alternative to #3806
the idea is that both `context.New` and `context.Context{}` are never
used in tests.
not sure yet how much I like it, so far code does look a bit more
readable though.
---------
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
it was forcing to provide the same information as env and yaml.
this should fix it.
---------
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
I have no idea why this never happened before... the lock was
ineffective in `artifacts.List`, which should have caused at least some
race condition at some point.
Anyway, got it once locally while working on another feature, and
couldn't believe my eyes.
Fixed, thank goodness!
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.2.4 to 2.2.5.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="32dc499307"><code>32dc499</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1547">#1547</a>
from github/update-v2.2.5-237a258d2</li>
<li><a
href="b742728ac2"><code>b742728</code></a>
Update changelog for v2.2.5</li>
<li><a
href="237a258d2b"><code>237a258</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1543">#1543</a>
from github/alexet/update-2.12.3</li>
<li><a
href="5972e6d72e"><code>5972e6d</code></a>
Fix lib file</li>
<li><a
href="164027e682"><code>164027e</code></a>
Fix bundle versions</li>
<li><a
href="3dde1f3512"><code>3dde1f3</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1540">#1540</a>
from cklin/expect-discarded-cache</li>
<li><a
href="d7d7567b0e"><code>d7d7567</code></a>
Unit tests for optimizeForLastQueryRun</li>
<li><a
href="0e4e857bab"><code>0e4e857</code></a>
Set optimizeForLastQueryRun on last run</li>
<li><a
href="08d1f21d4f"><code>08d1f21</code></a>
Calculate customQueryIndices early</li>
<li><a
href="f3bd25eefa"><code>f3bd25e</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1544">#1544</a>
from github/aeisenberg/clean-cache</li>
<li>Additional commits viewable in <a
href="17573ee1cc...32dc499307">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.5 to
3.2.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.6</h2>
<h2>What's Changed</h2>
<ul>
<li>Updated branch in Force deletion of caches by <a
href="https://github.com/t-dedah"><code>@t-dedah</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1108">actions/cache#1108</a></li>
<li>Fix zstd not being used after zstd version upgrade to 1.5.4 on
hosted runners by <a
href="https://github.com/pdotl"><code>@pdotl</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1118">actions/cache#1118</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.2.6">https://github.com/actions/cache/compare/v3...v3.2.6</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -> node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files > 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<h3>3.0.11</h3>
<ul>
<li>Update toolkit version to 3.0.5 to include
<code>@actions/core@^1.10.0</code></li>
<li>Update <code>@actions/cache</code> to use updated
<code>saveState</code> and <code>setOutput</code> functions from
<code>@actions/core@^1.10.0</code></li>
</ul>
<h3>3.1.0-beta.1</h3>
<ul>
<li>Update <code>@actions/cache</code> on windows to use gnu tar and
zstd by default and fallback to bsdtar and zstd if gnu tar is not
available. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li>
</ul>
<h3>3.1.0-beta.2</h3>
<ul>
<li>Added support for fallback to gzip to restore old caches on
windows.</li>
</ul>
<h3>3.1.0-beta.3</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="69d9d449ac"><code>69d9d44</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/cache/issues/1118">#1118</a>
from actions/pdotl/zstd-hotfix</li>
<li><a
href="8d3a1e02aa"><code>8d3a1e0</code></a>
Fix license</li>
<li><a
href="b1db4b4897"><code>b1db4b4</code></a>
Fix zstd breaking after new version release</li>
<li><a
href="7d4d6f7ffd"><code>7d4d6f7</code></a>
Update package-lock.json</li>
<li><a
href="8f7fa5d715"><code>8f7fa5d</code></a>
Bump <code>@actions/cache</code> version</li>
<li><a
href="95b455a0fb"><code>95b455a</code></a>
3.2.6</li>
<li><a
href="81b7281936"><code>81b7281</code></a>
Updated branch in Force deletion of caches (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1108">#1108</a>)</li>
<li>See full diff in <a
href="6998d139dd...69d9d449ac">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/disgoorg/disgo](https://github.com/disgoorg/disgo)
from 0.15.0 to 0.15.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/disgoorg/disgo/releases">github.com/disgoorg/disgo's
releases</a>.</em></p>
<blockquote>
<h2>v0.15.1</h2>
<h2>What's Changed</h2>
<ul>
<li><code>handler</code> package improvements by <a
href="https://github.com/Thunder33345"><code>@Thunder33345</code></a>
in <a
href="https://github-redirect.dependabot.com/disgoorg/disgo/pull/240">disgoorg/disgo#240</a></li>
<li>add noop ratelimiter by <a
href="https://github.com/TopiSenpai"><code>@TopiSenpai</code></a> in <a
href="24260e4bca</a></li>
<li>fix some minor broken/incorrect stuff by <a
href="https://github.com/TopiSenpai"><code>@TopiSenpai</code></a> in <a
href="https://github-redirect.dependabot.com/disgoorg/disgo/pull/237">disgoorg/disgo#237</a></li>
<li>allow easy replacing of rest url by <a
href="https://github.com/TopiSenpai"><code>@TopiSenpai</code></a> in <a
href="https://github-redirect.dependabot.com/disgoorg/disgo/pull/236">disgoorg/disgo#236</a></li>
<li>add <code>MessageFlagSuppressNotifications</code> and
<code>MessageFlagFailedToMentionSomeRolesInThread</code> by <a
href="https://github.com/caneleex"><code>@caneleex</code></a> in <a
href="9cbba0bb75</a></li>
<li>add stage message types by <a
href="https://github.com/caneleex"><code>@caneleex</code></a> in <a
href="12bf0cce55</a></li>
<li>add <code>ConnectionTypeInstagram</code> by <a
href="https://github.com/caneleex"><code>@caneleex</code></a> in <a
href="https://github-redirect.dependabot.com/disgoorg/disgo/pull/234">disgoorg/disgo#234</a></li>
<li>add <code>NSFW</code> and <code>VideoQualityMode</code> to
<code>GuildStageVoiceChannelUpdate</code> by <a
href="https://github.com/caneleex"><code>@caneleex</code></a> in <a
href="0f4d6ca243</a></li>
<li>add <code>StorePageAsset</code> cdn endpoint by <a
href="https://github.com/caneleex"><code>@caneleex</code></a> in <a
href="84cfc8d278</a></li>
<li>match <code>MemberFlags</code> const names with other flags by <a
href="https://github.com/caneleex"><code>@caneleex</code></a> in <a
href="4aca7c2ba9</a></li>
</ul>
<h2>Breaking</h2>
<ul>
<li><code>MemberFlags</code> consts have been renamed to follow
appropriate flag naming</li>
<li>renamed <code>Router.HandleCommand</code> to
<code>Router.Command</code></li>
<li>renamed <code>Router.HandleAutocomplete</code> to
<code>Router.Autocomplete</code></li>
<li>renamed <code>Router.HandleComponent</code> to
<code>Router.Component</code></li>
<li>renamed <code>Router.HandleModal</code> to
<code>Router.Modal</code></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/disgoorg/disgo/compare/v0.15.0...v0.15.1">https://github.com/disgoorg/disgo/compare/v0.15.0...v0.15.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="604780dafa"><code>604780d</code></a>
handler improvements (<a
href="https://github-redirect.dependabot.com/disgoorg/disgo/issues/240">#240</a>)</li>
<li><a
href="12bf0cce55"><code>12bf0cc</code></a>
add stage message types (again)</li>
<li><a
href="0f4d6ca243"><code>0f4d6ca</code></a>
add NSFW and VideoQualityMode to GuildStageVoiceChannelUpdate</li>
<li><a
href="356ddcbf0f"><code>356ddcb</code></a>
fix StickerPackBanner cdn endpoint path</li>
<li><a
href="84cfc8d278"><code>84cfc8d</code></a>
add StorePageAsset cdn endpoint</li>
<li><a
href="c377083bc3"><code>c377083</code></a>
add ConnectionTypeInstagram (<a
href="https://github-redirect.dependabot.com/disgoorg/disgo/issues/234">#234</a>)</li>
<li><a
href="5c4a0c559b"><code>5c4a0c5</code></a>
fix double slash in endpoint</li>
<li><a
href="24260e4bca"><code>24260e4</code></a>
add noop rate limiter and proxy example and always send shard info</li>
<li><a
href="b780a98e18"><code>b780a98</code></a>
fix field name capitalization</li>
<li><a
href="4aca7c2ba9"><code>4aca7c2</code></a>
match flag const names</li>
<li>Additional commits viewable in <a
href="https://github.com/disgoorg/disgo/compare/v0.15.0...v0.15.1">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab)
from 0.80.0 to 0.80.2.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b91e64b2b0"><code>b91e64b</code></a>
Reorder a few project fields</li>
<li><a
href="0fa6158375"><code>0fa6158</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/xanzy/go-gitlab/issues/1636">#1636</a>
from apricote/project-import-url</li>
<li><a
href="1ab89ad306"><code>1ab89ad</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/xanzy/go-gitlab/issues/1651">#1651</a>
from xanzy/feature/links</li>
<li><a
href="1fd8df4983"><code>1fd8df4</code></a>
Add release links</li>
<li><a
href="e837f2de87"><code>e837f2d</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/xanzy/go-gitlab/issues/1650">#1650</a>
from blacknon/master</li>
<li><a
href="df4112ac7b"><code>df4112a</code></a>
Rename the option structs and add missing <code>url</code> tags</li>
<li><a
href="f8929bf7ef"><code>f8929bf</code></a>
update. <a
href="https://github-redirect.dependabot.com/xanzy/go-gitlab/pull/1650#discussion_r1102998538">xanzy/go-gitlab#1650</a></li>
<li><a
href="172b5e0c3f"><code>172b5e0</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/xanzy/go-gitlab/issues/1648">#1648</a>
from theoriginalstove/1501-add-changelog-api-support</li>
<li><a
href="39bce07acd"><code>39bce07</code></a>
Refactor…</li>
<li><a
href="3f26370513"><code>3f26370</code></a>
style: added whitespace between license and package name in new
files</li>
<li>Additional commits viewable in <a
href="https://github.com/xanzy/go-gitlab/compare/v0.80.0...v0.80.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps golang from 1.20.0-alpine to 1.20.1-alpine.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.2.3 to 2.2.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.2.4 - 10 Feb 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.3 - 08 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1518">#1518</a></li>
</ul>
<h2>2.2.2 - 06 Feb 2023</h2>
<ul>
<li>Fix an issue where customers using the CodeQL Action with the <a
href="https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access">CodeQL
Action sync tool</a> would not be able to obtain the CodeQL tools. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1517">#1517</a></li>
</ul>
<h2>2.2.1 - 27 Jan 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.0 - 26 Jan 2023</h2>
<ul>
<li>Improve stability when choosing the default version of CodeQL to use
in code scanning workflow runs on Actions on GitHub.com. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1475">#1475</a>
<ul>
<li>This change addresses customer reports of code scanning alerts on
GitHub.com being closed and reopened during the rollout of new versions
of CodeQL in the GitHub Actions <a
href="https://github.com/actions/runner-images">runner images</a>.</li>
<li><strong>No change is required for the majority of
workflows</strong>, including:
<ul>
<li>Workflows on GitHub.com hosted runners using the latest version
(<code>v2</code>) of the CodeQL Action.</li>
<li>Workflows on GitHub.com hosted runners that are pinned to specific
versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li>
<li>Workflows on GitHub Enterprise Server.</li>
</ul>
</li>
<li><strong>A change may be required</strong> for workflows on
GitHub.com hosted runners that are pinned to specific versions of the
CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>):
<ul>
<li>Previously, these workflows would obtain the latest version of
CodeQL from the Actions runner image.</li>
<li>Now, these workflows will download an older, compatible version of
CodeQL from GitHub Releases. To use this older version, no change is
required. To use the newest version of CodeQL, please update your
workflows to reference the latest version of the CodeQL Action
(<code>v2</code>).</li>
</ul>
</li>
<li><strong>Internal changes</strong>
<ul>
<li>These changes will not affect the majority of code scanning
workflows. Continue reading only if your workflow uses <a
href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@actions/tool-cache</code></a>
or relies on the precise location of CodeQL within the Actions tool
cache.</li>
<li>The tool cache now contains <strong>two</strong> recent CodeQL
versions (previously <strong>one</strong>).</li>
<li>Each CodeQL version is located under a directory named after the
release date and version number, e.g. CodeQL 2.11.6 is now located under
<code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously
<code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li>
</ul>
</li>
</ul>
</li>
<li>The maximum number of <a
href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF
runs</a> per file has been increased from 15 to 20 for users uploading
SARIF files to GitHub.com. This change will help ensure that Code
Scanning can process SARIF files generated by third-party tools that
have many runs. See the <a
href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub
API documentation</a> for a list of all the limits around uploading
SARIF. This change will be released to GitHub Enterprise Server as part
of GHES 3.9.</li>
<li>Update default CodeQL bundle version to 2.12.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1498">#1498</a></li>
<li>Fix a bug that forced the <code>init</code> Action to run for at
least two minutes on JavaScript. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1494">#1494</a></li>
</ul>
<h2>2.1.39 - 18 Jan 2023</h2>
<ul>
<li>CodeQL Action v1 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v2. For more information, see <a
href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/">this
changelog post</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1467</a></li>
<li>Python automatic dependency installation will no longer fail for
projects using Poetry that specify <code>virtualenvs.options.no-pip =
true</code> in their <code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431">#1431</a></li>
<li>Avoid printing a stack trace and error message when the action fails
to find the SHA at the
current directory. This will happen in several non-error states and so
we now avoid cluttering the
log with this message. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1485">#1485</a></li>
</ul>
<h2>2.1.38 - 12 Jan 2023</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="17573ee1cc"><code>17573ee</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1534">#1534</a>
from github/update-v2.2.4-40babc141</li>
<li><a
href="b6975b4b1a"><code>b6975b4</code></a>
Update changelog for v2.2.4</li>
<li><a
href="40babc141f"><code>40babc1</code></a>
Tools telemetry: accurately report when feature flags were inaccessible
(<a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1532">#1532</a>)</li>
<li><a
href="7ba5ed7eed"><code>7ba5ed7</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1531">#1531</a>
from github/mergeback/v2.2.3-to-main-8775e868</li>
<li><a
href="21f3020df6"><code>21f3020</code></a>
Update checked-in dependencies</li>
<li><a
href="b872c5adfd"><code>b872c5a</code></a>
Update changelog and version after v2.2.3</li>
<li>See full diff in <a
href="8775e86802...17573ee1cc">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps
[github.com/goreleaser/nfpm/v2](https://github.com/goreleaser/nfpm) from
2.25.1 to 2.26.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/goreleaser/nfpm/releases">github.com/goreleaser/nfpm/v2's
releases</a>.</em></p>
<blockquote>
<h2>v2.26.0</h2>
<h2>Changelog</h2>
<h3>New Features</h3>
<ul>
<li>34276432d6614e28108b2851b298c86342c41e4c: feat(deps): bump
github.com/goreleaser/chglog from 0.4.0 to 0.4.1 (<a
href="https://github-redirect.dependabot.com/goreleaser/nfpm/issues/616">#616</a>)
(<a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot])</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>4d89ab846ee135cbcf3085316bf15c739e8f1cc8: fix: use --clean instead
of --rm-dist (<a
href="https://github.com/caarlos0"><code>@caarlos0</code></a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/goreleaser/nfpm/compare/v2.25.1...v2.26.0">https://github.com/goreleaser/nfpm/compare/v2.25.1...v2.26.0</a></p>
<hr />
<ul>
<li>Check out <a href="https://goreleaser.com">GoReleaser</a>: it
integrates nFPM to the release pipeline of your Go projects.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="34276432d6"><code>3427643</code></a>
feat(deps): bump github.com/goreleaser/chglog from 0.4.0 to 0.4.1 (<a
href="https://github-redirect.dependabot.com/goreleaser/nfpm/issues/616">#616</a>)</li>
<li><a
href="4d89ab846e"><code>4d89ab8</code></a>
fix: use --clean instead of --rm-dist</li>
<li>See full diff in <a
href="https://github.com/goreleaser/nfpm/compare/v2.25.1...v2.26.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
**Note:** Dependabot was ignoring updates to this dependency, but since
you've updated it yourself we've started tracking it for you again. 🤖
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.5.0
to 0.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golang/tools/releases">golang.org/x/tools's
releases</a>.</em></p>
<blockquote>
<h1>gopls/v0.6.0</h1>
<h2>Features</h2>
<h3>Default to <code>-mod=readonly</code></h3>
<p>In Go 1.16, the Go command will no longer modify user's
<code>go.mod</code> and <code>go.sum</code> files automatically (<a
href="https://tip.golang.org/doc/go1.16#tools">https://tip.golang.org/doc/go1.16#tools</a>).
In order to match this behavior, <code>gopls</code> now also uses
<code>-mod=readonly</code> when running the <code>go</code> command. Any
errors reported by the <code>go</code> command will be presented with a
suggested fix to make the necessary fixes to your <code>go.mod</code> or
<code>go.sum</code> files. As a consequence, your workspace may be in a
partially broken state while you have errors in your <code>go.mod</code>
or <code>go.sum</code> file. <a
href="https://github-redirect.dependabot.com/golang/go/issues/42266">golang/go#42266</a>
will mitigate this, but it will likely not be resolved until
February.</p>
<p><strong>Not recommended</strong>: If you must opt out of this
behavior, you can set the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#allowmodfilemodifications-bool"><code>allowModfileModifications</code></a>
configuration to <code>true</code>.</p>
<h3>Default to <code>GOPROXY=off</code></h3>
<p><code>gopls</code> no longer accesses the network implicitly. This
should improve latency in all cases, but it also means that
<code>gopls</code> will no longer automatically download modules that
are not found in your local module cache. The one exception is that
<code>gopls</code> will still download dependencies on start-up, so it
will continue to work as expected if you have cloned a repository for
the first time. If <code>gopls</code> detects a missing module, it will
offer you a suggested fix that downloads it.</p>
<p><strong>Not recommended</strong>: If you must opt out of this
behavior, you can set the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#allowimplicitnetworkaccess-bool"><code>allowImplicitNetworkaccess</code></a>
configuration to <code>true</code>.</p>
<h3>Inclusion/exclusion filters for directories</h3>
<p><code>gopls</code> now supports excluding certain directories in your
workspace from analysis. This may be useful if you are only working on a
subset of a large repository. Note that these filters are not propagated
to the <code>go</code> command, so <code>gopls</code> will still load
metadata for these directories, which may be expensive.
<strong>Configure the included/excluded directories through the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#directoryfilters-string"><code>directoryFilters</code></a>
setting.</strong></p>
<h3>Debouncing for diagnostics</h3>
<p>Diagnostics are now reported instantly only for the packages
currently being edited. Diagnostics for other packages in the workspace
will now only be computed after 250 milliseconds, meaning that, if you
are actively typing, <code>gopls</code> will not start these more costly
operations. This should significantly reduce CPU utilization. This
debounce delay can be optionally configured via the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#experimentaldiagnosticsdelay-timeduration"><code>experimentalDiagnosticsDelay</code></a>
setting.</p>
<h3>"Upgrade direct dependencies" code lens</h3>
<p>In <a
href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.5.4"><code>gopls/v0.5.4</code></a>,
we removed the per-require "Upgrade dependency" code lens, as
it was very high latency, and its UX did not meet user needs. Some users
have expressed disappointment about this, so, to bridge the gap, we have
separated the existing "Upgrade all dependencies" code lens
into two: "Upgrade transitive dependencies" and "Upgrade
direct dependencies". The first is the equivalent of running
<code>go get -u all</code>, while the second <code>go get</code>s each
of your module's requires independently. We are continuing to work on
improving these features and will likely bring back the "Upgrade
dependency" code lens as a suggested fix (learn more: <a
href="https://github-redirect.dependabot.com/golang/go/issues/38339">golang/go#38339</a>).</p>
<h3>Support for filling a partially-populated struct</h3>
<p>The "Fill struct" suggested fix will now be suggested for
structs that have some, but not all, fields set.</p>
<h3>Experimental</h3>
<h4>Field alignment analyzer</h4>
<p>A new analyzer has been added to suggest reordering fields in a
struct in order to achieve the optimal alignment in memory. It is still
off by default, but can be enabled by adding the following to your
<code>gopls</code> settings:</p>
<pre lang="json5"><code>"analyses": {
"fieldalignment": true
}
</code></pre>
<h2>Fixes</h2>
<h3>Improvements to diagnostics tracking</h3>
<p>Diagnostic messages were not being updated correctly when the <a
href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#codelenses-mapstringbool"><code>GC
details</code></a> code lens was toggled on. New handling to
differentiate diagnostics by sources should have resolved this
issue.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d0863f03da"><code>d0863f0</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="545ca87cb5"><code>545ca87</code></a>
gopls/internal/regtest/marker: require go/packages</li>
<li><a
href="1ace7dbcb0"><code>1ace7db</code></a>
go,gopls: remove license from package doc comments</li>
<li><a
href="ebad375bab"><code>ebad375</code></a>
gopls/internal/lsp/protocol: prevent license rendering in godoc</li>
<li><a
href="10a39ef32d"><code>10a39ef</code></a>
gopls/internal/lsp/regtest: address additional comments on
marker.go</li>
<li><a
href="69920f2e63"><code>69920f2</code></a>
gopls/internal/regtest/marker: add missing tests for hover</li>
<li><a
href="24a13c6fad"><code>24a13c6</code></a>
gopls/internal/regtest: fill out features of the new marker tests</li>
<li><a
href="2b149ce94b"><code>2b149ce</code></a>
gopls/internal/regtest: add a regtest-based version of the marker
tests</li>
<li><a
href="edddc5fc32"><code>edddc5f</code></a>
go/packages: don't discard errors loading export data</li>
<li><a
href="a762c82c1b"><code>a762c82</code></a>
go/ssa: add MultiConvert instruction</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.5.0...v0.6.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/cache](https://github.com/actions/cache) from 3.2.4 to
3.2.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.5</h2>
<h2>What's Changed</h2>
<ul>
<li>Rewrite readmes by <a
href="https://github.com/jsoref"><code>@jsoref</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1085">actions/cache#1085</a></li>
<li>Fixed typos and formatting in docs by <a
href="https://github.com/kotewar"><code>@kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1076">actions/cache#1076</a></li>
<li>Fixing paths for OSes by <a
href="https://github.com/kotewar"><code>@kotewar</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1101">actions/cache#1101</a></li>
<li>Release patch version update by <a
href="https://github.com/Phantsure"><code>@Phantsure</code></a> in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1105">actions/cache#1105</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/jsoref"><code>@jsoref</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/actions/cache/pull/1085">actions/cache#1085</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v3...v3.2.5">https://github.com/actions/cache/compare/v3...v3.2.5</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>3.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -> node
16</li>
</ul>
<h3>3.0.1</h3>
<ul>
<li>Added support for caching from GHES 3.5.</li>
<li>Fixed download issue for files > 2GB during restore.</li>
</ul>
<h3>3.0.2</h3>
<ul>
<li>Added support for dynamic cache size cap on GHES.</li>
</ul>
<h3>3.0.3</h3>
<ul>
<li>Fixed avoiding empty cache save when no files are available for
caching. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/624">issue</a>)</li>
</ul>
<h3>3.0.4</h3>
<ul>
<li>Fixed tar creation error while trying to create tar with path as
<code>~/</code> home folder on <code>ubuntu-latest</code>. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/689">issue</a>)</li>
</ul>
<h3>3.0.5</h3>
<ul>
<li>Removed error handling by consuming actions/cache 3.0 toolkit, Now
cache server error handling will be done by toolkit. (<a
href="https://github-redirect.dependabot.com/actions/cache/pull/834">PR</a>)</li>
</ul>
<h3>3.0.6</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/809">#809</a>
- zstd -d: no such file or directory error</li>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/833">#833</a>
- cache doesn't work with github workspace directory</li>
</ul>
<h3>3.0.7</h3>
<ul>
<li>Fixed <a
href="https://github-redirect.dependabot.com/actions/cache/issues/810">#810</a>
- download stuck issue. A new timeout is introduced in the download
process to abort the download if it gets stuck and doesn't finish within
an hour.</li>
</ul>
<h3>3.0.8</h3>
<ul>
<li>Fix zstd not working for windows on gnu tar in issues <a
href="https://github-redirect.dependabot.com/actions/cache/issues/888">#888</a>
and <a
href="https://github-redirect.dependabot.com/actions/cache/issues/891">#891</a>.</li>
<li>Allowing users to provide a custom timeout as input for aborting
download of a cache segment using an environment variable
<code>SEGMENT_DOWNLOAD_TIMEOUT_MINS</code>. Default is 60 minutes.</li>
</ul>
<h3>3.0.9</h3>
<ul>
<li>Enhanced the warning message for cache unavailablity in case of
GHES.</li>
</ul>
<h3>3.0.10</h3>
<ul>
<li>Fix a bug with sorting inputs.</li>
<li>Update definition for restore-keys in README.md</li>
</ul>
<h3>3.0.11</h3>
<ul>
<li>Update toolkit version to 3.0.5 to include
<code>@actions/core@^1.10.0</code></li>
<li>Update <code>@actions/cache</code> to use updated
<code>saveState</code> and <code>setOutput</code> functions from
<code>@actions/core@^1.10.0</code></li>
</ul>
<h3>3.1.0-beta.1</h3>
<ul>
<li>Update <code>@actions/cache</code> on windows to use gnu tar and
zstd by default and fallback to bsdtar and zstd if gnu tar is not
available. (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/984">issue</a>)</li>
</ul>
<h3>3.1.0-beta.2</h3>
<ul>
<li>Added support for fallback to gzip to restore old caches on
windows.</li>
</ul>
<h3>3.1.0-beta.3</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6998d139dd"><code>6998d13</code></a>
Release patch version update (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1105">#1105</a>)</li>
<li><a
href="2b8105bdae"><code>2b8105b</code></a>
Fixing paths for OSes (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1101">#1101</a>)</li>
<li><a
href="e08330827d"><code>e083308</code></a>
Fixed typos and formatting in docs (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1076">#1076</a>)</li>
<li><a
href="22d3da765b"><code>22d3da7</code></a>
Rewrite readmes (<a
href="https://github-redirect.dependabot.com/actions/cache/issues/1085">#1085</a>)</li>
<li>See full diff in <a
href="627f0f41f6...6998d139dd">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab)
from 0.79.1 to 0.80.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9e8a56f022"><code>9e8a56f</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/xanzy/go-gitlab/issues/1645">#1645</a>
from blacknon/master</li>
<li><a
href="c6a3d13acd"><code>c6a3d13</code></a>
Merge remote-tracking branch 'refs/remotes/origin/master'</li>
<li><a
href="2544230e10"><code>2544230</code></a>
UpdateSnippetOptionにFilesを追加</li>
<li><a
href="9e38892900"><code>9e38892</code></a>
Formatted the project using gofumpt</li>
<li><a
href="f46a273ab9"><code>f46a273</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/xanzy/go-gitlab/issues/1597">#1597</a>
from abdellaui/bugfix/rename_projects_NameRegexDelet...</li>
<li><a
href="79679f4c0b"><code>79679f4</code></a>
Tweak PR a little…</li>
<li><a
href="4b328c1100"><code>4b328c1</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/xanzy/go-gitlab/issues/1612">#1612</a>
from FantasyTeddy/update-protected-branches</li>
<li><a
href="1b76c1c3c7"><code>1b76c1c</code></a>
Few minor tweaks…</li>
<li><a
href="51f101e636"><code>51f101e</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/xanzy/go-gitlab/issues/1642">#1642</a>
from theoriginalstove/1583-custom-headers</li>
<li><a
href="ab870cff19"><code>ab870cf</code></a>
Tweak the PR a little</li>
<li>Additional commits viewable in <a
href="https://github.com/xanzy/go-gitlab/compare/v0.79.1...v0.80.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This option was still being supported, even though undocumented, for
many years now.
I think it's finally time to sunset it for good, in 6 months :)
---------
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.5.0
to 0.6.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a9f661cb6e"><code>a9f661c</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="310bfa40f1"><code>310bfa4</code></a>
cryptobyte: reject negative Unwrite argument</li>
<li><a
href="59ff47295c"><code>59ff472</code></a>
all: fix some comments</li>
<li>See full diff in <a
href="https://github.com/golang/crypto/compare/v0.5.0...v0.6.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.6.0 to
0.7.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="71a9c9afc4"><code>71a9c9a</code></a>
all: fix some comments</li>
<li>See full diff in <a
href="https://github.com/golang/text/compare/v0.6.0...v0.7.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.2.2 to 2.2.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.2.3 - 08 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1518">#1518</a></li>
</ul>
<h2>2.2.2 - 06 Feb 2023</h2>
<ul>
<li>Fix an issue where customers using the CodeQL Action with the <a
href="https://docs.github.com/en/enterprise-server@3.7/admin/code-security/managing-github-advanced-security-for-your-enterprise/configuring-code-scanning-for-your-appliance#configuring-codeql-analysis-on-a-server-without-internet-access">CodeQL
Action sync tool</a> would not be able to obtain the CodeQL tools. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1517">#1517</a></li>
</ul>
<h2>2.2.1 - 27 Jan 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.0 - 26 Jan 2023</h2>
<ul>
<li>Improve stability when choosing the default version of CodeQL to use
in code scanning workflow runs on Actions on GitHub.com. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1475">#1475</a>
<ul>
<li>This change addresses customer reports of code scanning alerts on
GitHub.com being closed and reopened during the rollout of new versions
of CodeQL in the GitHub Actions <a
href="https://github.com/actions/runner-images">runner images</a>.</li>
<li><strong>No change is required for the majority of
workflows</strong>, including:
<ul>
<li>Workflows on GitHub.com hosted runners using the latest version
(<code>v2</code>) of the CodeQL Action.</li>
<li>Workflows on GitHub.com hosted runners that are pinned to specific
versions of the CodeQL Action from <code>v2.2.0</code> onwards.</li>
<li>Workflows on GitHub Enterprise Server.</li>
</ul>
</li>
<li><strong>A change may be required</strong> for workflows on
GitHub.com hosted runners that are pinned to specific versions of the
CodeQL Action before <code>v2.2.0</code> (e.g. <code>v2.1.32</code>):
<ul>
<li>Previously, these workflows would obtain the latest version of
CodeQL from the Actions runner image.</li>
<li>Now, these workflows will download an older, compatible version of
CodeQL from GitHub Releases. To use this older version, no change is
required. To use the newest version of CodeQL, please update your
workflows to reference the latest version of the CodeQL Action
(<code>v2</code>).</li>
</ul>
</li>
<li><strong>Internal changes</strong>
<ul>
<li>These changes will not affect the majority of code scanning
workflows. Continue reading only if your workflow uses <a
href="https://github.com/actions/toolkit/tree/main/packages/tool-cache"><code>@actions/tool-cache</code></a>
or relies on the precise location of CodeQL within the Actions tool
cache.</li>
<li>The tool cache now contains <strong>two</strong> recent CodeQL
versions (previously <strong>one</strong>).</li>
<li>Each CodeQL version is located under a directory named after the
release date and version number, e.g. CodeQL 2.11.6 is now located under
<code>CodeQL/2.11.6-20221211/x64/codeql</code> (previously
<code>CodeQL/0.0.0-20221211/x64/codeql</code>).</li>
</ul>
</li>
</ul>
</li>
<li>The maximum number of <a
href="https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#run-object">SARIF
runs</a> per file has been increased from 15 to 20 for users uploading
SARIF files to GitHub.com. This change will help ensure that Code
Scanning can process SARIF files generated by third-party tools that
have many runs. See the <a
href="https://docs.github.com/en/rest/code-scanning#upload-an-analysis-as-sarif-data">GitHub
API documentation</a> for a list of all the limits around uploading
SARIF. This change will be released to GitHub Enterprise Server as part
of GHES 3.9.</li>
<li>Update default CodeQL bundle version to 2.12.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1498">#1498</a></li>
<li>Fix a bug that forced the <code>init</code> Action to run for at
least two minutes on JavaScript. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1494">#1494</a></li>
</ul>
<h2>2.1.39 - 18 Jan 2023</h2>
<ul>
<li>CodeQL Action v1 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v2. For more information, see <a
href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/">this
changelog post</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1467</a></li>
<li>Python automatic dependency installation will no longer fail for
projects using Poetry that specify <code>virtualenvs.options.no-pip =
true</code> in their <code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431">#1431</a></li>
<li>Avoid printing a stack trace and error message when the action fails
to find the SHA at the
current directory. This will happen in several non-error states and so
we now avoid cluttering the
log with this message. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1485">#1485</a></li>
</ul>
<h2>2.1.38 - 12 Jan 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1466</a></li>
</ul>
<h2>2.1.37 - 14 Dec 2022</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8775e86802"><code>8775e86</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1530">#1530</a>
from github/update-v2.2.3-c4e22e9fc</li>
<li><a
href="a2ad80b966"><code>a2ad80b</code></a>
Update changelog for v2.2.3</li>
<li><a
href="c4e22e9fce"><code>c4e22e9</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1529">#1529</a>
from github/henrymercer/remove-bypass-toolcache-flags</li>
<li><a
href="db534af2ae"><code>db534af</code></a>
Remove feature flags for bypassing the toolcache</li>
<li><a
href="4369dda4ae"><code>4369dda</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1518">#1518</a>
from github/cklin/codeql-cli-2.12.2</li>
<li><a
href="4f08c2cf20"><code>4f08c2c</code></a>
Bump default CodeQL version to 2.12.2</li>
<li><a
href="81644f35ff"><code>81644f3</code></a>
Add max line length of 120 to linter (<a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1524">#1524</a>)</li>
<li><a
href="9ab6aa64a0"><code>9ab6aa6</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1526">#1526</a>
from github/mergeback/v2.2.2-to-main-39d8d7e7</li>
<li><a
href="256973e279"><code>256973e</code></a>
Update checked-in dependencies</li>
<li><a
href="59b25b480f"><code>59b25b4</code></a>
Update changelog and version after v2.2.2</li>
<li>Additional commits viewable in <a
href="39d8d7e78f...8775e86802">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.4.0
to 0.5.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="adbaf66a0b"><code>adbaf66</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="e07593a4c4"><code>e07593a</code></a>
oauth2: remove direct dependency on golang.org/x/net</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.4.0...v0.5.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Hi, I found a bug in the GitLab client that leads to not correctly
prepend/append/keep releases notes.
This will use the original `Description` instead of the pre-rendered
`DescriptionHTML`. Furthermore, as `include_html_description` is not
enabled, the `DescriptionHTML` field is always empty.
[GitLab
documentation](https://docs.gitlab.com/ee/api/releases/index.html#get-a-release-by-a-tag-name)
otherwise we might get warnings like
> warning: GOCOVERDIR not set, no coverage data emitted
---------
Signed-off-by: Carlos A Becker <caarlos0@users.noreply.github.com>
