goreleaser

mirror of https://github.com/goreleaser/goreleaser.git synced 2025-01-06 03:13:48 +02:00

History

dependabot[bot] 93b582b4bb chore(deps): bump github/codeql-action from 2.1.38 to 2.1.39 (#3704 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.38 to 2.1.39. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's changelog</a>.</em></p> <blockquote> <h1>CodeQL Action Changelog</h1> <h2>[UNRELEASED]</h2> <p>No user facing changes.</p> <h2>2.1.39 - 18 Jan 2023</h2> <ul> <li>CodeQL Action v1 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see <a href="https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/">this changelog post</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1467</a></li> <li>Python automatic dependency installation will no longer fail for projects using Poetry that specify <code>virtualenvs.options.no-pip = true</code> in their <code>poetry.toml</code>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1431">#1431</a></li> <li>Avoid printing a stack trace and error message when the action fails to find the SHA at the current directory. This will happen in several non-error states and so we now avoid cluttering the log with this message. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1485">#1485</a></li> </ul> <h2>2.1.38 - 12 Jan 2023</h2> <ul> <li>Update default CodeQL bundle version to 2.12.0. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1466">#1466</a></li> </ul> <h2>2.1.37 - 14 Dec 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.6. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1433">#1433</a></li> </ul> <h2>2.1.36 - 08 Dec 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.5. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1412">#1412</a></li> <li>Add a step that tries to upload a SARIF file for the workflow run when that workflow run fails. This will help better surface failed code scanning workflow runs. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1393">#1393</a></li> <li>Python automatic dependency installation will no longer consider dependency code installed in venv as user-written, for projects using Poetry that specify <code>virtualenvs.in-project = true</code> in their <code>poetry.toml</code>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1419">#1419</a></li> </ul> <h2>2.1.35 - 01 Dec 2022</h2> <p>No user facing changes.</p> <h2>2.1.34 - 25 Nov 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.4. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1391">#1391</a></li> <li>Fixed a bug where some the <code>init</code> action and the <code>analyze</code> action would have different sets of experimental feature flags enabled. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1384">#1384</a></li> </ul> <h2>2.1.33 - 16 Nov 2022</h2> <ul> <li>Go is now analyzed in the same way as other compiled languages such as C/C++, C#, and Java. This completes the rollout of the feature described in <a href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL Action version 2.1.27</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li> <li>Bump the minimum CodeQL bundle version to 2.6.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li> </ul> <h2>2.1.32 - 14 Nov 2022</h2> <ul> <li>Update default CodeQL bundle version to 2.11.3. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li> <li>Update the ML-powered additional query pack for JavaScript to version 0.4.0. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li> </ul> <h2>2.1.31 - 04 Nov 2022</h2> <ul> <li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been updated to no longer report uses of hash functions such as <code>MD5</code> and <code>SHA1</code> even if they are known to be weak. These hash algorithms are used very often in non-sensitive contexts, making the query too imprecise in practice. For more information, see the corresponding change in the <a href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql repository</a>. <a href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`a34ca99b46`"><code>a34ca99</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1489">#1489</a> from github/update-v2.1.39-597c2041</li> <li><a href="`48fa82899a`"><code>48fa828</code></a> Update changelog for v2.1.39</li> <li><a href="`597c204127`"><code>597c204</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1481">#1481</a> from github/henrymercer/discontinue-v1</li> <li><a href="`e0fd640b0c`"><code>e0fd640</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1487">#1487</a> from github/aeisenberg/queries-check</li> <li><a href="`d731c012c4`"><code>d731c01</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1486">#1486</a> from github/update-supported-enterprise-server-versions</li> <li><a href="`6dfc772b5f`"><code>6dfc772</code></a> Add link to new changelog post</li> <li><a href="`60e58b4a21`"><code>60e58b4</code></a> Merge branch 'main' into henrymercer/discontinue-v1</li> <li><a href="`9b1206e898`"><code>9b1206e</code></a> Fix a bug in cli config parsing</li> <li><a href="`40cfcb0a3f`"><code>40cfcb0</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/github/codeql-action/issues/1485">#1485</a> from github/aeisenberg/comitoid-message</li> <li><a href="`e199504667`"><code>e199504</code></a> Update supported GitHub Enterprise Server versions.</li> <li>Additional commits viewable in <a href="`515828d974...a34ca99b46`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.38&new-version=2.1.39)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>		2023-01-19 09:42:30 -03:00
..
ISSUE_TEMPLATE	docs: use the orgs code of conduct (#2889 )	2022-02-08 14:20:50 -03:00
workflows	chore(deps): bump github/codeql-action from 2.1.38 to 2.1.39 (#3704 )	2023-01-19 09:42:30 -03:00
CODEOWNERS	chore: codeowners	2019-10-10 08:44:42 -03:00
dependabot.yml	chore(deps): update milestone and dependabot config (#2739 )	2021-12-06 09:24:11 -03:00
PULL_REQUEST_TEMPLATE.md	chore: update pr template	2021-05-20 14:26:47 -03:00
stale.yml	chore: stale after 14 days	2018-10-30 21:25:48 -03:00