This PR is a significant refactor of SPDX expression parsing that may fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the github-actions group with 6 updates:
5.0.1
5.0.2
3.2.0
3.3.0
2.1.0
2.2.0
4.3.3
4.3.4
6.0.1
6.1.0
1.3.2
1.4.0
Updates
actions/setup-go
from 5.0.1 to 5.0.2Release notes
Sourced from actions/setup-go's releases.
Commits
0a12ed9
Bump braces from 3.0.2 to 3.0.3 (#487)4ab57d7
Fix versions check failure (#479)Updates
docker/login-action
from 3.2.0 to 3.3.0Release notes
Sourced from docker/login-action's releases.
Commits
9780b0c
Merge pull request #741 from docker/dependabot/npm_and_yarn/proxy-agent-depen...2fa130c
chore: update generated content5e87b2a
build(deps): bump https-proxy-agente039495
Merge pull request #754 from docker/dependabot/npm_and_yarn/docker/actions-to...9af18aa
chore: update generated content668190a
switch to Docker execbe5150d
build(deps): bump@docker/actions-toolkit
from 0.24.0 to 0.35.0e80ebca
Merge pull request #730 from docker/dependabot/npm_and_yarn/braces-3.0.375ee3ea
Merge pull request #733 from docker/dependabot/github_actions/docker/bake-act...793c19c
build(deps): bump docker/bake-action from 4 to 5Updates
dependabot/fetch-metadata
from 2.1.0 to 2.2.0Release notes
Sourced from dependabot/fetch-metadata's releases.
Commits
dbb049a
v2.2.0 (#520)36bf1f9
Merge pull request #532 from dependabot/dependabot/npm_and_yarn/braces-3.0.3a3420b5
Bump braces from 3.0.2 to 3.0.3006e43f
Merge pull request #534 from dependabot/dependabot/github_actions/actions/cre...9c55ebe
Bump actions/create-github-app-token from 1.10.0 to 1.10.2325b863
Merge pull request #523 from dependabot/dependabot/github_actions/actions/cre...aec2f3e
Bump actions/create-github-app-token from 1.9.0 to 1.10.0Updates
actions/dependency-review-action
from 4.3.3 to 4.3.4Release notes
Sourced from actions/dependency-review-action's releases.
Commits
5a2ce3f
Merge pull request #791 from actions/juxtin/update-versionac6a6ad
Prepare even more for v4.3.43e2b917
Merge pull request #790 from actions/juxtin/update-versiond9ab9c8
Update version in package.json8c152c7
Merge pull request #769 from actions/dependabot/npm_and_yarn/zod-3.23.80085d30
Update dist08b5bf2
Bump zod from 3.22.4 to 3.23.8986fce9
Merge pull request #784 from actions/dependabot/npm_and_yarn/got-14.4.128743f8
Merge pull request #719 from actions/change-spdx-parserd6f34c3
Merge pull request #789 from actions/dependabot/npm_and_yarn/braces-3.0.3Updates
golangci/golangci-lint-action
from 6.0.1 to 6.1.0Release notes
Sourced from golangci/golangci-lint-action's releases.
Commits
aaa42aa
feat: allow to skip golangci-lint installation (#1079)9ec8973
build(deps): bump@types/node
from 20.14.11 to 22.0.0 in the dependencies gro...58838cf
build(deps-dev): bump the dev-dependencies group with 3 updates (#1077)9f3ba2c
build(deps): bump@types/node
from 20.14.10 to 20.14.11 in the dependencies g...2bd7a04
build(deps-dev): bump the dev-dependencies group with 3 updates (#1074)db819a1
build(deps-dev): bump the dev-dependencies group with 3 updates (#1073)d09fb08
build(deps): bump@types/node
from 20.14.9 to 20.14.10 in the dependencies gr...605617a
build(deps-dev): bump the dev-dependencies group with 4 updates (#1071)66f63c7
chore: generate2c01d26
fix: home dir on WindowsUpdates
actions/attest-build-provenance
from 1.3.2 to 1.4.0Release notes
Sourced from actions/attest-build-provenance's releases.
Commits
210c191
bump actions/attest from 1.3.3 to 1.4.0 (#183)1cb5f76
bump predicate action from 1.1.0 to 1.1.1 (#182)9ff3713
Bump@actions/attest
from 1.3.0 to 1.3.1 (#181)3630726
Bump@types/node
from 20.14.11 to 22.0.0 (#180)ba2fe9b
Bump the npm-development group with 3 updates (#179)cae1693
Bump the npm-development group with 5 updates (#161)456d685
Bump the npm-development group with 4 updates (#154)5e9cb68
bump actions/attest from 1.3.2 to 1.3.3 (#152)38faaec
Bump the npm-development group with 5 updates (#149)833c4a9
Bump the npm-development group across 1 directory with 5 updates (#141)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show