Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update all non-major dependencies #86

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update all non-major dependencies #86

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 5, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
actions/checkout action minor v4.1.7 -> v4.2.2 age adoption passing confidence
actions/setup-go action minor v5.0.2 -> v5.2.0 age adoption passing confidence
alpine final minor 3.20.2 -> 3.21.2 age adoption passing confidence
alpine stage minor 3.20.2 -> 3.21.2 age adoption passing confidence
codecov/codecov-action action minor v4.5.0 -> v4.6.0 age adoption passing confidence
github.com/Masterminds/semver/v3 require patch v3.3.0 -> v3.3.1 age adoption passing confidence
github.com/go-vela/types require minor v0.24.0 -> v0.25.1 age adoption passing confidence
github.com/hashicorp/go-getter require patch v1.7.6 -> v1.7.7 age adoption passing confidence
github.com/spf13/afero require minor v1.11.0 -> v1.12.0 age adoption passing confidence
github.com/urfave/cli/v2 require patch v2.27.4 -> v2.27.5 age adoption passing confidence
github/codeql-action action minor v3.26.6 -> v3.28.1 age adoption passing confidence
gohugoio/hugo minor 0.134.0 -> 0.140.2 age adoption passing confidence
reviewdog/action-golangci-lint action minor v2.6.2 -> v2.7.0 age adoption passing confidence

Release Notes

actions/checkout (actions/checkout)

v4.2.2

Compare Source

v4.2.1

Compare Source

v4.2.0

Compare Source

actions/setup-go (actions/setup-go)

v5.2.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/setup-go@v5...v5.2.0

v5.1.0

Compare Source

What's Changed

Bug Fixes

New Contributors

Full Changelog: actions/setup-go@v5...v5.1.0

codecov/codecov-action (codecov/codecov-action)

v4.6.0

Compare Source

What's Changed

New Contributors

Full Changelog: codecov/codecov-action@v4.5.0...v4.6.0

Masterminds/semver (github.com/Masterminds/semver/v3)

v3.3.1

Compare Source

What's Changed

Full Changelog: Masterminds/semver@v3.3.0...v3.3.1

go-vela/types (github.com/go-vela/types)

v0.25.1

Compare Source

What's Changed

Full Changelog: go-vela/types@v0.25.0...v0.25.1

v0.25.0

Compare Source

What's Changed

Full Changelog: go-vela/types@v0.24.0...v0.25.0

hashicorp/go-getter (github.com/hashicorp/go-getter)

v1.7.7

Compare Source

What's Changed

New Contributors

Full Changelog: hashicorp/go-getter@v1.7.6...v1.7.7

spf13/afero (github.com/spf13/afero)

v1.12.0

Compare Source

What's Changed

New Contributors

Full Changelog: spf13/afero@v1.11.0...v1.12.0

urfave/cli (github.com/urfave/cli/v2)

v2.27.5

Compare Source

What's Changed

Full Changelog: urfave/cli@v2.27.4...v2.27.5

github/codeql-action (github/codeql-action)

v3.28.1

Compare Source

v3.28.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.28.0 - 20 Dec 2024
  • Bump the minimum CodeQL bundle version to 2.15.5. #​2655
  • Don't fail in the unusual case that a file is on the search path. #​2660.

See the full CHANGELOG.md for more information.

v3.27.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.9 - 12 Dec 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.8

Compare Source

v3.27.7

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.7 - 10 Dec 2024
  • We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #​2631
  • Update default CodeQL bundle version to 2.20.0. #​2636

See the full CHANGELOG.md for more information.

v3.27.6

Compare Source

v3.27.5

Compare Source

v3.27.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.4 - 14 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.3 - 12 Nov 2024

No user facing changes.

See the full CHANGELOG.md for more information.

v3.27.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.2 - 12 Nov 2024
  • Fixed an issue where setting up the CodeQL tools would sometimes fail with the message "Invalid value 'undefined' for header 'authorization'". #​2590

See the full CHANGELOG.md for more information.

v3.27.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.1 - 08 Nov 2024
  • The CodeQL Action now downloads bundles compressed using Zstandard on GitHub Enterprise Server when using Linux or macOS runners. This speeds up the installation of the CodeQL tools. This feature is already available to GitHub.com users. #​2573
  • Update default CodeQL bundle version to 2.19.3. #​2576

See the full CHANGELOG.md for more information.

v3.27.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

3.27.0 - 22 Oct 2024
  • Bump the minimum CodeQL bundle version to 2.14.6. #​2549
  • Fix an issue where the upload-sarif Action would fail with "upload-sarif post-action step failed: Input required and not supplied: token" when called in a composite Action that had a different set of inputs to the ones expected by the upload-sarif Action. #​2557
  • Update default CodeQL bundle version to 2.19.2. #​2552

See the full CHANGELOG.md for more information.

v3.26.13

Compare Source

v3.26.12

Compare Source

v3.26.11

Compare Source

v3.26.10

Compare Source

v3.26.9

Compare Source

v3.26.8

Compare Source

v3.26.7

Compare Source

gohugoio/hugo (gohugoio/hugo)

v0.140.2

Compare Source

The timing of this release comes from the security fix in golang.org/x/net's html.Parse function. This is used in two places in Hugo:

  1. Extracting table of contents from Asciidoctor rendered output.
  2. Collecting HTML classes etc. when build stats is enabled

It's a little bit of a stretch to see how this could be exploited in Hugo, but we understand that many want a clean security report. See this issue for details.

What's Changed

v0.140.1

Compare Source

Some bug fixes in the (most likely) last Hugo release of the year. Of some technical interest to some, I can mention that I, @​bep, have reworked hugoreleaser to use YAML (with anchors/aliases) instead of TOML for the release configuration. Have a look at the end result.

What's Changed

v0.140.0

Compare Source

The big new feature in this release is js.Batch – this enables JavaScript bundle groups (e.g. scripts per section) with global code splitting and flexible hooks/runners setup.

Bug fixes
Improvements

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner September 5, 2024 14:35
@renovate renovate bot added the dependencies Indicates a change to dependencies label Sep 5, 2024
@codecov Codecov
Copy link

codecov bot commented Sep 5, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 31.93%. Comparing base (2badf7e) to head (a692657).

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main      #86      +/-   ##
==========================================
+ Coverage   25.69%   31.93%   +6.24%     
==========================================
  Files           7        7              
  Lines         362      526     +164     
==========================================
+ Hits           93      168      +75     
- Misses        267      356      +89     
  Partials        2        2

see 7 files with indirect coverage changes

@renovate renovate bot changed the title chore(deps): update dependency gohugoio/hugo to v0.134.1 chore(deps): update all non-major dependencies Sep 7, 2024
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 3 times, most recently from 5a7cdba to 8ad29b1 Compare September 13, 2024 14:34
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 4 times, most recently from 026fb4d to c0f077b Compare September 25, 2024 18:42
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 4 times, most recently from 896b235 to a5b1e95 Compare October 2, 2024 19:45
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Oct 2, 2024
edited
Loading

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 10 additional dependencies were updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.23.0 -> 1.23.4
cloud.google.com/go v0.110.10 -> v0.116.0
cloud.google.com/go/compute/metadata v0.2.3 -> v0.6.0
github.com/cpuguy83/go-md2man/v2 v2.0.4 -> v2.0.5
golang.org/x/crypto v0.21.0 -> v0.32.0
golang.org/x/net v0.23.0 -> v0.34.0
golang.org/x/oauth2 v0.15.0 -> v0.25.0
golang.org/x/sync v0.5.0 -> v0.10.0
golang.org/x/sys v0.18.0 -> v0.29.0
golang.org/x/text v0.14.0 -> v0.21.0
golang.org/x/time v0.5.0 -> v0.8.0

@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 3 times, most recently from c61c91d to 9b183e4 Compare October 7, 2024 19:05
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 5 times, most recently from 743aa74 to 2071b43 Compare October 17, 2024 15:44
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 5 times, most recently from 851275e to 878fcb9 Compare October 24, 2024 14:42
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch from 878fcb9 to 83f1fad Compare November 4, 2024 20:31
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 5 times, most recently from baada3c to d80f426 Compare November 18, 2024 17:11
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 4 times, most recently from 5e6fa2f to 869c7bd Compare November 23, 2024 18:16
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 5 times, most recently from cc663aa to 899ee07 Compare December 6, 2024 04:25
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch from 899ee07 to 0a42c72 Compare December 9, 2024 21:06
@renovate renovate bot changed the title chore(deps): update all non-major dependencies fix(deps): update all non-major dependencies Dec 10, 2024
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 6 times, most recently from 73e13df to ba26861 Compare December 17, 2024 17:01
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 2 times, most recently from a43777a to d91ac73 Compare December 23, 2024 17:05
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch from d91ac73 to 30dd0fa Compare December 30, 2024 16:26
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 3 times, most recently from 5ff5de0 to f23855a Compare January 9, 2025 11:35
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch from f23855a to a692657 Compare January 10, 2025 21:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Indicates a change to dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants