go/goreleaser
go/goreleaser
1
0
Fork 0
mirror of https://github.com/goreleaser/goreleaser.git synced 2025-01-08 03:31:59 +02:00
Code Issues Releases Activity
0a59bc4773
goreleaser/.github/workflows
History
dependabot[bot] 0a59bc4773
chore(deps): bump github/codeql-action from 2.1.33 to 2.1.35 (#3614) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.33 to 2.1.35.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.35 - 01 Dec 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.34 - 25 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1391">#1391</a></li>
<li>Fixed a bug where some the <code>init</code> action and the
<code>analyze</code> action would have different sets of experimental
feature flags enabled. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1384">#1384</a></li>
</ul>
<h2>2.1.33 - 16 Nov 2022</h2>
<ul>
<li>Go is now analyzed in the same way as other compiled languages such
as C/C++, C#, and Java. This completes the rollout of the feature
described in <a
href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL
Action version 2.1.27</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li>
<li>Bump the minimum CodeQL bundle version to 2.6.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li>
</ul>
<h2>2.1.32 - 14 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li>
<li>Update the ML-powered additional query pack for JavaScript to
version 0.4.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li>
</ul>
<h2>2.1.31 - 04 Nov 2022</h2>
<ul>
<li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been
updated to no longer report uses of hash functions such as
<code>MD5</code> and <code>SHA1</code> even if they are known to be
weak. These hash algorithms are used very often in non-sensitive
contexts, making the query too imprecise in practice. For more
information, see the corresponding change in the <a
href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql
repository</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li>
</ul>
<h2>2.1.30 - 02 Nov 2022</h2>
<ul>
<li>Improve the error message when using CodeQL bundle version 2.7.2 and
earlier in a workflow that runs on a runner image such as
<code>ubuntu-22.04</code> that uses glibc version 2.34 and later. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1334">#1334</a></li>
</ul>
<h2>2.1.29 - 26 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li>
</ul>
<h2>2.1.28 - 18 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li>
<li>Replace uses of GitHub Actions command <code>set-output</code>
because it is now deprecated. See more information in the <a
href="https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/">GitHub
Changelog</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1301">#1301</a></li>
</ul>
<h2>2.1.27 - 06 Oct 2022</h2>
<ul>
<li>We are rolling out a feature of the CodeQL Action in October 2022
that changes the way that Go code is analyzed to be more consistent with
other compiled languages like C/C++, C#, and Java. You do not need to
alter your code scanning workflows. If you encounter any problems,
please <a href="https://github.com/github/codeql-action/issues">file an
issue</a> or open a private ticket with GitHub Support and request an
escalation to engineering.</li>
</ul>
<h2>2.1.26 - 29 Sep 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1267">#1267</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b2a92eb56d"><code>b2a92eb</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1406">#1406</a>
from github/update-v2.1.35-9af9a11d</li>
<li><a
href="075b74d36e"><code>075b74d</code></a>
Update changelog for v2.1.35</li>
<li><a
href="9af9a11da8"><code>9af9a11</code></a>
Stop running fallback Go autobuild if database is finalized (<a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1405">#1405</a>)</li>
<li><a
href="a631f4b016"><code>a631f4b</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1400">#1400</a>
from github/aeisenberg/fix-test-error</li>
<li><a
href="1384ce4ab3"><code>1384ce4</code></a>
Fixes spurious error messages in tests</li>
<li><a
href="160613c380"><code>160613c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1402">#1402</a>
from github/rasmuswl/new-virtualenv</li>
<li><a
href="caf1c5057b"><code>caf1c50</code></a>
python-setup: Remove outdated comment</li>
<li><a
href="c62445de22"><code>c62445d</code></a>
python-setup: rely on new <code>virtualenv</code> for venv creation in
Ubuntu 22.04</li>
<li><a
href="9dac9f748a"><code>9dac9f7</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1396">#1396</a>
from github/mergeback/v2.1.34-to-main-312e093a</li>
<li><a
href="c6e756bb39"><code>c6e756b</code></a>
Update checked-in dependencies</li>
<li>Additional commits viewable in <a
href="678fc3afe2...b2a92eb56d">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.33&new-version=2.1.35)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-12-02 09:08:17 -03:00
..
build.yml chore(deps): bump anchore/sbom-action from 0.13.0 to 0.13.1 (#3533) 2022-11-07 09:11:22 -03:00
codeql.yml chore(deps): bump github/codeql-action from 2.1.33 to 2.1.35 (#3614) 2022-12-02 09:08:17 -03:00
depsreview.yaml chore(deps): bump actions/dependency-review-action from 2 to 3 (#3551) 2022-11-14 09:38:04 -03:00
docs.yml feat: update to go 1.19.3 (#3523) 2022-11-02 14:19:01 -03:00
fig.yml feat: update to go 1.19.3 (#3523) 2022-11-02 14:19:01 -03:00
generate.yml chore(deps): bump stefanzweifel/git-auto-commit-action from 4.15.3 to 4.15.4 (#3535) 2022-11-07 09:11:56 -03:00
gitleaks.yml chore(deps): bump actions/checkout from 3.0.2 to 3.1.0 (#3441) 2022-10-05 09:38:34 -03:00
grype.yml chore: image scan always fails 2022-10-21 08:56:21 -03:00
lint.yml chore(deps): bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 (#3550) 2022-11-14 09:38:20 -03:00
lock.yml chore: workflows being skipped when they shouldn't 2022-09-27 11:52:35 -03:00
milestone.yml chore(deps): bump actions/github-script from 6.3.2 to 6.3.3 (#3464) 2022-10-14 10:16:50 -03:00
release.yml chore: announce goreleaser releases to mastodon (#3569) 2022-11-17 21:42:43 -03:00