Bumps [actions/github-script](https://github.com/actions/github-script)
from 6.1.1 to 6.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/github-script/releases">actions/github-script's
releases</a>.</em></p>
<blockquote>
<h2>v6.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update <code>@octokit/plugin-rest-endpoint-methods</code> to version
6.x by <a href="https://github.com/desrosj"><code>@desrosj</code></a>
in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/283">actions/github-script#283</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/desrosj"><code>@desrosj</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/github-script/pull/283">actions/github-script#283</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/github-script/compare/v6.1.1...v6.2.0">https://github.com/actions/github-script/compare/v6.1.1...v6.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c713e510db"><code>c713e51</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/github-script/issues/283">#283</a>
from desrosj/update/plugin-rest-endpoint-methods</li>
<li><a
href="fc8cad1c91"><code>fc8cad1</code></a>
Update licenses</li>
<li><a
href="4d94eeabef"><code>4d94eea</code></a>
Update version in <code>package*.json</code> files.</li>
<li><a
href="b9c21f17c0"><code>b9c21f1</code></a>
Update <code>@octokit/plugin-rest-endpoint-methods</code> to
v6.3.0.</li>
<li><a
href="6e70142499"><code>6e70142</code></a>
Update <code>@octokit/plugin-rest-endpoint-methods</code>.</li>
<li>See full diff in <a
href="d50f485531...c713e510db">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.2.1 to 3.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p>
<blockquote>
<h2>Support architecture input and fix Expand-Archive issue</h2>
<p>This release introduces support for architecture input for <code>setup-go</code> action <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/253">#253</a>. It also adds support for arm32 architecture for self-hosted runners. If architecture is not provided action will use default runner architecture.
Example of usage:</p>
<pre lang="yaml"><code>steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: '1.16'
architecture: arm
</code></pre>
<p>This release also provides fix for issue <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/241">#241</a>. <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/250">#250</a> adds support for using explicit filename for Windows which is necessary to satisfy Expand-Archive's requirement on .zip extension.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="268d8c0ca0"><code>268d8c0</code></a> Add support for arm32 go arch (<a href="https://github-redirect.dependabot.com/actions/setup-go/issues/253">#253</a>)</li>
<li><a href="f279813975"><code>f279813</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/250">#250</a> from jromero/feature/windows-download-filename</li>
<li><a href="1022489cb7"><code>1022489</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/249">#249</a> from e-korolevskii/main</li>
<li><a href="e0dce94eb0"><code>e0dce94</code></a> Use explicit filename when downloading Windows go package</li>
<li><a href="dab57c7c68"><code>dab57c7</code></a> update docs</li>
<li><a href="f2e56d8191"><code>f2e56d8</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/setup-go/issues/246">#246</a> from e-korolevskii/Update-contributors-guide</li>
<li><a href="edd0aca6b1"><code>edd0aca</code></a> update tests path</li>
<li><a href="f3e3b7c2f2"><code>f3e3b7c</code></a> Update docs/contributors.md</li>
<li><a href="4a0c081511"><code>4a0c081</code></a> Update docs/contributors.md</li>
<li><a href="185e7f2f01"><code>185e7f2</code></a> Update docs/contributors.md</li>
<li>Additional commits viewable in <a href="84cbf80943...268d8c0ca0">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps github/codeql-action from 2.1.19 to 2.1.20.
Commits
7fee4ca Merge pull request #1199 from github/update-v2.1.20-f0a1a35a
5259c5e Update changelog for v2.1.20
f0a1a35 Merge pull request #1197 from github/henrymercer/fix-release-when-package-con...
a074542 Tweak whitespace in checklist for consistency
53a7a27 Merge pull request #1193 from github/dependabot/npm_and_yarn/actions/core-1.9.1
2927215 Apply suggestions from code review
c145823 Make "Update release branch" workflow fail if npm version fails
66bb63a Merge pull request #1194 from github/mergeback/v2.1.19-to-main-f5d217be
0ce8ba5 Update checked-in dependencies
5354fac Update changelog and version after v2.1.19
Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps actions/cache from 3.0.7 to 3.0.8.
Release notes
Sourced from actions/cache's releases.
v3.0.8
What's Changed
Fix zstd not working for windows on gnu tar in issues.
Allow users to provide a custom timeout as input for aborting cache segment download using the environment variable SEGMENT_DOWNLOAD_TIMEOUT_MIN. Default is 60 minutes.
Changelog
Sourced from actions/cache's changelog.
Releases
3.0.0
Updated minimum runner version support from node 12 -> node 16
3.0.1
Added support for caching from GHES 3.5.
Fixed download issue for files > 2GB during restore.
3.0.2
Added support for dynamic cache size cap on GHES.
3.0.3
Fixed avoiding empty cache save when no files are available for caching. (issue)
3.0.4
Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (issue)
3.0.5
Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (PR)
3.0.6
Fixed#809 - zstd -d: no such file or directory error
Fixed#833 - cache doesn't work with github workspace directory
3.0.7
Fixed#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.
3.0.8
Fix zstd not working for windows on gnu tar in issues #888 and #891.
Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MIN. Default is 60 minutes.
Commits
fd5de65 Merge pull request #899 from actions/kotewar/download-and-compression-fix
d49b6bb Updated actions/cache toolkit dep to v3.0.4
See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
⚠️ Dependabot is rebasing this PR ⚠️
Rebasing might not happen immediately, so don't worry if this takes some time.
Note: if you make any changes to this PR yourself, they will take precedence over the rebase.
Bumps github/codeql-action from 2.1.18 to 2.1.19.
Changelog
Sourced from github/codeql-action's changelog.
CodeQL Action Changelog
[UNRELEASED]
No user facing changes.
2.1.19 - 17 Aug 2022
Add the ability to filter queries from a code scanning run by using the query-filters option in the code scanning configuration file. #1098
In debug mode, debug artifacts are now uploaded even if a step in the Actions workflow fails. #1159
Update default CodeQL bundle version to 2.10.3. #1178
The combination of python2 and Pipenv is no longer supported. #1181
2.1.18 - 03 Aug 2022
Update default CodeQL bundle version to 2.10.2. #1156
2.1.17 - 28 Jul 2022
Update default CodeQL bundle version to 2.10.1. #1143
2.1.16 - 13 Jul 2022
You can now quickly debug a job that uses the CodeQL Action by re-running the job from the GitHub UI and selecting the "Enable debug logging" option. #1132
You can now see diagnostic messages produced by the analysis in the logs of the analyze Action by enabling debug mode. To enable debug mode, pass debug: true to the init Action, or enable step debug logging. This feature is available for CodeQL CLI version 2.10.0 and later. #1133
2.1.15 - 28 Jun 2022
CodeQL query packs listed in the packs configuration field will be skipped if their target language is not being analyzed in the current Actions job. Previously, this would throw an error. #1116
The combination of python2 and poetry is no longer supported. See actions/setup-python#374 for more details. #1124
Update default CodeQL bundle version to 2.10.0. #1123
2.1.14 - 22 Jun 2022
No user facing changes.
2.1.13 - 21 Jun 2022
Update default CodeQL bundle version to 2.9.4. #1100
2.1.12 - 01 Jun 2022
Update default CodeQL bundle version to 2.9.3. #1084
2.1.11 - 17 May 2022
Update default CodeQL bundle version to 2.9.2. #1074
2.1.10 - 10 May 2022
... (truncated)
Commits
f5d217b Merge pull request #1192 from github/update-v2.1.19-5502fefd
7c3d74c Move changelog note to right release
04ea3b1 Update changelog for v2.1.19
5502fef Merge pull request #1191 from github/edoardo/fix-upload-times
0349bb0 Fix TRAP cache upload timing
3154c4f Merge pull request #1190 from github/henrymercer/fix-debug-artifact-tests-on-...
b21cab9 Mock expect-error input to avoid errors in Action integration tests
219a937 Require test mode to be set to use expect-error input
ff9d53b Dump GitHub event in debug artifacts failure workflow
5f4cfb0 Merge pull request #1188 from github/edoardo/round-fields
Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps anchore/sbom-action from 0.11.0 to 0.12.0.
Release notes
Sourced from anchore/sbom-action's releases.
v0.12.0
Changes in v0.12.0
Update dependencies (#317) kzantow
Update Syft to v0.53.4 (#266) anchore-actions-token-generator
Expose upload-artifact and upload-release-assets inputs (#277) joshowen
Document the dependency-snapshot property (#297) kzantow
Commits
b5042e9 Update dependencies (#317)
ac5a533 Update Syft to v0.53.4 (#266)
0f0f981 Expose upload-artifact and upload-release-assets inputs (#277)
6fb484a Document the dependency-snapshot property (#297)
See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps actions/checkout from 3 to 3.0.2.
Release notes
Sourced from actions/checkout's releases.
v3.0.2
What's Changed
Add set-safe-directory input to allow customers to take control. by @TingluoHuang in actions/checkout#770
Prepare changelog for v3.0.2. by @TingluoHuang in actions/checkout#777
Full Changelog: actions/checkout@v3...v3.0.2
v3.0.1
Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory
Bumped various npm package versions
Changelog
Sourced from actions/checkout's changelog.
Changelog
v3.0.2
Add input set-safe-directory
v3.0.1
Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory
Bumped various npm package versions
v3.0.0
Update to node 16
v2.3.1
Fix default branch resolution for .wiki and when using SSH
v2.3.0
Fallback to the default branch
v2.2.0
Fetch all history for all tags and branches when fetch-depth=0
v2.1.1
Changes to support GHES (here and here)
v2.1.0
Group output
Changes to support GHES alpha release
Persist core.sshCommand for submodules
Add support ssh
Convert submodule SSH URL to HTTPS, when not using SSH
Add submodule support
Follow proxy settings
Fix ref for pr closed event when a pr is merged
Fix issue checking detached when git less than 2.22
v2.0.0
Do not pass cred on command line
Add input persist-credentials
Fallback to REST API to download repo
v2 (beta)
Improved fetch performance
... (truncated)
Commits
See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Bumps actions/cache from 661fd3eb7f2f20d8c7c84bc2b0509efd7a826628 to 3.0.7. This release includes the previously tagged commit.
Release notes
Sourced from actions/cache's releases.
v3.0.7
What's Changed
Fix for the download stuck problem has been added in actions/cache for users who were intermittently facing the issue. As part of this fix, new timeout has been introduced in the download step to stop the download if it doesn't complete within an hour and run the rest of the workflow without erroring out.
Changelog
Sourced from actions/cache's changelog.
Releases
3.0.0
Updated minimum runner version support from node 12 -> node 16
3.0.1
Added support for caching from GHES 3.5.
Fixed download issue for files > 2GB during restore.
3.0.2
Added support for dynamic cache size cap on GHES.
3.0.3
Fixed avoiding empty cache save when no files are available for caching. (issue)
3.0.4
Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (issue)
3.0.5
Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (PR)
3.0.6
Fixed#809 - zstd -d: no such file or directory error
Fixed#833 - cache doesn't work with github workspace directory
3.0.7
Fixed#810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.
Commits
a7c34ad Merge pull request #894 from actions/kotewar/update-toolkit-version
83394c9 Updated cache version in license file
e839c25 Updated actions/cache version to 3.0.3
33a923d Added release information
a404368 Updated actions/cache version to 3.0.2
f427802 Merge pull request #887 from actions/pdotl-version-patch
9916fe1 Update cache version in licences
318935e Update README and RELEASES
85efbb5 Update cache npm module to latest
4387dbc Merge pull request #835 from shivamarora1/clojure-lein-example
Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Bumps actions/github-script from 7f4e771d2b3022fa3b8bac499d4a547619f3ab10 to 6.1.1. This release includes the previously tagged commit.
Release notes
Sourced from actions/github-script's releases.
v6.1.1
What's Changed
Bump shell-quote from 1.7.2 to 1.7.3 by @dependabot in actions/github-script#270
Bump @actions/core to 1.9.1 by @cory-miller in actions/github-script#280
Non-code changes
Create codeql-analysis.yml by @joshmgross in actions/github-script#267
Improve grammar by @kevgo in actions/github-script#269
New Contributors
@kevgo made their first contribution in actions/github-script#269
@cory-miller made their first contribution in actions/github-script#280
Full Changelog: actions/github-script@v6.1.0...v6.1.1
Commits
d50f485 Merge pull request #280 from cory-miller/main
1bdf7b2 Bump @actions/core to 1.9.1
46a476b Merge pull request #269 from kevgo/patch-1
b682e42 Merge pull request #270 from actions/dependabot/npm_and_yarn/shell-quote-1.7.3
0cc15d0 Bump shell-quote from 1.7.2 to 1.7.3
ebee604 Improve grammar
377d38f Merge pull request #267 from actions/joshmgross/add-codeql
174e812 Create codeql-analysis.yml
7a5c598 Merge pull request #263 from smaeda-ks/update-actions-core
cb1c1eb Classify http-client licenses
Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat(ci): compile with go 1.19
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* test: fixing template test
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* test: improve check
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* fix: more test and docs fixes
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* test: fix
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* test: fix
* test: fix
* fix: lint
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* test: docker templates
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* fix: godoc for RequireTemplateError
* chore(ci): improve tparse output
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* chore(ci): improve tparse output
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* fix(ci): gitleaks license
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* fix: gitleaks config path
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* chore(ci): tparse
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* fix: always set json
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* fix: nocolor
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* fix: do not need tparse locally
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
* fix: build
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
> Dependency Review GitHub Action in your repository to enforce dependency
> reviews on your pull requests.
> The action scans for vulnerable versions of dependencies introduced by package version
> changes in pull requests,
> and warns you about the associated security vulnerabilities.
> This gives you better visibility of what's changing in a pull request,
> and helps prevent vulnerabilities being added to your repository.
https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
* fix(ci): use setup-krew action instead of go install
also switch back to main krew as my PR was recently released.
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: use go install
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: use go install
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* feat: more go 1.18
moved more workflows to go 1.18, switched some code to strings.Cut
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* revert unwanted change
* chore: code of conduct links
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* docs: use the orgs code of conduct
we dont need to keep a copy of it in every project, a single one should do.
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* feat: keyless signing
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: perms
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: rm old pubkey
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* docs: missing experimental flag
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* docs: true keyless
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* docs: improve install
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: simplifying
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* docs: improvements
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* docs: improvements
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* docs: trying to improve docs
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: config
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: package write
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* feat: use go 1.17
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* fix: go mod tidy
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* test: fix failing test
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* ci: increase lint timeout
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* ci: increase lint timeout
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* feat: sign docker images with cosign
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* fix: improve sign logging
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* fix: do not sign if skip publish is set
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* fix: install cosign
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* docs: fix wrong docs
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* feat: --auto-snapshot
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* docs: fix
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* fix: workflow
Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
* feat: lint on specific ci step
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* fix: run on push
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* docs: contributing
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* docs: contributing
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* fix: action
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* fix: lint issues
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* fix: lint issues
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* feat: support apple silicon
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* fix: test
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* feat: go 1.16
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* feat: go 1.16
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* feat: go 1.16
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* test: fix
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* fix: test case
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* Update .github/workflows/build.yml
Co-authored-by: Radek Simko <radek.simko@gmail.com>
* docs: go 1.16
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
Co-authored-by: Radek Simko <radek.simko@gmail.com>
* feat: multi-arch docker images
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* feat: split files
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* docs: manifest
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* refactor: split files
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* test: added some
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* docs: flags
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* fix: fmt
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* fix: diff
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* ci: enable experimental
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* ci: multi-arch goreleaser images
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* Update to Go 1.15 image (#1758)
* feat: use go 1.15
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* fix: remove darwin_386
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
Co-authored-by: Simon Jürgensmeyer <sj14@users.noreply.github.com>
* fix(ci): htmltest failing with 416 on some sites
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* fix: headers config
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* fix: action
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
* fix: path
Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
