mirror of
https://github.com/goreleaser/goreleaser.git
synced 2025-03-25 21:29:14 +02:00
49d6a1561b
Bumps the gomod-deps group with 3 updates: [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/oauth2](https://github.com/golang/oauth2) and [golang.org/x/tools](https://github.com/golang/tools). Updates `golang.org/x/crypto` from 0.10.0 to 0.11.0 <details> <summary>Commits</summary> <ul> <li><a href="e98487292d"><code>e984872</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="183630ada7"><code>183630a</code></a> x509roots: generate a stable sort, for real this time</li> <li><a href="a9e447dde7"><code>a9e447d</code></a> x509roots/fallback: add //go:build go1.20 to bundle.go</li> <li><a href="64c3993f5c"><code>64c3993</code></a> ssh: add hmac-sha2-512</li> <li><a href="5fe8145aca"><code>5fe8145</code></a> x509roots: remove list hash and generation date, change ordering</li> <li><a href="043e94c17a"><code>043e94c</code></a> x509roots: fix generate script argument checking</li> <li><a href="0d502d7cd6"><code>0d502d7</code></a> x509roots: use "generate" build tag</li> <li><a href="0ff60057bb"><code>0ff6005</code></a> ssh/test: set a timeout and WaitDelay on sshd subcommands</li> <li>See full diff in <a href="https://github.com/golang/crypto/compare/v0.10.0...v0.11.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/oauth2` from 0.9.0 to 0.10.0 <details> <summary>Commits</summary> <ul> <li><a href="ec5679f607"><code>ec5679f</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="989acb1bfe"><code>989acb1</code></a> all: update dependencies to their latest versions</li> <li>See full diff in <a href="https://github.com/golang/oauth2/compare/v0.9.0...v0.10.0">compare view</a></li> </ul> </details> <br /> Updates `golang.org/x/tools` from 0.10.0 to 0.11.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golang/tools/releases">golang.org/x/tools's releases</a>.</em></p> <blockquote> <h2>gopls/v0.11.0</h2> <p>This is a small release containing new integrations of vulnerability analysis.</p> <p>Vulnerability analysis for go.mod files can be enabled by configuring the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a> setting to <code>"Imports"</code>. For more information on vulnerability management, see the <a href="https://go.dev/blog/vuln">Vulnerability Management for Go</a> blog post.</p> <h2>Support changes</h2> <p>This release removes support for the <code>"experimentalUseInvalidMetadata"</code> setting, as described in the <a href="https://github.com/golang/tools/releases/tag/gopls%2Fv0.10.0">v0.10.0</a> release. Other settings slated for deprecation in that release remain temporarily supported, but will be removed in v0.12.0.</p> <h2>New Features</h2> <h3>Analyzing dependencies for vulnerabilities</h3> <p>This release offers two different options for detecting vulnerabilities in dependencies. Both are backed by the Go vulnerability database (<a href="https://vuln.go.dev">https://vuln.go.dev</a>) and complement each other.</p> <ul> <li>Imports-based scanning, enabled by the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck": "Imports"</code></a> setting, reports vulnerabilities by scanning the set of packages imported in the workspace. This is fast, but may report more false positives.</li> <li>Integration of the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">golang.org/x/vuln/cmd/govulncheck</a> command-line tool performs a more precise analysis based on-call graph reachability, with fewer false positives. Because it is slower to compute, it must be manually triggered by using "Run govulncheck to verify" code actions or the <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a> code lens on <code>go.mod</code> files.</li> </ul> <p><a href="https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4">https://user-images.githubusercontent.com/4999471/206977512-a821107d-9ffb-4456-9b27-6a6a4f900ba6.mp4</a></p> <!-- raw HTML omitted --> <h3>Additional checks for the <code>loopclosure</code> analyzer</h3> <p>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/analyzers.md#loopclosure"><code>loopclosure</code></a> analyzer, which reports problematic references from a nested function to a variable of an enclosing loop, has been improved to catch more cases. In particular, it now reports when subtests <a href="https://pkg.go.dev/testing#T.Parallel">run in parallel</a> with the loop, a mistake that often results in all but the final test case being skipped.</p> <p><img src="https://user-images.githubusercontent.com/57144380/206764370-7fc3c464-af04-4e4e-bb10-a6a0a89a99e3.png" alt="image" /></p> <h2>Configuration changes</h2> <ul> <li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#vulncheck-enum"><code>"vulncheck"</code></a> setting controls vulnerability analysis based on the Go vulnerability database. If set to <code>"Imports"</code>, gopls will compute diagnostics related to vulnerabilities in dependencies, and will present them in go.mod files.</li> <li>The <a href="https://github.com/golang/tools/blob/master/gopls/doc/settings.md#run-govulncheck"><code>"codelenses.run_govulncheck"</code></a> setting controls the presence of code lenses that run the <a href="https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck">govulncheck</a> command, which takes longer but produces more accurate vulnerability reporting based on call-graph reachability.</li> </ul> <h2>Bug fixes</h2> <p>This version of gopls includes fixes to several bugs, notably:</p> <ul> <li><code>golang/go#57053</code></li> <li><code>golang/go#55837</code><a href="https://redirect.github.com/golang/go/issues/56450">golang/go#56450</a>).</li> <li><code>golang/go#54816</code></li> </ul> <p>A full list of all issues fixed can be found in the <a href="https://github.com/golang/go/milestone/293?closed=1">gopls/v0.11.0</a> milestone. To report a new problem, please file a new issue at <a href="https://go.dev/issues/new">https://go.dev/issues/new</a>.</p> <h2>Thank you to our contributors</h2> <p><a href="https://github.com/Arsen6331"><code>@Arsen6331</code></a>, <a href="https://github.com/SN9NV"><code>@SN9NV</code></a>, <a href="https://github.com/adonovan"><code>@adonovan</code></a>, <a href="https://github.com/bcmills"><code>@bcmills</code></a>, <a href="https://github.com/dle8"><code>@dle8</code></a>, <a href="https://github.com/findleyr"><code>@findleyr</code></a>, <a href="https://github.com/hyangah"><code>@hyangah</code></a>, <a href="https://github.com/pjweinbgo"><code>@pjweinbgo</code></a>, <a href="https://github.com/suzmue"><code>@suzmue</code></a></p> <h2>gopls/v0.10.1</h2> <p>This release contains a fix for <a href="https://redirect.github.com/golang/go/issues/56505">golang/go#56505</a>: a new crash during method completion on variables of type <code>*error</code>.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="675bf3c243"><code>675bf3c</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="ad52c1ca35"><code>ad52c1c</code></a> go/ssa/interp: support conversions to slices of named bytes</li> <li><a href="14ec3c023f"><code>14ec3c0</code></a> gopls/doc/contributing.md: document error handling strategies</li> <li><a href="c495364167"><code>c495364</code></a> go/packages/gopackages: document -mode flag</li> <li><a href="87ad891fe3"><code>87ad891</code></a> gopls/internal/lsp/source/typerefs: move test into _test.go</li> <li><a href="27fd94e099"><code>27fd94e</code></a> internal/fastwalk: doc formatting fixes (including godoc links)</li> <li><a href="d362be0cdb"><code>d362be0</code></a> gopls/internal/lsp/filecache: reduce GC frequency</li> <li><a href="969078be46"><code>969078b</code></a> Revert "go/analysis: add Sizes that matches gc size computations"</li> <li><a href="5aa6acb96f"><code>5aa6acb</code></a> go/analysis: add Sizes that matches gc size computations</li> <li><a href="5a89a3bf26"><code>5a89a3b</code></a> go/vcs: delete</li> <li>Additional commits viewable in <a href="https://github.com/golang/tools/compare/v0.10.0...v0.11.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
GoReleaser
Deliver Go binaries as fast and easily as possible.
GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. All that wrapped in your favorite CI.
Get GoReleaser
Documentation
Documentation is hosted live at https://goreleaser.com
Community
You have questions, need support and or just want to talk about GoReleaser?
Here are ways to get in touch with the GoReleaser community:
You can find the links above and all others here.
Code of Conduct
This project adheres to the Contributor Covenant code of conduct. By participating, you are expected to uphold this code. We appreciate your contribution. Please refer to our contributing guidelines for further information.
Badges
GitHub Sponsors
High-tier sponsors of @caarlos0 on GitHub:
OpenCollective
Sponsors
Does your company use goreleaser? Help keep the project bug-free and feature rich by sponsoring the project.
Backers
Love our work and community? Become a backer.
Contributors
This project exists thanks to all the people who contribute. [Contribute].
Stargazers over time
