search

ossf / scorecard

OpenSSF Scorecard - Security health metrics for Open Source
https://scorecard.dev
Apache License 2.0
4.61k stars 500 forks source link

:seedling: Bump mvdan.cc/sh/v3 from 3.8.0 to 3.9.0 #4325

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 2 months ago

Bumps mvdan.cc/sh/v3 from 3.8.0 to 3.9.0.

Release notes

Sourced from mvdan.cc/sh/v3's releases.

v3.9.0

This release drops support for Go 1.21 and includes many fixes.

  • cmd/shfmt
    • Switch the diff implementation to remove one dependency
  • syntax
    • Protect against overflows in position offset integers
  • interp
    • Use os.Pipe for stdin to prevent draining by subprocesses - #1085
    • Support cancelling reads in builtins when stdin is a file - #1066
    • Support the nocaseglob bash option - #1073
    • Support the Bash 5.2 @k parameter expansion operator
    • Support the test -O and test -G operators on non-Windows - #1080
    • Support the read -s builtin flag - #1063
  • expand
    • Add support for case insensitive globbing - #1073
    • Don't panic when pattern words are nil - #1076

A special thanks to @​theclapp for their contributors to this release!

Consider becoming a sponsor if you benefit from the work that went into this release!

Binaries built on go version go1.23.0 linux/amd64 with:

CGO_ENABLED=0 go build -trimpath -ldflags="-w -s -X=main.version=v3.9.0"

Changelog

Sourced from mvdan.cc/sh/v3's changelog.

[3.9.0] - 2024-08-16

This release drops support for Go 1.21 and includes many fixes.

  • cmd/shfmt
    • Switch the diff implementation to remove one dependency
  • syntax
    • Protect against overflows in position offset integers
  • interp
    • Use os.Pipe for stdin to prevent draining by subprocesses - #1085
    • Support cancelling reads in builtins when stdin is a file - #1066
    • Support the nocaseglob bash option - #1073
    • Support the Bash 5.2 @k parameter expansion operator
    • Support the test -O and test -G operators on non-Windows - #1080
    • Support the read -s builtin flag - #1063
  • expand
    • Add support for case insensitive globbing - #1073
    • Don't panic when pattern words are nil - #1076

A special thanks to @​theclapp for their contributors to this release!

Consider becoming a sponsor if you benefit from the work that went into this release!

Commits
  • 7bd422f CHANGELOG: prepare for v3.9.0
  • 4430915 add Go 1.23.x, drop 1.21.x
  • ccc828f interp: add -s (silent) support to the read builtin
  • b701811 cmd/gosh: use an os.Pipe in another interactive test
  • bced200 interp: fix data race regression with stdin pipe changes
  • 63f3119 interp: use os.Pipe when StdIO or OpenHandler produce non-file stdins
  • 262cc0e interp: add a broken test for stdin draining with StdIO
  • 7eeba77 interp: do not include TODOs in godoc comments
  • 980b6fc interp: implement here-documents via os.Pipe
  • 4a8ae22 interp: verify tests with Bash 5.2
  • Additional commits viewable in compare view


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @spencerschrock.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
spencerschrock commented 2 months ago

@dependabot rebase

codecov[bot] commented 2 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 60.04%. Comparing base (353ed60) to head (52d5a6b). Report is 8 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #4325 +/- ## ========================================== - Coverage 66.80% 60.04% -6.77% ========================================== Files 230 212 -18 Lines 16602 15611 -991 ========================================== - Hits 11091 9373 -1718 - Misses 4808 5553 +745 + Partials 703 685 -18 ```