Skip to content

Comments

ci: bump goreleaser/goreleaser-action from 6 to 7 in the actions-updates group#161

Open
dependabot[bot] wants to merge 4 commits intodevfrom
dependabot/github_actions/dev/actions-updates-e9cd525b81
Open

ci: bump goreleaser/goreleaser-action from 6 to 7 in the actions-updates group#161
dependabot[bot] wants to merge 4 commits intodevfrom
dependabot/github_actions/dev/actions-updates-e9cd525b81

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 23, 2026

Bumps the actions-updates group with 1 update: goreleaser/goreleaser-action.

Updates goreleaser/goreleaser-action from 6 to 7

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v7.0.0

What's Changed

Full Changelog: goreleaser/goreleaser-action@v6...v7.0.0

v6.4.0

What's Changed

New Contributors

Full Changelog: goreleaser/goreleaser-action@v6.3.0...v6.4.0

v6.3.0

Full Changelog: goreleaser/goreleaser-action@v6.2.1...v6.3.0

v6.2.1

What's Changed

This version of the actions adds support for GoReleaser Pro v2.7.0 versioning (which dropped the -pro suffix). Older versions should work fine.

[!WARNING] This version is required for GoReleaser Pro v2.7.0+. Read more here.

Full Changelog: goreleaser/goreleaser-action@v6.2.0...v6.2.1

... (truncated)

Commits
  • ec59f47 fix: yargs usage
  • 752dede fix: gitignore
  • 1881ae0 ci: update dependabot settings
  • fdc5e66 chore: gitignore provenance.json
  • 51b5b35 chore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group (#539)
  • 4247c53 ci(deps): bump docker/setup-buildx-action in the actions group (#538)
  • c169bfd chore(deps): bump @​actions/http-client from 3.0.2 to 4.0.0 in the npm group (...
  • 902ab4a chore(deps): bump the npm group across 1 directory with 4 updates (#536)
  • c59a691 chore: gitignore
  • 56cc8b2 ci: add job to automate dependabot pre-checkin/vendor
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

dependabot bot and others added 4 commits February 22, 2026 18:51
@dependabot
Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 (#160)
f62f3d6 
Bumps [filippo.io/edwards25519](https://github.com/FiloSottile/edwards25519) from 1.1.0 to 1.1.1.
- [Commits](FiloSottile/edwards25519@v1.1.0...v1.1.1)

---
updated-dependencies:
- dependency-name: filippo.io/edwards25519
  dependency-version: 1.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@tis24dev
Remove ENABLE_GO_BACKUP flag and legacy wrappers
f0fe6e9 
Remove legacy Go-pipeline compatibility and related dead code. Deleted the prefilter-manual command and removed references to ENABLE_GO_BACKUP from configs and docs. Dropped Config.EnableGoBackup and its tests, cleaned up proxsave logging that referenced the flag. Consolidated bundle creation by removing the package-level createBundle wrapper and updating callers to use Orchestrator.createBundle; removed several legacy/compat helper functions in identity and orchestrator and adjusted unit tests to call the new helpers (encodeProtectedServerIDWithMACs, collectMACCandidates, etc.). Miscellaneous test cleanup: removed obsolete fake FS/test helpers no longer needed. These changes simplify code paths and eliminate obsolete compatibility layers.
@tis24dev
Make mount guard functions mockable, add tests
7caa182 
Extract direct OS/syscall/fstab calls in mount guard into package-level function variables (e.g. mountGuardGeteuid, mountGuardReadFile, mountGuardMkdirAll, mountGuardSysMount, mountGuardSysUnmount, mountGuardFstabMountpointsSet, mountGuardIsPathOnRootFilesystem, mountGuardParsePBSDatastoreCfg) and update usages to call those variables. This makes the mount-guard logic easily mockable for unit tests. Add extensive tests in internal/orchestrator/mount_guard_more_test.go covering guardDirForTarget, isMounted (mountinfo/proc mounts fallback and error combinations), guardMountPoint behaviors (mkdir, bind, remount, unmount, context handling), and many flows for maybeApplyPBSDatastoreMountGuards including parsing, fstab fallback, mount attempts and timeout handling. Also adjust an existing test case in pbs_mount_guard_test.go to include a /run/media root scenario and remove a redundant check in pbsMountGuardRootForDatastorePath. These changes improve test coverage and reliability without changing runtime behavior.
@dependabot
ci: bump goreleaser/goreleaser-action in the actions-updates group
efa57ec 
Bumps the actions-updates group with 1 update: [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action).


Updates `goreleaser/goreleaser-action` from 6 to 7
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](goreleaser/goreleaser-action@v6...v7)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions
Copy link

github-actions bot commented Feb 23, 2026

⚠️ Major version update detected

This PR requires manual review before merging.

Please check:

  • Breaking changes in changelog
  • Test coverage for new version
  • Compatibility with existing code

Once reviewed, merge manually or enable auto-merge.

@github-actions
Copy link

github-actions bot commented Feb 23, 2026

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

License Issues

.github/workflows/release.yml

PackageVersionLicenseIssue Type
goreleaser/goreleaser-action7.*.*NullUnknown License
Allowed Licenses: MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, LicenseRef-scancode-google-patent-license-golang

OpenSSF Scorecard

PackageVersionScoreDetails
actions/goreleaser/goreleaser-action 7.*.* 🟢 5
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 1015 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 3Found 5/16 approved changesets -- score normalized to 3
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy⚠️ 0security policy file not detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Pinned-Dependencies🟢 5dependency not pinned by hash detected -- score normalized to 5

Scanned Files

  • .github/workflows/release.yml

@codecov
Copy link

codecov bot commented Feb 23, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies github-actions

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tis24dev