🌱 Bump gocloud.dev from 0.26.0 to 0.29.0 #2722

dependabot · 2023-03-07T08:58:25Z

Bumps gocloud.dev from 0.26.0 to 0.29.0.

Release notes

v0.29.0

BREAKING CHANGES

Updated to latest azureblob, which had some non-backward-compatible changes (again).

all

Defaulting to go version 1.2.

aws: Added support for custom endpoints for AWS SDK v2.

gcp: Updated imports for credentialspb.

blob

azureblob: Updated to latest (breaking change).

pubsub

kafkapub: Fixed nil Options pointer dereference.

v0.28.0

BREAKING CHANGES:

secrets/azurekeyvault: Updated to latest Azure SDK.

blob/azureblob: Updated to match recent breaking changes in the Azure packages (yes, again).

pubsub/awssnssqs: Fixed BeforeSend to take a pointer to the SendMessageBatchRequestEntry struct, so that it can be modified.

blob

memblob: Fixed bug where use of BeforeCopy callback would drop the actual copying.

azureblob: Updated to match recent breaking changes in the Azure packages.

pubsub

all: Simplified and improved batch sizing, should resolve issues with too-frequent polling in some situations.

azurepubsub: Made ListenerTimeout configurable.

gcppubsub and awssnssqs: Support lazy mode for Nack (where no explicit Nack is sent).

awssnssqs: Fixed BeforeSend to take a pointer to the SendMessageBatchRequestEntry struct, so that it can be modified.

secrets

secrets/azurekeyvault: Updated to latest Azure SDK. Use azidentity.NewDefaultAzureCredential.

sql

gcp/cloudsql: Fixed IAM login.

v0.27.0

ANNOUNCEMENT: In the next release we plan to switch over from using OpenCensus to using OpenTelemetry; see #2877 for discussion. Please comment on that issue if this is a concern for you.

BREAKING CHANGES: blob/azureblob, pubsub/azuresb: Switched over to using the new Azure beta release. Constructors and As types have changed.

pubsub: all: Added support for overriding batching for AWS, GCP, Azure.

blob: fileblob: Fixed file permissions on temporary files.

runtimevar:

... (truncated)

Commits

6239712 all: prep for release (#3236)
973ec87 all: prep for release (#3235)
3348a6a aws: fix typo on awssdk=v2 docstring
ec0a2bb pubsub/rabbitpubsub: give rabbitmq more time to come up (#3233)
082a495 docstore/gcpfirestore: update proto import (#3229)
53ba901 pubsub/gcppubsub: update proto import (#3230)
b361258 runtimevar/gcpsecretmanager: update proto import (#3231)
e5235d8 blob/gcsblob: update proto import (#3228)
7cd8b2b secrets/gcpkms: update proto import (#3227)
8cddf16 all: update deps BREAKING_CHANGE_OK (#3225)
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

spencerschrock · 2023-03-15T16:27:24Z

This one will need some manual intervention due to the deprecations causing the linter to fail.

spencerschrock · 2023-03-16T17:47:31Z

Will need to squash and merge since I added a commit

Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.26.0 to 0.29.0. - [Release notes](https://github.com/google/go-cloud/releases) - [Commits](google/go-cloud@v0.26.0...v0.29.0) --- updated-dependencies: - dependency-name: gocloud.dev dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

See https://github.com/googleapis/google-cloud-go/blob/cf7063dc4d81c2c33e31724db518c24d8a344f6e/migration.md for more details. Signed-off-by: Spencer Schrock <[email protected]>

codecov · 2023-03-16T20:49:18Z

Codecov Report

Merging #2722 (f26282c) into main (e2715fd) will not change coverage.
The diff coverage is n/a.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2722   +/-   ##
=======================================
  Coverage   49.21%   49.21%           
=======================================
  Files         158      158           
  Lines       11962    11962           
=======================================
  Hits         5887     5887           
  Misses       5706     5706           
  Partials      369      369

* 🌱 Bump gocloud.dev from 0.26.0 to 0.29.0 Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.26.0 to 0.29.0. - [Release notes](https://github.com/google/go-cloud/releases) - [Commits](google/go-cloud@v0.26.0...v0.29.0) --- updated-dependencies: - dependency-name: gocloud.dev dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Switch pubsubpb import path. See https://github.com/googleapis/google-cloud-go/blob/cf7063dc4d81c2c33e31724db518c24d8a344f6e/migration.md for more details. Signed-off-by: Spencer Schrock <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Spencer Schrock <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Schrock <[email protected]> Signed-off-by: Avishay <[email protected]>

…dency checks (#2779) * add nuget pinned dependency checks Signed-off-by: Avishay <[email protected]> * checks.yaml Signed-off-by: Avishay <[email protected]> * ✨ GitLab: Security Policy check (#2754) * Add tarballHandler for GitLab, enabling repo download Signed-off-by: Raghav Kaul <[email protected]> * Abstract OrgSecurityPolicy details to RepoClient instead of checker Signed-off-by: Raghav Kaul <[email protected]> * Remove Org() from RepoClient Signed-off-by: Raghav Kaul <[email protected]> * Rename Signed-off-by: Raghav Kaul <[email protected]> * Don't run as part of CI tests that depend on external sites Signed-off-by: Raghav Kaul <[email protected]> --------- Signed-off-by: Raghav Kaul <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump gocloud.dev from 0.26.0 to 0.29.0 (#2722) * 🌱 Bump gocloud.dev from 0.26.0 to 0.29.0 Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.26.0 to 0.29.0. - [Release notes](https://github.com/google/go-cloud/releases) - [Commits](google/go-cloud@v0.26.0...v0.29.0) --- updated-dependencies: - dependency-name: gocloud.dev dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Switch pubsubpb import path. See https://github.com/googleapis/google-cloud-go/blob/cf7063dc4d81c2c33e31724db518c24d8a344f6e/migration.md for more details. Signed-off-by: Spencer Schrock <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Spencer Schrock <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Schrock <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github/codeql-action from 2.2.6 to 2.2.7 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.6 to 2.2.7. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@16964e9...168b99b) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Avishay <[email protected]> * Remove unused code from changeset creation (#2776) Signed-off-by: Azeem Shaikh <[email protected]> Signed-off-by: Avishay <[email protected]> * 🐛 Pass proper commit depth to github checkrun handler. (#2777) Signed-off-by: Spencer Schrock <[email protected]> Signed-off-by: Avishay <[email protected]> * pr fixes Signed-off-by: Avishay <[email protected]> * ✨ Support for GitHub's internal integration (#2773) * update Signed-off-by: laurentsimon <[email protected]> * update Signed-off-by: laurentsimon <[email protected]> * update Signed-off-by: laurentsimon <[email protected]> * update Signed-off-by: laurentsimon <[email protected]> * update Signed-off-by: laurentsimon <[email protected]> * update Signed-off-by: laurentsimon <[email protected]> --------- Signed-off-by: laurentsimon <[email protected]> Signed-off-by: Avishay <[email protected]> * 🐛 Add tie breaker when sorting changesets by RevisionID in tests. (#2781) * Remove duplicate RevisionID collision from changeset tests. The map iteration order isn't deterministic and sorting the slices isn't good enough when the revision IDs are equal. Signed-off-by: Spencer Schrock <[email protected]> * remove any potential sha collisions Signed-off-by: Spencer Schrock <[email protected]> * Revert deduplications. Signed-off-by: Spencer Schrock <[email protected]> * Use ReviewPlatform as tie breaker. Signed-off-by: Spencer Schrock <[email protected]> --------- Signed-off-by: Spencer Schrock <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 enable fuzzing check in cron. (#2780) Signed-off-by: Spencer Schrock <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump tj-actions/changed-files from 35.7.0 to 35.7.6 (#2782) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.7.0 to 35.7.6. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@bd376fb...07f86bc) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump actions/checkout from 3.3.0 to 3.4.0 (#2767) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@ac59398...24cb908) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump golangci-lint and fix configuration file. (#2783) * Bump golangci-lint to v1.52.1 Signed-off-by: Spencer Schrock <[email protected]> * Remove deprecated linters. Signed-off-by: Spencer Schrock <[email protected]> * Configure errorlint to ignore wrapping multiple errors. We don't use golang 1.20 yet. Signed-off-by: Spencer Schrock <[email protected]> * extra go mod tidy to hide linter. Signed-off-by: Spencer Schrock <[email protected]> --------- Signed-off-by: Spencer Schrock <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.0 to 2.9.2 in /tools (#2787) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.0 to 2.9.2. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](onsi/ginkgo@v2.9.0...v2.9.2) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github/codeql-action from 2.2.7 to 2.2.8 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.7 to 2.2.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@168b99b...67a35a0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump actions/dependency-review-action from 3.0.3 to 3.0.4 (#2785) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.3 to 3.0.4. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@c090f4e...f46c48e) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🐛 Restore upload of existing raw result Big Query data (#2795) Signed-off-by: Spencer Schrock <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump tj-actions/changed-files from 35.7.6 to 35.7.7 (#2797) Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.7.6 to 35.7.7. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@07f86bc...db5dd7c) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Restore API quota metrics for the weekly cron job. (#2799) Signed-off-by: Spencer Schrock <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/golangci/golangci-lint in /tools (#2794) Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.52.1 to 1.52.2. - [Release notes](https://github.com/golangci/golangci-lint/releases) - [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md) - [Commits](golangci/golangci-lint@v1.52.1...v1.52.2) --- updated-dependencies: - dependency-name: github.com/golangci/golangci-lint dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump google.golang.org/protobuf in /tools (#2759) Signed-off-by: Avishay <[email protected]> * 🌱 Bump golang.org/x/tools from 0.6.0 to 0.7.0 (#2769) Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.81.0 (#2737) * 🌱 Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.81.0 Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.78.0 to 0.81.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](xanzy/go-gitlab@v0.78.0...v0.81.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump google.golang.org/protobuf to v1.30.0 to satisfy dependency analysis. Signed-off-by: Spencer Schrock <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Spencer Schrock <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Schrock <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump actions/stale from 6.0.1 to 8.0.0 (#2793) Bumps [actions/stale](https://github.com/actions/stale) from 6.0.1 to 8.0.0. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@5ebf00e...1160a22) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump actions/setup-go from 3.5.0 to 4.0.0 (#2757) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.5.0 to 4.0.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@6edd440...4d34df0) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump goreleaser/goreleaser-action from 4.1.0 to 4.2.0 (#2628) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4.1.0 to 4.2.0. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@8f67e59...f82d6c1) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/google/osv-scanner (#2803) Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.2.1-0.20230302232134-592acbc2539b to 1.3.0. - [Release notes](https://github.com/google/osv-scanner/releases) - [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md) - [Commits](https://github.com/google/osv-scanner/commits/v1.3.0) --- updated-dependencies: - dependency-name: github.com/google/osv-scanner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 (#2805) Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.1.0 to 2.2.0. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](bradleyfalzon/ghinstallation@v2.1.0...v2.2.0) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump cloud.google.com/go/pubsub from 1.28.0 to 1.30.0 (#2804) Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.28.0 to 1.30.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](googleapis/google-cloud-go@pubsub/v1.28.0...pubsub/v1.30.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/pubsub dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/goreleaser/goreleaser in /tools (#2770) Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.14.1 to 1.16.2. - [Release notes](https://github.com/goreleaser/goreleaser/releases) - [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml) - [Commits](goreleaser/goreleaser@v1.14.1...v1.16.2) --- updated-dependencies: - dependency-name: github.com/goreleaser/goreleaser dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump actions/checkout from 3.4.0 to 3.5.0 (#2800) Signed-off-by: Avishay <[email protected]> * 🌱 Bump github/codeql-action from 2.2.8 to 2.2.9 (#2802) Signed-off-by: Avishay <[email protected]> * 🌱 Bump tj-actions/changed-files from 35.7.7 to 35.7.8 (#2801) Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/moby/buildkit from 0.11.4 to 0.11.5 (#2809) Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.11.4 to 0.11.5. - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](moby/buildkit@v0.11.4...v0.11.5) --- updated-dependencies: - dependency-name: github.com/moby/buildkit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#2806) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.1.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@e38b190...80e868c) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/google/osv-scanner from 1.3.0 to 1.3.1 (#2810) Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/google/osv-scanner/releases) - [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md) - [Commits](google/osv-scanner@v1.3.0...v1.3.1) --- updated-dependencies: - dependency-name: github.com/google/osv-scanner dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/onsi/gomega from 1.27.0 to 1.27.6 (#2807) Signed-off-by: Avishay <[email protected]> * 🌱 Bump cloud.google.com/go/bigquery from 1.48.0 to 1.49.0 Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.48.0 to 1.49.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](googleapis/google-cloud-go@bigquery/v1.48.0...bigquery/v1.49.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/go-logr/logr from 1.2.3 to 1.2.4 (#2813) Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/go-logr/logr/releases) - [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md) - [Commits](go-logr/logr@v1.2.3...v1.2.4) --- updated-dependencies: - dependency-name: github.com/go-logr/logr dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump cloud.google.com/go/bigquery from 1.49.0 to 1.50.0 (#2818) Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.49.0 to 1.50.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](googleapis/google-cloud-go@bigquery/v1.49.0...bigquery/v1.50.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/bigquery dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump step-security/harden-runner from 2.2.1 to 2.3.0 (#2823) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.2.1 to 2.3.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@1f99358...03bee39) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/docker/docker in /tools (#2825) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.1+incompatible to 23.0.3+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v23.0.1...v23.0.3) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github/codeql-action from 2.2.9 to 2.2.11 (#2836) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.9 to 2.2.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@04df126...d186a2a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump tj-actions/changed-files from 35.7.8 to 35.7.12 Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.7.8 to 35.7.12. - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@e9b5807...b109d83) --- updated-dependencies: - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump sigstore/cosign-installer from 3.0.1 to 3.0.2 (#2842) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.1 to 3.0.2. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@c3667d9...9e9de22) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/xeipuuv/gojsonschema Bumps [github.com/xeipuuv/gojsonschema](https://github.com/xeipuuv/gojsonschema) from 0.0.0-20180618132009-1d523034197f to 1.2.0. - [Release notes](https://github.com/xeipuuv/gojsonschema/releases) - [Commits](https://github.com/xeipuuv/gojsonschema/commits/v1.2.0) --- updated-dependencies: - dependency-name: github.com/xeipuuv/gojsonschema dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Unit tests for checker result and request (#2844) Included tests for checker result and request Signed-off-by: naveensrinivasan <[email protected]> Signed-off-by: Avishay <[email protected]> * ✨ Consider haskell-actions/hlint-scan a code scanning action (#2846) * Add haskell-actions/hlint-scan as one of know GitHub actions which upload SARIF. Signed-off-by: Yoo Chung <[email protected]> * Test security-events permissions with actions known to upload SARIF. Signed-off-by: Yoo Chung <[email protected]> --------- Signed-off-by: Yoo Chung <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 (#2847) Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.2.0 to 2.3.0. - [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases) - [Commits](bradleyfalzon/ghinstallation@v2.2.0...v2.3.0) --- updated-dependencies: - dependency-name: github.com/bradleyfalzon/ghinstallation/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/otiai10/copy from 1.9.0 to 1.10.0 Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/otiai10/copy/releases) - [Commits](otiai10/copy@v1.9.0...v1.10.0) --- updated-dependencies: - dependency-name: github.com/otiai10/copy dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/goreleaser/goreleaser in /tools Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.16.2 to 1.17.0. - [Release notes](https://github.com/goreleaser/goreleaser/releases) - [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml) - [Commits](goreleaser/goreleaser@v1.16.2...v1.17.0) --- updated-dependencies: - dependency-name: github.com/goreleaser/goreleaser dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Add instructions to test cron controller + worker locally (#2817) * Add GitLab test repos. Signed-off-by: Spencer Schrock <[email protected]> * Add test GitLab projects to release controller. Signed-off-by: Spencer Schrock <[email protected]> * worker gitlab WIP Signed-off-by: Spencer Schrock <[email protected]> * Read config in worker. Signed-off-by: Spencer Schrock <[email protected]> * Use UTC time for shards. This avoids issues when the controller and worker timezones differ. Signed-off-by: Spencer Schrock <[email protected]> * update directions for gcs fake Signed-off-by: Spencer Schrock <[email protected]> * update readme Signed-off-by: Spencer Schrock <[email protected]> * Undo gitlab parts, which will be its own PR. Signed-off-by: Spencer Schrock <[email protected]> * Clarify project and config files are placeholders. Signed-off-by: Spencer Schrock <[email protected]> * remove accidentally added whitespace Signed-off-by: Spencer Schrock <[email protected]> * clarify code change with comment. Signed-off-by: Spencer Schrock <[email protected]> * Minor edits. Signed-off-by: Spencer Schrock <[email protected]> --------- Signed-off-by: Spencer Schrock <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump golang.org/x/tools from 0.7.0 to 0.8.0 (#2855) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.7.0 to 0.8.0. - [Release notes](https://github.com/golang/tools/releases) - [Commits](golang/tools@v0.7.0...v0.8.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Avishay <[email protected]> * 🌱 Bump codecov/codecov-action from 3.1.0 to 3.1.2 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.0 to 3.1.2. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@81cd2dc...40a12dc) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Avishay <[email protected]> * 📖 Fix broken links. (#2858) Signed-off-by: Yoo Chung <[email protected]> Signed-off-by: Avishay <[email protected]> * ✨ Detect fuzzing in Haskell by the presence of property tests. (#2843) * Add Haskell as a language. Signed-off-by: Yoo Chung <[email protected]> * Detect fuzzing in Haskell using presence of property-based testing. Signed-off-by: Yoo Chung <[email protected]> * Mention fuzzing detection for Haskell in documentation. Signed-off-by: Yoo Chung <[email protected]> * Fix pattern and test. Add test case. Signed-off-by: Yoo Chung <[email protected]> --------- Signed-off-by: Yoo Chung <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Unit tests for attestor policy (#2857) - Add tests for `GetRequiredChecksForPolicy` and `EvaluateResults` - Add checks for binary artifacts, vulnerabilities, unpinned dependencies, and code review [attestor/policy/attestation_policy_test.go] - Add `github.com/google/go-cmp/cmp` to imports - Add a test for `GetRequiredChecksForPolicy` - Add a test for `EvaluateResults` Signed-off-by: naveensrinivasan <[email protected]> Signed-off-by: Avishay <[email protected]> * 🌱 Bump github.com/xanzy/go-gitlab from 0.81.0 to 0.82.0 Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.81.0 to 0.82.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](xanzy/go-gitlab@v0.81.0...v0.82.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Avishay <[email protected]> * ✨ Use local files instead of search for SAST CodeQL check (#2839) * Look for codeQL action use with local files instead of search. Signed-off-by: Spencer Schrock <[email protected]> * Switch SAST mocks to using local file contents. Signed-off-by: Spencer Schrock <[email protected]> * Update e2e test Signed-off-by: Spencer Schrock <[email protected]> * Remove unneeded code. The tests deleted here were merged with another test in an earlier commit. Signed-off-by: Spencer Schrock <[email protected]> * update Signed-off-by: Spencer Schrock <[email protected]> * Add tests to get code coverage up. Signed-off-by: Spencer Schrock <[email protected]> --------- Signed-off-by: Spencer Schrock <[email protected]> Signed-off-by: Avishay <[email protected]> * .exe Signed-off-by: Avishay <[email protected]> * lint Signed-off-by: Avishay <[email protected]> * pr comments Signed-off-by: Avishay <[email protected]> --------- Signed-off-by: Avishay <[email protected]> Signed-off-by: Raghav Kaul <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Spencer Schrock <[email protected]> Signed-off-by: Azeem Shaikh <[email protected]> Signed-off-by: laurentsimon <[email protected]> Signed-off-by: naveensrinivasan <[email protected]> Signed-off-by: Yoo Chung <[email protected]> Signed-off-by: Avishay Balter <[email protected]> Co-authored-by: raghavkaul <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Spencer Schrock <[email protected]> Co-authored-by: Azeem Shaikh <[email protected]> Co-authored-by: laurentsimon <[email protected]> Co-authored-by: Naveen <[email protected]> Co-authored-by: Yoo Chung <[email protected]> Co-authored-by: Yoo Chung <[email protected]>

dependabot bot requested review from azeemshaikh38, justaugustus, laurentsimon, naveensrinivasan, spencerschrock and raghavkaul as code owners March 7, 2023 08:58

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Mar 7, 2023

dependabot bot temporarily deployed to integration-test March 7, 2023 08:58 Inactive

naveensrinivasan approved these changes Mar 7, 2023

View reviewed changes

dependabot bot force-pushed the dependabot/go_modules/gocloud.dev-0.29.0 branch from c82566f to 12bc91a Compare March 8, 2023 08:58

dependabot bot temporarily deployed to integration-test March 8, 2023 08:58 Inactive

dependabot bot force-pushed the dependabot/go_modules/gocloud.dev-0.29.0 branch from 12bc91a to c1bd9e4 Compare March 15, 2023 09:10

dependabot bot temporarily deployed to integration-test March 15, 2023 09:10 Inactive

dependabot bot force-pushed the dependabot/go_modules/gocloud.dev-0.29.0 branch from c1bd9e4 to 0f5fe4c Compare March 16, 2023 09:01

dependabot bot temporarily deployed to integration-test March 16, 2023 09:02 Inactive

spencerschrock had a problem deploying to integration-test March 16, 2023 17:47 — with GitHub Actions Failure

dependabot bot and others added 2 commits March 16, 2023 15:41

Switch pubsubpb import path.

f26282c

See https://github.com/googleapis/google-cloud-go/blob/cf7063dc4d81c2c33e31724db518c24d8a344f6e/migration.md for more details. Signed-off-by: Spencer Schrock <[email protected]>

naveensrinivasan force-pushed the dependabot/go_modules/gocloud.dev-0.29.0 branch from 2773aca to f26282c Compare March 16, 2023 20:41

naveensrinivasan temporarily deployed to integration-test March 16, 2023 20:42 — with GitHub Actions Inactive

spencerschrock merged commit 1f3f9ef into main Mar 17, 2023

spencerschrock deleted the dependabot/go_modules/gocloud.dev-0.29.0 branch March 17, 2023 17:16

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

🌱 Bump gocloud.dev from 0.26.0 to 0.29.0 #2722

🌱 Bump gocloud.dev from 0.26.0 to 0.29.0 #2722

dependabot bot commented on behalf of github Mar 7, 2023 •

edited

Loading

spencerschrock commented Mar 15, 2023

spencerschrock commented Mar 16, 2023

codecov bot commented Mar 16, 2023

🌱 Bump gocloud.dev from 0.26.0 to 0.29.0 #2722

🌱 Bump gocloud.dev from 0.26.0 to 0.29.0 #2722

Conversation

dependabot bot commented on behalf of github Mar 7, 2023 • edited Loading

v0.29.0

v0.28.0

v0.27.0

spencerschrock commented Mar 15, 2023

spencerschrock commented Mar 16, 2023

codecov bot commented Mar 16, 2023

Codecov Report

dependabot bot commented on behalf of github Mar 7, 2023 •

edited

Loading