Add note about YAML parsing versions #382

dmitry-shibanov · 2023-06-05T14:44:02Z

Description:
In scope of this pull request we add note about YAML parsing versions like 1.20.

Related issue:
#380

Check list:

Mark if documentation changes are required.
Mark if tests were added or updated to cover the changes.

README.md

Co-authored-by: Ivan <98037481+IvanZosimov@users.noreply.github.com>

Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/setup-go](https://togithub.com/actions/setup-go) | action | minor | `v4.0.1` -> `v4.1.0` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | minor | `v2.20.4` -> `v2.21.3` | | [slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator) | action | minor | `v1.7.0` -> `v1.8.0` | --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v4.1.0`](https://togithub.com/actions/setup-go/releases/tag/v4.1.0) [Compare Source](https://togithub.com/actions/setup-go/compare/v4.0.1...v4.1.0) ##### What's Changed In scope of this release, slow installation on Windows was fixed by [@dsame](https://togithub.com/dsame) in [actions/setup-go#393 and OS version was added to `primaryKey` for Ubuntu runners to avoid conflicts ([actions/setup-go#383) This release also includes the following changes: - Remove implicit dependencies by [@nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [actions/setup-go#378 - Update action.yml by [@mkelly](https://togithub.com/mkelly) in [actions/setup-go#379 - Added a description that go-version should be specified as a string type by [@n3xem](https://togithub.com/n3xem) in [actions/setup-go#367 - Add note about YAML parsing versions by [@dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [actions/setup-go#382 - Automatic update of configuration files from 05/23/2023 by [@github-actions](https://togithub.com/github-actions) in [actions/setup-go#377 - Bump tough-cookie and [@azure/ms-rest-js](https://togithub.com/azure/ms-rest-js) by [@dependabot](https://togithub.com/dependabot) in [actions/setup-go#392 - Bump word-wrap from 1.2.3 to 1.2.4 by [@dependabot](https://togithub.com/dependabot) in [actions/setup-go#397 - Bump semver from 6.3.0 to 6.3.1 by [@dependabot](https://togithub.com/dependabot) in [actions/setup-go#396 ##### New Contributors - [@mkelly](https://togithub.com/mkelly) made their first contribution in [actions/setup-go#379 - [@n3xem](https://togithub.com/n3xem) made their first contribution in [actions/setup-go#367 **Full Changelog**: actions/setup-go@v4...v4.1.0 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.21.3`](https://togithub.com/github/codeql-action/compare/v2.21.2...v2.21.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.2...v2.21.3) ### [`v2.21.2`](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2) ### [`v2.21.1`](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1) ### [`v2.21.0`](https://togithub.com/github/codeql-action/compare/v2.20.4...v2.21.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.20.4...v2.21.0) </details> <details> <summary>slsa-framework/slsa-github-generator (slsa-framework/slsa-github-generator)</summary> ### [`v1.8.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v180) [Compare Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.7.0...v1.8.0) Release \[v1.8.0] includes bug fixes and new features. See the [full change list](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.7.0...v1.8.0). ##### v1.8.0: Generic Generator - **Added**: A new [`base64-subjects-as-file`](https://togithub.com/slsa-framework/slsa-github-generator/blob/v1.8.0/internal/builders/generic/README.md#workflow-inputs) was added to allow for specifying a large subject list. ##### v1.8.0: Node.js Builder (beta) - **Fixed**: Publishing for non-scoped packages was fixed (See [#2359](https://togithub.com/slsa-framework/slsa-github-generator/issues/2359)) - **Fixed**: Documentation was updated to clarify that the GitHub Actions `deployment` event is not supported. - **Changed**: The file extension for the generated provenance file was changed from `.sigstore` to `.build.slsa` in order to make it easier to identify provenance files regardless of file format. - **Fixed**: The publish action was fixed to address an issue with the package name when using Node 16. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier).  Signed-off-by: Mend Renovate <bot@renovateapp.com>

…sion * upstream/main: (47 commits) Fix Install on Windows is very slow (actions#393) Bump word-wrap from 1.2.3 to 1.2.4 Fix licensing for Semver 6.3.1 Rebuild after updating Semver Bump semver from 6.3.0 to 6.3.1 Bump tough-cookie and @azure/ms-rest-js (actions#392) Limit to Linux only Add imageOS to primaryKey Add note about YAML parsing versions (actions#382) Added a description that go-version should be specified as a string type (actions#367) Update action.yml (actions#379) Move eslint-plugin-node to dev dependencies Install eslint-plugin-node Update configuration files Bump @actions/cache dependency to v3.2.1 (actions#374) Update xml2js (actions#370) Fix glob bug in package.json scripts section (actions#359) update README fo v4 (actions#354) Update configuration files (actions#348) Add Go bin if go-version input is empty (actions#351) ...

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/setup-go](https://togithub.com/actions/setup-go) | action | minor | `v4.0.1` -> `v4.1.0` | --- ### Release Notes <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v4.1.0`](https://togithub.com/actions/setup-go/releases/tag/v4.1.0) [Compare Source](https://togithub.com/actions/setup-go/compare/v4.0.1...v4.1.0) ##### What's Changed In scope of this release, slow installation on Windows was fixed by [@dsame](https://togithub.com/dsame) in [actions/setup-go#393 and OS version was added to `primaryKey` for Ubuntu runners to avoid conflicts ([actions/setup-go#383) This release also includes the following changes: - Remove implicit dependencies by [@nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [actions/setup-go#378 - Update action.yml by [@mkelly](https://togithub.com/mkelly) in [actions/setup-go#379 - Added a description that go-version should be specified as a string type by [@n3xem](https://togithub.com/n3xem) in [actions/setup-go#367 - Add note about YAML parsing versions by [@dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [actions/setup-go#382 - Automatic update of configuration files from 05/23/2023 by [@github-actions](https://togithub.com/github-actions) in [actions/setup-go#377 - Bump tough-cookie and [@azure/ms-rest-js](https://togithub.com/azure/ms-rest-js) by [@dependabot](https://togithub.com/dependabot) in [actions/setup-go#392 - Bump word-wrap from 1.2.3 to 1.2.4 by [@dependabot](https://togithub.com/dependabot) in [actions/setup-go#397 - Bump semver from 6.3.0 to 6.3.1 by [@dependabot](https://togithub.com/dependabot) in [actions/setup-go#396 ##### New Contributors - [@mkelly](https://togithub.com/mkelly) made their first contribution in [actions/setup-go#379 - [@n3xem](https://togithub.com/n3xem) made their first contribution in [actions/setup-go#367 **Full Changelog**: actions/setup-go@v4...v4.1.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv-scanner).

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | actions/checkout | action | digest | `96f5310` -> `b4ffde6` | | [actions/checkout](https://togithub.com/actions/checkout) | action | minor | `v4.0.0` -> `v4.1.1` | | [actions/setup-go](https://togithub.com/actions/setup-go) | action | minor | `v4.0.1` -> `v4.1.0` | | [actions/setup-java](https://togithub.com/actions/setup-java) | action | minor | `v3.12.0` -> `v3.13.0` | | [actions/setup-node](https://togithub.com/actions/setup-node) | action | minor | `v3.7.0` -> `v3.8.1` | | [actions/setup-node](https://togithub.com/actions/setup-node) | action | digest | `e33196f` -> `5e21ff4` | | [actions/upload-artifact](https://togithub.com/actions/upload-artifact) | action | patch | `v3.1.2` -> `v3.1.3` | | [github/codeql-action](https://togithub.com/github/codeql-action) | action | minor | `v2.21.2` -> `v2.22.4` | | [gradle/gradle-build-action](https://togithub.com/gradle/gradle-build-action) | action | minor | `v2.7.0` -> `v2.9.0` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | minor | `v2.2.0` -> `v2.3.0` | | [sigstore/cosign-installer](https://togithub.com/sigstore/cosign-installer) | action | patch | `v3.1.1` -> `v3.1.2` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.1.1`](https://togithub.com/actions/checkout/releases/tag/v4.1.1) [Compare Source](https://togithub.com/actions/checkout/compare/v4.1.0...v4.1.1) ##### What's Changed - Update CODEOWNERS to Launch team by [@joshmgross](https://togithub.com/joshmgross) in [actions/checkout#1510 - Correct link to GitHub Docs by [@peterbe](https://togithub.com/peterbe) in [actions/checkout#1511 - Link to release page from what's new section by [@cory-miller](https://togithub.com/cory-miller) in [actions/checkout#1514 ##### New Contributors - [@joshmgross](https://togithub.com/joshmgross) made their first contribution in [actions/checkout#1510 - [@peterbe](https://togithub.com/peterbe) made their first contribution in [actions/checkout#1511 **Full Changelog**: actions/checkout@v4...v4.1.1 ### [`v4.1.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v410) [Compare Source](https://togithub.com/actions/checkout/compare/v4.0.0...v4.1.0) - [Add support for partial checkout filters](https://togithub.com/actions/checkout/pull/1396) </details> <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v4.1.0`](https://togithub.com/actions/setup-go/releases/tag/v4.1.0) [Compare Source](https://togithub.com/actions/setup-go/compare/v4.0.1...v4.1.0) #### What's Changed In scope of this release, slow installation on Windows was fixed by [@dsame](https://togithub.com/dsame) in [actions/setup-go#393 and OS version was added to `primaryKey` for Ubuntu runners to avoid conflicts ([actions/setup-go#383) This release also includes the following changes: - Remove implicit dependencies by [@nikolai-laevskii](https://togithub.com/nikolai-laevskii) in [actions/setup-go#378 - Update action.yml by [@mkelly](https://togithub.com/mkelly) in [actions/setup-go#379 - Added a description that go-version should be specified as a string type by [@n3xem](https://togithub.com/n3xem) in [actions/setup-go#367 - Add note about YAML parsing versions by [@dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [actions/setup-go#382 - Automatic update of configuration files from 05/23/2023 by [@github-actions](https://togithub.com/github-actions) in [actions/setup-go#377 - Bump tough-cookie and [@azure/ms-rest-js](https://togithub.com/azure/ms-rest-js) by [@dependabot](https://togithub.com/dependabot) in [actions/setup-go#392 - Bump word-wrap from 1.2.3 to 1.2.4 by [@dependabot](https://togithub.com/dependabot) in [actions/setup-go#397 - Bump semver from 6.3.0 to 6.3.1 by [@dependabot](https://togithub.com/dependabot) in [actions/setup-go#396 #### New Contributors - [@mkelly](https://togithub.com/mkelly) made their first contribution in [actions/setup-go#379 - [@n3xem](https://togithub.com/n3xem) made their first contribution in [actions/setup-go#367 **Full Changelog**: actions/setup-go@v4...v4.1.0 </details> <details> <summary>actions/setup-java (actions/setup-java)</summary> ### [`v3.13.0`](https://togithub.com/actions/setup-java/releases/tag/v3.13.0) [Compare Source](https://togithub.com/actions/setup-java/compare/v3.12.0...v3.13.0) ##### What's changed In the scope of this release, support for Dragonwell JDK was added by [@Accelerator1996](https://togithub.com/Accelerator1996) in [actions/setup-java#532 ```yaml steps: - name: Checkout uses: actions/checkout@v3 - name: Setup-java uses: actions/setup-java@v3 with: distribution: 'dragonwell' java-version: '17' ``` Several inaccuracies were also fixed: - Fix XML namespaces wrongly using https by [@gnodet](https://togithub.com/gnodet) in [actions/setup-java#503 - Fix typo and remove unintentional(?) word by [@CyberFlameGO](https://togithub.com/CyberFlameGO) in [actions/setup-java#518 - Fix usage link within the README.md file by [@dassiorleando](https://togithub.com/dassiorleando) in [actions/setup-java#525 ##### New Contributors - [@CyberFlameGO](https://togithub.com/CyberFlameGO) made their first contribution in [actions/setup-java#518 - [@dassiorleando](https://togithub.com/dassiorleando) made their first contribution in [actions/setup-java#525 - [@gnodet](https://togithub.com/gnodet) made their first contribution in [actions/setup-java#503 - [@Accelerator1996](https://togithub.com/Accelerator1996) made their first contribution in [actions/setup-java#532 **Full Changelog**: actions/setup-java@v3...v3.13.0 </details> <details> <summary>actions/setup-node (actions/setup-node)</summary> ### [`v3.8.1`](https://togithub.com/actions/setup-node/releases/tag/v3.8.1) [Compare Source](https://togithub.com/actions/setup-node/compare/v3.8.0...v3.8.1) #### What's Changed In scope of this release, the filter was removed within the cache-save step by [@dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [actions/setup-node#831. It is filtered and checked in the toolkit/cache library. **Full Changelog**: actions/setup-node@v3...v3.8.1 ### [`v3.8.0`](https://togithub.com/actions/setup-node/releases/tag/v3.8.0) [Compare Source](https://togithub.com/actions/setup-node/compare/v3.7.0...v3.8.0) ##### What's Changed ##### Bug fixes: - Add check for existing paths by [@dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [actions/setup-node#803 - Resolve SymbolicLink by [@dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [actions/setup-node#809 - Change passing logic for cache input by [@dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [actions/setup-node#816 - Fix armv7 cache issue by [@louislam](https://togithub.com/louislam) in [actions/setup-node#794 - Update check-dist workflow name by [@sinchang](https://togithub.com/sinchang) in [actions/setup-node#710 ##### Feature implementations: - feat: handling the case where "node" is used for tool-versions file. by [@xytis](https://togithub.com/xytis) in [actions/setup-node#812 ##### Documentation changes: - Refer to semver package name in README.md by [@olleolleolle](https://togithub.com/olleolleolle) in [actions/setup-node#808 ##### Update dependencies: - Update toolkit cache to fix zstd by [@dmitry-shibanov](https://togithub.com/dmitry-shibanov) in [actions/setup-node#804 - Bump tough-cookie and [@azure/ms-rest-js](https://togithub.com/azure/ms-rest-js) by [@dependabot](https://togithub.com/dependabot) in [actions/setup-node#802 - Bump semver from 6.1.2 to 6.3.1 by [@dependabot](https://togithub.com/dependabot) in [actions/setup-node#807 - Bump word-wrap from 1.2.3 to 1.2.4 by [@dependabot](https://togithub.com/dependabot) in [actions/setup-node#815 ##### New Contributors - [@olleolleolle](https://togithub.com/olleolleolle) made their first contribution in [actions/setup-node#808 - [@louislam](https://togithub.com/louislam) made their first contribution in [actions/setup-node#794 - [@sinchang](https://togithub.com/sinchang) made their first contribution in [actions/setup-node#710 - [@xytis](https://togithub.com/xytis) made their first contribution in [actions/setup-node#812 **Full Changelog**: actions/setup-node@v3...v3.8.0 </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v3.1.3`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.3) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v3.1.2...v3.1.3) #### What's Changed - chore(github): remove trailing whitespaces by [@ljmf00](https://togithub.com/ljmf00) in [actions/upload-artifact#313 - Bump [@actions/artifact](https://togithub.com/actions/artifact) version to v1.1.2 by [@bethanyj28](https://togithub.com/bethanyj28) in [actions/upload-artifact#436 **Full Changelog**: actions/upload-artifact@v3...v3.1.3 </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v2.22.4`](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.3...v2.22.4) ### [`v2.22.3`](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.2...v2.22.3) ### [`v2.22.2`](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.1...v2.22.2) ### [`v2.22.1`](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.22.0...v2.22.1) ### [`v2.22.0`](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.9...v2.22.0) ### [`v2.21.9`](https://togithub.com/github/codeql-action/compare/v2.21.8...v2.21.9) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.8...v2.21.9) ### [`v2.21.8`](https://togithub.com/github/codeql-action/compare/v2.21.7...v2.21.8) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.7...v2.21.8) ### [`v2.21.7`](https://togithub.com/github/codeql-action/compare/v2.21.6...v2.21.7) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.6...v2.21.7) ### [`v2.21.6`](https://togithub.com/github/codeql-action/compare/v2.21.5...v2.21.6) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.5...v2.21.6) ### [`v2.21.5`](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5) ### [`v2.21.4`](https://togithub.com/github/codeql-action/compare/v2.21.3...v2.21.4) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.3...v2.21.4) ### [`v2.21.3`](https://togithub.com/github/codeql-action/compare/v2.21.2...v2.21.3) [Compare Source](https://togithub.com/github/codeql-action/compare/v2.21.2...v2.21.3) </details> <details> <summary>gradle/gradle-build-action (gradle/gradle-build-action)</summary> ### [`v2.9.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.9.0) [Compare Source](https://togithub.com/gradle/gradle-build-action/compare/v2.8.1...v2.9.0) The GitHub [dependency-review-action](https://togithub.com/actions/dependency-review-action) helps you understand dependency changes (and the security impact of these changes) for a pull request. This release updates the GItHub Dependency Graph support to be compatible with the `dependency-review-action`. See [the documentation](https://togithub.com/gradle/gradle-build-action#integrating-the-dependency-review-action) for detailed examples. ##### Changelog - \[FIX] Use correct SHA for `pull-request` events [#882](https://togithub.com/gradle/gradle-build-action/issues/882) - \[FIX] Avoid generating dependency graph during cache cleanup [#905](https://togithub.com/gradle/gradle-build-action/issues/905) - \[NEW] Improve warning on failure to submit dependency graph - \[NEW] Compatibility with GitHub `dependency-review-action` [#879](https://togithub.com/gradle/gradle-build-action/issues/879) **Full-changelog**: gradle/gradle-build-action@v2.8.1...v2.9.0 ### [`v2.8.1`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.8.1) [Compare Source](https://togithub.com/gradle/gradle-build-action/compare/v2.8.0...v2.8.1) Fixes an issue that prevented Dependency Graph submission when running on GitHub Enterprise Server. ##### Fixes - Incorrect endpoint used to submit Dependency Graph on GitHub Enterprise [#885](https://togithub.com/gradle/gradle-build-action/issues/885) ##### Changelog ### [`v2.8.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.8.0) [Compare Source](https://togithub.com/gradle/gradle-build-action/compare/v2.7.1...v2.8.0) The `v2.8.0` release of the `gradle-build-action` introduces an easy mechanism to connect to Gradle Enterprise, as well improved support for self-hosted GitHub Actions runners. ##### Automatic injection of Gradle Enterprise connectivity It is now possible to connect a Gradle build to Gradle Enterprise without changing any of the Gradle project sources. This is achieved through Gradle Enterprise injection, where an init-script will apply the Gradle Enterprise plugin and associated configuration. This feature can be useful to easily trial Gradle Enterprise on a project, or to centralize Gradle Enterprise configuration for all GitHub Actions workflows in an organization. See [Gradle Enterprise injection in the README](https://togithub.com/gradle/gradle-build-action/blob/v2.8.0/README.md#gradle-enterprise-plugin-injection) for more info. ##### Restore Gradle User Home when directory already exists Previously, the Gradle User Home would not be restored if the directory already exists. This wasn't normally an issue with GitHub-hosted runners, but limited the usefulness of the action for persistent, self-hosted runners. This behaviour has been improved in this release: - The Job Summary now includes a useful error message when Gradle User Home was not restored because the directory already exists. - The action can now be configured to restore the Gradle User Home when the directory already exists, overwriting existing content with content from the GitHub Actions cache. See https://github.com/gradle/gradle-build-action#overwriting-an-existing-gradle-user-home for more details. ##### Changes **Issues fixed**: https://github.com/gradle/gradle-build-action/issues?q=milestone%3A2.8.0+is%3Aclosed **Full changelog**: gradle/gradle-build-action@v2.7.1...v2.8.0 ### [`v2.7.1`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.7.1) [Compare Source](https://togithub.com/gradle/gradle-build-action/compare/v2.7.0...v2.7.1) This release contains no code changes, only dependency updates and documentation improvements. ##### Changelog </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.3.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.3.0) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0 by [@spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1270 - For a full changelist of what this includes, see the [v4.12.0](https://togithub.com/ossf/scorecard/releases/tag/v4.12.0) and [v4.13.0](https://togithub.com/ossf/scorecard/releases/tag/v4.13.0) release notes - ✨ Send rekor tlog index to webapp when publishing results by [@spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1169 - 🐛 Prevent url clipping for GHES instances by [@rajbos](https://togithub.com/rajbos) in [ossf/scorecard-action#1225 ##### Documentation - 📖 Update access rights needed to see the results in code scanning by [@rajbos](https://togithub.com/rajbos) in [ossf/scorecard-action#1229 - 📖 Add package comments. by [@spencerschrock](https://togithub.com/spencerschrock) in [ossf/scorecard-action#1221 - 📖 Add SECURITY.md file by [@david-a-wheeler](https://togithub.com/david-a-wheeler) in [ossf/scorecard-action#1250 - 📖 Fix typo in token input docs by [@aabouzaid](https://togithub.com/aabouzaid) in [ossf/scorecard-action#1258 #### New Contributors - [@david-a-wheeler](https://togithub.com/david-a-wheeler) made their first contribution in [ossf/scorecard-action#1250 - [@aabouzaid](https://togithub.com/aabouzaid) made their first contribution in [ossf/scorecard-action#1258 **Full Changelog**: ossf/scorecard-action@v2.2.0...v2.3.0 </details> <details> <summary>sigstore/cosign-installer (sigstore/cosign-installer)</summary> ### [`v3.1.2`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.1.2) [Compare Source](https://togithub.com/sigstore/cosign-installer/compare/v3.1.1...v3.1.2) #### What's Changed - Fix build and push step Readme missing id by [@hbenali](https://togithub.com/hbenali) in [sigstore/cosign-installer#138 - bump cosign to v2.2.0 by [@cpanato](https://togithub.com/cpanato) in [sigstore/cosign-installer#142 #### New Contributors - [@hbenali](https://togithub.com/hbenali) made their first contribution in [sigstore/cosign-installer#138 **Full Changelog**: sigstore/cosign-installer@v3...v3.1.2 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-github-generator).  Signed-off-by: Mend Renovate <bot@renovateapp.com>

Bumps actions/setup-go from 4 to 5. Release notes Sourced from actions/setup-go's releases. v5.0.0 What's Changed In scope of this release, we change Nodejs runtime from node16 to node20 (actions/setup-go#421). Moreover, we update some dependencies to the latest versions (actions/setup-go#445). Besides, this release contains such changes as: Fix hosted tool cache usage on windows by @galargh in actions/setup-go#411 Improve documentation regarding dependencies caching by @artemgavrilov in actions/setup-go#417 New Contributors @galargh made their first contribution in actions/setup-go#411 @artemgavrilov made their first contribution in actions/setup-go#417 @chenrui333 made their first contribution in actions/setup-go#421 Full Changelog: actions/setup-go@v4...v5.0.0 v4.1.0 What's Changed In scope of this release, slow installation on Windows was fixed by @dsame in actions/setup-go#393 and OS version was added to primaryKey for Ubuntu runners to avoid conflicts (actions/setup-go#383) This release also includes the following changes: Remove implicit dependencies by @nikolai-laevskii in actions/setup-go#378 Update action.yml by @mkelly in actions/setup-go#379 Added a description that go-version should be specified as a string type by @n3xem in actions/setup-go#367 Add note about YAML parsing versions by @dmitry-shibanov in actions/setup-go#382 Automatic update of configuration files from 05/23/2023 by @github-actions in actions/setup-go#377 Bump tough-cookie and @azure/ms-rest-js by @dependabot in actions/setup-go#392 Bump word-wrap from 1.2.3 to 1.2.4 by @dependabot in actions/setup-go#397 Bump semver from 6.3.0 to 6.3.1 by @dependabot in actions/setup-go#396 New Contributors @mkelly made their first contribution in actions/setup-go#379 @n3xem made their first contribution in actions/setup-go#367 Full Changelog: actions/setup-go@v4...v4.1.0 v4.0.1 What's Changed Update documentation for v4 by @dsame in actions/setup-go#354 Fix glob bug in the package.json scripts section by @IvanZosimov in actions/setup-go#359 Bump xml2js dependency by @dmitry-shibanov in actions/setup-go#370 Bump @actions/cache dependency to v3.2.1 by @nikolai-laevskii in actions/setup-go#374 New Contributors @nikolai-laevskii made their first contribution in actions/setup-go#374 Full Changelog: actions/setup-go@v4...v4.0.1

add note about 1.20

c23c600

dmitry-shibanov requested a review from a team as a code owner June 5, 2023 14:44

dsame approved these changes Jun 5, 2023

View reviewed changes

marko-zivic-93 approved these changes Jun 5, 2023

View reviewed changes

IvanZosimov approved these changes Jun 5, 2023

View reviewed changes

README.md Outdated Show resolved Hide resolved

Update README.md

2812173

Co-authored-by: Ivan <98037481+IvanZosimov@users.noreply.github.com>

dmitry-shibanov merged commit 992f068 into actions:main Jun 8, 2023
3 checks passed

gaby mentioned this pull request Jun 9, 2023

Using go-version: 1.20 breaks the build #380

Closed

5 tasks

nammn mentioned this pull request Jun 12, 2023

Update release-multicluster-cli.yaml mongodb/mongodb-enterprise-kubernetes#257

Merged

Iceber added a commit to Iceber/clusterpedia that referenced this pull request Jul 14, 2023

ci: fix go-version due to actions/setup-go#382

78f5335

Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>

This was referenced Dec 7, 2023

Bump actions/setup-go from 4 to 5 tonglil/buflogr#12

Merged

Bump actions/setup-go from 4 to 5 tonglil/opentelemetry-go-datadog-propagator#41

Merged

Bump actions/setup-go from 4 to 5 tonglil/gokitlogr#11

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add note about YAML parsing versions #382

Add note about YAML parsing versions #382

dmitry-shibanov commented Jun 5, 2023

Add note about YAML parsing versions #382

Add note about YAML parsing versions #382

Conversation

dmitry-shibanov commented Jun 5, 2023