Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update all non-major dependencies #69

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 23, 2024

This PR contains the following updates:

Package Type Update Change Age Adoption Passing Confidence
actions/checkout action minor v4.1.7 -> v4.2.2 age adoption passing confidence
actions/setup-go action minor v5.0.2 -> v5.2.0 age adoption passing confidence
alpine final minor 3.20.2 -> 3.21.0 age adoption passing confidence
alpine stage minor 3.20.2 -> 3.21.0 age adoption passing confidence
cli/cli minor 2.55.0 -> 2.64.0 age adoption passing confidence
codecov/codecov-action action minor v4.5.0 -> v4.6.0 age adoption passing confidence
github.com/Masterminds/semver/v3 require minor v3.2.1 -> v3.3.1 age adoption passing confidence
github.com/go-vela/types require minor v0.24.0 -> v0.25.1 age adoption passing confidence
github.com/urfave/cli/v2 require patch v2.27.4 -> v2.27.5 age adoption passing confidence
github/codeql-action action minor v3.26.4 -> v3.28.0 age adoption passing confidence
reviewdog/action-golangci-lint action minor v2.6.2 -> v2.7.0 age adoption passing confidence

Release Notes

actions/checkout (actions/checkout)

v4.2.2

Compare Source

v4.2.1

Compare Source

v4.2.0

Compare Source

actions/setup-go (actions/setup-go)

v5.2.0

Compare Source

What's Changed

New Contributors

Full Changelog: actions/setup-go@v5...v5.2.0

v5.1.0

Compare Source

What's Changed

Bug Fixes

New Contributors

Full Changelog: actions/setup-go@v5...v5.1.0

cli/cli (cli/cli)

v2.64.0: GitHub CLI 2.64.0

Compare Source

What's Changed

New Contributors

Full Changelog: cli/cli@v2.63.2...2.64.0

v2.63.2: GitHub CLI 2.63.2

Compare Source

What's Changed

Full Changelog: cli/cli@v2.63.1...v2.63.2

v2.63.1: GitHub CLI 2.63.1

Compare Source

What's Changed

Security

  • A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download.

    For more information, see GHSA-2m9h-r57g-45pj

Full Changelog: cli/cli@v2.63.0...v2.63.1

v2.63.0: GitHub CLI 2.63.0

Compare Source

What's Changed

Full Changelog: cli/cli@v2.62.0...v2.63.0

Security

  • A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com.

    For more information, see GHSA-jwcm-9g39-pmcw

New Contributors

v2.62.0: GitHub CLI 2.62.0

Compare Source

What's Changed

Full Changelog: cli/cli@v2.61.0...v2.62.0

Security

  • A security vulnerability has been identified in GitHub CLI that could allow remote code execution (RCE) when users connect to a malicious Codespace SSH server and use the gh codespace ssh or gh codespace logs commands.

    For more information, see GHSA-p2h2-3vg9-4p87

GitHub CLI notifies users about latest extension upgrades

Similar to the notification of latest gh releases, the v2.62.0 version of GitHub CLI will notify users about latest extension upgrades when the extension is used:

$ gh ado2gh
...

A new release of ado2gh is available: 1.7.0 → 1.8.0
To upgrade, run: gh extension upgrade ado2gh --force
https://github.com/github/gh-ado2gh
Why does this matter?

This removes a common pain point of extension authors as they have had to reverse engineer and implement a similar mechanism within their extensions directly.

With this quality of life improvement, there are 2 big benefits:

  1. Extension authors will hopefully see increased adoption of newer releases while having lower bar to maintaining their extensions.
  2. GitHub CLI users will have greater awareness of new features, bug fixes, and security fixes to the extensions used.
What do you need to do?

Extension authors should review their extensions and consider removing any custom logic previously implemented to notify users of new releases.

v2.61.0: GitHub CLI 2.61.0

Compare Source

Ensure users understand consequences before making repository visibility changes

In v2.61.0, gh repo edit command has been enhanced to inform users about consequences of changing visibility and ensure users are intentional before making irreversible changes:

  1. Interactive gh repo edit visibility change requires confirmation when changing from public, private, or internal
  2. Non-interactive gh repo edit --visibility change requires new --accept-visibility-change-consequences flag to confirm
  3. New content to inform users of consequences
    • Incorporate GitHub Docs content into help usage and interactive gh repo edit experience
    • Expanded help usage to call out most concerning consequences
    • Display repository star and watcher counts to understand impact before confirming

What's Changed

New Contributors

Full Changelog: cli/cli@v2.60.1...v2.61.0

v2.60.1: GitHub CLI 2.60.1

Compare Source

This is a small patch release to fix installing gh via go install which was broken with v2.60.0.

What's Changed

Full Changelog: cli/cli@v2.60.0...v2.60.1

v2.60.0: GitHub CLI 2.60.0

Compare Source

What's Changed

Acceptance Test Changes

New Contributors

Full Changelog: cli/cli@v2.59.0...v2.60.0

v2.59.0: GitHub CLI 2.59.0

Compare Source

What's Changed

New Contributors

Full Changelog: cli/cli@v2.58.0...v2.59.0

v2.58.0: GitHub CLI 2.58.0

Compare Source

What's Changed

New Contributors

Full Changelog: cli/cli@v2.57.0...v2.58.0

v2.57.0: GitHub CLI 2.57.0

Compare Source

What's Changed

New Contributors

Full Changelog: cli/cli@v2.56.0...v2.57.0

v2.56.0: GitHub CLI 2.56.0

Compare Source

Important note about renewed GPG key

The Debian and RedHat releases have been signed with a new GPG key. If you are experiencing issues updating your .deb or .rpm packages, please read cli/cli#9569.

What's Changed

New Contributors

Full Changelog: cli/cli@v2.55.0...v2.56.0

codecov/codecov-action (codecov/codecov-action)

v4.6.0

Compare Source

What's Changed


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner August 23, 2024 23:27
@renovate renovate bot added the dependencies Indicates a change to dependencies label Aug 23, 2024
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch from 1af16b0 to babdf91 Compare August 28, 2024 00:26
@renovate renovate bot changed the title chore(deps): update github/codeql-action action to v3.26.5 fix(deps): update all non-major dependencies Aug 28, 2024
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch from babdf91 to 99903b4 Compare August 29, 2024 14:13
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch from 99903b4 to 9a55437 Compare September 6, 2024 22:55
@renovate renovate bot changed the title fix(deps): update all non-major dependencies chore(deps): update all non-major dependencies Sep 6, 2024
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 3 times, most recently from 44553a9 to 42dd2b8 Compare September 13, 2024 13:59
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 2 times, most recently from af132e1 to 86d5603 Compare September 19, 2024 14:18
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 6 times, most recently from 3ee387a to 46c07b0 Compare October 1, 2024 16:43
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 2 times, most recently from 35f9285 to 893b464 Compare October 2, 2024 18:13
Copy link
Contributor Author

renovate bot commented Oct 2, 2024

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 6 additional dependencies were updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.23.0 -> 1.23.4
github.com/cpuguy83/go-md2man/v2 v2.0.4 -> v2.0.5
golang.org/x/crypto v0.21.0 -> v0.24.0
golang.org/x/net v0.23.0 -> v0.26.0
golang.org/x/sync v0.5.0 -> v0.7.0
golang.org/x/sys v0.18.0 -> v0.21.0
golang.org/x/text v0.14.0 -> v0.16.0

@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 3 times, most recently from 0e67763 to 9070087 Compare October 7, 2024 18:38
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 3 times, most recently from 1f0599c to b4b2b02 Compare October 16, 2024 13:13
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 3 times, most recently from dfc3a26 to a3d9a72 Compare October 24, 2024 17:30
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 2 times, most recently from 085d302 to 2c87214 Compare October 25, 2024 18:19
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 6 times, most recently from 38855c5 to 767f672 Compare November 14, 2024 16:40
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 2 times, most recently from 09eff2f to 7d4686e Compare November 20, 2024 17:02
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 4 times, most recently from 78f5986 to 4b82e29 Compare December 4, 2024 01:30
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 3 times, most recently from d5a3dea to 6ac50c9 Compare December 6, 2024 03:59
@renovate renovate bot changed the title chore(deps): update all non-major dependencies fix(deps): update all non-major dependencies Dec 10, 2024
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch 5 times, most recently from 405f5b2 to f6e3a0a Compare December 17, 2024 14:49
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch from f6e3a0a to d05e493 Compare December 17, 2024 18:08
@renovate renovate bot force-pushed the renovate/all-minor-patch-digest-pin branch from d05e493 to 55320c6 Compare December 20, 2024 19:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Indicates a change to dependencies
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants