search

transparency-dev / trillian-tessera

Go library for building tile-based transparency logs (tlogs)
Apache License 2.0
11 stars 11 forks source link

Bump the all-gha-deps group with 5 updates #52

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 4 months ago

Bumps the all-gha-deps group with 5 updates:

Package From To
actions/setup-go 4.1.0 5.0.1
actions/checkout 4.1.0 4.1.7
codecov/codecov-action 3.1.4 4.5.0
golangci/golangci-lint-action 3.7.0 6.0.1
golang/govulncheck-action 1.0.1 1.0.3

Updates actions/setup-go from 4.1.0 to 5.0.1

Release notes

Sourced from actions/setup-go's releases.

v5.0.1

What's Changed

New Contributors

Full Changelog: https://github.com/actions/setup-go/compare/v5.0.0...v5.0.1

v5.0.0

What's Changed

In scope of this release, we change Nodejs runtime from node16 to node20 (actions/setup-go#421). Moreover, we update some dependencies to the latest versions (actions/setup-go#445).

Besides, this release contains such changes as:

New Contributors

Full Changelog: https://github.com/actions/setup-go/compare/v4...v5.0.0

Commits


Updates actions/checkout from 4.1.0 to 4.1.7

Release notes

Sourced from actions/checkout's releases.

v4.1.7

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v4.1.6...v4.1.7

v4.1.6

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v4.1.5...v4.1.6

v4.1.5

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v4.1.4...v4.1.5

v4.1.4

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v4.1.3...v4.1.4

v4.1.3

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v4.1.2...v4.1.3

v4.1.2

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.0

v3.6.0

v3.5.3

... (truncated)

Commits


Updates codecov/codecov-action from 3.1.4 to 4.5.0

Release notes

Sourced from codecov/codecov-action's releases.

v4.5.0

What's Changed

New Contributors

Full Changelog: https://github.com/codecov/codecov-action/compare/v4.4.1...v4.5.0

v4.4.1

What's Changed

New Contributors

Full Changelog: https://github.com/codecov/codecov-action/compare/v4.4.0...v4.4.1

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

4.0.0-beta.2

Fixes

  • #1085 not adding -n if empty to do-upload command

4.0.0-beta.1

v4 represents a move from the universal uploader to the Codecov CLI. Although this will unlock new features for our users, the CLI is not yet at feature parity with the universal uploader.

Breaking Changes

  • No current support for aarch64 and alpine architectures.
  • Tokenless uploading is unsuported
  • Various arguments to the Action have been removed

3.1.4

Fixes

  • #967 Fix typo in README.md
  • #971 fix: add back in working dir
  • #969 fix: CLI option names for uploader

Dependencies

  • #970 build(deps-dev): bump @​types/node from 18.15.12 to 18.16.3
  • #979 build(deps-dev): bump @​types/node from 20.1.0 to 20.1.2
  • #981 build(deps-dev): bump @​types/node from 20.1.2 to 20.1.4

3.1.3

Fixes

  • #960 fix: allow for aarch64 build

Dependencies

  • #957 build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0
  • #958 build(deps): bump openpgp from 5.7.0 to 5.8.0
  • #959 build(deps-dev): bump @​types/node from 18.15.10 to 18.15.12

3.1.2

Fixes

  • #718 Update README.md
  • #851 Remove unsupported path_to_write_report argument
  • #898 codeql-analysis.yml
  • #901 Update README to contain correct information - inputs and negate feature
  • #955 fix: add in all the extra arguments for uploader

Dependencies

  • #819 build(deps): bump openpgp from 5.4.0 to 5.5.0
  • #835 build(deps): bump node-fetch from 3.2.4 to 3.2.10
  • #840 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4
  • #841 build(deps): bump @​actions/core from 1.9.1 to 1.10.0
  • #843 build(deps): bump @​actions/github from 5.0.3 to 5.1.1
  • #869 build(deps): bump node-fetch from 3.2.10 to 3.3.0
  • #872 build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0
  • #879 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2

... (truncated)

Commits
  • e28ff12 chore(release): bump to 4.5.0 (#1477)
  • 7594baa Use an existing token even if the PR is from a fork (#1471)
  • 81c0a51 feat: add support for tokenless v3 (#1410)
  • f5e203f build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.12.0 to 7.13.0 ...
  • 7c48363 build(deps-dev): bump braces from 3.0.2 to 3.0.3 (#1475)
  • 69e5d09 build(deps-dev): bump @​typescript-eslint/parser from 7.12.0 to 7.13.0 (#1474)
  • feaf700 fix: handle trailing commas (#1470)
  • 7b6a727 build(deps): bump github/codeql-action from 3.25.7 to 3.25.8 (#1472)
  • ccf7a1f build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.11.0 to 7.12.0 ...
  • f03f015 build(deps-dev): bump @​typescript-eslint/parser from 7.11.0 to 7.12.0 (#1467)
  • Additional commits viewable in compare view


Updates golangci/golangci-lint-action from 3.7.0 to 6.0.1

Release notes

Sourced from golangci/golangci-lint-action's releases.

v6.0.1

What's Changed

Changes

Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v6.0.0...v6.0.1

v6.0.0

What's Changed

This version removes annotations option (because it was useless), and removes the default output format (github-actions). The annotations are still produced but with another approach.

Changes

Dependencies

Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v5.3.0...v6.0.0

v5.3.0

What's Changed

Changes

Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v5.2.0...v5.3.0

v5.2.0

What's Changed

Changes

Full Changelog: https://github.com/golangci/golangci-lint-action/compare/v5.1.0...v5.2.0

... (truncated)

Commits
  • a4f60bb fix: use 3-dots syntax for diff on push (#1040)
  • 5815a4b doc: improve readme
  • 23faadf doc: improve readme
  • b556f25 doc: improve readme
  • 789f114 feat: rewrite format handling (#1038)
  • d36b91c build(deps-dev): bump @​typescript-eslint/parser from 7.7.1 to 7.8.0 (#1035)
  • a9eb115 build(deps): bump @​types/node from 20.12.7 to 20.12.8 (#1036)
  • bd4fa7c build(deps-dev): bump @​typescript-eslint/eslint-plugin from 7.7.1 to 7.8.0 (#...
  • 38e1018 feat: improve log about pwd/cwd (#1033)
  • 21e9e6b feat: use OS and working-directory as cache key (#1032)
  • Additional commits viewable in compare view


Updates golang/govulncheck-action from 1.0.1 to 1.0.3

Release notes

Sourced from golang/govulncheck-action's releases.

v1.0.3

Add inputs for specifying the output format and optional output file. This can be used, for instance, to save govulncheck SARIF output to a file that users can then upload to Github code scanning.

v1.0.2

Update dependency actions.

Commits
  • dd0578b all: provide options to specify action output
  • 3a32958 action.yml: update actions to latest versions
  • See full diff in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions