Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🌱 Bump cloud.google.com/go/pubsub from 1.28.0 to 1.30.0 #2804

Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 29, 2023

Bumps cloud.google.com/go/pubsub from 1.28.0 to 1.30.0.

Release notes

Sourced from cloud.google.com/go/pubsub's releases.

pubsub: v1.30.0

1.30.0 (2023-03-22)

Features

  • pubsub: Update iam and longrunning deps (91a1f78)

Bug Fixes

  • pubsub: Check response of receipt modacks for exactly once delivery (#7568) (94d0408)

storage: v1.30.0

1.30.0 (2023-03-15)

Features

  • storage/internal: Update routing annotation for CreateBucketRequest docs: Add support for end-to-end checksumming in the gRPC WriteObject flow feat!: BREAKING CHANGE - renaming Notification to NotificationConfig (2fef56f)
  • storage: Json downloads (#7158) (574a86c)
  • storage: Update iam and longrunning deps (91a1f78)

Bug Fixes

  • storage: Specify credentials with STORAGE_EMULATOR_HOST (#7271) (940ae15)

pubsub: v1.29.0

1.29.0 (2023-03-13)

Features

  • pubsub: Add google.api.method.signature to update methods (aeb6fec)
  • pubsub: Add REST client (06a54a1)
  • pubsub: Add schema evolution methods and fields (ee41485)
  • pubsub: Add support for schema revisions (#7295) (369b16f)
  • pubsub: Add temporary_failed_ack_ids to ModifyAckDeadlineConfirmation (aeb6fec)
  • pubsub: Make INTERNAL a retryable error for Pull (aeb6fec)

Bug Fixes

  • pubsub/pstest: Fix panic on undelivered message (#7377) (98dd29d)
  • pubsub: Allow updating topic schema fields individually (#7362) (f09e059)
  • pubsub: Dont compare revision fields in schema config test (#7317) (e364f7a)
  • pubsub: Fix bug with AckWithResult with exactly once disabled (#7319) (c88fbdf)
  • pubsub: Pipe revision ID in name in DeleteSchemaRevision (#7519) (e211635)

... (truncated)

Commits
  • 27944ca chore(main): release pubsub 1.30.0 (#7556)
  • d92e977 chore(firestore): removed redundant region tags. (#7614)
  • 94d0408 fix(pubsub): check response of receipt modacks for exactly once delivery (#7568)
  • 3c27930 chore: release main (#7559)
  • 888e3b4 chore(all): auto-regenerate gapics (#7609)
  • 2b7bb66 feat(bigquery/reservation): add edition/autoscale related fields (#7608)
  • c316201 feat(edgecontainer): promote to GA (#7612)
  • a923de9 chore(gapicgen): fix omit-snippets (#7611)
  • 75e992d chore(storage): add idempotency header (#7602)
  • c967961 feat(bigquery/migration): Add request_source field and update formatting (#7586)
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 29, 2023
@dependabot dependabot bot requested a review from laurentsimon as a code owner March 29, 2023 08:59
@dependabot dependabot bot added the go Pull requests that update Go code label Mar 29, 2023
@spencerschrock
Copy link
Member

@dependabot rebase

Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.28.0 to 1.30.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@pubsub/v1.28.0...pubsub/v1.30.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/cloud.google.com/go/pubsub-1.30.0 branch from c2b2fd3 to f4cef29 Compare March 30, 2023 02:02
@dependabot dependabot bot temporarily deployed to integration-test March 30, 2023 02:02 Inactive
@codecov
Copy link

codecov bot commented Mar 30, 2023

Codecov Report

Merging #2804 (f4cef29) into main (4626c27) will not change coverage.
The diff coverage is n/a.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #2804   +/-   ##
=======================================
  Coverage   49.21%   49.21%           
=======================================
  Files         158      158           
  Lines       11967    11967           
=======================================
  Hits         5889     5889           
  Misses       5709     5709           
  Partials      369      369           

@spencerschrock spencerschrock merged commit ef16fd8 into main Mar 30, 2023
@spencerschrock spencerschrock deleted the dependabot/go_modules/cloud.google.com/go/pubsub-1.30.0 branch March 30, 2023 02:15
balteravishay pushed a commit to balteravishay/scorecard that referenced this pull request Apr 13, 2023
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.28.0 to 1.30.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@pubsub/v1.28.0...pubsub/v1.30.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
balteravishay pushed a commit to balteravishay/scorecard that referenced this pull request Apr 14, 2023
Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.28.0 to 1.30.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@pubsub/v1.28.0...pubsub/v1.30.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>
laurentsimon added a commit that referenced this pull request Apr 17, 2023
…dency checks (#2779)

* add nuget pinned dependency checks

Signed-off-by: Avishay <avishay.balter@gmail.com>

* checks.yaml

Signed-off-by: Avishay <avishay.balter@gmail.com>

* ✨ GitLab: Security Policy check (#2754)

* Add tarballHandler for GitLab, enabling repo download

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Abstract OrgSecurityPolicy details to RepoClient instead of checker

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Remove Org() from RepoClient

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Rename

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

* Don't run as part of CI tests that depend on external sites

Signed-off-by: Raghav Kaul <raghavkaul@google.com>

---------

Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump gocloud.dev from 0.26.0 to 0.29.0 (#2722)

* 🌱 Bump gocloud.dev from 0.26.0 to 0.29.0

Bumps [gocloud.dev](https://github.com/google/go-cloud) from 0.26.0 to 0.29.0.
- [Release notes](https://github.com/google/go-cloud/releases)
- [Commits](google/go-cloud@v0.26.0...v0.29.0)

---
updated-dependencies:
- dependency-name: gocloud.dev
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Switch pubsubpb import path.

See https://github.com/googleapis/google-cloud-go/blob/cf7063dc4d81c2c33e31724db518c24d8a344f6e/migration.md for more details.

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump github/codeql-action from 2.2.6 to 2.2.7

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.6 to 2.2.7.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@16964e9...168b99b)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* Remove unused code from changeset creation (#2776)

Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🐛 Pass proper commit depth to github checkrun handler. (#2777)

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* pr fixes

Signed-off-by: Avishay <avishay.balter@gmail.com>

* ✨ Support for GitHub's internal integration (#2773)

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🐛 Add tie breaker when sorting changesets by RevisionID in tests. (#2781)

* Remove duplicate RevisionID collision from changeset tests.

The map iteration order isn't deterministic and sorting the slices isn't good enough when the revision IDs are equal.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* remove any potential sha collisions

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Revert deduplications.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Use ReviewPlatform as tie breaker.

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 enable fuzzing check in cron. (#2780)

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump tj-actions/changed-files from 35.7.0 to 35.7.6 (#2782)

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.7.0 to 35.7.6.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@bd376fb...07f86bc)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump actions/checkout from 3.3.0 to 3.4.0 (#2767)

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@ac59398...24cb908)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump golangci-lint and fix configuration file. (#2783)

* Bump golangci-lint to v1.52.1

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Remove deprecated linters.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Configure errorlint to ignore wrapping multiple errors.

We don't use golang 1.20 yet.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* extra go mod tidy to hide linter.

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump github.com/onsi/ginkgo/v2 from 2.9.0 to 2.9.2 in /tools (#2787)

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.9.0 to 2.9.2.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](onsi/ginkgo@v2.9.0...v2.9.2)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump github/codeql-action from 2.2.7 to 2.2.8

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.7 to 2.2.8.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@168b99b...67a35a0)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump actions/dependency-review-action from 3.0.3 to 3.0.4 (#2785)

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@c090f4e...f46c48e)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🐛 Restore upload of existing raw result Big Query data (#2795)

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump tj-actions/changed-files from 35.7.6 to 35.7.7 (#2797)

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.7.6 to 35.7.7.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@07f86bc...db5dd7c)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Restore API quota metrics for the weekly cron job. (#2799)

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump github.com/golangci/golangci-lint in /tools (#2794)

Bumps [github.com/golangci/golangci-lint](https://github.com/golangci/golangci-lint) from 1.52.1 to 1.52.2.
- [Release notes](https://github.com/golangci/golangci-lint/releases)
- [Changelog](https://github.com/golangci/golangci-lint/blob/master/CHANGELOG.md)
- [Commits](golangci/golangci-lint@v1.52.1...v1.52.2)

---
updated-dependencies:
- dependency-name: github.com/golangci/golangci-lint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump google.golang.org/protobuf in /tools (#2759)

Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump golang.org/x/tools from 0.6.0 to 0.7.0 (#2769)

Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.81.0 (#2737)

* 🌱 Bump github.com/xanzy/go-gitlab from 0.78.0 to 0.81.0

Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.78.0 to 0.81.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases)
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go)
- [Commits](xanzy/go-gitlab@v0.78.0...v0.81.0)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump google.golang.org/protobuf to v1.30.0 to satisfy dependency analysis.

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump actions/stale from 6.0.1 to 8.0.0 (#2793)

Bumps [actions/stale](https://github.com/actions/stale) from 6.0.1 to 8.0.0.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@5ebf00e...1160a22)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump actions/setup-go from 3.5.0 to 4.0.0 (#2757)

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.5.0 to 4.0.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@6edd440...4d34df0)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump goreleaser/goreleaser-action from 4.1.0 to 4.2.0 (#2628)

Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](goreleaser/goreleaser-action@8f67e59...f82d6c1)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump github.com/google/osv-scanner (#2803)

Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.2.1-0.20230302232134-592acbc2539b to 1.3.0.
- [Release notes](https://github.com/google/osv-scanner/releases)
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google/osv-scanner/commits/v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 (#2805)

Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.1.0 to 2.2.0.
- [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases)
- [Commits](bradleyfalzon/ghinstallation@v2.1.0...v2.2.0)

---
updated-dependencies:
- dependency-name: github.com/bradleyfalzon/ghinstallation/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump cloud.google.com/go/pubsub from 1.28.0 to 1.30.0 (#2804)

Bumps [cloud.google.com/go/pubsub](https://github.com/googleapis/google-cloud-go) from 1.28.0 to 1.30.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@pubsub/v1.28.0...pubsub/v1.30.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/pubsub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump github.com/goreleaser/goreleaser in /tools (#2770)

Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.14.1 to 1.16.2.
- [Release notes](https://github.com/goreleaser/goreleaser/releases)
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml)
- [Commits](goreleaser/goreleaser@v1.14.1...v1.16.2)

---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump actions/checkout from 3.4.0 to 3.5.0 (#2800)

Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump github/codeql-action from 2.2.8 to 2.2.9 (#2802)

Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump tj-actions/changed-files from 35.7.7 to 35.7.8 (#2801)

Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump github.com/moby/buildkit from 0.11.4 to 0.11.5 (#2809)

Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.11.4 to 0.11.5.
- [Release notes](https://github.com/moby/buildkit/releases)
- [Commits](moby/buildkit@v0.11.4...v0.11.5)

---
updated-dependencies:
- dependency-name: github.com/moby/buildkit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#2806)

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@e38b190...80e868c)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump github.com/google/osv-scanner from 1.3.0 to 1.3.1 (#2810)

Bumps [github.com/google/osv-scanner](https://github.com/google/osv-scanner) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/google/osv-scanner/releases)
- [Changelog](https://github.com/google/osv-scanner/blob/main/CHANGELOG.md)
- [Commits](google/osv-scanner@v1.3.0...v1.3.1)

---
updated-dependencies:
- dependency-name: github.com/google/osv-scanner
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump github.com/onsi/gomega from 1.27.0 to 1.27.6 (#2807)

Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump cloud.google.com/go/bigquery from 1.48.0 to 1.49.0

Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.48.0 to 1.49.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@bigquery/v1.48.0...bigquery/v1.49.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump github.com/go-logr/logr from 1.2.3 to 1.2.4 (#2813)

Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 1.2.3 to 1.2.4.
- [Release notes](https://github.com/go-logr/logr/releases)
- [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md)
- [Commits](go-logr/logr@v1.2.3...v1.2.4)

---
updated-dependencies:
- dependency-name: github.com/go-logr/logr
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump cloud.google.com/go/bigquery from 1.49.0 to 1.50.0 (#2818)

Bumps [cloud.google.com/go/bigquery](https://github.com/googleapis/google-cloud-go) from 1.49.0 to 1.50.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@bigquery/v1.49.0...bigquery/v1.50.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/bigquery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump step-security/harden-runner from 2.2.1 to 2.3.0 (#2823)

Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.2.1 to 2.3.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@1f99358...03bee39)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump github.com/docker/docker in /tools (#2825)

Bumps [github.com/docker/docker](https://github.com/docker/docker) from 23.0.1+incompatible to 23.0.3+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v23.0.1...v23.0.3)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump github/codeql-action from 2.2.9 to 2.2.11 (#2836)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.9 to 2.2.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@04df126...d186a2a)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump tj-actions/changed-files from 35.7.8 to 35.7.12

Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 35.7.8 to 35.7.12.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@e9b5807...b109d83)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump sigstore/cosign-installer from 3.0.1 to 3.0.2 (#2842)

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@c3667d9...9e9de22)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump github.com/xeipuuv/gojsonschema

Bumps [github.com/xeipuuv/gojsonschema](https://github.com/xeipuuv/gojsonschema) from 0.0.0-20180618132009-1d523034197f to 1.2.0.
- [Release notes](https://github.com/xeipuuv/gojsonschema/releases)
- [Commits](https://github.com/xeipuuv/gojsonschema/commits/v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/xeipuuv/gojsonschema
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Unit tests for checker result and request (#2844)

Included tests for checker result and request

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* ✨ Consider haskell-actions/hlint-scan a code scanning action (#2846)

* Add haskell-actions/hlint-scan as one of know GitHub actions which upload SARIF.

Signed-off-by: Yoo Chung <chungyc@google.com>

* Test security-events permissions with actions known to upload SARIF.

Signed-off-by: Yoo Chung <chungyc@google.com>

---------

Signed-off-by: Yoo Chung <chungyc@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump github.com/bradleyfalzon/ghinstallation/v2 (#2847)

Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.2.0 to 2.3.0.
- [Release notes](https://github.com/bradleyfalzon/ghinstallation/releases)
- [Commits](bradleyfalzon/ghinstallation@v2.2.0...v2.3.0)

---
updated-dependencies:
- dependency-name: github.com/bradleyfalzon/ghinstallation/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump github.com/otiai10/copy from 1.9.0 to 1.10.0

Bumps [github.com/otiai10/copy](https://github.com/otiai10/copy) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/otiai10/copy/releases)
- [Commits](otiai10/copy@v1.9.0...v1.10.0)

---
updated-dependencies:
- dependency-name: github.com/otiai10/copy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump github.com/goreleaser/goreleaser in /tools

Bumps [github.com/goreleaser/goreleaser](https://github.com/goreleaser/goreleaser) from 1.16.2 to 1.17.0.
- [Release notes](https://github.com/goreleaser/goreleaser/releases)
- [Changelog](https://github.com/goreleaser/goreleaser/blob/main/.goreleaser.yaml)
- [Commits](goreleaser/goreleaser@v1.16.2...v1.17.0)

---
updated-dependencies:
- dependency-name: github.com/goreleaser/goreleaser
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Add instructions to test cron controller + worker locally (#2817)

* Add GitLab test repos.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Add test GitLab projects to release controller.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* worker gitlab WIP

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Read config in worker.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Use UTC time for shards.

This avoids issues when the controller and worker timezones differ.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* update directions for gcs fake

Signed-off-by: Spencer Schrock <sschrock@google.com>

* update readme

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Undo gitlab parts, which will be its own PR.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Clarify project and config files are placeholders.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* remove accidentally added whitespace

Signed-off-by: Spencer Schrock <sschrock@google.com>

* clarify code change with comment.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Minor edits.

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump golang.org/x/tools from 0.7.0 to 0.8.0 (#2855)

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.7.0 to 0.8.0.
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](golang/tools@v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump codecov/codecov-action from 3.1.0 to 3.1.2

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.0 to 3.1.2.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@81cd2dc...40a12dc)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 📖 Fix broken links. (#2858)

Signed-off-by: Yoo Chung <chungyc@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* ✨ Detect fuzzing in Haskell by the presence of property tests. (#2843)

* Add Haskell as a language.

Signed-off-by: Yoo Chung <chungyc@google.com>

* Detect fuzzing in Haskell using presence of property-based testing.

Signed-off-by: Yoo Chung <chungyc@google.com>

* Mention fuzzing detection for Haskell in documentation.

Signed-off-by: Yoo Chung <chungyc@google.com>

* Fix pattern and test.  Add test case.

Signed-off-by: Yoo Chung <chungyc@google.com>

---------

Signed-off-by: Yoo Chung <chungyc@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Unit tests for attestor policy (#2857)

- Add tests for `GetRequiredChecksForPolicy` and `EvaluateResults`
- Add checks for binary artifacts, vulnerabilities, unpinned dependencies, and code review

[attestor/policy/attestation_policy_test.go]
- Add `github.com/google/go-cmp/cmp` to imports
- Add a test for `GetRequiredChecksForPolicy`
- Add a test for `EvaluateResults`

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* 🌱 Bump github.com/xanzy/go-gitlab from 0.81.0 to 0.82.0

Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.81.0 to 0.82.0.
- [Release notes](https://github.com/xanzy/go-gitlab/releases)
- [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go)
- [Commits](xanzy/go-gitlab@v0.81.0...v0.82.0)

---
updated-dependencies:
- dependency-name: github.com/xanzy/go-gitlab
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* ✨ Use local files instead of search for SAST CodeQL check (#2839)

* Look for codeQL action use with local files instead of search.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Switch SAST mocks to using local file contents.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Update e2e test

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Remove unneeded code.

The tests deleted here were merged with another test in an earlier commit.

Signed-off-by: Spencer Schrock <sschrock@google.com>

* update

Signed-off-by: Spencer Schrock <sschrock@google.com>

* Add tests to get code coverage up.

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Avishay <avishay.balter@gmail.com>

* .exe

Signed-off-by: Avishay <avishay.balter@gmail.com>

* lint

Signed-off-by: Avishay <avishay.balter@gmail.com>

* pr comments

Signed-off-by: Avishay <avishay.balter@gmail.com>

---------

Signed-off-by: Avishay <avishay.balter@gmail.com>
Signed-off-by: Raghav Kaul <raghavkaul@google.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Spencer Schrock <sschrock@google.com>
Signed-off-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Signed-off-by: Yoo Chung <chungyc@google.com>
Signed-off-by: Avishay Balter <avishay.balter@gmail.com>
Co-authored-by: raghavkaul <8695110+raghavkaul@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Spencer Schrock <sschrock@google.com>
Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Co-authored-by: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Co-authored-by: Yoo Chung <dev@chungyc.org>
Co-authored-by: Yoo Chung <chungyc@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file go Pull requests that update Go code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant