-dev): bump <code>@types/node</code> from 18.15.12 to 18.16.3</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/979">#979</a> build(deps-dev): bump <code>@types/node</code> from 20.1.0 to 20.1.2</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/981">#981</a> build(deps-dev): bump <code>@types/node</code> from 20.1.2 to 20.1.4</li> </ul> <h2>3.1.3</h2> <h3>Fixes</h3> <ul> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/960">#960</a> fix: allow for aarch64 build</li> </ul> <h3>Dependencies</h3> <ul> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/957">#957</a> build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/958">#958</a> build(deps): bump openpgp from 5.7.0 to 5.8.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/959">#959</a> build(deps-dev): bump <code>@types/node</code> from 18.15.10 to 18.15.12</li> </ul> <h2>3.1.2</h2> <h3>Fixes</h3> <ul> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/718">#718</a> Update README.md</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/851">#851</a> Remove unsupported path_to_write_report argument</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/898">#898</a> codeql-analysis.yml</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/901">#901</a> Update README to contain correct information - inputs and negate feature</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/955">#955</a> fix: add in all the extra arguments for uploader</li> </ul> <h3>Dependencies</h3> <ul> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/819">#819</a> build(deps): bump openpgp from 5.4.0 to 5.5.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/835">#835</a> build(deps): bump node-fetch from 3.2.4 to 3.2.10</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/840">#840</a> build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/841">#841</a> build(deps): bump <code>@actions/core</code> from 1.9.1 to 1.10.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/843">#843</a> build(deps): bump <code>@actions/github</code> from 5.0.3 to 5.1.1</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/869">#869</a> build(deps): bump node-fetch from 3.2.10 to 3.3.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/872">#872</a> build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/879">#879</a> build(deps): bump decode-uri-component from 0.2.0 to 0.2.2</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/889">#889</a> build(deps): bump ossf/scorecard-action from 1.1.1 to 2.1.2</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/895">#895</a> build(deps): bump json5 from 2.2.1 to 2.2.3</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/896">#896</a> build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.2</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/900">#900</a> build(deps-dev): bump <code>@vercel/ncc</code> from 0.34.0 to 0.36.1</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/905">#905</a> build(deps-dev): bump typescript from 4.7.4 to 4.9.5</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/911">#911</a> build(deps-dev): bump <code>@types/node</code> from 16.11.40 to 18.13.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/922">#922</a> build(deps-dev): bump <code>@types/node</code> from 18.13.0 to 18.14.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/924">#924</a> build(deps): bump openpgp from 5.5.0 to 5.7.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/927">#927</a> build(deps-dev): bump <code>@types/node</code> from 18.14.0 to 18.14.2</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/933">#933</a> build(deps-dev): bump <code>@types/node</code> from 18.14.2 to 18.14.6</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/937">#937</a> build(deps-dev): bump <code>@types/node</code> from 18.14.6 to 18.15.0</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/938">#938</a> build(deps): bump node-fetch from 3.3.0 to 3.3.1</li> <li><a href="https://redirect.github.com/codecov/codecov-action/issues/945">#945</a> build(deps-dev): bump <code>@types/node</code> from 18.15.0 to 18.15.5</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`eaaf4bedf3`"><code>eaaf4be</code></a> release: 3.1.4 (<a href="https://redirect.github.com/codecov/codecov-action/issues/983">#983</a>)</li> <li><a href="`c2ab9ab2e1`"><code>c2ab9ab</code></a> build(deps-dev): bump <code>@types/node</code> from 20.1.2 to 20.1.4 (<a href="https://redirect.github.com/codecov/codecov-action/issues/981">#981</a>)</li> <li><a href="`49c20db375`"><code>49c20db</code></a> build(deps-dev): bump <code>@types/node</code> from 20.1.0 to 20.1.2 (<a href="https://redirect.github.com/codecov/codecov-action/issues/979">#979</a>)</li> <li><a href="`cf8e3e4262`"><code>cf8e3e4</code></a> build(deps-dev): bump <code>@types/node</code> from 18.16.3 to 20.1.0 (<a href="https://redirect.github.com/codecov/codecov-action/issues/975">#975</a>)</li> <li><a href="`1c34415a06`"><code>1c34415</code></a> fix: CLI option names for uploader (<a href="https://redirect.github.com/codecov/codecov-action/issues/969">#969</a>)</li> <li><a href="`b4dfea724f`"><code>b4dfea7</code></a> fix: add back in working dir (<a href="https://redirect.github.com/codecov/codecov-action/issues/971">#971</a>)</li> <li><a href="`5bf250470e`"><code>5bf2504</code></a> Fix typo in README.md (<a href="https://redirect.github.com/codecov/codecov-action/issues/967">#967</a>)</li> <li><a href="`1dd0ce34be`"><code>1dd0ce3</code></a> build(deps-dev): bump <code>@types/node</code> from 18.15.12 to 18.16.3 (<a href="https://redirect.github.com/codecov/codecov-action/issues/970">#970</a>)</li> <li>See full diff in <a href="`894ff025c7...eaaf4bedf3`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=3.1.3&new-version=3.1.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-16 09:22:03 -03:00
dependabot[bot]	8005088588	chore(deps): bump actions/setup-go from 4.0.0 to 4.0.1 (#4015 ) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.0.0 to 4.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>v4.0.1</h2> <h2>What's Changed</h2> <ul> <li>Update documentation for <code>v4</code> by <a href="https://github.com/dsame"><code>@dsame</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/354">actions/setup-go#354</a></li> <li>Fix glob bug in the package.json scripts section by <a href="https://github.com/IvanZosimov"><code>@IvanZosimov</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/359">actions/setup-go#359</a></li> <li>Bump <code>xml2js</code> dependency by <a href="https://github.com/dmitry-shibanov"><code>@dmitry-shibanov</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/370">actions/setup-go#370</a></li> <li>Bump <code>@actions/cache</code> dependency to v3.2.1 by <a href="https://github.com/nikolai-laevskii"><code>@nikolai-laevskii</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/374">actions/setup-go#374</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/nikolai-laevskii"><code>@nikolai-laevskii</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/374">actions/setup-go#374</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-go/compare/v4...v4.0.1">https://github.com/actions/setup-go/compare/v4...v4.0.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`fac708d667`"><code>fac708d</code></a> Bump <code>@actions/cache</code> dependency to v3.2.1 (<a href="https://redirect.github.com/actions/setup-go/issues/374">#374</a>)</li> <li><a href="`dd84a9531a`"><code>dd84a95</code></a> Update xml2js (<a href="https://redirect.github.com/actions/setup-go/issues/370">#370</a>)</li> <li><a href="`41c2024c46`"><code>41c2024</code></a> Fix glob bug in package.json scripts section (<a href="https://redirect.github.com/actions/setup-go/issues/359">#359</a>)</li> <li><a href="`8dbf352f06`"><code>8dbf352</code></a> update README fo v4 (<a href="https://redirect.github.com/actions/setup-go/issues/354">#354</a>)</li> <li>See full diff in <a href="`4d34df0c23...fac708d667`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=4.0.0&new-version=4.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-16 09:21:45 -03:00
dependabot[bot]	64d6424215	chore(deps): bump anchore/sbom-action from 0.14.1 to 0.14.2 (#3994 ) Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.14.1 to 0.14.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's releases</a>.</em></p> <blockquote> <h2>v0.14.2</h2> <h2>Changes in v0.14.2</h2> <ul> <li>Update Syft to v0.80.0 (<a href="https://redirect.github.com/anchore/sbom-action/issues/415">#415</a>)</li> <li>Make sure all invalid artifact name characters are replaced <a href="https://redirect.github.com/anchore/sbom-action/issues/396">#396</a> (<a href="https://redirect.github.com/anchore/sbom-action/issues/417">#417</a>) [<a href="https://github.com/lts-po">lts-po</a>]</li> <li>Ensure SBOM is copied to <code>output-file</code> (<a href="https://redirect.github.com/anchore/sbom-action/issues/411">#411</a>) [<a href="https://github.com/gszr">gszr</a>]</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`4d571ad103`"><code>4d571ad</code></a> chore(deps): update Syft to v0.80.0 (<a href="https://redirect.github.com/anchore/sbom-action/issues/415">#415</a>)</li> <li><a href="`a59054d328`"><code>a59054d</code></a> fix: Make sure all invalid chars are replaced for artifact names -- fixes <a href="https://redirect.github.com/anchore/sbom-action/issues/39">#39</a>...</li> <li><a href="`ea7104d799`"><code>ea7104d</code></a> chore: update snapshot workflow (<a href="https://redirect.github.com/anchore/sbom-action/issues/413">#413</a>)</li> <li><a href="`50dec67b80`"><code>50dec67</code></a> chore(deps): update Syft to v0.77.0 (<a href="https://redirect.github.com/anchore/sbom-action/issues/409">#409</a>)</li> <li><a href="`8e2e93770c`"><code>8e2e937</code></a> fix: ensure sbom is copied to output-file (<a href="https://redirect.github.com/anchore/sbom-action/issues/411">#411</a>)</li> <li><a href="`800a56fe08`"><code>800a56f</code></a> chore: update snapshot workflow (<a href="https://redirect.github.com/anchore/sbom-action/issues/412">#412</a>)</li> <li><a href="`9cf3dcd573`"><code>9cf3dcd</code></a> chore: update snapshot workflow (<a href="https://redirect.github.com/anchore/sbom-action/issues/410">#410</a>)</li> <li><a href="`642f63cefc`"><code>642f63c</code></a> chore: update syft update check (<a href="https://redirect.github.com/anchore/sbom-action/issues/408">#408</a>)</li> <li><a href="`a7622b6841`"><code>a7622b6</code></a> chore: update deprecated set-output (<a href="https://redirect.github.com/anchore/sbom-action/issues/407">#407</a>)</li> <li><a href="`c82ee2675f`"><code>c82ee26</code></a> chore: add workflow to update snapshots from PR comment (<a href="https://redirect.github.com/anchore/sbom-action/issues/406">#406</a>)</li> <li>Additional commits viewable in <a href="https://github.com/anchore/sbom-action/compare/v0.14.1...v0.14.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anchore/sbom-action&package-manager=github_actions&previous-version=0.14.1&new-version=0.14.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-08 08:49:41 -03:00
dependabot[bot]	d371145f89	chore(deps): bump github/codeql-action from 2.3.2 to 2.3.3 (#3983 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.2 to 2.3.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.3.3 - 04 May 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.1. <a href="https://redirect.github.com/github/codeql-action/pull/1664">#1664</a></li> <li>You can now configure CodeQL within your code scanning workflow by passing a <code>config</code> input to the <code>init</code> Action. See <a href="https://aka.ms/code-scanning-docs/config-file">Using a custom configuration file</a> for more information about configuring code scanning. <a href="https://redirect.github.com/github/codeql-action/pull/1590">#1590</a></li> </ul> <h2>2.3.2 - 27 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.3.1 - 26 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.3.0 - 21 Apr 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.13.0. <a href="https://redirect.github.com/github/codeql-action/pull/1649">#1649</a></li> <li>Bump the minimum CodeQL bundle version to 2.8.5. <a href="https://redirect.github.com/github/codeql-action/pull/1618">#1618</a></li> </ul> <h2>2.2.12 - 13 Apr 2023</h2> <ul> <li>Include the value of the <code>GITHUB_RUN_ATTEMPT</code> environment variable in the telemetry sent to GitHub. <a href="https://redirect.github.com/github/codeql-action/pull/1640">#1640</a></li> <li>Improve the ease of debugging failed runs configured using <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically">default setup</a>. The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the <a href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page">tool status page</a>. <a href="https://redirect.github.com/github/codeql-action/pull/1619">#1619</a></li> </ul> <h2>2.2.11 - 06 Apr 2023</h2> <p>No user facing changes.</p> <h2>2.2.10 - 05 Apr 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.6. <a href="https://redirect.github.com/github/codeql-action/pull/1629">#1629</a></li> </ul> <h2>2.2.9 - 27 Mar 2023</h2> <ul> <li>Customers post-processing the SARIF output of the <code>analyze</code> Action before uploading it to Code Scanning will benefit from an improved debugging experience. <a href="https://redirect.github.com/github/codeql-action/pull/1598">#1598</a> <ul> <li>The CodeQL Action will now upload a SARIF file with debugging information to Code Scanning on failed runs for customers using <code>upload: false</code>. Previously, this was only available for customers using the default value of the <code>upload</code> input.</li> <li>The <code>upload</code> input to the <code>analyze</code> Action now accepts the following values: <ul> <li><code>always</code> is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.</li> <li><code>failure-only</code> is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.</li> <li><code>never</code> avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.</li> <li>The legacy <code>true</code> and <code>false</code> options will be interpreted as <code>always</code> and <code>failure-only</code> respectively.</li> </ul> </li> </ul> </li> </ul> <h2>2.2.8 - 22 Mar 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.5. <a href="https://redirect.github.com/github/codeql-action/pull/1585">#1585</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`29b1f65c5e`"><code>29b1f65</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1669">#1669</a> from github/update-v2.3.3-318bcc7f8</li> <li><a href="`140500d80a`"><code>140500d</code></a> Update changelog for v2.3.3</li> <li><a href="`318bcc7f84`"><code>318bcc7</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1664">#1664</a> from github/update-bundle/codeql-bundle-20230428</li> <li><a href="`f72bf5dfb3`"><code>f72bf5d</code></a> Fix workflow formatting</li> <li><a href="`33461954a5`"><code>3346195</code></a> Merge branch 'main' into update-bundle/codeql-bundle-20230428</li> <li><a href="`8ca5570701`"><code>8ca5570</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1666">#1666</a> from github/aeisenberg/readme-update</li> <li><a href="`b1b3d00b62`"><code>b1b3d00</code></a> Add link to changenote for custom config</li> <li><a href="`d2f6dfd52d`"><code>d2f6dfd</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1665">#1665</a> from github/aeisenberg/config-param</li> <li><a href="`cba5616040`"><code>cba5616</code></a> Update CHANGELOG.md</li> <li><a href="`40c95932fe`"><code>40c9593</code></a> Add changelog note</li> <li>Additional commits viewable in <a href="`f3feb00acb...29b1f65c5e`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.3.2&new-version=2.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-05 10:10:43 -03:00
Carlos Alexandro Becker	803ef6566e	build: use ghaction-upx thanks @crazy-max! Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>	2023-05-03 17:06:46 +00:00
dependabot[bot]	718c42895f	chore(deps): bump actions/github-script from 6.4.0 to 6.4.1 (#3973 ) Bumps [actions/github-script](https://github.com/actions/github-script) from 6.4.0 to 6.4.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/github-script/releases">actions/github-script's releases</a>.</em></p> <blockquote> <h2>v6.4.1</h2> <h2>What's Changed</h2> <ul> <li>Add <code>@octokit/plugin-request-log</code>, to produce debug output for requests by <a href="https://github.com/mjpieters"><code>@mjpieters</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/358">actions/github-script#358</a></li> <li>fix input handling by <a href="https://github.com/mjpieters"><code>@mjpieters</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/357">actions/github-script#357</a></li> <li>Remove unused dependencies by <a href="https://github.com/mjpieters"><code>@mjpieters</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/356">actions/github-script#356</a></li> <li>Default debug to current runner debug state by <a href="https://github.com/mjpieters"><code>@mjpieters</code></a> in <a href="https://redirect.github.com/actions/github-script/pull/363">actions/github-script#363</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/mjpieters"><code>@mjpieters</code></a> made their first contribution in <a href="https://redirect.github.com/actions/github-script/pull/358">actions/github-script#358</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/github-script/compare/v6.4.0...v6.4.1">https://github.com/actions/github-script/compare/v6.4.0...v6.4.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`d7906e4ad0`"><code>d7906e4</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/363">#363</a> from mjpieters/auto_debug</li> <li><a href="`ea954ff83a`"><code>ea954ff</code></a> Default debug to current runner debug state</li> <li><a href="`57c10d434e`"><code>57c10d4</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/356">#356</a> from mjpieters/clean_deps</li> <li><a href="`eae7dc1b88`"><code>eae7dc1</code></a> Merge branch 'main' into clean_deps</li> <li><a href="`f1ab5779d6`"><code>f1ab577</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/357">#357</a> from mjpieters/fix_input_handling</li> <li><a href="`8d9f8fc050`"><code>8d9f8fc</code></a> Fix null handling, covered by integration tests</li> <li><a href="`a4f398e58b`"><code>a4f398e</code></a> Remove unused dependencies</li> <li><a href="`806be26275`"><code>806be26</code></a> Clean and spruce up the integration tests a bit</li> <li><a href="`8d76c9a913`"><code>8d76c9a</code></a> Merge pull request <a href="https://redirect.github.com/actions/github-script/issues/358">#358</a> from mjpieters/request-log-plugin</li> <li><a href="`78f623b2da`"><code>78f623b</code></a> Add <code>@octokit/plugin-request-log</code>, to produce debug output for requests</li> <li>See full diff in <a href="`98814c53be...d7906e4ad0`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/github-script&package-manager=github_actions&previous-version=6.4.0&new-version=6.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-05-02 09:30:17 -03:00
Carlos Alexandro Becker	d4fc62780c	chore(deps): bump many actions	2023-05-02 12:24:53 +00:00
Carlos Alexandro Becker	161bc9e706	build: fix fig.yml	2023-05-02 12:09:23 +00:00
Carlos Alexandro Becker	43ae761179	feat: native upx support (#3965 ) this adds a new root-level `upx` config, so users can pack their binaries with upx :) --------- Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>	2023-05-01 21:22:05 -03:00
Carlos Alexandro Becker	c849cfc2a9	build: fix golangci-lint failing (#3874 ) refs https://github.com/golangci/golangci-lint-action/issues/677 Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>	2023-03-19 22:16:47 -03:00
dependabot[bot]	8f4a6929bd	chore(deps): bump github/codeql-action from 2.2.6 to 2.2.7 (#3870 ) [//]: # (dependabot-start) ⚠️ Dependabot is rebasing this PR ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.6 to 2.2.7. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.2.7 - 15 Mar 2023</h2> <p>No user facing changes.</p> <h2>2.2.6 - 10 Mar 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.4.</li> </ul> <h2>2.2.5 - 24 Feb 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.3. <a href="https://redirect.github.com/github/codeql-action/pull/1543">#1543</a></li> </ul> <h2>2.2.4 - 10 Feb 2023</h2> <p>No user facing changes.</p> <h2>2.2.3 - 08 Feb 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.2. <a href="https://redirect.github.com/github/codeql-action/pull/1518">#1518</a></li> </ul> <h2>2.2.2 - 06 Feb 2023</h2> <ul> <li>Fix an issue where customers using the CodeQL Action with the <a href="https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access">CodeQL Action sync tool</a> would not be able to obtain the CodeQL tools. <a href="https://redirect.github.com/github/codeql-action/pull/1517">#1517</a></li> </ul> <h2>2.2.1 - 27 Jan 2023</h2> <p>No user facing changes.</p> <h2>2.2.0 - 26 Jan 2023</h2> <ul> <li>Improve stability when choosing the default version of CodeQL to use in code scanning workflow runs on Actions on GitHub.com. <a href="https://redirect.github.com/github/codeql-action/pull/1475">#1475</a> <ul> <li>This change addresses customer reports of code scanning alerts on GitHub.com being closed and reopened during the rollout of new versions of CodeQL in the GitHub Actions <a href="https://github.com/actions/runner-images">runner images</a>.</li> <li><strong>No change is required for the majority of workflows</strong>, including: <ul> <li>Workflows on GitHub.com hosted runners using the latest version (<code>v2</code>) of the CodeQL Action.</li> <li>Workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li> <li>Workflows on GitHub Enterprise Server.</li> </ul> </li> <li><strong>A change may be required</strong> for workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>): <ul> <li>Previously, these workflows would obtain the latest version of CodeQL from the Actions runner image.</li> <li>Now, these workflows will download an older, compatible version of CodeQL from GitHub Releases. To use this older version, no change is required. To use the newest version of CodeQL, please update your workflows to reference the latest version of the CodeQL Action (<code>v2</code>).</li> </ul> </li> <li><strong>Internal changes</strong> <ul> <li>These changes will not affect the majority of code scanning workflows. Continue reading only if your workflow uses <a href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@actions/tool-cache</code></a> or relies on the precise location of CodeQL within the Actions tool cache.</li> <li>The tool cache now contains <strong>two</strong> recent CodeQL versions (previously <strong>one</strong>).</li> <li>Each CodeQL version is located under a directory named after the release date and version number, e.g. CodeQL 2.11.6 is now located under <code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously <code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li> </ul> </li> </ul> </li> <li>The maximum number of <a href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF runs</a> per file has been increased from 15 to 20 for users uploading SARIF files to GitHub.com. This change will help ensure that Code Scanning can process SARIF files generated by third-party tools that have many runs. See the <a href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub API documentation</a> for a list of all the limits around uploading SARIF. This change will be released to GitHub Enterprise Server as part of GHES 3.9.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`168b99b3c2`"><code>168b99b</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1581">#1581</a> from github/update-v2.2.7-433fe88bf</li> <li><a href="`bc7318da91`"><code>bc7318d</code></a> Update changelog for v2.2.7</li> <li><a href="`433fe88bf3`"><code>433fe88</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1579">#1579</a> from github/aeisenberg/no-upload-database</li> <li><a href="`c208575433`"><code>c208575</code></a> Avoid uploading databases after integration tests</li> <li><a href="`b8ea587211`"><code>b8ea587</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1578">#1578</a> from github/henrymercer/fix-circular-dependency</li> <li><a href="`65f42e3768`"><code>65f42e3</code></a> Inline minimum version number to avoid circular dependency</li> <li><a href="`d9ceda3823`"><code>d9ceda3</code></a> Add debug logging for feature flag enablement</li> <li><a href="`19f00dc212`"><code>19f00dc</code></a> Bump <code>@ava/typescript</code> from 3.0.1 to 4.0.0 (<a href="https://redirect.github.com/github/codeql-action/issues/1576">#1576</a>)</li> <li><a href="`ec298233c1`"><code>ec29823</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1565">#1565</a> from github/henrymercer/diagnostics-code-scanning-co...</li> <li><a href="`a92a14621b`"><code>a92a146</code></a> Prefer <code>core.info</code> to <code>console.log</code></li> <li>Additional commits viewable in <a href="`16964e90ba...168b99b3c2`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.6&new-version=2.2.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>	2023-03-17 16:09:30 -03:00
Carlos A Becker	b4b6496ea6	build: setup-go update	2023-03-17 16:04:47 -03:00
dependabot[bot]	b623247fb7	chore(deps): bump actions/setup-go from 3.5.0 to 4.0.0 (#3871 ) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.5.0 to 4.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <p>In scope of release we enable cache by default. The action won’t throw an error if the cache can’t be restored or saved. The action will throw a warning message but it won’t stop a build process. The cache can be disabled by specifying <code>cache: false</code>.</p> <pre lang="yaml"><code>steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v4 with: go-version: ‘1.19’ - run: go run hello.go </code></pre> <p>Besides, we introduce such changes as</p> <ul> <li><a href="https://redirect.github.com/actions/setup-go/pull/305">Allow to use only GOCACHE for cache</a></li> <li><a href="https://redirect.github.com/actions/setup-go/pull/315">Bump json5 from 2.2.1 to 2.2.3</a></li> <li><a href="https://redirect.github.com/actions/setup-go/pull/323">Use proper version for primary key in cache</a></li> <li><a href="https://redirect.github.com/actions/setup-go/pull/351">Always add Go bin to the PATH</a></li> <li><a href="https://redirect.github.com/actions/setup-go/pull/350">Add step warning if go-version input is empty</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`4d34df0c23`"><code>4d34df0</code></a> Update configuration files (<a href="https://redirect.github.com/actions/setup-go/issues/348">#348</a>)</li> <li><a href="`fdc0d672a1`"><code>fdc0d67</code></a> Add Go bin if go-version input is empty (<a href="https://redirect.github.com/actions/setup-go/issues/351">#351</a>)</li> <li><a href="`ebfdf6ac95`"><code>ebfdf6a</code></a> add warning if go-version is empty (<a href="https://redirect.github.com/actions/setup-go/issues/350">#350</a>)</li> <li><a href="`b27d76912e`"><code>b27d769</code></a> fix lockfileVersion (<a href="https://redirect.github.com/actions/setup-go/issues/349">#349</a>)</li> <li><a href="`c51a720768`"><code>c51a720</code></a> Enable caching by default with default input (<a href="https://redirect.github.com/actions/setup-go/issues/332">#332</a>)</li> <li><a href="`6b848af622`"><code>6b848af</code></a> Merge pull request <a href="https://redirect.github.com/actions/setup-go/issues/343">#343</a> from akv-platform/reusable-workflow</li> <li><a href="`12741cc209`"><code>12741cc</code></a> Format update-config-files.yml</li> <li><a href="`7a77a6aab6`"><code>7a77a6a</code></a> Merge branch 'main' into reusable-workflow</li> <li><a href="`42a0cc8e14`"><code>42a0cc8</code></a> Add update-config-files.yml</li> <li><a href="`7406d654ad`"><code>7406d65</code></a> Add and configure ESLint and update configuration for Prettier (<a href="https://redirect.github.com/actions/setup-go/issues/341">#341</a>)</li> <li>Additional commits viewable in <a href="`6edd4406fa...4d34df0c23`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-go&package-manager=github_actions&previous-version=3.5.0&new-version=4.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>	2023-03-17 00:40:25 -03:00
dependabot[bot]	5773f1a246	chore(deps): bump actions/checkout from 3.3.0 to 3.4.0 (#3872 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.3.0 to 3.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v3.4.0</h2> <h2>What's Changed</h2> <ul> <li>Upgrade codeql actions to v2 by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/checkout/pull/1209">actions/checkout#1209</a></li> <li>Upgrade dependencies by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/checkout/pull/1210">actions/checkout#1210</a></li> <li>Backfill changelog and bump actions/io by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1225">actions/checkout#1225</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Link"><code>@Link</code></a>- made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1209">actions/checkout#1209</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v3.3.0...v3.4.0">https://github.com/actions/checkout/compare/v3.3.0...v3.4.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v3.4.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1209">Upgrade codeql actions to v2</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1210">Upgrade dependencies</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1225">Upgrade <code>@actions/io</code></a></li> </ul> <h2>v3.3.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/1045">Implement branch list using callbacks from exec function</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1050">Add in explicit reference to private checkout options</a></li> <li>[Fix comment typos (that got added in <a href="https://redirect.github.com/actions/checkout/issues/770">#770</a>)](<a href="https://redirect.github.com/actions/checkout/pull/1057">actions/checkout#1057</a>)</li> </ul> <h2>v3.2.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/942">Add GitHub Action to perform release</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/967">Fix status badge</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1002">Replace datadog/squid with ubuntu/squid Docker image</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/964">Wrap pipeline commands for submoduleForeach in quotes</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1029">Update <code>@actions/io</code> to 1.1.2</a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/1039">Upgrading version to 3.2.0</a></li> </ul> <h2>v3.1.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/939">Use <code>@actions/core</code> <code>saveState</code> and <code>getState</code></a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/922">Add <code>github-server-url</code> input</a></li> </ul> <h2>v3.0.2</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/770">Add input <code>set-safe-directory</code></a></li> </ul> <h2>v3.0.1</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/762">Fixed an issue where checkout failed to run in container jobs due to the new git setting <code>safe.directory</code></a></li> <li><a href="https://redirect.github.com/actions/checkout/pull/744">Bumped various npm package versions</a></li> </ul> <h2>v3.0.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/689">Update to node 16</a></li> </ul> <h2>v2.3.1</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/284">Fix default branch resolution for .wiki and when using SSH</a></li> </ul> <h2>v2.3.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/278">Fallback to the default branch</a></li> </ul> <h2>v2.2.0</h2> <ul> <li><a href="https://redirect.github.com/actions/checkout/pull/258">Fetch all history for all tags and branches when fetch-depth=0</a></li> </ul> <h2>v2.1.1</h2> <ul> <li>Changes to support GHES (<a href="https://redirect.github.com/actions/checkout/pull/236">here</a> and <a href="https://redirect.github.com/actions/checkout/pull/248">here</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`24cb908017`"><code>24cb908</code></a> Bump <code>@actions/io</code> to v1.1.3 (<a href="https://redirect.github.com/actions/checkout/issues/1225">#1225</a>)</li> <li><a href="`27135e314d`"><code>27135e3</code></a> Upgrade dependencies (<a href="https://redirect.github.com/actions/checkout/issues/1210">#1210</a>)</li> <li><a href="`7b187184d1`"><code>7b18718</code></a> Upgrade codeql actions to v2 (<a href="https://redirect.github.com/actions/checkout/issues/1209">#1209</a>)</li> <li>See full diff in <a href="`ac59398561...24cb908017`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3.3.0&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-17 00:11:19 -03:00
dependabot[bot]	2c8d128e1c	chore(deps): bump actions/cache from 3.3.0 to 3.3.1 (#3866 ) Bumps [actions/cache](https://github.com/actions/cache) from 3.3.0 to 3.3.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v3.3.1</h2> <h2>What's Changed</h2> <ul> <li>Reduced download segment size to 128 MB and timeout to 10 minutes by <a href="https://github.com/kotewar"><code>@kotewar</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1129">actions/cache#1129</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v3...v3.3.1">https://github.com/actions/cache/compare/v3...v3.3.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h3>3.0.0</h3> <ul> <li>Updated minimum runner version support from node 12 -> node 16</li> </ul> <h3>3.0.1</h3> <ul> <li>Added support for caching from GHES 3.5.</li> <li>Fixed download issue for files > 2GB during restore.</li> </ul> <h3>3.0.2</h3> <ul> <li>Added support for dynamic cache size cap on GHES.</li> </ul> <h3>3.0.3</h3> <ul> <li>Fixed avoiding empty cache save when no files are available for caching. (<a href="https://redirect.github.com/actions/cache/issues/624">issue</a>)</li> </ul> <h3>3.0.4</h3> <ul> <li>Fixed tar creation error while trying to create tar with path as <code>~/</code> home folder on <code>ubuntu-latest</code>. (<a href="https://redirect.github.com/actions/cache/issues/689">issue</a>)</li> </ul> <h3>3.0.5</h3> <ul> <li>Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (<a href="https://redirect.github.com/actions/cache/pull/834">PR</a>)</li> </ul> <h3>3.0.6</h3> <ul> <li>Fixed <a href="https://redirect.github.com/actions/cache/issues/809">#809</a> - zstd -d: no such file or directory error</li> <li>Fixed <a href="https://redirect.github.com/actions/cache/issues/833">#833</a> - cache doesn't work with github workspace directory</li> </ul> <h3>3.0.7</h3> <ul> <li>Fixed <a href="https://redirect.github.com/actions/cache/issues/810">#810</a> - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.</li> </ul> <h3>3.0.8</h3> <ul> <li>Fix zstd not working for windows on gnu tar in issues <a href="https://redirect.github.com/actions/cache/issues/888">#888</a> and <a href="https://redirect.github.com/actions/cache/issues/891">#891</a>.</li> <li>Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable <code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li> </ul> <h3>3.0.9</h3> <ul> <li>Enhanced the warning message for cache unavailablity in case of GHES.</li> </ul> <h3>3.0.10</h3> <ul> <li>Fix a bug with sorting inputs.</li> <li>Update definition for restore-keys in README.md</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`88522ab9f3`"><code>88522ab</code></a> Reduced download segment size to 128 MB and timeout to 10 minutes (<a href="https://redirect.github.com/actions/cache/issues/1129">#1129</a>)</li> <li>See full diff in <a href="`940f3d7cf1...88522ab9f3`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.3.0&new-version=3.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-13 09:25:53 -03:00
dependabot[bot]	f104c143f7	chore(deps): bump github/codeql-action from 2.2.5 to 2.2.6 (#3864 ) [//]: # (dependabot-start) ⚠️ Dependabot is rebasing this PR ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.5 to 2.2.6. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.2.6 - 10 Mar 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.4.</li> </ul> <h2>2.2.5 - 24 Feb 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.3. <a href="https://redirect.github.com/github/codeql-action/pull/1543">#1543</a></li> </ul> <h2>2.2.4 - 10 Feb 2023</h2> <p>No user facing changes.</p> <h2>2.2.3 - 08 Feb 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.2. <a href="https://redirect.github.com/github/codeql-action/pull/1518">#1518</a></li> </ul> <h2>2.2.2 - 06 Feb 2023</h2> <ul> <li>Fix an issue where customers using the CodeQL Action with the <a href="https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access">CodeQL Action sync tool</a> would not be able to obtain the CodeQL tools. <a href="https://redirect.github.com/github/codeql-action/pull/1517">#1517</a></li> </ul> <h2>2.2.1 - 27 Jan 2023</h2> <p>No user facing changes.</p> <h2>2.2.0 - 26 Jan 2023</h2> <ul> <li>Improve stability when choosing the default version of CodeQL to use in code scanning workflow runs on Actions on GitHub.com. <a href="https://redirect.github.com/github/codeql-action/pull/1475">#1475</a> <ul> <li>This change addresses customer reports of code scanning alerts on GitHub.com being closed and reopened during the rollout of new versions of CodeQL in the GitHub Actions <a href="https://github.com/actions/runner-images">runner images</a>.</li> <li><strong>No change is required for the majority of workflows</strong>, including: <ul> <li>Workflows on GitHub.com hosted runners using the latest version (<code>v2</code>) of the CodeQL Action.</li> <li>Workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li> <li>Workflows on GitHub Enterprise Server.</li> </ul> </li> <li><strong>A change may be required</strong> for workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>): <ul> <li>Previously, these workflows would obtain the latest version of CodeQL from the Actions runner image.</li> <li>Now, these workflows will download an older, compatible version of CodeQL from GitHub Releases. To use this older version, no change is required. To use the newest version of CodeQL, please update your workflows to reference the latest version of the CodeQL Action (<code>v2</code>).</li> </ul> </li> <li><strong>Internal changes</strong> <ul> <li>These changes will not affect the majority of code scanning workflows. Continue reading only if your workflow uses <a href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@actions/tool-cache</code></a> or relies on the precise location of CodeQL within the Actions tool cache.</li> <li>The tool cache now contains <strong>two</strong> recent CodeQL versions (previously <strong>one</strong>).</li> <li>Each CodeQL version is located under a directory named after the release date and version number, e.g. CodeQL 2.11.6 is now located under <code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously <code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li> </ul> </li> </ul> </li> <li>The maximum number of <a href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF runs</a> per file has been increased from 15 to 20 for users uploading SARIF files to GitHub.com. This change will help ensure that Code Scanning can process SARIF files generated by third-party tools that have many runs. See the <a href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub API documentation</a> for a list of all the limits around uploading SARIF. This change will be released to GitHub Enterprise Server as part of GHES 3.9.</li> <li>Update default CodeQL bundle version to 2.12.1. <a href="https://redirect.github.com/github/codeql-action/pull/1498">#1498</a></li> <li>Fix a bug that forced the <code>init</code> Action to run for at least two minutes on JavaScript. <a href="https://redirect.github.com/github/codeql-action/pull/1494">#1494</a></li> </ul> <h2>2.1.39 - 18 Jan 2023</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`16964e90ba`"><code>16964e9</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1570">#1570</a> from github/update-v2.2.6-e12a2ecd4</li> <li><a href="`74cbab4958`"><code>74cbab4</code></a> Update changelog for v2.2.6</li> <li><a href="`e12a2ecd45`"><code>e12a2ec</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1561">#1561</a> from github/dbartol/bundle-2.12.4</li> <li><a href="`d47d4c8047`"><code>d47d4c8</code></a> Merge branch 'main' into dbartol/bundle-2.12.4</li> <li><a href="`f13b180fb8`"><code>f13b180</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1567">#1567</a> from github/aeisenberg/config-parsing-ghes</li> <li><a href="`a3cf96418e`"><code>a3cf964</code></a> Add <code>security-experimental</code> to <code>codeql-config.yml</code> (<a href="https://redirect.github.com/github/codeql-action/issues/1566">#1566</a>)</li> <li><a href="`0c27d0da4a`"><code>0c27d0d</code></a> Add default values to feature flags</li> <li><a href="`e4b846c482`"><code>e4b846c</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/1564">#1564</a> from github/aeisenberg/qlconfig-file</li> <li><a href="`c310f094dd`"><code>c310f09</code></a> Fix name of qlconfig file argument</li> <li><a href="`4366485427`"><code>4366485</code></a> Avoid passing an undefined qlconfig arg</li> <li>Additional commits viewable in <a href="`32dc499307...16964e90ba`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.5&new-version=2.2.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-13 09:25:41 -03:00
dependabot[bot]	6341c3d0dc	chore(deps): bump docker/setup-buildx-action from 2.4.1 to 2.5.0 (#3865 ) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2.4.1 to 2.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v2.5.0</h2> <ul> <li><code>cleanup</code> input to remove builder and temp files by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/213">docker/setup-buildx-action#213</a></li> <li>do not remove builder using the <code>docker</code> driver by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/218">docker/setup-buildx-action#218</a></li> <li>fix current context as builder name for <code>docker</code> driver by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/209">docker/setup-buildx-action#209</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v2.4.1...v2.5.0">https://github.com/docker/setup-buildx-action/compare/v2.4.1...v2.5.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`4b4e9c3e2d`"><code>4b4e9c3</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/216">#216</a> from awendland/patch-1</li> <li><a href="`eb27bcbef3`"><code>eb27bcb</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/218">#218</a> from crazy-max/fix-builder-removal</li> <li><a href="`b7471d4240`"><code>b7471d4</code></a> update generated content</li> <li><a href="`e2df91e851`"><code>e2df91e</code></a> check builder exists before removal</li> <li><a href="`85ce96bcbc`"><code>85ce96b</code></a> do not remove builder using the docker driver</li> <li><a href="`f549413411`"><code>f549413</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/217">#217</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="`99988698a5`"><code>9998869</code></a> update generated content</li> <li><a href="`e30725c029`"><code>e30725c</code></a> Bump <code>@docker/actions-toolkit</code> from 0.1.0-beta.16 to 0.1.0-beta.18</li> <li><a href="`f1dc97ee10`"><code>f1dc97e</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/213">#213</a> from crazy-max/cleanup-input</li> <li><a href="`51ecd0a47f`"><code>51ecd0a</code></a> nit typo in README.md, csv is comma-delimited</li> <li>Additional commits viewable in <a href="`f03ac48505...4b4e9c3e2d`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=2.4.1&new-version=2.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-13 09:25:22 -03:00
dependabot[bot]	8079a92e39	chore(deps): bump actions/cache from 3.2.6 to 3.3.0 (#3858 )	2023-03-10 09:26:14 -03:00
Carlos Alexandro Becker	dd1315b0a7	fix(GO-2023-1621): update from go 1.20.1 to 1.20.2 (#3854 )	2023-03-09 08:24:20 -03:00
dependabot[bot]	008d43d72b	chore(deps): bump sigstore/cosign-installer from 2.8.1 to 3.0.1 (#3818 ) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.8.1 to 3.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's releases</a>.</em></p> <blockquote> <h2>v3.0.1</h2> <h2>What's Changed</h2> <ul> <li>make cosign v2.0.0 default version by <a href="https://github.com/developer-guy"><code>@developer-guy</code></a> in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/109">sigstore/cosign-installer#109</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v3.0.0...v3.0.1">https://github.com/sigstore/cosign-installer/compare/v3.0.0...v3.0.1</a></p> <h2>v3.0.0</h2> <h1>Breaking change</h1> <p>Cosign v2 has some breaking changes. Please check those: <a href="https://blog.sigstore.dev/cosign-2-0-released/">https://blog.sigstore.dev/cosign-2-0-released/</a></p> <h2>What's Changed</h2> <ul> <li>test: add logs when downloading the public keys by <a href="https://github.com/hectorj2f"><code>@hectorj2f</code></a> in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/106">sigstore/cosign-installer#106</a></li> <li>Add support to install v2 and any other cosign release candidate by <a href="https://github.com/hectorj2f"><code>@hectorj2f</code></a> in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/105">sigstore/cosign-installer#105</a></li> <li>v2.0.0 release by <a href="https://github.com/sabre1041"><code>@sabre1041</code></a> in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/108">sigstore/cosign-installer#108</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/hectorj2f"><code>@hectorj2f</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/106">sigstore/cosign-installer#106</a></li> <li><a href="https://github.com/sabre1041"><code>@sabre1041</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/pull/108">sigstore/cosign-installer#108</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/sigstore/cosign-installer/compare/v2...v3.0.0">https://github.com/sigstore/cosign-installer/compare/v2...v3.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`c3667d9942`"><code>c3667d9</code></a> make cosign v2.0.0 default version (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/109">#109</a>)</li> <li><a href="`77560e399f`"><code>77560e3</code></a> v2.0.0 release (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/108">#108</a>)</li> <li><a href="`4079ad3567`"><code>4079ad3</code></a> Bump actions/checkout from 3.2.0 to 3.3.0 (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/107">#107</a>)</li> <li><a href="`55fd288876`"><code>55fd288</code></a> Add support to install v2 and any other cosign release candidate (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/105">#105</a>)</li> <li><a href="`651c379c48`"><code>651c379</code></a> test: add logs when downloading the public keys (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/106">#106</a>)</li> <li><a href="`df6c89e679`"><code>df6c89e</code></a> Bump actions/checkout from 3.1.0 to 3.2.0 (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/102">#102</a>)</li> <li><a href="`31f26445bf`"><code>31f2644</code></a> Bump actions/setup-go from 3.4.0 to 3.5.0 (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/103">#103</a>)</li> <li><a href="`b6757d8360`"><code>b6757d8</code></a> Bump actions/setup-go from 3.3.1 to 3.4.0 (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/101">#101</a>)</li> <li><a href="`7bca8b4116`"><code>7bca8b4</code></a> Bump actions/setup-go from 3.3.0 to 3.3.1 (<a href="https://github-redirect.dependabot.com/sigstore/cosign-installer/issues/99">#99</a>)</li> <li>See full diff in <a href="https://github.com/sigstore/cosign-installer/compare/v2.8.1...v3.0.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=2.8.1&new-version=3.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-02 09:36:26 -03:00
dependabot[bot]	6fc205a93b	chore(deps): bump github/codeql-action from 2.2.4 to 2.2.5 (#3808 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.4 to 2.2.5. <details> <summary>Commits</summary> <ul> <li><a href="`32dc499307`"><code>32dc499</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1547">#1547</a> from github/update-v2.2.5-237a258d2</li> <li><a href="`b742728ac2`"><code>b742728</code></a> Update changelog for v2.2.5</li> <li><a href="`237a258d2b`"><code>237a258</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1543">#1543</a> from github/alexet/update-2.12.3</li> <li><a href="`5972e6d72e`"><code>5972e6d</code></a> Fix lib file</li> <li><a href="`164027e682`"><code>164027e</code></a> Fix bundle versions</li> <li><a href="`3dde1f3512`"><code>3dde1f3</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1540">#1540</a> from cklin/expect-discarded-cache</li> <li><a href="`d7d7567b0e`"><code>d7d7567</code></a> Unit tests for optimizeForLastQueryRun</li> <li><a href="`0e4e857bab`"><code>0e4e857</code></a> Set optimizeForLastQueryRun on last run</li> <li><a href="`08d1f21d4f`"><code>08d1f21</code></a> Calculate customQueryIndices early</li> <li><a href="`f3bd25eefa`"><code>f3bd25e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1544">#1544</a> from github/aeisenberg/clean-cache</li> <li>Additional commits viewable in <a href="`17573ee1cc...32dc499307`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.4&new-version=2.2.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-27 09:34:34 -03:00
dependabot[bot]	4790e2fe3d	chore(deps): bump actions/cache from 3.2.5 to 3.2.6 (#3798 ) Bumps [actions/cache](https://github.com/actions/cache) from 3.2.5 to 3.2.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v3.2.6</h2> <h2>What's Changed</h2> <ul> <li>Updated branch in Force deletion of caches by <a href="https://github.com/t-dedah"><code>@t-dedah</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1108">actions/cache#1108</a></li> <li>Fix zstd not being used after zstd version upgrade to 1.5.4 on hosted runners by <a href="https://github.com/pdotl"><code>@pdotl</code></a> in <a href="https://github-redirect.dependabot.com/actions/cache/pull/1118">actions/cache#1118</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v3...v3.2.6">https://github.com/actions/cache/compare/v3...v3.2.6</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h3>3.0.0</h3> <ul> <li>Updated minimum runner version support from node 12 -> node 16</li> </ul> <h3>3.0.1</h3> <ul> <li>Added support for caching from GHES 3.5.</li> <li>Fixed download issue for files > 2GB during restore.</li> </ul> <h3>3.0.2</h3> <ul> <li>Added support for dynamic cache size cap on GHES.</li> </ul> <h3>3.0.3</h3> <ul> <li>Fixed avoiding empty cache save when no files are available for caching. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li> </ul> <h3>3.0.4</h3> <ul> <li>Fixed tar creation error while trying to create tar with path as <code>~/</code> home folder on <code>ubuntu-latest</code>. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li> </ul> <h3>3.0.5</h3> <ul> <li>Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (<a href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li> </ul> <h3>3.0.6</h3> <ul> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a> - zstd -d: no such file or directory error</li> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a> - cache doesn't work with github workspace directory</li> </ul> <h3>3.0.7</h3> <ul> <li>Fixed <a href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a> - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.</li> </ul> <h3>3.0.8</h3> <ul> <li>Fix zstd not working for windows on gnu tar in issues <a href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a> and <a href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li> <li>Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable <code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li> </ul> <h3>3.0.9</h3> <ul> <li>Enhanced the warning message for cache unavailablity in case of GHES.</li> </ul> <h3>3.0.10</h3> <ul> <li>Fix a bug with sorting inputs.</li> <li>Update definition for restore-keys in README.md</li> </ul> <h3>3.0.11</h3> <ul> <li>Update toolkit version to 3.0.5 to include <code>@actions/core@^1.10.0</code></li> <li>Update <code>@actions/cache</code> to use updated <code>saveState</code> and <code>setOutput</code> functions from <code>@actions/core@^1.10.0</code></li> </ul> <h3>3.1.0-beta.1</h3> <ul> <li>Update <code>@actions/cache</code> on windows to use gnu tar and zstd by default and fallback to bsdtar and zstd if gnu tar is not available. (<a href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li> </ul> <h3>3.1.0-beta.2</h3> <ul> <li>Added support for fallback to gzip to restore old caches on windows.</li> </ul> <h3>3.1.0-beta.3</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`69d9d449ac`"><code>69d9d44</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/cache/issues/1118">#1118</a> from actions/pdotl/zstd-hotfix</li> <li><a href="`8d3a1e02aa`"><code>8d3a1e0</code></a> Fix license</li> <li><a href="`b1db4b4897`"><code>b1db4b4</code></a> Fix zstd breaking after new version release</li> <li><a href="`7d4d6f7ffd`"><code>7d4d6f7</code></a> Update package-lock.json</li> <li><a href="`8f7fa5d715`"><code>8f7fa5d</code></a> Bump <code>@actions/cache</code> version</li> <li><a href="`95b455a0fb`"><code>95b455a</code></a> 3.2.6</li> <li><a href="`81b7281936`"><code>81b7281</code></a> Updated branch in Force deletion of caches (<a href="https://github-redirect.dependabot.com/actions/cache/issues/1108">#1108</a>)</li> <li>See full diff in <a href="`6998d139dd...69d9d449ac`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=3.2.5&new-version=3.2.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-22 09:15:32 -03:00
Carlos A Becker	6d3eb57c7a	fix: update to go 1.20.1	2023-02-17 10:44:02 -03:00
dependabot[bot]	019364be32	chore(deps): bump github/codeql-action from 2.2.3 to 2.2.4 (#3777 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.3 to 2.2.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.2.4 - 10 Feb 2023</h2> <p>No user facing changes.</p> <h2>2.2.3 - 08 Feb 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.2. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1518">#1518</a></li> </ul> <h2>2.2.2 - 06 Feb 2023</h2> <ul> <li>Fix an issue where customers using the CodeQL Action with the <a href="https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access">CodeQL Action sync tool</a> would not be able to obtain the CodeQL tools. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1517">#1517</a></li> </ul> <h2>2.2.1 - 27 Jan 2023</h2> <p>No user facing changes.</p> <h2>2.2.0 - 26 Jan 2023</h2> <ul> <li>Improve stability when choosing the default version of CodeQL to use in code scanning workflow runs on Actions on GitHub.com. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1475">#1475</a> <ul> <li>This change addresses customer reports of code scanning alerts on GitHub.com being closed and reopened during the rollout of new versions of CodeQL in the GitHub Actions <a href="https://github.com/actions/runner-images">runner images</a>.</li> <li><strong>No change is required for the majority of workflows</strong>, including: <ul> <li>Workflows on GitHub.com hosted runners using the latest version (<code>v2</code>) of the CodeQL Action.</li> <li>Workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li> <li>Workflows on GitHub Enterprise Server.</li> </ul> </li> <li><strong>A change may be required</strong> for workflows on GitHub.com hosted runners that are pinned to specific versions of the CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>): <ul> <li>Previously, these workflows would obtain the latest version of CodeQL from the Actions runner image.</li> <li>Now, these workflows will download an older, compatible version of CodeQL from GitHub Releases. To use this older version, no change is required. To use the newest version of CodeQL, please update your workflows to reference the latest version of the CodeQL Action (<code>v2</code>).</li> </ul> </li> <li><strong>Internal changes</strong> <ul> <li>These changes will not affect the majority of code scanning workflows. Continue reading only if your workflow uses <a href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@actions/tool-cache</code></a> or relies on the precise location of CodeQL within the Actions tool cache.</li> <li>The tool cache now contains <strong>two</strong> recent CodeQL versions (previously <strong>one</strong>).</li> <li>Each CodeQL version is located under a directory named after the release date and version number, e.g. CodeQL 2.11.6 is now located under <code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously <code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li> </ul> </li> </ul> </li> <li>The maximum number of <a href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF runs</a> per file has been increased from 15 to 20 for users uploading SARIF files to GitHub.com. This change will help ensure that Code Scanning can process SARIF files generated by third-party tools that have many runs. See the <a href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub API documentation</a> for a list of all the limits around uploading SARIF. This change will be released to GitHub Enterprise Server as part of GHES 3.9.</li> <li>Update default CodeQL bundle version to 2.12.1. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1498">#1498</a></li> <li>Fix a bug that forced the <code>init</code> Action to run for at least two minutes on JavaScript. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1494">#1494</a></li> </ul> <h2>2.1.39 - 18 Jan 2023</h2> <ul> <li>CodeQL Action v1 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see <a href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/">this changelog post</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1467</a></li> <li>Python automatic dependency installation will no longer fail for projects using Poetry that specify <code>virtualenvs.options.no-pip = true</code> in their <code>poetry.toml</code>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431">#1431</a></li> <li>Avoid printing a stack trace and error message when the action fails to find the SHA at the current directory. This will happen in several non-error states and so we now avoid cluttering the log with this message. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1485">#1485</a></li> </ul> <h2>2.1.38 - 12 Jan 2023</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`17573ee1cc`"><code>17573ee</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1534">#1534</a> from github/update-v2.2.4-40babc141</li> <li><a href="`b6975b4b1a`"><code>b6975b4</code></a> Update changelog for v2.2.4</li> <li><a href="`40babc141f`"><code>40babc1</code></a> Tools telemetry: accurately report when feature flags were inaccessible (<a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1532">#1532</a>)</li> <li><a href="`7ba5ed7eed`"><code>7ba5ed7</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1531">#1531</a> from github/mergeback/v2.2.3-to-main-8775e868</li> <li><a href="`21f3020df6`"><code>21f3020</code></a> Update checked-in dependencies</li> <li><a href="`b872c5adfd`"><code>b872c5a</code></a> Update changelog and version after v2.2.3</li> <li>See full diff in <a href="`8775e86802...17573ee1cc`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.3&new-version=2.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-02-13 11:29:01 -03:00

1 2 3 4 5 ...

403 Commits