ossf / scorecard

OpenSSF Scorecard - Security health metrics for Open Source
https://scorecard.dev
Apache License 2.0
4.61k stars 500 forks source link

:seedling: Bump mvdan.cc/sh/v3 from 3.9.0 to 3.10.0 #4388

Closed dependabot[bot] closed 2 weeks ago

dependabot[bot] commented 1 month ago

Bumps mvdan.cc/sh/v3 from 3.9.0 to 3.10.0.

Release notes

Sourced from mvdan.cc/sh/v3's releases.

v3.10.0

  • cmd/shfmt
    • Report the correct language variant in parser error messages - #1102
    • Move --filename out of the parser options category - #1079
  • syntax
    • Parse all CRLF line endings as LF, including inside heredocs - #1088
    • Count skipped backslashes inside backticks in position column numbers - #1098
    • Count skipped null bytes in position column numbers for consistency
  • interp
    • Fix a regression in v3.9.0 which broke redirecting files to stdin - #1099
    • Fix a regression in v3.9.0 where HandlerContext.Stdin was never nil
    • Add an Interactive option to be used by interactive shells - #1100
    • Support closing stdin, stdout, and stderr via redirections like <&-

Consider becoming a sponsor if you benefit from the work that went into this release!

Binaries built on go version go1.23.2 linux/amd64 with:

CGO_ENABLED=0 go build -trimpath -ldflags="-w -s -X=main.version=v3.10.0"

Changelog

Sourced from mvdan.cc/sh/v3's changelog.

[3.10.0] - 2024-10-20

  • cmd/shfmt
    • Report the correct language variant in parser error messages - #1102
    • Move --filename out of the parser options category - #1079
  • syntax
    • Parse all CRLF line endings as LF, including inside heredocs - #1088
    • Count skipped backslashes inside backticks in position column numbers - #1098
    • Count skipped null bytes in position column numbers for consistency
  • interp
    • Fix a regression in v3.9.0 which broke redirecting files to stdin - #1099
    • Fix a regression in v3.9.0 where HandlerContext.Stdin was never nil
    • Add an Interactive option to be used by interactive shells - #1100
    • Support closing stdin, stdout, and stderr via redirections like <&-

Consider becoming a sponsor if you benefit from the work that went into this release!

Commits
  • 392da98 CHANGELOG: prepare for v3.10.0
  • 3ec5b6c cmd/shfmt: bump deps in Dockerfile
  • 686e8c1 interp: let HandlerContext.Stdin be nil again when there is no stdin
  • 7a3cb55 interp: support closing stdin, stdout, and stderr files
  • 9482bff cmd/shfmt: move --filename out of parser options
  • f3c9101 interp: test and fix read with regular files as stdin
  • 26182ab all: clarify that the "keep padding" formatting option is deprecated
  • 25c0048 cmd/shfmt: report correct language read from EditorConfig in errors
  • 21e38aa cmd/shfmt: show broken behavior in test for #1102
  • fa9120a update all deps
  • Additional commits viewable in compare view


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
github-actions[bot] commented 3 weeks ago

This pull request has been marked stale because it has been open for 10 days with no activity