Update github actions

Open renovate[bot] opened this issue 3 years ago • 1 comments

This PR contains the following updates:

Package	Type	Update	Change
actions/setup-go	action	minor	`v3.2.1` -> `v3.3.0`
golang (source)		minor	`1.18.4` -> `1.19.1`
golangci/golangci-lint		minor	`v1.46.2` -> `v1.49.0`
goreleaser/goreleaser		minor	`v1.10.2` -> `v1.11.4`
securego/gosec	action	minor	`v2.12.0` -> `v2.13.1`

Release Notes

actions/setup-go

`v3.3.0`

Compare Source

This release introduces support for architecture input for setup-go action #253. It also adds support for arm32 architecture for self-hosted runners. If architecture is not provided action will use default runner architecture. Example of usage:

steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
  with:
   go-version: '1.16'
   architecture: arm

This release also provides fix for issue #241. #250 adds support for using explicit filename for Windows which is necessary to satisfy Expand-Archive's requirement on .zip extension.

golang/go

`v1.19.1`

`v1.19.0`

`v1.18.6`

`v1.18.5`

golangci/golangci-lint

`v1.49.0`

Compare Source

IMPORTANT: varcheck and deadcode has been removed of default linters.

new linters
- interfacebloat: https://github.com/sashamelentyev/interfacebloat
- logrlint: https://github.com/timonwong/logrlint
- reassign: https://github.com/curioswitch/go-reassign
updated linters
- go-colorable: from 0.1.12 to 0.1.13
- go-critic: from 0.6.3 to 0.6.4
- go-errorlint: from 1.0.0 to 1.0.2
- go-exhaustruct: from 2.2.2 to 2.3.0
- gopsutil: from 3.22.6 to 3.22.7
- gosec: from 2.12.0 to 2.13.1
- revive: from 1.2.1 to 1.2.3
- usestdlibvars: from 1.8.0 to 1.13.0
- contextcheck: from v1.0.4 to v1.0.6 && re-enable
- nosnakecase: This linter is deprecated.
- varcheck: This linter is deprecated use unused instead.
- deadcode: This linter is deprecated use unused instead.
- structcheck: This linter is deprecated use unused instead.
documentation
- revive: fix wrong URL
- Add a section about default exclusions
- usestdlibvars: fix typo in documentation
- nolintlint: remove allow-leading-space option
- Update documentation and assets
misc.
- dev: rewrite the internal tests framework
- fix: exit early on run --version
- fix: set an explicit GOROOT in the Docker image for go-critic

`v1.48.0`

Compare Source

new linters
- usestdlibvars:https://github.com/sashamelentyev/usestdlibvars
updated linters
- contextcheck: disable linter
- errcheck: from 1.6.1 to 1.6.2
- gci: add missing custom-order setting
- gci: from 0.5.0 to 0.6.0
- ifshort: deprecate linter
- nolint: drop allow-leading-space option and add "nolint:all"
- revgrep: bump to HEAD
documentation
- remove outdated info on source install
misc
- go1.19 support

`v1.47.3`

Compare Source

updated linters:
- remove some go1.18 limitations
- asasalint: from 0.0.10 to 0.0.11
- decorder: from 0.2.2 to v0.2.3
- gci: fix panic with invalid configuration option
- gci: from 0.4.3 to v0.5.0
- go-exhaustruct: from 2.2.0 to 2.2.2
- gomodguard: from 1.2.3 to 1.2.4
- nosnakecase: from 1.5.0 to 1.7.0
- honnef.co/go/tools: from 0.3.2 to v0.3.3
misc
- cgo: fix linters ignoring CGo files

`v1.47.2`

Compare Source

updated linters:
- revive: ignore slow rules

`v1.47.1`

Compare Source

updated linters:
- gci: from 0.4.2 to 0.4.3
- gci: remove the use of stdin
- gci: fix options display
- tenv: from 1.6.0 to 1.7.0
- unparam: bump to HEAD

`v1.47.0`

Compare Source

new linters:
- asasalint: https://github.com/alingse/asasalint
- nosnakecase: https://github.com/sivchari/nosnakecase
updated linters:
- decorder: from 0.2.1 to 0.2.2
- errcheck: from 1.6.0 to 1.6.1
- errname: from 0.1.6 to 0.1.7
- exhaustive: from 0.7.11 to 0.8.1
- gci: fix issues and re-enable autofix
- gci: from 0.3.4 to 0.4.2
- go-exhaustruct: from 2.1.0 to 2.2.0
- go-ruleguard: from 0.3.19 to 0.3.21
- gocognit: from 1.0.5 to 1.0.6
- gocyclo: from 0.5.1 to 0.6.0
- golang.org/x/tools: bump to HEAD
- gosec: allow global config
- gosec: from 2.11.0 to 2.12.0
- nonamedreturns: from 1.0.1 to 1.0.4
- paralleltest: from 1.0.3 to 1.0.6
- staticcheck: fix generics
- staticcheck: from 0.3.1 to 0.3.2
- tenv: from 1.5.0 to 1.6.0
- testpackage: from 1.0.1 to 1.1.0
- thelper: from 0.6.2 to 0.6.3
- wrapcheck: from 2.6.1 to 2.6.2
documentation:
- add thanks page
- add a clear explanation about the staticcheck integration.
- depguard: add ignore-file-rules
- depguard: adjust phrasing
- gocritic: add enable and disable ruleguard settings
- gomnd: fix typo
- gosec: add configs for all existing rules
- govet: add settings for shadow and unusedresult
- thelper: add fuzz config and description
- linters: add defaults

goreleaser/goreleaser

`v1.11.4`

Compare Source

Changelog

Bug fixes

36a48ea: fix: binary archive when multiple builds (#3385) (@caarlos0)

Documentation updates

7ea12d2: docs: clarify build docs a bit (@caarlos0)
c196592: docs: improve wording/formatting in several places (#3384) (@caarlos0)

Full Changelog: https://github.com/goreleaser/goreleaser/compare/v1.11.3...v1.11.4

What to do next?

Read the documentation
Check out the GoReleaser Pro distribution
Join our Discord server
Follow us on Twitter

`v1.11.3`

Compare Source

Changelog

Bug fixes

0ea3e0f: fix: build --single-target when using specific targets (#3381) (@caarlos0)
89978a2: fix: fish completions path on nfpm (#3375) (@caarlos0)
707747d: fix: print release url after publishing it (#3374) (@caarlos0)
da05701: fix: race condition on logs (@caarlos0)
8cb4eb1: fix: ruleguard and semgrep scans and fixes (#3364) (@caarlos0)
2244bba: fix: templates in release URLs (#3365) (@caarlos0)
69e9b2b: fix: update cosign in docker img to 1.12.0 (#3379) (@caarlos0)
6606eec: fix: yaml-lang-server modelines in init config (#3376) (@caarlos0)

Dependency updates

4afcbe2: fix(deps): bump github.com/caarlos0/env/v6 from 6.10.0 to 6.10.1 (#3372) (@dependabot[bot])
ad330ce: fix(deps): bump github.com/disgoorg/disgo from 0.13.17 to 0.13.20 (#3377) (@dependabot[bot])
8a36f2e: fix(deps): bump github.com/slack-go/slack from 0.11.2 to 0.11.3 (#3369) (@dependabot[bot])
c7bb924: fix(deps): bump golang from 1.19.0-alpine to 1.19.1-alpine (#3355) (@dependabot[bot])

Documentation updates

826944d: docs: add COSIGN_EXPERIMENTAL=1 for verify-blob (#3378) (@developer-guy)
1830126: docs: add eula and linkedin to links (@caarlos0)
a8403f2: docs: improve actions docs (@caarlos0)
1c96e11: docs: improve links page (@caarlos0)
b8a225b: docs: improve monorepo docs (@caarlos0)
dbc32c2: docs: improve sponsors page (@caarlos0)
45387f5: docs: insert missing word (#3352) (@NiloCK)
7bb7ed6: docs: update readme (@caarlos0)
61f586e: docs: version recent changes (#3367) (@caarlos0)
cb68678: docs: why we made it, is it any good, video, etc (@caarlos0)

Full Changelog: https://github.com/goreleaser/goreleaser/compare/v1.11.2...v1.11.3

What to do next?

Read the documentation
Check out the GoReleaser Pro distribution
Join our Discord server
Follow us on Twitter

`v1.11.2`

Compare Source

Changelog

Bug fixes

efdba10: fix: guard changelog commit abbrev behind config (#3349) (@caarlos0)

Documentation updates

e31f780: docs: update schema (@caarlos0)

Full Changelog: https://github.com/goreleaser/goreleaser/compare/v1.11.1...v1.11.2

What to do next?

Read the documentation
Check out the GoReleaser Pro distribution
Join our Discord server
Follow us on Twitter

`v1.11.1`

Compare Source

Changelog

Documentation updates

999cf91: docs: improved wording in many places (@caarlos0)

Full Changelog: https://github.com/goreleaser/goreleaser/compare/v1.11.0...v1.11.1

What to do next?

Read the documentation
Check out the GoReleaser Pro distribution
Join our Discord server
Follow us on Twitter

`v1.11.0`

Compare Source

Changelog

New Features

ee17c95: feat(ci): compile with go 1.19 (#3278) (@caarlos0)
a31b4aa: feat: ArtifactExt as a template field (@caarlos0)
e67975e: feat: add extra files to source archives (#3102) (@caarlos0)
fac8135: feat: add fig autocomplete support (#3329) (@dirien)
42eaf08: feat: add split tmpl function (#3293) (@andig)
5a43334: feat: allow to skip scm release uploads (#3282) (@caarlos0)
6d000e5: feat: allow to specify version of brew deps (#3319) (@caarlos0)
95bba02: feat: delay github tag creation (#3330) (@caarlos0)
5cfc78d: feat: gitlab option to use_job_token (#2993) (@caarlos0)
042c638: feat: login into gitlab registry (#3296) (@caarlos0)
53ed816: feat: mTLS with client certificate (#3302) (@scr-oath)
3f60327: feat: nfpm changelog support (#3309) (@caarlos0)
797a1cc: feat: release with target_commitish in another repo (@caarlos0)
08e7038: feat: remove gofish (#3312) (@caarlos0)
aeccdb6: feat: replace existing draft releases on github (#3318) (@caarlos0)
4da595e: feat: strip_parent_binary_folder (#3261) (@caarlos0)
06d0ce0: feat: support goarch=loong64 (#3277) (@caarlos0)
fa61448: feat: support provides field in nfpm config (@caarlos0)
a7c6b14: feat: termux.deb (#3333) (@caarlos0)

Bug fixes

817369a: fix(grype): ignore testdata (#3331) (@caarlos0)
ffb31b4: fix(grype): ignore unfixed vulns (@caarlos0)
d630605: fix: brew style (#3274) (@caarlos0)
102ac7e: fix: changelog empty lines between sections (@caarlos0)
d22d67d: fix: clarifying build --single-target (@caarlos0)
2fecd94: fix: do not push snaps concurrently (#3295) (@caarlos0)
c83663c: fix: eventual race condition in artifacts (#3310) (@caarlos0)
5759d7f: fix: git safe directory (@caarlos0)
fe32842: fix: github changeloger should use short commits (@caarlos0)
1a54007: fix: improve error message (@caarlos0)
ff0eeac: fix: improve tar error handling (@caarlos0)
ebd2afd: fix: jsonschema (@caarlos0)
ce264f1: fix: jsonschema (@caarlos0)
abe63e3: fix: log deleted draft release (@caarlos0)
85cb047: fix: run gitleaks and grype on prs (#3332) (@caarlos0)
d7acf21: fix: source archive add subfolders (#3343) (@caarlos0)
fb89f6a: fix: temporary revert jsonschema update (@caarlos0)
ed42de3: fix: typo (@caarlos0)

Dependency updates

4f5666b: feat(deps): bump github.com/caarlos0/ctrlc from 1.1.0 to 1.2.0 (#3316) (@dependabot[bot])
7ed4197: feat(deps): bump github.com/caarlos0/env/v6 from 6.9.3 to 6.10.0 (#3338) (@dependabot[bot])
db373b2: feat(deps): bump github.com/disgoorg/disgo from 0.13.16 to 0.13.17 (#3341) (@dependabot[bot])
c70d6d4: feat(deps): bump github.com/goreleaser/nfpm/v2 from 2.16.0 to 2.17.0 (#3267) (@dependabot[bot])
1bbcc39: feat(deps): bump github.com/invopop/jsonschema from 0.5.0 to 0.6.0 (#3286) (@dependabot[bot])
e431da4: feat(deps): bump github.com/slack-go/slack from 0.11.0 to 0.11.2 (#3252) (@dependabot[bot])
3007b4e: feat(deps): bump github.com/xanzy/go-gitlab from 0.68.2 to 0.70.0 (#3275) (@dependabot[bot])
1dd03ce: feat(deps): bump github.com/xanzy/go-gitlab from 0.70.0 to 0.71.0 (#3298) (@dependabot[bot])
db142ac: feat(deps): bump github.com/xanzy/go-gitlab from 0.71.0 to 0.72.0 (#3304) (@dependabot[bot])
3729f1e: feat(deps): bump github.com/xanzy/go-gitlab from 0.72.0 to 0.73.0 (#3335) (@dependabot[bot])
ffe7c2c: feat(deps): bump github.com/xanzy/go-gitlab from 0.73.0 to 0.73.1 (#3342) (@dependabot[bot])
2054f74: feat(deps): bump gocloud.dev from 0.24.0 to 0.26.0 (#3287) (@dependabot[bot])
171f532: feat(deps): bump golang from 1.18.4-alpine to 1.18.5-alpine (#3276) (@dependabot[bot])
631003e: feat(deps): bump golang from 1.18.5-alpine to 1.19.0-alpine (#3281) (@dependabot[bot])
f712302: feat(deps): bump golang from 0e78fc1 to f8e128f (#3288) (@dependabot[bot])
daf88f6: feat(deps): bump golang from d84b1ff to af22f4a (#3264) (@dependabot[bot])
1be5bae: feat(deps): bump golang from f8e128f to 0eb08c8 (#3301) (@dependabot[bot])
fcc1856: feat(deps): update caarlos0/log (@caarlos0)
4a67c76: feat(deps): update cosign to 1.11.1 (@caarlos0)
6183c3f: feat(deps): update discord webhook library (#3320) (@TopiSenpai)
a1e681c: feat(deps): update github to v46 (#3326) (@caarlos0)
0325b04: feat(deps): update go-github to v47 (@caarlos0)
aa12ad0: feat(deps): update nfpm to latest patch (@caarlos0)
66e863d: feat(deps): update nfpm to v2.18.0 (#3311) (@caarlos0)

Documentation updates

224a4f5: docs: AUR publish is skipped if git url is empty (#3279) (@rfay)
bcdb7e6: docs: clarify dir (@caarlos0)
a7789f1: docs: clarify some azure pipelines info (@caarlos0)
6708031: docs: improve wording on archive (@caarlos0)
94ed9e9: docs: schema update (@caarlos0)
2038281: docs: schema update (@caarlos0)
d853ee2: docs: schema update (@caarlos0)
31d0e54: docs: schema update (@caarlos0)
e1849f1: docs: sync with pro (@caarlos0)
a05b776: docs: typo fixes (@caarlos0)
eb83d0d: docs: update (@caarlos0)
2096b56: docs: update (@caarlos0)
bb4bbde: docs: update (@caarlos0)
0097524: docs: update (@caarlos0)
c9a9916: docs: update install page (@caarlos0)
7f04e4d: docs: update jsonschema (@caarlos0)
e51eab7: docs: update schema (@caarlos0)
46e9db4: docs: update schema (@caarlos0)

Other work

05b3fbd: refactor: make it easier to merge (@caarlos0)

Full Changelog: https://github.com/goreleaser/goreleaser/compare/v1.10.3...v1.11.0

What to do next?

Read the documentation
Check out the GoReleaser Pro distribution
Join our Discord server
Follow us on Twitter

`v1.10.3`

Compare Source

Changelog

Bug fixes

315935a: fix(archive): always strip parent if set (#3256) (@caarlos0)
6fdb41f: fix: jsonschema (@caarlos0)
7f2b50b: fix: jsonschema (@caarlos0)
bc1e9db: fix: support ios/arm64 (@caarlos0)

Dependency updates

dccce66: feat(deps): bump golang from 1.18.3-alpine to 1.18.4-alpine (#3237) (@dependabot[bot])
0a30706: feat(deps): bump golang from c9a9074 to d84b1ff (#3253) (@dependabot[bot])
5e0f345: feat(deps): update cosign to 1.10.0 (#3247) (@caarlos0)

Documentation updates

7aeebb1: docs: remove beta warning from docker manifests feature (@caarlos0)
999ca7a: docs: schema update (@caarlos0)

Other work

236e987: refactor(build): remove unused param (#3248) (@caarlos0)

Full Changelog: https://github.com/goreleaser/goreleaser/compare/v1.10.2...v1.10.3

What to do next?

Read the documentation
Check out the GoReleaser Pro distribution
Join our Discord server
Follow us on Twitter

securego/gosec

`v2.13.1`

Compare Source

Changelog

19fa856 fix: make sure that nil Cwe pointer is handled when getting the CWE ID
62fa4b4 test: remove white spaces from template
074dc71 fix: handle nil CWE pointer in text template

`v2.13.0`

Compare Source

Changelog

79a5b13 chore(deps): update dependency babel-standalone to v7
97f03d9 chore: update module go to 1.19
0ba05e1 chore: fix lint warnings
d3933f9 chore: add support for Go 1.19
4e68fb5 fix: parsing of the Go version (#844)
0c8e63e Detect use of net/http functions that have no support for setting timeouts (#842)
6a26c23 Refactor SQL rules for better extensibility (#841)
1b0873a chore(deps): update module golang.org/x/tools to v0.1.12 (#840)
845483e Fix lint warning
45bf9a6 Check the suppressed issues when generating the exit code
a5982fb Fix for G402. Check package path instead of package name (#838)
ea6d49d fix G204 bugs (#835)
21fcd2f Phase out support for Go 1.16 since is not supported anymore by Go team (#837)
3cda47a chore(deps): update all dependencies (#836)
0212c83 chore(deps): update dependency highlight.js to v11.6.0 (#830)
9a25f4e fix: filepaths with git anywhere in them being erroneously excluded (#828)
602ced7 Fix wrong location for G109 (#829)
7dd9ddd chore(deps): update golang.org/x/crypto digest to 0559593 (#826)
b0f3e78 fix ReadTimeout for G112 rule
05f3ca8 Pin cosign-installer to v2 (#824)

Configuration

📅 Schedule: Branch creation - "before 2am" in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

[ ] If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Mend Renovate. View repository job log here.

Jul 19 '22 01:07 renovate[bot]

The lint issues are due to the deprecation of ioutil in Go 1.19

Here's a PR that fixes the deprecations https://github.com/timescale/promscale/pull/1619 we should merge it first and then rebase. That will solve the lint issues and the upgrade_test that were fixed on another PR that's already in master.

Sep 05 '22 13:09 alejandrodnm