ossf / package-feeds

Feed parsing for language package manager updates
Apache License 2.0
71 stars 24 forks source link

Bump hashicorp/setup-terraform from 2.0.3 to 3.1.2 #483

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 3 months ago

Bumps hashicorp/setup-terraform from 2.0.3 to 3.1.2.

Release notes

Sourced from hashicorp/setup-terraform's releases.

v3.1.2

NOTES:

  • This release introduces no functional changes. It does however include dependency updates which address upstream CVEs. (#430)

v3.1.1

BUG FIXES:

  • wrapper: Fix wrapper to output to stdout and stderr immediately when data is received (#395)

v3.1.0

ENHANCEMENTS:

  • Automatically fallback to darwin/amd64 for Terraform versions before 1.0.2 as releases for darwin/arm64 are not available (#409)

v3.0.0

NOTES:

  • Updated default runtime to node20 (#346)
  • The wrapper around the installed Terraform binary has been fixed to return the exact STDOUT and STDERR from Terraform when executing commands. Previous versions of setup-terraform may have required workarounds to process the STDOUT in bash, such as filtering out the first line or selectively parsing STDOUT with jq. These workarounds may need to be adjusted with v3.0.0, which will now return just the STDOUT/STDERR from Terraform with no errant characters/statements. (#367)

BUG FIXES:

  • Fixed malformed stdout when wrapper is enabled (#367)
Changelog

Sourced from hashicorp/setup-terraform's changelog.

3.1.2 (2024-08-19)

NOTES:

  • This release introduces no functional changes. It does however include dependency updates which address upstream CVEs. (#430)

3.1.1 (2024-05-07)

BUG FIXES:

  • wrapper: Fix wrapper to output to stdout and stderr immediately when data is received (#395)

3.1.0 (2024-04-23)

ENHANCEMENTS:

  • Automatically fallback to darwin/amd64 for Terraform versions before 1.0.2 as releases for darwin/arm64 are not available (#409)

3.0.0 (2023-10-30)

NOTES:

  • Updated default runtime to node20 (#346)
  • The wrapper around the installed Terraform binary has been fixed to return the exact STDOUT and STDERR from Terraform when executing commands. Previous versions of setup-terraform may have required workarounds to process the STDOUT in bash, such as filtering out the first line or selectively parsing STDOUT with jq. These workarounds may need to be adjusted with v3.0.0, which will now return just the STDOUT/STDERR from Terraform with no errant characters/statements. (#367)

BUG FIXES:

  • Fixed malformed stdout when wrapper is enabled (#367)

[2.0.3] (2022-11-01)

NOTES

  • Reduced occurrences of GitHub Actions warnings for setting output #247

[2.0.2] (2022-10-12)

BUG FIXES

INTERNAL

[2.0.1] (2022-10-12)

ENHANCEMENTS

... (truncated)

Commits
  • b9cd54a Update package version
  • 47b7a54 Update changelog
  • 20bffec Bump @​hashicorp/js-releases from 1.7.2 to 1.7.3 (#430)
  • 7f4493e Result of tsccr-helper -log-level=info gha update -latest . (#426)
  • bda2976 Bump semver from 7.6.2 to 7.6.3 (#427)
  • 3235006 Result of tsccr-helper -log-level=info gha update -latest . (#421)
  • 81777d5 deps: Bump braces to 3.0.3 (#423)
  • c5b46f3 [CI] Update lock workflow file
  • 0ec620c [CI] terraform-devex-repos automation
  • 02909a6 [CI] terraform-devex-repos automation
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)