Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update all non-major dependencies #69

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update all non-major dependencies #69

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 23, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
actions/checkout action minor v4.1.7 -> v4.2.2 age adoption passing confidence
actions/setup-go action minor v5.0.2 -> v5.3.0 age adoption passing confidence
alpine final minor 3.20.2 -> 3.21.2 age adoption passing confidence
alpine stage minor 3.20.2 -> 3.21.2 age adoption passing confidence
cli/cli minor 2.55.0 -> 2.66.0 age adoption passing confidence
codecov/codecov-action action minor v4.5.0 -> v4.6.0 age adoption passing confidence
github.com/Masterminds/semver/v3 require minor v3.2.1 -> v3.3.1 age adoption passing confidence
github.com/go-vela/types require minor v0.24.0 -> v0.26.0 age adoption passing confidence
github.com/hashicorp/go-getter require patch v1.7.6 -> v1.7.8 age adoption passing confidence
github.com/spf13/afero require minor v1.11.0 -> v1.12.0 age adoption passing confidence
github.com/urfave/cli/v2 require patch v2.27.4 -> v2.27.5 age adoption passing confidence
github/codeql-action action minor v3.26.4 -> v3.28.8 age adoption passing confidence
reviewdog/action-golangci-lint action minor v2.6.2 -> v2.7.0 age adoption passing confidence

Release Notes

actions/checkout (actions/checkout)

v4.2.2

Compare Source

v4.2.1

Compare Source

v4.2.0

Compare Source

actions/setup-go (actions/setup-go)

v5.3.0

Compare Source

What's Changed
New Contributors

Full Changelog: actions/setup-go@v5...v5.3.0

v5.2.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/setup-go@v5...v5.2.0

v5.1.0

Compare Source

What's Changed

Bug Fixes

New Contributors

Full Changelog: actions/setup-go@v5...v5.1.0

cli/cli (cli/cli)

v2.66.0: GitHub CLI 2.66.0

Compare Source

gh pr view and gh pr status now respect common triangular workflow configurations

Previously, gh pr view and gh pr status would fail for pull request's (PR) open in triangular workflows. This was due to gh being unable to identify the PR's corresponding remote and branch refs on GitHub.

Now, gh pr view and gh pr status should successfully identify the PR's refs when the following common git configurations are used:

Branch specific configuration, the former, supersedes repo specific configuration, the latter.

Additionally, if the @{push} revision syntax for git resolves for a branch, gh pr view and gh pr status should work regardless of additional config settings.

For more information, see

gh secret list, gh secret set, and gh secret delete now require repository selection when multiple git remotes are present

Previously, gh secret list, gh secret set, and gh secret delete would determine which remote to target for interacting with GitHub Actions secrets. Remotes marked as default using gh repo set-default or through other gh commands had higher priority when figuring out which repository to interact with. This could have unexpected outcomes when using gh secret commands with forked repositories as the upstream repository would generally be selected.

Now, gh secret commands require users to disambiguate which repository should be the target if multiple remotes are present and the -R, --repo flag is not provided.

For more information, see https://github.com/cli/cli/issues/4688

Extension update notices now notify once every 24 hours per extension and can be disabled

Previously, the GitHub CLI would notify users about newer versions every time an extension was executed. This did not match GitHub CLI notices, which only notified users once every 24 hours and could be disabled through an environment variable.

Now, extension update notices will behave similar to GitHub CLI notices. To disable extension update notices, set the GH_NO_EXTENSION_UPDATE_NOTIFIER environment variable.

For more information, see https://github.com/cli/cli/issues/9925

What's Changed

✨ Features
🐛 Fixes
📚 Docs & Chores
:dependabot: Dependencies

New Contributors

Big thank you to our many new and longtime contributors making this release happen!! ❤️ ✨

Full Changelog: cli/cli@v2.65.0...v2.66.0

v2.65.0: GitHub CLI 2.65.0

Compare Source

What's Changed
New Contributors

Full Changelog: cli/cli@v2.64.0...v2.65.0

v2.64.0: GitHub CLI 2.64.0

Compare Source

What's Changed

New Contributors

Full Changelog: cli/cli@v2.63.2...v2.64.0

v2.63.2: GitHub CLI 2.63.2

Compare Source

What's Changed

Full Changelog: cli/cli@v2.63.1...v2.63.2

v2.63.1: GitHub CLI 2.63.1

Compare Source

What's Changed

Security

  • A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download.

    For more information, see GHSA-2m9h-r57g-45pj

Full Changelog: cli/cli@v2.63.0...v2.63.1

v2.63.0: GitHub CLI 2.63.0

Compare Source

What's Changed

Full Changelog: cli/cli@v2.62.0...v2.63.0

Security

  • A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com.

    For more information, see GHSA-jwcm-9g39-pmcw

New Contributors

v2.62.0: GitHub CLI 2.62.0

Compare Source

What's Changed

Full Changelog: cli/cli@v2.61.0...v2.62.0

Security

  • A security vulnerability has been identified in GitHub CLI that could allow remote code execution (RCE) when users connect to a malicious Codespace SSH server and use the gh codespace ssh or gh codespace logs commands.

    For more information, see GHSA-p2h2-3vg9-4p87

GitHub CLI notifies users about latest extension upgrades

Similar to the notification of latest gh releases, the v2.62.0 version of GitHub CLI will notify users about latest extension upgrades when the extension is used:

$ gh ado2gh
...

A new release of ado2gh is available: 1.7.0 → 1.8.0
To upgrade, run: gh extension upgrade ado2gh --force
https://github.com/github/gh-ado2gh
Why does this matter?

This removes a common pain point of extension authors as they have had to reverse engineer and implement a similar mechanism within their extensions directly.

With this quality of life improvement, there are 2 big benefits:

  1. Extension authors will hopefully see increased adoption of newer releases while having lower bar to maintaining their extensions.
  2. GitHub CLI users will have greater awareness of new features, bug fixes, and security fixes to the extensions used.
What do you need to do?

Extension authors should review their extensions and consider removing any custom logic previously implemented to notify users of new releases.

v2.61.0: GitHub CLI 2.61.0

Compare Source

Ensure users understand consequences before making repository visibility changes

In v2.61.0, gh repo edit command has been enhanced to inform users about consequences of changing visibility and ensure users are intentional before making irreversible changes:

  1. Interactive gh repo edit visibility change requires confirmation when changing from public, private, or internal
  2. Non-interactive gh repo edit --visibility change requires new --accept-visibility-change-consequences flag to confirm
  3. New content to inform users of consequences
    • Incorporate GitHub Docs content into help usage and interactive gh repo edit experience
    • Expanded help usage to call out most concerning consequences
    • Display repository star and watcher counts to understand impact before confirming

What's Changed

New Contributors

Full Changelog: cli/cli@v2.60.1...v2.61.0

v2.60.1: GitHub CLI 2.60.1

Compare Source

This is a small patch release to fix installing gh via go install which was broken with v2.60.0.

What's Changed

Full Changelog: cli/cli@v2.60.0...v2.60.1

v2.60.0: GitHub CLI 2.60.0

Compare Source

What's Changed

Acceptance Test Changes

New Contributors

Full Changelog: cli/cli@v2.59.0...v2.60.0

v2.59.0: GitHub CLI 2.59.0

Compare Source

What's Changed

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner August 23, 2024 23:27
@renovate renovate bot added the dependencies Indicates a change to dependencies label Aug 23, 2024
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch from 1af16b0 to babdf91 Compare August 28, 2024 00:26
@renovate renovate bot changed the title chore(deps): update github/codeql-action action to v3.26.5 fix(deps): update all non-major dependencies Aug 28, 2024
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch from babdf91 to 99903b4 Compare August 29, 2024 14:13
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch from 99903b4 to 9a55437 Compare September 6, 2024 22:55
@renovate renovate bot changed the title fix(deps): update all non-major dependencies chore(deps): update all non-major dependencies Sep 6, 2024
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 3 times, most recently from 44553a9 to 42dd2b8 Compare September 13, 2024 13:59
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 2 times, most recently from af132e1 to 86d5603 Compare September 19, 2024 14:18
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 6 times, most recently from 3ee387a to 46c07b0 Compare October 1, 2024 16:43
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 2 times, most recently from 35f9285 to 893b464 Compare October 2, 2024 18:13
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Oct 2, 2024
edited
Loading

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 10 additional dependencies were updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.23.0 -> 1.23.5
cloud.google.com/go v0.110.10 -> v0.116.0
cloud.google.com/go/compute/metadata v0.2.3 -> v0.6.0
github.com/cpuguy83/go-md2man/v2 v2.0.4 -> v2.0.5
golang.org/x/crypto v0.21.0 -> v0.32.0
golang.org/x/net v0.23.0 -> v0.34.0
golang.org/x/oauth2 v0.15.0 -> v0.25.0
golang.org/x/sync v0.5.0 -> v0.10.0
golang.org/x/sys v0.18.0 -> v0.29.0
golang.org/x/text v0.14.0 -> v0.21.0
golang.org/x/time v0.5.0 -> v0.8.0

@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 3 times, most recently from 0e67763 to 9070087 Compare October 7, 2024 18:38
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 3 times, most recently from 1f0599c to b4b2b02 Compare October 16, 2024 13:13
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 3 times, most recently from dfc3a26 to a3d9a72 Compare October 24, 2024 17:30
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 5 times, most recently from d5a3dea to 6ac50c9 Compare December 6, 2024 03:59
@renovate renovate bot changed the title chore(deps): update all non-major dependencies fix(deps): update all non-major dependencies Dec 10, 2024
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 5 times, most recently from 405f5b2 to f6e3a0a Compare December 17, 2024 14:49
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 2 times, most recently from d05e493 to 55320c6 Compare December 20, 2024 19:44
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 6 times, most recently from 5acad26 to 67177ee Compare January 10, 2025 18:56
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 2 times, most recently from c345e59 to f501e27 Compare January 21, 2025 04:36
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 5 times, most recently from b5ec6e8 to 9c405ed Compare January 27, 2025 21:54
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 2 times, most recently from 7594749 to 5ec91ee Compare January 29, 2025 21:01
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch from 5ec91ee to 57585c7 Compare January 30, 2025 22:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Indicates a change to dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants