Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump actions/setup-go from 4 to 5 #1027

Merged
merged 1 commit into from
Dec 7, 2023
Merged

Bump actions/setup-go from 4 to 5 #1027

merged 1 commit into from
Dec 7, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 7, 2023

Bumps actions/setup-go from 4 to 5.

Release notes

Sourced from actions/setup-go's releases.

v5.0.0

What's Changed

In scope of this release, we change Nodejs runtime from node16 to node20 (actions/setup-go#421). Moreover, we update some dependencies to the latest versions (actions/setup-go#445).

Besides, this release contains such changes as:

New Contributors

Full Changelog: actions/setup-go@v4...v5.0.0

v4.1.0

What's Changed

In scope of this release, slow installation on Windows was fixed by @​dsame in actions/setup-go#393 and OS version was added to primaryKey for Ubuntu runners to avoid conflicts (actions/setup-go#383)

This release also includes the following changes:

New Contributors

Full Changelog: actions/setup-go@v4...v4.1.0

v4.0.1

What's Changed

New Contributors

Full Changelog: actions/setup-go@v4...v4.0.1

Commits
  • 0c52d54 Update dependencies for node20 (#445)
  • bfd2fb3 Merge pull request #421 from chenrui333/node20-runtime
  • 3d65fa5 feat: bump to use actions/checkout@v4
  • 8a505c9 feat: bump to use node20 runtime
  • 883490d Merge pull request #417 from artemgavrilov/main
  • d45ebba Rephrase sentence
  • 317c661 Replace wildcards term with globs.
  • f90673a Merge pull request #1 from artemgavrilov/caching-docs-improvement
  • 8018234 Improve documentation regarding dependencies cachin
  • d085b4f Merge pull request #411 from galargh/fix/windows-hostedtoolcache
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump actions/setup-go from 4 to 5
d27f9e2 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies github_actions Pull requests that update GitHub Actions code labels Dec 7, 2023
@codecov Codecov
Copy link

codecov bot commented Dec 7, 2023

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (d809cc5) 72.27% compared to head (d27f9e2) 72.27%.

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop/v2    #1027   +/-   ##
===========================================
  Coverage       72.27%   72.27%           
===========================================
  Files              93       93           
  Lines           13844    13844           
===========================================
  Hits            10006    10006           
  Misses           3021     3021           
  Partials          817      817

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@lestrrat lestrrat merged commit 3b41954 into develop/v2 Dec 7, 2023
35 checks passed
@lestrrat lestrrat deleted the dependabot/github_actions/develop/v2/actions/setup-go-5 branch December 7, 2023 23:29
lestrrat added a commit that referenced this pull request Jan 9, 2024
@lestrrat @dependabot
@sding3 @frestr
v2.0.19 (#1051)
d69a721 
* Bump golang.org/x/crypto from 0.14.0 to 0.15.0

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.15.0.
- [Commits](golang/crypto@v0.14.0...v0.15.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Run gazelle-update-repos

* Add jwe.WithCEK (#1011)

* Add jwe.WithCEK

* Allow using a static CEK via EncryptStatic

* appease linter

* Update go.sum

* Docs

* Update generated options

* Add test

* clarify when jwk.Set.RemoveKey can return error (#1015)

* Remove signer instance upon call to jws.UnregisterSigner (#1017)

* Delete signer instance upon call to jws.UnregisterSigner

* Update Changes

* Tweak documentation (#1018)

* Bump golang.org/x/crypto from 0.15.0 to 0.16.0 (#1020)

* Bump golang.org/x/crypto from 0.15.0 to 0.16.0

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.15.0 to 0.16.0.
- [Commits](golang/crypto@v0.15.0...v0.16.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Run bazel and tidy

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daisuke Maki <[email protected]>

* Merge pull request from GHSA-7f9x-gw85-8grf

* Update Changes

* Appease linter

* fix deps.bzl

* Bump actions/setup-go from 4 to 5 (#1027)

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/stale from 8 to 9 (#1029)

Bumps [actions/stale](https://github.com/actions/stale) from 8 to 9.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@v8...v9)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Merge #1044 (#1045)

* update all dependencies 12/19/2023

* Run gazelle-update-repos

---------

Co-authored-by: Nathan Lacey <[email protected]>

* Update go version in go.mod to go1.18, which matches CI (#1046)

* Bump github/codeql-action from 2 to 3 (#1031)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add jws.IsVerificationError (#1049)

* Add jws.IsVerificationError

* tweak document

* Merge pull request from GHSA-pvcr-v8j8-j5q3

* Add tests for empty protected headers

* check for sig.protected == nil

* Add one more case for missing protected headers in compact form

* Update Changes

* JWS: Check for sig.protected == nil on non-flattened input

---------

Co-authored-by: Fredrik Strupe <[email protected]>

* Update Changes

* fix typo

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shang Jian Ding <[email protected]>
Co-authored-by: Nathan Lacey <[email protected]>
Co-authored-by: Fredrik Strupe <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies github_actions Pull requests that update GitHub Actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@lestrrat