From f6d2fb4aae2e1c6484405c1d4462977d75d9da62 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 Feb 2025 08:48:00 +0000
Subject: [PATCH 001/119] chore(deps): bump golangci/golangci-lint-action from
 6.3.0 to 6.3.1 (#5536)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action)
from 6.3.0 to 6.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golangci/golangci-lint-action/releases">golangci/golangci-lint-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.3.1</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<h3>Changes</h3>
<ul>
<li>fix: restrict patched version to v1 by <a
href="https://github.com/ldez"><code>@​ldez</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1158">golangci/golangci-lint-action#1158</a></li>
<li>chore: update golangci-lint versions by <a
href="https://github.com/ldez"><code>@​ldez</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1159">golangci/golangci-lint-action#1159</a></li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>build(deps-dev): bump the dev-dependencies group with 2 updates by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1155">golangci/golangci-lint-action#1155</a></li>
<li>build(deps): bump <code>@​types/node</code> from 22.13.0 to 22.13.1
in the dependencies group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1156">golangci/golangci-lint-action#1156</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/golangci/golangci-lint-action/compare/v6.3.0...v6.3.1">https://github.com/golangci/golangci-lint-action/compare/v6.3.0...v6.3.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/2e788936b09dd82dc280e845628a40d2ba6b204c"><code>2e78893</code></a>
6.3.1</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/aa1e0941ed5fbfee07924878deb02d3ac49324dc"><code>aa1e094</code></a>
chore: update golangci-lint versions (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1159">#1159</a>)</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/3e6beafdffd2079b6170b6ca6c3945f6bbf72dda"><code>3e6beaf</code></a>
fix: restrict patched version to v1 (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1158">#1158</a>)</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/1cc4e007f092290762a0efdeb505f1cded754499"><code>1cc4e00</code></a>
build(deps): bump <code>@​types/node</code> from 22.13.0 to 22.13.1 in
the dependencies gro...</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/bbe109d3f85da6e7a10c07658edb6b41e3cc8dfe"><code>bbe109d</code></a>
build(deps-dev): bump the dev-dependencies group with 2 updates (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1155">#1155</a>)</li>
<li>See full diff in <a
href="https://github.com/golangci/golangci-lint-action/compare/e60da84bfae8c7920a47be973d75e15710aa8bd7...2e788936b09dd82dc280e845628a40d2ba6b204c">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=6.3.0&new-version=6.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/lint.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index ced37d0cad9..21f927de4eb 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -23,7 +23,7 @@ jobs:
           go-version: stable
           cache: false
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@e60da84bfae8c7920a47be973d75e15710aa8bd7 # v6.3.0
+        uses: golangci/golangci-lint-action@2e788936b09dd82dc280e845628a40d2ba6b204c # v6.3.1
         with:
           args: --timeout=5m
           version: v1.62

From c4ed99a84ca51f68d9d064aa9925af5999fc1d07 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 Feb 2025 08:48:28 +0000
Subject: [PATCH 002/119] chore(deps): bump github/codeql-action from 3.28.8 to
 3.28.9 (#5537)

Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.28.8 to 3.28.9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.28.9</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.9 - 07 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2753">#2753</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.9/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.28.9 - 07 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2753">#2753</a></li>
</ul>
<h2>3.28.8 - 29 Jan 2025</h2>
<ul>
<li>Enable support for Kotlin 2.1.10 when running with CodeQL CLI
v2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2744">#2744</a></li>
</ul>
<h2>3.28.7 - 29 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.6 - 27 Jan 2025</h2>
<ul>
<li>Re-enable debug artifact upload for CLI versions 2.20.3 or greater.
<a
href="https://redirect.github.com/github/codeql-action/pull/2726">#2726</a></li>
</ul>
<h2>3.28.5 - 24 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2717">#2717</a></li>
</ul>
<h2>3.28.4 - 23 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.3 - 22 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2707">#2707</a></li>
<li>Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise
Server instance which occurred when the CodeQL Bundle had been synced to
the instance using the <a
href="https://github.com/github/codeql-action-sync-tool">CodeQL Action
sync tool</a> and the Actions runner did not have Zstandard installed.
<a
href="https://redirect.github.com/github/codeql-action/pull/2710">#2710</a></li>
<li>Uploading debug artifacts for CodeQL analysis is temporarily
disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2712">#2712</a></li>
</ul>
<h2>3.28.2 - 21 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.1 - 10 Jan 2025</h2>
<ul>
<li>CodeQL Action v2 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v3. For more information, see <a
href="https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/">this
changelog post</a>. <a
href="https://redirect.github.com/github/codeql-action/pull/2677">#2677</a></li>
<li>Update default CodeQL bundle version to 2.20.1. <a
href="https://redirect.github.com/github/codeql-action/pull/2678">#2678</a></li>
</ul>
<h2>3.28.0 - 20 Dec 2024</h2>
<ul>
<li>Bump the minimum CodeQL bundle version to 2.15.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2655">#2655</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0"><code>9e8d078</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2757">#2757</a>
from github/update-v3.28.9-24e1c2d33</li>
<li><a
href="https://github.com/github/codeql-action/commit/43d9be670147092b305c63cf69481e8923af83b7"><code>43d9be6</code></a>
Update changelog for v3.28.9</li>
<li><a
href="https://github.com/github/codeql-action/commit/24e1c2d337459cce262cbca8d69998e56cd5eb8e"><code>24e1c2d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2753">#2753</a>
from github/update-bundle/codeql-bundle-v2.20.4</li>
<li><a
href="https://github.com/github/codeql-action/commit/57a08c0c7f05d4d8251162c9658ddd7cc7782198"><code>57a08c0</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/52189d23af4e071445f59d2e6fbbac566e49f15b"><code>52189d2</code></a>
Update default bundle to codeql-bundle-v2.20.4</li>
<li><a
href="https://github.com/github/codeql-action/commit/08bc0cf022445eacafaa248bf48da20f26b8fd40"><code>08bc0cf</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2751">#2751</a>
from github/henrymercer/fix-init-post-without-config</li>
<li><a
href="https://github.com/github/codeql-action/commit/cf7c6879199cf6eb2a002d3b2530ea1e4ce99610"><code>cf7c687</code></a>
Send <code>init-post</code> status report in absence of config</li>
<li><a
href="https://github.com/github/codeql-action/commit/ad42dbd32d472b6fe380130655e27089c7eac343"><code>ad42dbd</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2750">#2750</a>
from github/dependabot/npm_and_yarn/npm-768bd9b555</li>
<li><a
href="https://github.com/github/codeql-action/commit/a8f5935da08829e657dfc18d887df9385685a20a"><code>a8f5935</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2749">#2749</a>
from github/dependabot/github_actions/actions-29d379...</li>
<li><a
href="https://github.com/github/codeql-action/commit/9660df3fccdf5b20ab86e041325c17a2204cc1ae"><code>9660df3</code></a>
Update checked-in dependencies</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/dd746615b3b9d728a6a37ca2045b68ca76d4841a...9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.8&new-version=3.28.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/codeql.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 69155ad3a79..6c5dc11ab31 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -25,6 +25,6 @@ jobs:
       - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v4
         with:
           go-version: stable
-      - uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3
-      - uses: github/codeql-action/autobuild@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3
-      - uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3
+      - uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3
+      - uses: github/codeql-action/autobuild@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3
+      - uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3

From c515e9a13647805d3f306d0bae41a0b503e5676c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 Feb 2025 09:02:47 +0000
Subject: [PATCH 003/119] chore(deps): bump golang from 1.23.5-alpine to
 1.23.6-alpine (#5538)

Bumps golang from 1.23.5-alpine to 1.23.6-alpine.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang&package-manager=docker&previous-version=1.23.5-alpine&new-version=1.23.6-alpine)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index f61eb7e950b..a30dec534a9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.23.5-alpine@sha256:47d337594bd9e667d35514b241569f95fb6d95727c24b19468813d596d5ae596
+FROM golang:1.23.6-alpine@sha256:2c49857f2295e89b23b28386e57e018a86620a8fede5003900f2d138ba9c4037
 
 RUN apk add --no-cache bash \
 	build-base \

From e9778d86c731c3dac48d4127579fbb07a521ecdf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 Feb 2025 09:14:34 +0000
Subject: [PATCH 004/119] chore(deps): bump golang.org/x/crypto from 0.32.0 to
 0.33.0 (#5540)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from
0.32.0 to 0.33.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/crypto/commit/9290511cd23ab9813a307b7f2615325e3ca98902"><code>9290511</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/crypto/commit/fa5273e461966728f91f33da62c0cf511a404c2a"><code>fa5273e</code></a>
x509roots/fallback: update bundle</li>
<li><a
href="https://github.com/golang/crypto/commit/a8ea4be81f0769fd5857e087083cbb6d3cb9f196"><code>a8ea4be</code></a>
ssh: add ServerConfig.PreAuthConnCallback, ServerPreAuthConn (banner)
interface</li>
<li><a
href="https://github.com/golang/crypto/commit/71d3a4cfdb0360795ce5f2d7041e01823fd22eb6"><code>71d3a4c</code></a>
acme: support challenges that require the ACME client to send a
non-empty JSO...</li>
<li>See full diff in <a
href="https://github.com/golang/crypto/compare/v0.32.0...v0.33.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/crypto&package-manager=go_modules&previous-version=0.32.0&new-version=0.33.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index a6df8e72e9e..c14dd60f745 100644
--- a/go.mod
+++ b/go.mod
@@ -46,7 +46,7 @@ require (
 	github.com/ulikunitz/xz v0.5.12
 	gitlab.com/gitlab-org/api/client-go v0.122.0
 	gocloud.dev v0.40.0
-	golang.org/x/crypto v0.32.0
+	golang.org/x/crypto v0.33.0
 	golang.org/x/oauth2 v0.26.0
 	golang.org/x/sync v0.11.0
 	golang.org/x/text v0.22.0
@@ -349,8 +349,8 @@ require (
 	golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect
 	golang.org/x/mod v0.22.0 // indirect
 	golang.org/x/net v0.34.0 // indirect
-	golang.org/x/sys v0.29.0 // indirect
-	golang.org/x/term v0.28.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/term v0.29.0 // indirect
 	golang.org/x/time v0.9.0 // indirect
 	golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9 // indirect
 	google.golang.org/api v0.197.0 // indirect
diff --git a/go.sum b/go.sum
index 34d832a136b..36d958857eb 100644
--- a/go.sum
+++ b/go.sum
@@ -920,8 +920,8 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
-golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
-golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
+golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c h1:7dEasQXItcW1xKJ2+gg5VOiBnqWrJc+rq0DPKyvvdbY=
 golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8=
@@ -1002,16 +1002,16 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
-golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
-golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
-golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
+golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
+golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=

From d92b955be79c69c6159a319fe7af4db703439bba Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 Feb 2025 09:14:40 +0000
Subject: [PATCH 005/119] chore(deps): bump github.com/slack-go/slack from
 0.15.0 to 0.16.0 (#5539)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [github.com/slack-go/slack](https://github.com/slack-go/slack)
from 0.15.0 to 0.16.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/slack-go/slack/releases">github.com/slack-go/slack's
releases</a>.</em></p>
<blockquote>
<h2>v0.16.0</h2>
<blockquote>
<p>[!WARNING]<br />
This release may mean a breaking change! Read below for more although
for most folks this should all be fine.</p>
</blockquote>
<p>👋 Hi folks,</p>
<p>I've tried my best to keep this version to just non-breaking changes
<em>but</em> there are a couple of changes that might introduce breaking
changes in rare circumstances.</p>
<p>If you're upgrading, please pay special attention to:</p>
<ul>
<li>Add ID() to the Block interface by <a
href="https://github.com/samstarling"><code>@​samstarling</code></a> in
<a
href="https://redirect.github.com/slack-go/slack/pull/1359">slack-go/slack#1359</a></li>
</ul>
<p>If you were using only what we provide in the library, this is a
non-breaking change, but if not, it may be considered a breaking
change.</p>
<p>Next release will likely bring a few required breaking changes (hard
deprecations for example).</p>
<p>Thank you to everyone that contributed to this release 🥳</p>
<h2>What's Changed</h2>
<ul>
<li>feat: Slack AI &amp; Assistants Compatibility by <a
href="https://github.com/MattDavisRV"><code>@​MattDavisRV</code></a> in
<a
href="https://redirect.github.com/slack-go/slack/pull/1331">slack-go/slack#1331</a></li>
<li>fix: Assistant Prompts and Status, send channel_id with request by
<a href="https://github.com/MattDavisRV"><code>@​MattDavisRV</code></a>
in <a
href="https://redirect.github.com/slack-go/slack/pull/1344">slack-go/slack#1344</a></li>
<li>fix: Don't require <code>skin_tone</code> for rich text emoji
element by <a
href="https://github.com/calebmckay"><code>@​calebmckay</code></a> in <a
href="https://redirect.github.com/slack-go/slack/pull/1341">slack-go/slack#1341</a></li>
<li>fix: ScheduleMessage not returning scheduled_message_id by <a
href="https://github.com/hussachai"><code>@​hussachai</code></a> in <a
href="https://redirect.github.com/slack-go/slack/pull/1153">slack-go/slack#1153</a></li>
<li>chore: Contributing Guide - Codification of Project Norms by <a
href="https://github.com/lorenzoaiello"><code>@​lorenzoaiello</code></a>
in <a
href="https://redirect.github.com/slack-go/slack/pull/1340">slack-go/slack#1340</a></li>
<li>chore: Add parse channel context and host for shared channel by <a
href="https://github.com/fahmizulhasymi"><code>@​fahmizulhasymi</code></a>
in <a
href="https://redirect.github.com/slack-go/slack/pull/1353">slack-go/slack#1353</a></li>
<li>chore: Adding A Deprecation Notice for rtm.start (no-op) by <a
href="https://github.com/lorenzoaiello"><code>@​lorenzoaiello</code></a>
in <a
href="https://redirect.github.com/slack-go/slack/pull/1351">slack-go/slack#1351</a></li>
<li>Additional field to the File structure by <a
href="https://github.com/rntk"><code>@​rntk</code></a> in <a
href="https://redirect.github.com/slack-go/slack/pull/1370">slack-go/slack#1370</a></li>
<li>add enable_section option for UserGroup API by <a
href="https://github.com/sivchari"><code>@​sivchari</code></a> in <a
href="https://redirect.github.com/slack-go/slack/pull/1364">slack-go/slack#1364</a></li>
<li>Add ID() to the Block interface by <a
href="https://github.com/samstarling"><code>@​samstarling</code></a> in
<a
href="https://redirect.github.com/slack-go/slack/pull/1359">slack-go/slack#1359</a></li>
<li>Add assistant app thread message subtype by <a
href="https://github.com/dorkauf"><code>@​dorkauf</code></a> in <a
href="https://redirect.github.com/slack-go/slack/pull/1368">slack-go/slack#1368</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/fahmizulhasymi"><code>@​fahmizulhasymi</code></a>
made their first contribution in <a
href="https://redirect.github.com/slack-go/slack/pull/1353">slack-go/slack#1353</a></li>
<li><a href="https://github.com/rntk"><code>@​rntk</code></a> made their
first contribution in <a
href="https://redirect.github.com/slack-go/slack/pull/1370">slack-go/slack#1370</a></li>
<li><a
href="https://github.com/samstarling"><code>@​samstarling</code></a>
made their first contribution in <a
href="https://redirect.github.com/slack-go/slack/pull/1359">slack-go/slack#1359</a></li>
<li><a href="https://github.com/dorkauf"><code>@​dorkauf</code></a> made
their first contribution in <a
href="https://redirect.github.com/slack-go/slack/pull/1368">slack-go/slack#1368</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/slack-go/slack/compare/v0.15.0...v0.16.0">https://github.com/slack-go/slack/compare/v0.15.0...v0.16.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/slack-go/slack/commit/209ec09999dd963928743f0950590eb35692f95f"><code>209ec09</code></a>
Add assistant app thread message subtype (<a
href="https://redirect.github.com/slack-go/slack/issues/1368">#1368</a>)</li>
<li><a
href="https://github.com/slack-go/slack/commit/9672f44f0ef6be2e2003e6c9724285c6ffac5573"><code>9672f44</code></a>
Add ID() to the Block interface (<a
href="https://redirect.github.com/slack-go/slack/issues/1359">#1359</a>)</li>
<li><a
href="https://github.com/slack-go/slack/commit/3d65d90376a8130c40ed65fcc74e00f179b02c83"><code>3d65d90</code></a>
Fix linting issues</li>
<li><a
href="https://github.com/slack-go/slack/commit/7d458acdf091b07c722d41873ad37d3486696d1c"><code>7d458ac</code></a>
Update unit tests to assert on ID()</li>
<li><a
href="https://github.com/slack-go/slack/commit/1992e48aab92e21b7221126c4e625f3542169a36"><code>1992e48</code></a>
Add ID function to the Block interface</li>
<li><a
href="https://github.com/slack-go/slack/commit/76e627ab5e017d7eab27cbe4f1dc0939888f6573"><code>76e627a</code></a>
add enable_section option for UserGroup API (<a
href="https://redirect.github.com/slack-go/slack/issues/1364">#1364</a>)</li>
<li><a
href="https://github.com/slack-go/slack/commit/9bca9dee876433597b03fee509965535b24fc885"><code>9bca9de</code></a>
make CreateUserGroupParam private</li>
<li><a
href="https://github.com/slack-go/slack/commit/6615a26f89c4066cfecb4914fac33d5b3697ff19"><code>6615a26</code></a>
add enable_section option for UserGroup API</li>
<li><a
href="https://github.com/slack-go/slack/commit/1c7841020654b5ace906e2a82aa2e5a2d9f19437"><code>1c78410</code></a>
Additional field to the File structure (<a
href="https://redirect.github.com/slack-go/slack/issues/1370">#1370</a>)</li>
<li><a
href="https://github.com/slack-go/slack/commit/383179b78cec1addc145dd8ef04d60462ac37e53"><code>383179b</code></a>
add CC to File struct for email file</li>
<li>Additional commits viewable in <a
href="https://github.com/slack-go/slack/compare/v0.15.0...v0.16.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/slack-go/slack&package-manager=go_modules&previous-version=0.15.0&new-version=0.16.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index c14dd60f745..4bc38000f30 100644
--- a/go.mod
+++ b/go.mod
@@ -40,7 +40,7 @@ require (
 	github.com/muesli/roff v0.1.0
 	github.com/muesli/termenv v0.15.2
 	github.com/ory/dockertest/v3 v3.11.0
-	github.com/slack-go/slack v0.15.0
+	github.com/slack-go/slack v0.16.0
 	github.com/spf13/cobra v1.8.1
 	github.com/stretchr/testify v1.10.0
 	github.com/ulikunitz/xz v0.5.12
diff --git a/go.sum b/go.sum
index 36d958857eb..430dc2d53c1 100644
--- a/go.sum
+++ b/go.sum
@@ -751,8 +751,8 @@ github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY=
 github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M=
-github.com/slack-go/slack v0.15.0 h1:LE2lj2y9vqqiOf+qIIy0GvEoxgF1N5yLGZffmEZykt0=
-github.com/slack-go/slack v0.15.0/go.mod h1:hlGi5oXA+Gt+yWTPP0plCdRKmjsDxecdHxYQdlMQKOw=
+github.com/slack-go/slack v0.16.0 h1:khp/WCFv+Hb/B/AJaAwvcxKun0hM6grN0bUZ8xG60P8=
+github.com/slack-go/slack v0.16.0/go.mod h1:hlGi5oXA+Gt+yWTPP0plCdRKmjsDxecdHxYQdlMQKOw=
 github.com/smarty/assertions v1.15.0 h1:cR//PqUBUiQRakZWqBiFFQ9wb8emQGDb0HeGdqGByCY=
 github.com/smarty/assertions v1.15.0/go.mod h1:yABtdzeQs6l1brC900WlRNwj6ZR55d7B+E8C6HtKdec=
 github.com/smartystreets/assertions v1.2.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=

From 8e01bb99ebfbc2c02fb1c1966b9e082c99e5b6c2 Mon Sep 17 00:00:00 2001
From: Yarden Shoham <git@yardenshoham.com>
Date: Mon, 10 Feb 2025 13:23:53 +0200
Subject: [PATCH 006/119] fix(init): prevent init from creating config files
 with deprecated fields (#5535)

---
 cmd/init_test.go                 | 22 ++++++++++++++++++++++
 internal/static/config.bun.yaml  |  4 ++--
 internal/static/config.deno.yaml |  4 ++--
 internal/static/config.rust.yaml |  4 ++--
 internal/static/config.yaml      |  4 ++--
 internal/static/config.zig.yaml  |  4 ++--
 6 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/cmd/init_test.go b/cmd/init_test.go
index 821ebc35ce0..fb29fb39157 100644
--- a/cmd/init_test.go
+++ b/cmd/init_test.go
@@ -1,11 +1,15 @@
 package cmd
 
 import (
+	"bytes"
 	"os"
 	"path/filepath"
 	"testing"
 
+	"github.com/goreleaser/goreleaser/v2/internal/pipe/defaults"
 	"github.com/goreleaser/goreleaser/v2/internal/static"
+	"github.com/goreleaser/goreleaser/v2/pkg/config"
+	"github.com/goreleaser/goreleaser/v2/pkg/context"
 	"github.com/stretchr/testify/require"
 )
 
@@ -153,3 +157,21 @@ func TestHasDistIgnored(t *testing.T) {
 		require.Contains(t, string(content), "# Added by goreleaser init:\ndist/\ntarget/\n")
 	})
 }
+
+func checkExample(t *testing.T, exampleConfig []byte) {
+	t.Helper()
+	cfg, err := config.LoadReader(bytes.NewReader(exampleConfig))
+	require.NoError(t, err)
+	ctx := context.New(cfg)
+	err = defaults.Pipe{}.Run(ctx)
+	require.NoError(t, err)
+	require.False(t, ctx.Deprecated)
+}
+
+func TestInitExampleConfigsAreNotDeprecated(t *testing.T) {
+	checkExample(t, static.GoExampleConfig)
+	checkExample(t, static.ZigExampleConfig)
+	checkExample(t, static.BunExampleConfig)
+	checkExample(t, static.DenoExampleConfig)
+	checkExample(t, static.RustExampleConfig)
+}
diff --git a/internal/static/config.bun.yaml b/internal/static/config.bun.yaml
index 4e0d387d956..2c0a143db1a 100644
--- a/internal/static/config.bun.yaml
+++ b/internal/static/config.bun.yaml
@@ -18,7 +18,7 @@ builds:
       - windows-x64-modern
 
 archives:
-  - format: tar.gz
+  - formats: [tar.gz]
     # this name template makes the OS and Arch compatible with the results of `uname`.
     name_template: >-
       {{ .ProjectName }}_
@@ -29,7 +29,7 @@ archives:
     # use zip for windows archives
     format_overrides:
       - goos: windows
-        format: zip
+        formats: [zip]
 
 changelog:
   sort: asc
diff --git a/internal/static/config.deno.yaml b/internal/static/config.deno.yaml
index 209b9139008..f6d5c371118 100644
--- a/internal/static/config.deno.yaml
+++ b/internal/static/config.deno.yaml
@@ -18,7 +18,7 @@ builds:
       - aarch64-unknown-linux-gnu
 
 archives:
-  - format: tar.gz
+  - formats: [tar.gz]
     # this name template makes the OS and Arch compatible with the results of `uname`.
     name_template: >-
       {{ .ProjectName }}_
@@ -29,7 +29,7 @@ archives:
     # use zip for windows archives
     format_overrides:
       - goos: windows
-        format: zip
+        formats: [zip]
 
 changelog:
   sort: asc
diff --git a/internal/static/config.rust.yaml b/internal/static/config.rust.yaml
index 332e05939da..4afb35e6254 100644
--- a/internal/static/config.rust.yaml
+++ b/internal/static/config.rust.yaml
@@ -28,7 +28,7 @@ builds:
       - aarch64-apple-darwin
 
 archives:
-  - format: tar.gz
+  - formats: [tar.gz]
     # this name template makes the OS and Arch compatible with the results of `uname`.
     name_template: >-
       {{ .ProjectName }}_
@@ -39,7 +39,7 @@ archives:
     # use zip for windows archives
     format_overrides:
       - goos: windows
-        format: zip
+        formats: [zip]
 
 changelog:
   sort: asc
diff --git a/internal/static/config.yaml b/internal/static/config.yaml
index b27b1ccf407..d53627b37ac 100644
--- a/internal/static/config.yaml
+++ b/internal/static/config.yaml
@@ -24,7 +24,7 @@ builds:
       - darwin
 
 archives:
-  - format: tar.gz
+  - formats: [tar.gz]
     # this name template makes the OS and Arch compatible with the results of `uname`.
     name_template: >-
       {{ .ProjectName }}_
@@ -36,7 +36,7 @@ archives:
     # use zip for windows archives
     format_overrides:
       - goos: windows
-        format: zip
+        formats: [zip]
 
 changelog:
   sort: asc
diff --git a/internal/static/config.zig.yaml b/internal/static/config.zig.yaml
index 29522834246..c790d3571a3 100644
--- a/internal/static/config.zig.yaml
+++ b/internal/static/config.zig.yaml
@@ -20,7 +20,7 @@ builds:
       - aarch64-macos
 
 archives:
-  - format: tar.gz
+  - formats: [tar.gz]
     # this name template makes the OS and Arch compatible with the results of `uname`.
     name_template: >-
       {{ .ProjectName }}_
@@ -31,7 +31,7 @@ archives:
     # use zip for windows archives
     format_overrides:
       - goos: windows
-        format: zip
+        formats: [zip]
 
 changelog:
   sort: asc

From 0abdae70de7a2e55321ed60a15ca72004df35e50 Mon Sep 17 00:00:00 2001
From: actions-user <actions@github.com>
Date: Tue, 11 Feb 2025 02:09:47 +0000
Subject: [PATCH 007/119] chore: auto-update generated files

---
 flake.lock                        |  6 +++---
 internal/pipe/nix/licenses.go     |  1 +
 www/docs/static/latest-pro        |  2 +-
 www/docs/static/releases-pro.json |  3 +++
 www/docs/static/schema.json       | 16 ++++++++++++++++
 5 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/flake.lock b/flake.lock
index 099564ab4a4..0bc555b8188 100644
--- a/flake.lock
+++ b/flake.lock
@@ -54,11 +54,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1737469691,
-        "narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=",
+        "lastModified": 1739020877,
+        "narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab",
+        "rev": "a79cfe0ebd24952b580b1cf08cd906354996d547",
         "type": "github"
       },
       "original": {
diff --git a/internal/pipe/nix/licenses.go b/internal/pipe/nix/licenses.go
index 5f582fe3a99..7e9e9f80cb9 100644
--- a/internal/pipe/nix/licenses.go
+++ b/internal/pipe/nix/licenses.go
@@ -221,6 +221,7 @@ var validLicenses = []string{
 	"stk",
 	"sudo",
 	"sustainableUse",
+	"teamspeak",
 	"tsl",
 	"tcltk",
 	"tost",
diff --git a/www/docs/static/latest-pro b/www/docs/static/latest-pro
index 03d3131f0d2..873ca0fa627 100644
--- a/www/docs/static/latest-pro
+++ b/www/docs/static/latest-pro
@@ -1 +1 @@
-v2.6.1-pro
+v2.7.0
diff --git a/www/docs/static/releases-pro.json b/www/docs/static/releases-pro.json
index 1df62b71911..e269a5a002d 100644
--- a/www/docs/static/releases-pro.json
+++ b/www/docs/static/releases-pro.json
@@ -1,4 +1,7 @@
 [
+  {
+    "tag_name": "v2.7.0"
+  },
   {
     "tag_name": "v2.6.1-pro"
   },
diff --git a/www/docs/static/schema.json b/www/docs/static/schema.json
index 05475f8e414..81efdfbf8e1 100644
--- a/www/docs/static/schema.json
+++ b/www/docs/static/schema.json
@@ -2224,6 +2224,9 @@
 					},
 					"templates": {
 						"type": "string"
+					},
+					"config": {
+						"type": "string"
 					}
 				},
 				"additionalProperties": false,
@@ -2644,6 +2647,9 @@
 						],
 						"default": 2
 					},
+					"pro": {
+						"type": "boolean"
+					},
 					"project_name": {
 						"type": "string"
 					},
@@ -4013,6 +4019,16 @@
 					},
 					"extra_files_only": {
 						"type": "boolean"
+					},
+					"skip": {
+						"oneOf": [
+							{
+								"type": "string"
+							},
+							{
+								"type": "boolean"
+							}
+						]
 					}
 				},
 				"additionalProperties": false,

From b6509dffdab1463e1c0d5777e59789599557b815 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Mon, 10 Feb 2025 22:08:18 -0300
Subject: [PATCH 008/119] docs: preparing for v2.7

---
 www/docs/customization/artifactory.md | 2 +-
 www/docs/customization/cloudsmith.md  | 2 +-
 www/docs/customization/fury.md        | 2 +-
 www/docs/customization/hooks.md       | 2 +-
 www/docs/customization/msi.md         | 2 +-
 www/docs/customization/upload.md      | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/www/docs/customization/artifactory.md b/www/docs/customization/artifactory.md
index cb3173fa357..aa368c8e314 100644
--- a/www/docs/customization/artifactory.md
+++ b/www/docs/customization/artifactory.md
@@ -199,7 +199,7 @@ artifactories:
     # Skip this upload configuration.
     #
     # Templates: allowed.
-    # <!-- md:inline_version v2.7-unreleased -->.
+    # <!-- md:inline_version v2.7 -->.
     skip: "{{gt .Patch 0}}"
 
     # Certificate chain used to validate server certificates
diff --git a/www/docs/customization/cloudsmith.md b/www/docs/customization/cloudsmith.md
index 563f783116c..333d4348399 100644
--- a/www/docs/customization/cloudsmith.md
+++ b/www/docs/customization/cloudsmith.md
@@ -78,7 +78,7 @@ cloudsmiths:
       alpine: "alpine/v3.8"
 
     # The component (channel) for the package (e.g. 'main', 'unstable', etc).
-    # <!-- md:inline_version v2.7-unreleased -->
+    # <!-- md:inline_version v2.7 -->
     component: main
 ```
 
diff --git a/www/docs/customization/fury.md b/www/docs/customization/fury.md
index 7f770f17401..69ba914b178 100644
--- a/www/docs/customization/fury.md
+++ b/www/docs/customization/fury.md
@@ -53,7 +53,7 @@ furies:
     # Default: ['apk', deb', 'rpm'].
     formats:
       - deb
-      - apk # <!-- md:inline_version v2.7-unreleased -->.
+      - apk # <!-- md:inline_version v2.7 -->.
 ```
 
 [fury]: https://gemfury.com
diff --git a/www/docs/customization/hooks.md b/www/docs/customization/hooks.md
index 1bc5fff7c61..bd75e14157f 100644
--- a/www/docs/customization/hooks.md
+++ b/www/docs/customization/hooks.md
@@ -53,7 +53,7 @@ GoReleaser allows this with the global hooks feature.
         - 'FILE_TO_TOUCH=something-{{ .ProjectName }}' # specify hook level environment variables
       - cmd: 'dotnet tool install --global wix'
         # Make the hook optional:
-        # <!-- md:inline_version v2.7-unreleased -->.
+        # <!-- md:inline_version v2.7 -->.
         if: '{{ eq .Runtime.Goos "windows" }}'
 
     # global after hooks
diff --git a/www/docs/customization/msi.md b/www/docs/customization/msi.md
index 628b74370cf..27d4235152b 100644
--- a/www/docs/customization/msi.md
+++ b/www/docs/customization/msi.md
@@ -72,7 +72,7 @@ msi:
     #
     # Valid options: 'v3', 'v4'.
     # Default: inferred from the .wxs file.
-    # <!-- md:inline_version v2.7-unreleased -->
+    # <!-- md:inline_version v2.7 -->
     version: v4
 ```
 
diff --git a/www/docs/customization/upload.md b/www/docs/customization/upload.md
index d30739e3581..92363f3bc0e 100644
--- a/www/docs/customization/upload.md
+++ b/www/docs/customization/upload.md
@@ -226,7 +226,7 @@ uploads:
     # Skip this upload configuration.
     #
     # Templates: allowed.
-    # <!-- md:inline_version v2.7-unreleased -->.
+    # <!-- md:inline_version v2.7 -->.
     skip: "{{gt .Patch 0}}"
 
     # Certificate chain used to validate server certificates

From 775874551670cbb9649dde2774bc1ecff5326df5 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Mon, 10 Feb 2025 23:07:50 -0300
Subject: [PATCH 009/119] docs: announce v2.7

---
 www/docs/blog/posts/2025-02-10-v2.7.md | 94 ++++++++++++++++++++++++++
 1 file changed, 94 insertions(+)
 create mode 100644 www/docs/blog/posts/2025-02-10-v2.7.md

diff --git a/www/docs/blog/posts/2025-02-10-v2.7.md b/www/docs/blog/posts/2025-02-10-v2.7.md
new file mode 100644
index 00000000000..42ed30713c4
--- /dev/null
+++ b/www/docs/blog/posts/2025-02-10-v2.7.md
@@ -0,0 +1,94 @@
+---
+date: 2025-02-10
+slug: goreleaser-v2.7
+categories: [announcements]
+authors: [caarlos0]
+---
+
+# Announcing GoReleaser v2.7
+
+Happy February! Another release is here with several improvements across the board.
+
+<!-- more -->
+
+Let's dig into some of the news!
+
+## Simplified versioning
+
+<!-- md:pro -->
+
+GoReleaser Pro always had a `-pro` suffix in its versions.
+This doesn't make a lot of sense, as the project is already called
+`goreleaser-pro`.
+So now, GoReleaser v2.7 is tagged `v2.7.0` - without the `-pro` suffix.
+
+Our [GitHub Action](https://github.com/goreleaser/goreleaser-action) should
+handle it seamlessly.
+
+Regardless, let us know if you find any issues.
+
+## MSI Improvements
+
+<!-- md:pro -->
+
+The MSI builder got some nice improvements in this release:
+
+- Added support for ARM64 architectures
+- Added support for WiX 4+
+
+## New Package Repository Features
+
+<!-- md:pro -->
+
+Package repository integrations got better:
+
+- Added support for Fury APK packages
+- Added Cloudsmith component/channel support
+- Improved DockerHub integration with description from global `metadata`
+
+## Conditional Hooks
+
+<!-- md:pro -->
+
+You can now use conditions in hooks with the new `if` property, allowing more
+granular control over when hooks should run.
+
+## Other Highlights
+
+- **new**: allow OSS to use Pro configurations when `--snapshot` is set
+- **new**: `artifactories.skip`
+- **build**: fixed `ppc64le` builds
+- **build**: improved logging
+- improved error handling, specially around build errors
+
+As always, the release includes numerous dependency updates, documentation
+improvements, and general housekeeping changes.
+
+## Other news
+
+- GoReleaser now has ~14.2k stars and 419 contributors! Thanks, everyone!
+- We eventually discuss new features in our Discord server. 
+  [Join the conversation][discord]!
+- nFPM had new releases as well, 
+  [check it out](https://github.com/goreleaser/nfpm/releases).
+
+## Download
+
+You can [install][] or upgrade using your favorite package manager, or see the
+full release notes and download the pre-compiled binaries [here][oss-rel] and
+[here (for Pro)][pro-rel].
+
+## Helping out
+
+You can help by reporting issues, contributing features, documentation
+improvements, and bug fixes.
+You can also [sponsor the project](/sponsors), or get a
+[GoReleaser Pro licence][pro].
+
+[pro]: /pro
+[install]: https://goreleaser.com/install
+[pro-rel]: https://github.com/goreleaser/goreleaser-pro/releases/tag/v2.7.0-pro
+[oss-rel]: https://github.com/goreleaser/goreleaser/releases/tag/v2.7.0
+[discord]: https://goreleaser.com/discord
+[example-deno]: https://github.com/goreleaser/example-deno/
+[example-bun]: https://github.com/goreleaser/example-bun/

From fa7391e1818de028cd0947ac2ff1e613d9743183 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Mon, 10 Feb 2025 23:08:50 -0300
Subject: [PATCH 010/119] ci: fix run script to support -pro less tags

---
 www/docs/static/run | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/www/docs/static/run b/www/docs/static/run
index 1fcfdf9d6ae..7eaf2b256ba 100755
--- a/www/docs/static/run
+++ b/www/docs/static/run
@@ -1,14 +1,6 @@
 #!/usr/bin/env sh
 set -e
 
-is_pro="false"
-case "$VERSION" in
-*-pro)
-	DISTRIBUTION="pro"
-	is_pro="true"
-	;;
-esac
-
 if test "$DISTRIBUTION" = "pro"; then
 	echo "Using Pro distribution..."
 	RELEASES_URL="https://github.com/goreleaser/goreleaser-pro/releases"
@@ -28,10 +20,6 @@ test -z "$VERSION" && {
 	exit 1
 }
 
-if test "$DISTRIBUTION" = "pro" && ! test "$is_pro"; then
-	VERSION="$VERSION-pro"
-fi
-
 TMP_DIR="$(mktemp -d)"
 # shellcheck disable=SC2064 # intentionally expands here
 trap "rm -rf \"$TMP_DIR\"" EXIT INT TERM

From b484ef12a24424a6830ab2a9cb0632afabec5079 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Mon, 10 Feb 2025 23:09:03 -0300
Subject: [PATCH 011/119] docs: update install instructions

---
 www/docs/install.md | 33 ++++++++++++++++++++++++++++-----
 1 file changed, 28 insertions(+), 5 deletions(-)

diff --git a/www/docs/install.md b/www/docs/install.md
index 73cf8d486e4..604c82cdc20 100644
--- a/www/docs/install.md
+++ b/www/docs/install.md
@@ -301,6 +301,8 @@ Its purpose is to be used within scripts and CIs.
 
 ### Binaries
 
+#### Signatures
+
 All artifacts are checksummed, and the checksum file is signed with [cosign][].
 
 === "OSS"
@@ -327,15 +329,15 @@ All artifacts are checksummed, and the checksum file is signed with [cosign][].
 
     1. Download the files you want, and the `checksums.txt`, `checksum.txt.pem` and `checksums.txt.sig` files from the [releases][pro-releases] page:
       ```bash
-      wget 'https://github.com/goreleaser/goreleaser-pro/releases/download/__VERSION__-pro/checksums.txt'
+      wget 'https://github.com/goreleaser/goreleaser-pro/releases/download/__VERSION__/checksums.txt'
       ```
     1. Verify the signature:
       ```bash
       cosign verify-blob \
-        --certificate-identity 'https://github.com/goreleaser/goreleaser-pro-internal/.github/workflows/release-pro.yml@refs/tags/__VERSION__-pro' \
+        --certificate-identity 'https://github.com/goreleaser/goreleaser-pro-internal/.github/workflows/release-pro.yml@refs/tags/__VERSION__' \
         --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
-        --cert 'https://github.com/goreleaser/goreleaser-pro/releases/download/__VERSION__-pro/checksums.txt.pem' \
-        --signature 'https://github.com/goreleaser/goreleaser-pro/releases/download/__VERSION__-pro/checksums.txt.sig' \
+        --cert 'https://github.com/goreleaser/goreleaser-pro/releases/download/__VERSION__/checksums.txt.pem' \
+        --signature 'https://github.com/goreleaser/goreleaser-pro/releases/download/__VERSION__/checksums.txt.sig' \
         ./checksums.txt
       ```
     1. If the signature is valid, you can then verify the SHA256 sums match with the downloaded binary:
@@ -343,6 +345,23 @@ All artifacts are checksummed, and the checksum file is signed with [cosign][].
       sha256sum --ignore-missing -c checksums.txt
       ```
 
+#### Attestations
+
+You can also verify the attestations:
+
+=== "OSS"
+
+    ```bash
+    gh attestation verify --owner goreleaser *.tar.gz
+    # PS: can be any file from the release
+    ```
+
+=== "Pro"
+
+    GitHub does not yet allow cross-repository attestations (e.g. building a
+    private repo and publishing the attestations in a public one), so this isn't
+    available yet, unfortunately.
+
 ### Docker images
 
 Our Docker images are signed with [cosign][].
@@ -362,7 +381,7 @@ Verify the signatures:
 
     ```bash
     cosign verify \
-      --certificate-identity 'https://github.com/goreleaser/goreleaser-pro-internal/.github/workflows/release-pro.yml@refs/tags/__VERSION__-pro' \
+      --certificate-identity 'https://github.com/goreleaser/goreleaser-pro-internal/.github/workflows/release-pro.yml@refs/tags/__VERSION__' \
       --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
       goreleaser/goreleaser-pro
     ```
@@ -397,3 +416,7 @@ environment variable to `nightly`.
 [nightly-pro-releases]: https://github.com/goreleaser/goreleaser-pro/releases/nightly
 [nightly-releases]: https://github.com/goreleaser/goreleaser/releases/nightly
 [cosign]: https://github.com/sigstore/cosign
+
+```
+
+```

From 7a6d8bd3727f22a44b2e52e01e9cb982bae33790 Mon Sep 17 00:00:00 2001
From: actions-user <actions@github.com>
Date: Tue, 11 Feb 2025 02:36:09 +0000
Subject: [PATCH 012/119] chore: auto-update generated files

---
 www/docs/static/latest        | 2 +-
 www/docs/static/releases.json | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/www/docs/static/latest b/www/docs/static/latest
index 06646d7cc84..873ca0fa627 100644
--- a/www/docs/static/latest
+++ b/www/docs/static/latest
@@ -1 +1 @@
-v2.6.1
+v2.7.0
diff --git a/www/docs/static/releases.json b/www/docs/static/releases.json
index e72d36def9e..42f764fd572 100644
--- a/www/docs/static/releases.json
+++ b/www/docs/static/releases.json
@@ -1,4 +1,7 @@
 [
+  {
+    "tag_name": "v2.7.0"
+  },
   {
     "tag_name": "v2.6.1"
   },

From 64c2367a7aef43d565d0d60a25b3d6319eadd140 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Mon, 10 Feb 2025 23:55:31 -0300
Subject: [PATCH 013/119] docs: update

---
 www/docs/blog/posts/2025-02-10-v2.7.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/www/docs/blog/posts/2025-02-10-v2.7.md b/www/docs/blog/posts/2025-02-10-v2.7.md
index 42ed30713c4..49208850532 100644
--- a/www/docs/blog/posts/2025-02-10-v2.7.md
+++ b/www/docs/blog/posts/2025-02-10-v2.7.md
@@ -27,6 +27,10 @@ handle it seamlessly.
 
 Regardless, let us know if you find any issues.
 
+!!! warning
+
+    Make sure to use the [latest action version](https://github.com/goreleaser/goreleaser-action/releases/latest).
+
 ## MSI Improvements
 
 <!-- md:pro -->

From dd66a2d834818242f2f3484339a842d5880b7d60 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Feb 2025 08:25:09 +0000
Subject: [PATCH 014/119] chore(deps): bump github.com/anchore/quill from 0.5.0
 to 0.5.1 (#5542)

Bumps [github.com/anchore/quill](https://github.com/anchore/quill) from
0.5.0 to 0.5.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/quill/releases">github.com/anchore/quill's
releases</a>.</em></p>
<blockquote>
<h1>v0.5.1</h1>
<p><strong><a
href="https://github.com/anchore/quill/compare/v0.5.0...v0.5.1">(Full
Changelog)</a></strong></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/anchore/quill/commit/026e6f927f9b7ddfc764f205fd681cdc2be9380e"><code>026e6f9</code></a>
store frame values not references (<a
href="https://redirect.github.com/anchore/quill/issues/539">#539</a>)</li>
<li><a
href="https://github.com/anchore/quill/commit/790af2d9df37a6524c96256e77486fe9b92768e6"><code>790af2d</code></a>
chore(deps): bump github.com/blacktop/go-macho from 1.1.234 to 1.1.238
(<a
href="https://redirect.github.com/anchore/quill/issues/538">#538</a>)</li>
<li><a
href="https://github.com/anchore/quill/commit/2c39dab8ab9001054c34dda48f63df3f39517642"><code>2c39dab</code></a>
chore(deps): bump github.com/charmbracelet/bubbletea from 1.2.4 to 1.3.0
(<a
href="https://redirect.github.com/anchore/quill/issues/537">#537</a>)</li>
<li><a
href="https://github.com/anchore/quill/commit/b360a865b2ff4c117ceedf1ab71f704e4e99bce2"><code>b360a86</code></a>
chore(deps): bump anchore/sbom-action from 0.17.7 to 0.18.0 (<a
href="https://redirect.github.com/anchore/quill/issues/536">#536</a>)</li>
<li><a
href="https://github.com/anchore/quill/commit/5f46bc8a45f2dc0ee207f77ab5fe1858dc6147cf"><code>5f46bc8</code></a>
chore(deps): bump actions/upload-artifact from 4.4.3 to 4.6.0 (<a
href="https://redirect.github.com/anchore/quill/issues/533">#533</a>)</li>
<li><a
href="https://github.com/anchore/quill/commit/5f21e2e7fa5d4168a85642411dab9f4bf6c3a7b9"><code>5f21e2e</code></a>
chore(deps): bump github.com/blacktop/go-macho from 1.1.233 to 1.1.234
(<a
href="https://redirect.github.com/anchore/quill/issues/528">#528</a>)</li>
<li><a
href="https://github.com/anchore/quill/commit/a3e0e9a4775e393a18e921818c59fbb5926e12cc"><code>a3e0e9a</code></a>
chore(deps): bump github.com/gabriel-vasile/mimetype from 1.4.5 to 1.4.8
(<a
href="https://redirect.github.com/anchore/quill/issues/532">#532</a>)</li>
<li><a
href="https://github.com/anchore/quill/commit/161a69f8ef9518c0ccb91d0058341fbbe0175b75"><code>161a69f</code></a>
chore(deps): bump github.com/aws/aws-sdk-go from 1.55.5 to 1.55.6 (<a
href="https://redirect.github.com/anchore/quill/issues/535">#535</a>)</li>
<li><a
href="https://github.com/anchore/quill/commit/5f1e4d1da028851e6b843c5a9f37957fcfec1ae5"><code>5f1e4d1</code></a>
chore(deps): bump github.com/PuerkitoBio/goquery from 1.10.0 to 1.10.1
(<a
href="https://redirect.github.com/anchore/quill/issues/530">#530</a>)</li>
<li><a
href="https://github.com/anchore/quill/commit/2bfb8c1798d70879fe72c22d19f21c460eb7c49f"><code>2bfb8c1</code></a>
chore: bump environment to use new macOS-15; unblock unit; (<a
href="https://redirect.github.com/anchore/quill/issues/534">#534</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/anchore/quill/compare/v0.5.0...v0.5.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/anchore/quill&package-manager=go_modules&previous-version=0.5.0&new-version=0.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 14 +++++++-------
 go.sum | 28 ++++++++++++++--------------
 2 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/go.mod b/go.mod
index 4bc38000f30..955af86f2b3 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,7 @@ require (
 	dario.cat/mergo v1.0.1
 	github.com/Masterminds/semver/v3 v3.3.1
 	github.com/agnivade/levenshtein v1.2.1
-	github.com/anchore/quill v0.5.0
+	github.com/anchore/quill v0.5.1
 	github.com/atc0005/go-teams-notify/v2 v2.13.0
 	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20240514230400-03fa26f5508f
 	github.com/bluesky-social/indigo v0.0.0-20240813042137-4006c0eca043
@@ -64,8 +64,8 @@ require (
 	github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.48.1 // indirect
 	github.com/anchore/bubbly v0.0.0-20241107060245-f2a5536f366a // indirect
 	github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
-	github.com/charmbracelet/bubbletea v1.2.1 // indirect
-	github.com/charmbracelet/x/term v0.2.0 // indirect
+	github.com/charmbracelet/bubbletea v1.3.0 // indirect
+	github.com/charmbracelet/x/term v0.2.1 // indirect
 	github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect
 	github.com/envoyproxy/go-control-plane v0.13.0 // indirect
 	github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
@@ -123,7 +123,7 @@ require (
 	github.com/anchore/go-logger v0.0.0-20241005132348-65b4486fbb28 // indirect
 	github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go v1.55.5
+	github.com/aws/aws-sdk-go v1.55.6
 	github.com/aws/aws-sdk-go-v2 v1.30.5 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 // indirect
 	github.com/aws/aws-sdk-go-v2/config v1.27.33 // indirect
@@ -150,7 +150,7 @@ require (
 	github.com/bahlo/generic-list-go v0.2.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blacktop/go-dwarf v1.0.10 // indirect
-	github.com/blacktop/go-macho v1.1.233 // indirect
+	github.com/blacktop/go-macho v1.1.238 // indirect
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/buger/jsonparser v1.1.1 // indirect
@@ -158,7 +158,7 @@ require (
 	github.com/cavaliergopher/cpio v1.0.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/charmbracelet/x/ansi v0.4.5 // indirect
+	github.com/charmbracelet/x/ansi v0.8.0 // indirect
 	github.com/cloudflare/circl v1.3.8 // indirect
 	github.com/containerd/continuity v0.4.3 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect
@@ -183,7 +183,7 @@ require (
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.8.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.5 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
 	github.com/github/smimesign v0.2.0 // indirect
 	github.com/go-chi/chi v4.1.2+incompatible // indirect
 	github.com/go-fed/httpsig v1.1.0 // indirect
diff --git a/go.sum b/go.sum
index 430dc2d53c1..3adfce40501 100644
--- a/go.sum
+++ b/go.sum
@@ -122,8 +122,8 @@ github.com/anchore/go-logger v0.0.0-20241005132348-65b4486fbb28 h1:TKlTOayTJKpoL
 github.com/anchore/go-logger v0.0.0-20241005132348-65b4486fbb28/go.mod h1:5iJIa34inbIEFRwoWxNBTnjzIcl4G3le1LppPDmpg/4=
 github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb h1:iDMnx6LIjtjZ46C0akqveX83WFzhpTD3eqOthawb5vU=
 github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb/go.mod h1:DmTY2Mfcv38hsHbG78xMiTDdxFtkHpgYNVDPsF2TgHk=
-github.com/anchore/quill v0.5.0 h1:8fdLj8dLZcnfrXnXq2lQX6qPY+CDnSpXekGjdKFRpsM=
-github.com/anchore/quill v0.5.0/go.mod h1:GkOwNSQT2UqT5HNk9KA/lCW+3z3AaU9Y5dlvFfw+4Ls=
+github.com/anchore/quill v0.5.1 h1:+TAJroWuMC0AofI4gD9V9v65zR8EfKZg8u+ZD+dKZS4=
+github.com/anchore/quill v0.5.1/go.mod h1:tAzfFxVluL2P1cT+xEy+RgQX1hpNuliUC5dTYSsnCLQ=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
@@ -135,8 +135,8 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/atc0005/go-teams-notify/v2 v2.13.0 h1:nbDeHy89NjYlF/PEfLVF6lsserY9O5SnN1iOIw3AxXw=
 github.com/atc0005/go-teams-notify/v2 v2.13.0/go.mod h1:WSv9moolRsBcpZbwEf6gZxj7h0uJlJskJq5zkEWKO8Y=
-github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU=
-github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
+github.com/aws/aws-sdk-go v1.55.6 h1:cSg4pvZ3m8dgYcgqB97MrcdjUmZ1BeMYKUxMMB89IPk=
+github.com/aws/aws-sdk-go v1.55.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
 github.com/aws/aws-sdk-go-v2 v1.30.5 h1:mWSRTwQAb0aLE17dSzztCVJWI9+cRMgqebndjwDyK0g=
 github.com/aws/aws-sdk-go-v2 v1.30.5/go.mod h1:CT+ZPWXbYrci8chcARI3OmI/qgd+f6WtuLOoaIA8PR0=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 h1:tW1/Rkad38LA15X4UQtjXZXNKsCgkshC3EbmcUmghTg=
@@ -194,8 +194,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/blacktop/go-dwarf v1.0.10 h1:i9zYgcIROETsNZ6V+zZn3uDH21FCG5BLLZ837GitxS0=
 github.com/blacktop/go-dwarf v1.0.10/go.mod h1:4W2FKgSFYcZLDwnR7k+apv5i3nrau4NGl9N6VQ9DSTo=
-github.com/blacktop/go-macho v1.1.233 h1:Pm/9pgAjcwFNyTeoO3GoQ9qNPXhAhraqG55ZCQ031nM=
-github.com/blacktop/go-macho v1.1.233/go.mod h1:dtlW2AJKQpFzImBVPWiUKZ6OxrQ2MLfWi/BPPe0EONE=
+github.com/blacktop/go-macho v1.1.238 h1:OFfT6NB/SWxkoky7L/ytuY8QekgFpa9pmz/GHUQLsmM=
+github.com/blacktop/go-macho v1.1.238/go.mod h1:dtlW2AJKQpFzImBVPWiUKZ6OxrQ2MLfWi/BPPe0EONE=
 github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb h1:m935MPodAbYS46DG4pJSv7WO+VECIWUQ7OJYSoTrMh4=
 github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
@@ -231,16 +231,16 @@ github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91
 github.com/certifi/gocertifi v0.0.0-20180118203423-deb3ae2ef261/go.mod h1:GJKEexRPVJrBSOjoqN5VNOIKJ5Q3RViH6eu3puDRwx4=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/charmbracelet/bubbletea v1.2.1 h1:J041h57zculJKEKf/O2pS4edXGIz+V0YvojvfGXePIk=
-github.com/charmbracelet/bubbletea v1.2.1/go.mod h1:viLoDL7hG4njLJSKU2gw7kB3LSEmWsrM80rO1dBJWBI=
+github.com/charmbracelet/bubbletea v1.3.0 h1:fPMyirm0u3Fou+flch7hlJN9krlnVURrkUVDwqXjoAc=
+github.com/charmbracelet/bubbletea v1.3.0/go.mod h1:eTaHfqbIwvBhFQM/nlT1NsGc4kp8jhF8LfUK67XiTDM=
 github.com/charmbracelet/keygen v0.5.1 h1:zBkkYPtmKDVTw+cwUyY6ZwGDhRxXkEp0Oxs9sqMLqxI=
 github.com/charmbracelet/keygen v0.5.1/go.mod h1:zznJVmK/GWB6dAtjluqn2qsttiCBhA5MZSiwb80fcHw=
 github.com/charmbracelet/lipgloss v1.0.0 h1:O7VkGDvqEdGi93X+DeqsQ7PKHDgtQfF8j8/O2qFMQNg=
 github.com/charmbracelet/lipgloss v1.0.0/go.mod h1:U5fy9Z+C38obMs+T+tJqst9VGzlOYGj4ri9reL3qUlo=
-github.com/charmbracelet/x/ansi v0.4.5 h1:LqK4vwBNaXw2AyGIICa5/29Sbdq58GbGdFngSexTdRM=
-github.com/charmbracelet/x/ansi v0.4.5/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw=
-github.com/charmbracelet/x/term v0.2.0 h1:cNB9Ot9q8I711MyZ7myUR5HFWL/lc3OpU8jZ4hwm0x0=
-github.com/charmbracelet/x/term v0.2.0/go.mod h1:GVxgxAbjUrmpvIINHIQnJJKpMlHiZ4cktEQCN6GWyF0=
+github.com/charmbracelet/x/ansi v0.8.0 h1:9GTq3xq9caJW8ZrBTe0LIe2fvfLR/bYXKTx2llXn7xE=
+github.com/charmbracelet/x/ansi v0.8.0/go.mod h1:wdYl/ONOLHLIVmQaxbIYEC/cRKOQyjTkowiI4blgS9Q=
+github.com/charmbracelet/x/term v0.2.1 h1:AQeHeLZ1OqSXhrAWpYUtZyX1T3zVxfpZuEQMIQaGIAQ=
+github.com/charmbracelet/x/term v0.2.1/go.mod h1:oQ4enTYFV7QN4m0i9mzHrViD7TQKvNEEkHUMCmsxdUg=
 github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 h1:krfRl01rzPzxSxyLyrChD+U+MzsBXbm0OwYYB67uF+4=
 github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589/go.mod h1:OuDyvmLnMCwa2ep4Jkm6nyA0ocJuZlGyk2gGseVzERM=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
@@ -329,8 +329,8 @@ github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHk
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
 github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
-github.com/gabriel-vasile/mimetype v1.4.5 h1:J7wGKdGu33ocBOhGy0z653k/lFKLFDPJMG8Gql0kxn4=
-github.com/gabriel-vasile/mimetype v1.4.5/go.mod h1:ibHel+/kbxn9x2407k1izTA1S81ku1z/DlgOW2QE0M4=
+github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
+github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
 github.com/github/smimesign v0.2.0 h1:Hho4YcX5N1I9XNqhq0fNx0Sts8MhLonHd+HRXVGNjvk=
 github.com/github/smimesign v0.2.0/go.mod h1:iZiiwNT4HbtGRVqCQu7uJPEZCuEE5sfSSttcnePkDl4=
 github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c=

From 6b293fddfafc1f4d44fb19d6c55f9820a0f73bff Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Feb 2025 08:48:18 +0000
Subject: [PATCH 015/119] chore(deps): bump golangci/golangci-lint-action from
 6.3.1 to 6.3.2 (#5544)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action)
from 6.3.1 to 6.3.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golangci/golangci-lint-action/releases">golangci/golangci-lint-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.3.2</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<h3>Changes</h3>
<ul>
<li>fix: path patch by <a
href="https://github.com/ldez"><code>@​ldez</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1162">golangci/golangci-lint-action#1162</a></li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>build(deps-dev): bump prettier from 3.4.2 to 3.5.0 in the
dev-dependencies group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1160">golangci/golangci-lint-action#1160</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/golangci/golangci-lint-action/compare/v6.3.1...v6.3.2">https://github.com/golangci/golangci-lint-action/compare/v6.3.1...v6.3.2</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/051d91933864810ecd5e2ea2cfd98f6a5bca5347"><code>051d919</code></a>
6.3.2</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/b85ce4ff0a87a86a7c5cbb5f51fd4bb89b4b9eda"><code>b85ce4f</code></a>
fix: path patch (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1162">#1162</a>)</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/d9c129682c68499e4b249d22ada18e936b119572"><code>d9c1296</code></a>
build(deps-dev): bump prettier from 3.4.2 to 3.5.0 in the
dev-dependencies gr...</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/db1c463e05c87f65a1da26368fb4f6639406da0a"><code>db1c463</code></a>
docs: move dev information into contribution guide</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/697ae3d9654e3d30be27fc044dfa443589a45faa"><code>697ae3d</code></a>
docs: information about releases</li>
<li>See full diff in <a
href="https://github.com/golangci/golangci-lint-action/compare/2e788936b09dd82dc280e845628a40d2ba6b204c...051d91933864810ecd5e2ea2cfd98f6a5bca5347">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=6.3.1&new-version=6.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/lint.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 21f927de4eb..216bc359763 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -23,7 +23,7 @@ jobs:
           go-version: stable
           cache: false
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@2e788936b09dd82dc280e845628a40d2ba6b204c # v6.3.1
+        uses: golangci/golangci-lint-action@051d91933864810ecd5e2ea2cfd98f6a5bca5347 # v6.3.2
         with:
           args: --timeout=5m
           version: v1.62

From c37b3303c22614d112efd37741e1dc17821a72f1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Feb 2025 08:29:34 -0300
Subject: [PATCH 016/119] chore(deps): bump golang.org/x/tools from 0.29.0 to
 0.30.0 (#5543)

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.29.0
to 0.30.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/tools/commit/09747cdf594a7924dcecb506312be3bd6e437962"><code>09747cd</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/tools/commit/dc9353b60ee791ae31f3be19b8ae7ea5450e5e62"><code>dc9353b</code></a>
gopls/internal/analysis/modernize: appendclipped: unclip</li>
<li><a
href="https://github.com/golang/tools/commit/a886a1c2ed0dee2af11f465e11bf48b11dda984c"><code>a886a1c</code></a>
internal/analysisinternal: AddImport handles dot imports</li>
<li><a
href="https://github.com/golang/tools/commit/94c3c49c41819ed247e0423acff990ab4ed12cf9"><code>94c3c49</code></a>
go/analysis/analysistest: RunWithSuggestedFix: assume valid fixes</li>
<li><a
href="https://github.com/golang/tools/commit/5f9967d63b2b964daae36c6f0fa3e1eecdd8eb06"><code>5f9967d</code></a>
gopls/internal/analysis/modernize: strings.Split -&gt; SplitSeq</li>
<li><a
href="https://github.com/golang/tools/commit/a1eb5fda89ed74fd8906e27269623f679dbd0ac1"><code>a1eb5fd</code></a>
go/analysis/passes/framepointer: support arm64</li>
<li><a
href="https://github.com/golang/tools/commit/9c087d9bfa108039bfcaa605c16fe467d8c47940"><code>9c087d9</code></a>
internal/analysis/gofix: change &quot;forward&quot; back to
&quot;inline&quot;</li>
<li><a
href="https://github.com/golang/tools/commit/82317cea8a3807ada2a9b6a794188f227b55595f"><code>82317ce</code></a>
gopls/internal/analysis/modernize: slices.Delete: import slices</li>
<li><a
href="https://github.com/golang/tools/commit/e65ea150db54e65bce06700111515e5a4598900c"><code>e65ea15</code></a>
go/analysis/internal/checker: implement three-way merge</li>
<li><a
href="https://github.com/golang/tools/commit/a9bf6fdf9803c2872968caff08802cf427eb875c"><code>a9bf6fd</code></a>
gopls/internal/analysis/modernize: remove SortStable</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.29.0...v0.30.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.29.0&new-version=0.30.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 955af86f2b3..5e766d7c6c2 100644
--- a/go.mod
+++ b/go.mod
@@ -50,7 +50,7 @@ require (
 	golang.org/x/oauth2 v0.26.0
 	golang.org/x/sync v0.11.0
 	golang.org/x/text v0.22.0
-	golang.org/x/tools v0.29.0
+	golang.org/x/tools v0.30.0
 	gopkg.in/mail.v2 v2.3.1
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -347,8 +347,8 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect
-	golang.org/x/mod v0.22.0 // indirect
-	golang.org/x/net v0.34.0 // indirect
+	golang.org/x/mod v0.23.0 // indirect
+	golang.org/x/net v0.35.0 // indirect
 	golang.org/x/sys v0.30.0 // indirect
 	golang.org/x/term v0.29.0 // indirect
 	golang.org/x/time v0.9.0 // indirect
diff --git a/go.sum b/go.sum
index 3adfce40501..9c6c06bab25 100644
--- a/go.sum
+++ b/go.sum
@@ -937,8 +937,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
-golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM=
+golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -958,8 +958,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
-golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
-golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
+golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
+golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.26.0 h1:afQXWNNaeC4nvZ0Ed9XvCCzXM6UHJG7iCg0W4fPqSBE=
 golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
@@ -1041,8 +1041,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps=
-golang.org/x/tools v0.29.0 h1:Xx0h3TtM9rzQpQuR4dKLrdglAmCEN5Oi+P74JdhdzXE=
-golang.org/x/tools v0.29.0/go.mod h1:KMQVMRsVxU6nHCFXrBPhDB8XncLNLM0lIy/F14RP588=
+golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY=
+golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From d8a8eda59a79ae077f619c71aa396d0655174837 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Tue, 11 Feb 2025 08:42:52 -0300
Subject: [PATCH 017/119] docs: update pro.md

---
 www/docs/pro.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/www/docs/pro.md b/www/docs/pro.md
index 11f40d27402..66fe13915b5 100644
--- a/www/docs/pro.md
+++ b/www/docs/pro.md
@@ -4,6 +4,7 @@ GoReleaser Pro is a paid, closed-source GoReleaser distribution with some
 additional features:
 
 - [x] Further filter artifacts with `if` statements;
+- [x] Create macOS [App Bundles](customization/app_bundles.md)
 - [x] Easily create `alpine`, `apt`, and `yum` repositories with the
       [CloudSmith integration](customization/cloudsmith.md);
 - [x] Have [global defaults for homepage, description, etc](customization/metadata.md);

From 363c42c4755507db1dcf8da0bd3c717f91bc915b Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Tue, 11 Feb 2025 08:46:38 -0300
Subject: [PATCH 018/119] chore: typo

---
 www/docs/pro.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/docs/pro.md b/www/docs/pro.md
index 66fe13915b5..4f5f3850a6b 100644
--- a/www/docs/pro.md
+++ b/www/docs/pro.md
@@ -4,7 +4,7 @@ GoReleaser Pro is a paid, closed-source GoReleaser distribution with some
 additional features:
 
 - [x] Further filter artifacts with `if` statements;
-- [x] Create macOS [App Bundles](customization/app_bundles.md)
+- [x] Create macOS [App Bundles](customization/app_bundles.md);
 - [x] Easily create `alpine`, `apt`, and `yum` repositories with the
       [CloudSmith integration](customization/cloudsmith.md);
 - [x] Have [global defaults for homepage, description, etc](customization/metadata.md);

From e689b26726794dec21ac4e0176cf0e8294971b47 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Tue, 11 Feb 2025 12:45:30 -0300
Subject: [PATCH 019/119] fix(nfpm): do not skip entire pipeline for one skip
 (#5546)

without this, if any nfpm configuration is skipped, it'll skip the
entire thing.

this fixes it.
---
 internal/pipe/nfpm/nfpm.go      | 14 +++++++---
 internal/pipe/nfpm/nfpm_test.go | 48 +++++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+), 4 deletions(-)

diff --git a/internal/pipe/nfpm/nfpm.go b/internal/pipe/nfpm/nfpm.go
index 2ef5151ec79..365dd46e1fe 100644
--- a/internal/pipe/nfpm/nfpm.go
+++ b/internal/pipe/nfpm/nfpm.go
@@ -82,16 +82,22 @@ func (Pipe) Default(ctx *context.Context) error {
 
 // Run the pipe.
 func (Pipe) Run(ctx *context.Context) error {
+	skips := pipe.SkipMemento{}
 	for _, nfpm := range ctx.Config.NFPMs {
 		if len(nfpm.Formats) == 0 {
-			// FIXME: this assumes other nfpm configs will fail too...
-			return pipe.Skip("no output formats configured")
+			skips.Remember(pipe.Skip("no output formats configured"))
+			continue
 		}
-		if err := doRun(ctx, nfpm); err != nil {
+		err := doRun(ctx, nfpm)
+		if pipe.IsSkip(err) {
+			skips.Remember(err)
+			continue
+		}
+		if err != nil {
 			return err
 		}
 	}
-	return nil
+	return skips.Evaluate()
 }
 
 func doRun(ctx *context.Context, fpm config.NFPM) error {
diff --git a/internal/pipe/nfpm/nfpm_test.go b/internal/pipe/nfpm/nfpm_test.go
index 4665325099f..afb3c0a3203 100644
--- a/internal/pipe/nfpm/nfpm_test.go
+++ b/internal/pipe/nfpm/nfpm_test.go
@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"github.com/goreleaser/goreleaser/v2/internal/artifact"
+	"github.com/goreleaser/goreleaser/v2/internal/pipe"
 	"github.com/goreleaser/goreleaser/v2/internal/skips"
 	"github.com/goreleaser/goreleaser/v2/internal/testctx"
 	"github.com/goreleaser/goreleaser/v2/internal/testlib"
@@ -512,6 +513,53 @@ func TestRunPipe(t *testing.T) {
 	require.Len(t, ctx.Config.NFPMs[0].Contents, 8, "should not modify the config file list")
 }
 
+func TestSkipOne(t *testing.T) {
+	t.Helper()
+	folder := t.TempDir()
+	dist := filepath.Join(folder, "dist")
+	require.NoError(t, os.Mkdir(dist, 0o755))
+	binPath := filepath.ToSlash(filepath.Join(dist, "mybin"))
+	require.NoError(t, os.WriteFile(binPath, nil, 0o755))
+	ctx := testctx.NewWithCfg(config.Project{
+		ProjectName: "mybin",
+		Dist:        dist,
+		NFPMs: []config.NFPM{
+			{
+				ID: "this configuration will be ignored as it has no formats",
+			},
+			{
+				Formats: []string{"deb", "rpm"},
+			},
+		},
+	}, testctx.WithVersion("1.0.0"))
+	for _, goos := range []string{"linux", "darwin"} {
+		for _, goarch := range []string{"amd64", "arm64"} {
+			ctx.Artifacts.Add(&artifact.Artifact{
+				Name:   "subdir/mybin",
+				Path:   binPath,
+				Goarch: goarch,
+				Goos:   goos,
+				Type:   artifact.Binary,
+			})
+		}
+	}
+	require.NoError(t, Pipe{}.Default(ctx))
+	err := Pipe{}.Run(ctx)
+	require.True(t, pipe.IsSkip(err), err)
+
+	packages := ctx.Artifacts.Filter(artifact.ByType(artifact.LinuxPackage)).List()
+	require.Len(t, packages, 4)
+	for _, pkg := range packages {
+		require.NotEmpty(t, pkg.Format())
+		require.Contains(t, []string{
+			"mybin_1.0.0_linux_arm64.deb",
+			"mybin_1.0.0_linux_amd64.deb",
+			"mybin_1.0.0_linux_amd64.rpm",
+			"mybin_1.0.0_linux_arm64.rpm",
+		}, pkg.Name, "package name is not expected")
+	}
+}
+
 func TestRunPipeConventionalNameTemplate(t *testing.T) {
 	t.Run("regular", func(t *testing.T) { doTestRunPipeConventionalNameTemplate(t, false) })
 	t.Run("snapshot", func(t *testing.T) { doTestRunPipeConventionalNameTemplate(t, true) })

From 7611b4411cc1f39873371994de160cdad6b4ac28 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Feb 2025 18:17:47 +0000
Subject: [PATCH 020/119] chore(deps): bump
 github.com/distribution/distribution/v3 from 3.0.0-rc.2 to 3.0.0-rc.3 in the
 go_modules group (#5547)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps the go_modules group with 1 update:
[github.com/distribution/distribution/v3](https://github.com/distribution/distribution).

Updates `github.com/distribution/distribution/v3` from 3.0.0-rc.2 to
3.0.0-rc.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.0-rc.3</h2>
<p>Welcome to the <code>v3.0.0-rc.3</code> release of registry!</p>
<p>This is the third stable release candidate!</p>
<p>See the changelog below for a full list of changes.</p>
<h2>Notable changes</h2>
<ul>
<li>Fixes <a
href="https://www.cve.org/CVERecord?id=CVE-2025-24976">CVE-2025-24976</a>,
thanks <a href="https://github.com/evanebb"><code>@​evanebb</code></a>
for reporting!</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>build(deps): bump actions/upload-artifact from 4.3.6 to 4.5.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/4538">distribution/distribution#4538</a></li>
<li>ci: update bake-action to v6 by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/4554">distribution/distribution#4554</a></li>
<li>build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/4553">distribution/distribution#4553</a></li>
<li>(security): Bump golang.org/x/net module by <a
href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in
<a
href="https://redirect.github.com/distribution/distribution/pull/4542">distribution/distribution#4542</a></li>
<li>(security): fix registry Token authentication bug by <a
href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in
<a
href="https://github.com/distribution/distribution/commit/f4a500caf68169dccb0b54cb90523e68ee1ac2be">https://github.com/distribution/distribution/commit/f4a500caf68169dccb0b54cb90523e68ee1ac2be</a></li>
<li>ci: fix bake build by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/4555">distribution/distribution#4555</a></li>
<li>Bump Go version by <a
href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in
<a
href="https://redirect.github.com/distribution/distribution/pull/4566">distribution/distribution#4566</a></li>
<li>Prep for v3-rc.3 release by <a
href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in
<a
href="https://redirect.github.com/distribution/distribution/pull/4568">distribution/distribution#4568</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/distribution/distribution/compare/v3.0.0-rc.2...v3.0.0-rc.3">https://github.com/distribution/distribution/compare/v3.0.0-rc.2...v3.0.0-rc.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/distribution/distribution/commit/51bdcb7bac069f263ce238db6bd0610759c2635f"><code>51bdcb7</code></a>
Prep for v3-rc.3 release (<a
href="https://redirect.github.com/distribution/distribution/issues/4568">#4568</a>)</li>
<li><a
href="https://github.com/distribution/distribution/commit/198db9cb06b74735198116eec3aea78538c99969"><code>198db9c</code></a>
Prep for v3-rc.3 release</li>
<li><a
href="https://github.com/distribution/distribution/commit/5ea9aa028db65ca5665f6af2c20ecf9dc34e5fcd"><code>5ea9aa0</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/distribution/distribution/commit/939a525dd5293903d82f329dc3c33c0228793c3d"><code>939a525</code></a>
Bump Go version (<a
href="https://redirect.github.com/distribution/distribution/issues/4566">#4566</a>)</li>
<li><a
href="https://github.com/distribution/distribution/commit/7098b3f42c4f8907dcc6e63ea209572c0f9dd210"><code>7098b3f</code></a>
Bump Go version</li>
<li><a
href="https://github.com/distribution/distribution/commit/6ed60b0f4892685fc9bc5924ff2e2788d7dbbab7"><code>6ed60b0</code></a>
Apply suggestions from code review</li>
<li><a
href="https://github.com/distribution/distribution/commit/53c382641c9223aaa2b79793b05d444bebff0587"><code>53c3826</code></a>
Remove named returns and fix linting woes</li>
<li><a
href="https://github.com/distribution/distribution/commit/f4a500caf68169dccb0b54cb90523e68ee1ac2be"><code>f4a500c</code></a>
Fix registry token authentication bug</li>
<li><a
href="https://github.com/distribution/distribution/commit/7271d882c06246d7f91802b95f5708035aa83908"><code>7271d88</code></a>
ci: fix bake build (<a
href="https://redirect.github.com/distribution/distribution/issues/4555">#4555</a>)</li>
<li><a
href="https://github.com/distribution/distribution/commit/4c5e3945612b26927cfd8d500da128fb602522a4"><code>4c5e394</code></a>
ci: fix bake build</li>
<li>Additional commits viewable in <a
href="https://github.com/distribution/distribution/compare/v3.0.0-rc.2...v3.0.0-rc.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/distribution/distribution/v3&package-manager=go_modules&previous-version=3.0.0-rc.2&new-version=3.0.0-rc.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/goreleaser/goreleaser/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 5e766d7c6c2..c75e5c074c6 100644
--- a/go.mod
+++ b/go.mod
@@ -22,7 +22,7 @@ require (
 	github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589
 	github.com/dghubble/go-twitter v0.0.0-20211115160449-93a8679adecb
 	github.com/dghubble/oauth1 v0.7.3
-	github.com/distribution/distribution/v3 v3.0.0-rc.2
+	github.com/distribution/distribution/v3 v3.0.0-rc.3
 	github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1
 	github.com/google/go-containerregistry v0.20.3
 	github.com/google/go-github/v69 v69.0.0
diff --git a/go.sum b/go.sum
index 9c6c06bab25..50b2c0a2463 100644
--- a/go.sum
+++ b/go.sum
@@ -281,8 +281,8 @@ github.com/dgryski/trifles v0.0.0-20230903005119-f50d829f2e54 h1:SG7nF6SRlWhcT7c
 github.com/dgryski/trifles v0.0.0-20230903005119-f50d829f2e54/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA=
 github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
-github.com/distribution/distribution/v3 v3.0.0-rc.2 h1:tTrzntanYMbd20SyvdeR83Ya1l/aBwDcA3NCIpmwemc=
-github.com/distribution/distribution/v3 v3.0.0-rc.2/go.mod h1:H2zIRRXS20ylnv2HTuKILAWuANjuA60GB7MLOsQag7Y=
+github.com/distribution/distribution/v3 v3.0.0-rc.3 h1:JRJso9IVLoooKX76oWR+DWCCdZlK5m4nRtDWvzB1ITg=
+github.com/distribution/distribution/v3 v3.0.0-rc.3/go.mod h1:offoOgrnYs+CFwis8nE0hyzYZqRCZj5EFc5kgfszwiE=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
 github.com/docker/cli v27.5.0+incompatible h1:aMphQkcGtpHixwwhAXJT1rrK/detk2JIvDaFkLctbGM=

From a78fec04156111df7facb32586b5c23cccd1e5a2 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Wed, 12 Feb 2025 09:51:02 -0300
Subject: [PATCH 021/119] docs: cargo publish

---
 www/docs/customization/builds/rust.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/www/docs/customization/builds/rust.md b/www/docs/customization/builds/rust.md
index 5da06f18f07..33422c9a472 100644
--- a/www/docs/customization/builds/rust.md
+++ b/www/docs/customization/builds/rust.md
@@ -107,12 +107,12 @@ builds:
 
 ## Publishing with Cargo
 
-You can use [custom publishers](../publishers.md) to do it:
+You can use [global after hooks](../hooks.md) to do it:
 
 ```yaml title=".goreleaser.yaml"
-publishers:
-  - name: cargo
-    cmd: "cargo publish {{ if .IsSnapshot }}--dry-run{{ end }} --quiet --no-verify"
+# global after hooks
+after:
+  - cmd: "cargo publish {{ if .IsSnapshot }}--dry-run{{ end }} --quiet --no-verify"
 ```
 
 ## Caveats

From 29310fed932ab33e5c7fafe7d8c86451b8b9d437 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Thu, 13 Feb 2025 16:47:20 -0300
Subject: [PATCH 022/119] chore: update

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 www/docs/static/schema-pro.json | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/www/docs/static/schema-pro.json b/www/docs/static/schema-pro.json
index e5b6e84b8d5..5d62cde0220 100644
--- a/www/docs/static/schema-pro.json
+++ b/www/docs/static/schema-pro.json
@@ -5030,8 +5030,7 @@
 				"type": "object",
 				"required": [
 					"publisher",
-					"repository",
-					"short_description"
+					"repository"
 				]
 			},
 			"WingetDependency": {

From 567d9de6a7015029fadc867053f8a4e92c6b9175 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Thu, 13 Feb 2025 22:36:41 -0300
Subject: [PATCH 023/119] ci: previous tag

dunno how, but somehow the tag is in a branch that is not in main.

this fixes the release notes, should also remove it after next release.
---
 .github/workflows/nightly-oss.yml | 1 +
 .github/workflows/release.yml     | 1 +
 2 files changed, 2 insertions(+)

diff --git a/.github/workflows/nightly-oss.yml b/.github/workflows/nightly-oss.yml
index 5ea30ec3d52..bf24ef714c6 100644
--- a/.github/workflows/nightly-oss.yml
+++ b/.github/workflows/nightly-oss.yml
@@ -88,6 +88,7 @@ jobs:
           MACOS_NOTARY_ISSUER_ID: ${{ secrets.MACOS_NOTARY_ISSUER_ID }}
           MACOS_NOTARY_KEY_ID: ${{ secrets.MACOS_NOTARY_KEY_ID }}
           MACOS_NOTARY_KEY: ${{ secrets.MACOS_NOTARY_KEY }}
+          GORELEASER_PREVIOUS_TAG: v2.7.0 # TODO: remove this after next release
       - uses: actions/attest-build-provenance@v2
         with:
           subject-checksums: ./dist/checksums.txt
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 2cbc36f55b4..d5365279702 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -148,6 +148,7 @@ jobs:
           MACOS_NOTARY_KEY_ID: ${{ secrets.MACOS_NOTARY_KEY_ID }}
           MACOS_NOTARY_KEY: ${{ secrets.MACOS_NOTARY_KEY }}
           SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_LOGIN }}
+          GORELEASER_PREVIOUS_TAG: v2.7.0 # TODO: remove this after next release
       - uses: actions/attest-build-provenance@v2
         with:
           subject-checksums: ./dist/checksums.txt

From 9ad178e382e6ec88f5d1e3be7324692143405b03 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Thu, 13 Feb 2025 22:42:19 -0300
Subject: [PATCH 024/119] ci: tag

---
 .github/workflows/nightly-oss.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/nightly-oss.yml b/.github/workflows/nightly-oss.yml
index bf24ef714c6..336aa66fca2 100644
--- a/.github/workflows/nightly-oss.yml
+++ b/.github/workflows/nightly-oss.yml
@@ -88,7 +88,7 @@ jobs:
           MACOS_NOTARY_ISSUER_ID: ${{ secrets.MACOS_NOTARY_ISSUER_ID }}
           MACOS_NOTARY_KEY_ID: ${{ secrets.MACOS_NOTARY_KEY_ID }}
           MACOS_NOTARY_KEY: ${{ secrets.MACOS_NOTARY_KEY }}
-          GORELEASER_PREVIOUS_TAG: v2.7.0 # TODO: remove this after next release
+          GORELEASER_CURRENT_TAG: v2.7.0 # TODO: remove this after next release
       - uses: actions/attest-build-provenance@v2
         with:
           subject-checksums: ./dist/checksums.txt

From 1bb77d5ddb906bd0fc9064785184d41296bbef93 Mon Sep 17 00:00:00 2001
From: Mohammad Banisaeid <smbl64@gmail.com>
Date: Fri, 14 Feb 2025 19:42:03 +0100
Subject: [PATCH 025/119] docs: add link to cosign site (#5550)

Add missing link in the `binary_sign.md` file.
---
 www/docs/customization/binary_sign.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/www/docs/customization/binary_sign.md b/www/docs/customization/binary_sign.md
index db0a440df16..e332aaaa46a 100644
--- a/www/docs/customization/binary_sign.md
+++ b/www/docs/customization/binary_sign.md
@@ -122,7 +122,7 @@ Here, it'll work anyway.
 
 ## Signing with cosign
 
-You can sign your artifacts with [cosign][] as well.
+You can sign your artifacts with [cosign][cosign] as well.
 
 Assuming you have a `cosign.key` in the repository root and a `COSIGN_PWD`
 environment variable set, a simple usage example would look like this:
@@ -144,3 +144,5 @@ Your users can then verify the signature with:
 ```sh
 cosign verify-blob -key cosign.pub -signature binary.sig binary
 ```
+
+[cosign]: https://github.com/sigstore/cosign

From 7d0a593552afb078dae6ce6b66c2536d9ba061d0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Feb 2025 15:39:43 -0300
Subject: [PATCH 026/119] chore(deps): bump golang from 1.23.6-alpine to
 1.24.0-alpine (#5552)

Bumps golang from 1.23.6-alpine to 1.24.0-alpine.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang&package-manager=docker&previous-version=1.23.6-alpine&new-version=1.24.0-alpine)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index a30dec534a9..13a27f4bbb3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.23.6-alpine@sha256:2c49857f2295e89b23b28386e57e018a86620a8fede5003900f2d138ba9c4037
+FROM golang:1.24.0-alpine@sha256:5429efb7de864db15bd99b91b67608d52f97945837c7f6f7d1b779f9bfe46281
 
 RUN apk add --no-cache bash \
 	build-base \

From 977615ada2b5b394b0449bb06d6b06b68444aafb Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Mon, 17 Feb 2025 15:41:54 -0300
Subject: [PATCH 027/119] test: go 1.24

---
 cmd/util_test.go                        | 2 +-
 internal/pipe/gomod/gomod_proxy_test.go | 2 +-
 internal/pipe/ko/testdata/app/go.mod    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/cmd/util_test.go b/cmd/util_test.go
index a769d8a35c4..babb50cde11 100644
--- a/cmd/util_test.go
+++ b/cmd/util_test.go
@@ -62,7 +62,7 @@ func goModInit(tb testing.TB) {
 	tb.Helper()
 	createFile(tb, "go.mod", `module foo
 
-go 1.23
+go 1.24
 `)
 }
 
diff --git a/internal/pipe/gomod/gomod_proxy_test.go b/internal/pipe/gomod/gomod_proxy_test.go
index c98fb3ff49d..6c6b8ce26c9 100644
--- a/internal/pipe/gomod/gomod_proxy_test.go
+++ b/internal/pipe/gomod/gomod_proxy_test.go
@@ -243,7 +243,7 @@ func requireGoMod(tb testing.TB) {
 	require.NoError(tb, err)
 	require.Contains(tb, string(mod), `module foo
 
-go 1.23`)
+go 1.24`)
 }
 
 func fakeGoModAndSum(tb testing.TB, module string) {
diff --git a/internal/pipe/ko/testdata/app/go.mod b/internal/pipe/ko/testdata/app/go.mod
index cceed782a4d..07c515f4b9a 100644
--- a/internal/pipe/ko/testdata/app/go.mod
+++ b/internal/pipe/ko/testdata/app/go.mod
@@ -1,3 +1,3 @@
 module testapp
 
-go 1.23.0
+go 1.24.0

From 1201fd96ebb8d2cddc812b772978bdf8d28ad29c Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Mon, 17 Feb 2025 15:42:46 -0300
Subject: [PATCH 028/119] docs: go 1.24

---
 CONTRIBUTING.md          | 4 ++--
 www/docs/contributing.md | 4 ++--
 www/docs/install.md      | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 601a5cba50c..8c55453f3c9 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -15,7 +15,7 @@ Dagger.
 Prerequisites:
 
 - [Task](https://taskfile.dev/installation)
-- [Go 1.23+](https://go.dev/doc/install)
+- [Go 1.24+](https://go.dev/doc/install)
 
 Other things you might need to run some of the tests (they should get
 automatically skipped if a needed tool isn't present):
@@ -34,7 +34,7 @@ Prerequisites:
 
 - [Task](https://taskfile.dev/installation)
 - [Dagger](https://docs.dagger.io/install)
-- [Go 1.23+](https://go.dev/doc/install)
+- [Go 1.24+](https://go.dev/doc/install)
 - [Docker](https://www.docker.com/)
 
 ## Building
diff --git a/www/docs/contributing.md b/www/docs/contributing.md
index 601a5cba50c..8c55453f3c9 100644
--- a/www/docs/contributing.md
+++ b/www/docs/contributing.md
@@ -15,7 +15,7 @@ Dagger.
 Prerequisites:
 
 - [Task](https://taskfile.dev/installation)
-- [Go 1.23+](https://go.dev/doc/install)
+- [Go 1.24+](https://go.dev/doc/install)
 
 Other things you might need to run some of the tests (they should get
 automatically skipped if a needed tool isn't present):
@@ -34,7 +34,7 @@ Prerequisites:
 
 - [Task](https://taskfile.dev/installation)
 - [Dagger](https://docs.dagger.io/install)
-- [Go 1.23+](https://go.dev/doc/install)
+- [Go 1.24+](https://go.dev/doc/install)
 - [Docker](https://www.docker.com/)
 
 ## Building
diff --git a/www/docs/install.md b/www/docs/install.md
index 604c82cdc20..ebb4871feec 100644
--- a/www/docs/install.md
+++ b/www/docs/install.md
@@ -258,7 +258,7 @@ apk add --allow-untrusted goreleaser*.apk
     go install github.com/goreleaser/goreleaser/v2@latest
     ```
 
-    Requires Go 1.23.
+    Requires Go 1.24.
 
 === "Pro"
 

From 9e692c421d8a8b706262342a14c8813a2b76d49d Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Mon, 17 Feb 2025 15:44:24 -0300
Subject: [PATCH 029/119] fix: build with go 1.24

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 .golangci.yaml | 2 +-
 dagger/go.mod  | 2 +-
 go.mod         | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.golangci.yaml b/.golangci.yaml
index 7a0fc532b49..86e7547351f 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -1,5 +1,5 @@
 run:
-  go: "1.23"
+  go: "1.24"
   timeout: 5m
 linters:
   enable:
diff --git a/dagger/go.mod b/dagger/go.mod
index 6a1f59303bf..0c26e894dd7 100644
--- a/dagger/go.mod
+++ b/dagger/go.mod
@@ -1,6 +1,6 @@
 module github.com/goreleaser/goreleaser/v2/dagger
 
-go 1.23
+go 1.24
 
 require (
 	github.com/99designs/gqlgen v0.17.57
diff --git a/go.mod b/go.mod
index c75e5c074c6..4331340985e 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/goreleaser/goreleaser/v2
 
-go 1.23.4
+go 1.24
 
 require (
 	code.gitea.io/sdk/gitea v0.20.0

From ec68017f4dc8eaf613296e9b8accded180faae6e Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Mon, 17 Feb 2025 15:53:17 -0300
Subject: [PATCH 030/119] ci: fix dagger build

---
 dagger/go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dagger/go.mod b/dagger/go.mod
index 0c26e894dd7..6a1f59303bf 100644
--- a/dagger/go.mod
+++ b/dagger/go.mod
@@ -1,6 +1,6 @@
 module github.com/goreleaser/goreleaser/v2/dagger
 
-go 1.24
+go 1.23
 
 require (
 	github.com/99designs/gqlgen v0.17.57

From 0199c50c9c8243cf63e887f43c3bf8ecff7659de Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Mon, 17 Feb 2025 15:55:08 -0300
Subject: [PATCH 031/119] ci: fix lint

---
 .github/workflows/lint.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 216bc359763..d700ddfa7ed 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -21,9 +21,8 @@ jobs:
       - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v4
         with:
           go-version: stable
-          cache: false
       - name: golangci-lint
         uses: golangci/golangci-lint-action@051d91933864810ecd5e2ea2cfd98f6a5bca5347 # v6.3.2
         with:
           args: --timeout=5m
-          version: v1.62
+          version: v1.64

From abdb8a772d74554e4b86ec98138fb606346d9dba Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Feb 2025 19:13:12 +0000
Subject: [PATCH 032/119] chore(deps): bump golangci/golangci-lint-action from
 6.3.2 to 6.5.0 (#5562)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action)
from 6.3.2 to 6.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/golangci/golangci-lint-action/releases">golangci/golangci-lint-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.5.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<h3>Changes</h3>
<ul>
<li>feat: verify with the JSONSchema by default by <a
href="https://github.com/ldez"><code>@​ldez</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1171">golangci/golangci-lint-action#1171</a></li>
</ul>
<h3>Dependencies</h3>
<ul>
<li>build(deps): bump <code>@​octokit/request-error</code> from 5.1.0 to
5.1.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1169">golangci/golangci-lint-action#1169</a></li>
<li>build(deps): bump <code>@​octokit/endpoint</code> from 9.0.5 to
9.0.6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1170">golangci/golangci-lint-action#1170</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/golangci/golangci-lint-action/compare/v6.4.1...v6.5.0">https://github.com/golangci/golangci-lint-action/compare/v6.4.1...v6.5.0</a></p>
<h2>v6.4.1</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<h3>Changes</h3>
<ul>
<li>fix: use config arg for verify by <a
href="https://github.com/ldez"><code>@​ldez</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1168">golangci/golangci-lint-action#1168</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/golangci/golangci-lint-action/compare/v6.4.0...v6.4.1">https://github.com/golangci/golangci-lint-action/compare/v6.4.0...v6.4.1</a></p>
<h2>v6.4.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<h3>Changes</h3>
<ul>
<li>chore: extract patch related code by <a
href="https://github.com/ldez"><code>@​ldez</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1166">golangci/golangci-lint-action#1166</a></li>
<li>feat: add an option to verify with the JSONSchema by <a
href="https://github.com/ldez"><code>@​ldez</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1167">golangci/golangci-lint-action#1167</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/golangci/golangci-lint-action/compare/v6.3.3...v6.4.0">https://github.com/golangci/golangci-lint-action/compare/v6.3.3...v6.4.0</a></p>
<h2>v6.3.3</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<h3>Changes</h3>
<ul>
<li>fix: go.mod parsing by <a
href="https://github.com/ldez"><code>@​ldez</code></a> in <a
href="https://redirect.github.com/golangci/golangci-lint-action/pull/1165">golangci/golangci-lint-action#1165</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/golangci/golangci-lint-action/compare/v6.3.2...v6.3.3">https://github.com/golangci/golangci-lint-action/compare/v6.3.2...v6.3.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/2226d7cb06a077cd73e56eedd38eecad18e5d837"><code>2226d7c</code></a>
6.5.0</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/8d744d5b7f56a6baec6cc8b5f32947e1f52d05fc"><code>8d744d5</code></a>
feat: verify with the JSONSchema by default (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1171">#1171</a>)</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/0e58f8e7ab750dc8bf4ac7eeb8a6993a2aaeef8c"><code>0e58f8e</code></a>
build(deps): bump <code>@​octokit/endpoint</code> from 9.0.5 to 9.0.6
(<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1170">#1170</a>)</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/6a3fb764d508e4ba6bec7000b7c7a827384ec250"><code>6a3fb76</code></a>
build(deps): bump <code>@​octokit/request-error</code> from 5.1.0 to
5.1.1 (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1169">#1169</a>)</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/696fa5c0e74367806ce8ce43eb0f19a8a0d3e91a"><code>696fa5c</code></a>
chore: clean workflows</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/80284ede25727d22b2f0d91af5f6fab0edb570bd"><code>80284ed</code></a>
chore: use ubuntu-22.04-arm</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/818ec4d51a1feacefc42ff1b3ec25d4962690f39"><code>818ec4d</code></a>
6.4.1</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/1c50240be21009d0894c6d1a4daf27fc74c19fca"><code>1c50240</code></a>
fix: use config arg for verify (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1168">#1168</a>)</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/0adbc47a5910e47adb692df88187ec8c73c76778"><code>0adbc47</code></a>
6.4.0</li>
<li><a
href="https://github.com/golangci/golangci-lint-action/commit/f7463c56f6527097c8fff14480d3a4fa81ccdb81"><code>f7463c5</code></a>
feat: add an option to verify with the JSONSchema (<a
href="https://redirect.github.com/golangci/golangci-lint-action/issues/1167">#1167</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/golangci/golangci-lint-action/compare/051d91933864810ecd5e2ea2cfd98f6a5bca5347...2226d7cb06a077cd73e56eedd38eecad18e5d837">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golangci/golangci-lint-action&package-manager=github_actions&previous-version=6.3.2&new-version=6.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/lint.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index d700ddfa7ed..955e282ce2a 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -22,7 +22,7 @@ jobs:
         with:
           go-version: stable
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@051d91933864810ecd5e2ea2cfd98f6a5bca5347 # v6.3.2
+        uses: golangci/golangci-lint-action@2226d7cb06a077cd73e56eedd38eecad18e5d837 # v6.5.0
         with:
           args: --timeout=5m
           version: v1.64

From 33237191427ec102998410e72fc750c82deb78e2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Feb 2025 20:59:57 +0000
Subject: [PATCH 033/119] chore(deps): bump dagger/dagger-for-github from 7.0.5
 to 7.0.6 (#5561)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[dagger/dagger-for-github](https://github.com/dagger/dagger-for-github)
from 7.0.5 to 7.0.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dagger/dagger-for-github/releases">dagger/dagger-for-github's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.6</h2>
<h2>What's Changed</h2>
<ul>
<li>chore: bump default dagger version to v0.15.4 by <a
href="https://github.com/jedevc"><code>@​jedevc</code></a> in <a
href="https://redirect.github.com/dagger/dagger-for-github/pull/173">dagger/dagger-for-github#173</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dagger/dagger-for-github/compare/v7...v7.0.6">https://github.com/dagger/dagger-for-github/compare/v7...v7.0.6</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dagger/dagger-for-github/commit/b81317a976cb7f7125469707321849737cd1b3bc"><code>b81317a</code></a>
chore: bump default dagger version to v0.15.4</li>
<li>See full diff in <a
href="https://github.com/dagger/dagger-for-github/compare/v7.0.5...v7.0.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dagger/dagger-for-github&package-manager=github_actions&previous-version=7.0.5&new-version=7.0.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/codeql.yml       | 2 +-
 .github/workflows/dagger-build.yml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 6c5dc11ab31..dbd2581de61 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -17,7 +17,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-      - uses: dagger/dagger-for-github@v7.0.5
+      - uses: dagger/dagger-for-github@v7.0.6
         with:
           verb: develop
           args: "-q"
diff --git a/.github/workflows/dagger-build.yml b/.github/workflows/dagger-build.yml
index ca4cff579b5..f5e341f161e 100644
--- a/.github/workflows/dagger-build.yml
+++ b/.github/workflows/dagger-build.yml
@@ -22,10 +22,10 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           fetch-depth: 0
-      - uses: dagger/dagger-for-github@v7.0.5
+      - uses: dagger/dagger-for-github@v7.0.6
         with:
           args: build -o ./goreleaser
           engine-stop: false
-      - uses: dagger/dagger-for-github@v7.0.5
+      - uses: dagger/dagger-for-github@v7.0.6
         with:
           args: test coverage-report -o ./coverage.txt

From 0a569f252a7b724c91b9652f0a92e325a21cc56c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Feb 2025 21:02:20 +0000
Subject: [PATCH 034/119] chore(deps): bump github.com/spf13/cobra from 1.8.1
 to 1.9.1 (#5559)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from
1.8.1 to 1.9.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/spf13/cobra/releases">github.com/spf13/cobra's
releases</a>.</em></p>
<blockquote>
<h2>v1.9.1</h2>
<h3>🐛 Fixes</h3>
<ul>
<li>Fix CompletionFunc implementation by <a
href="https://github.com/ccoVeille"><code>@​ccoVeille</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2234">spf13/cobra#2234</a></li>
<li>Revert &quot;Make detection for test-binary more universal (<a
href="https://redirect.github.com/spf13/cobra/issues/2173">#2173</a>)&quot;
by <a
href="https://github.com/marckhouzam"><code>@​marckhouzam</code></a> in
<a
href="https://redirect.github.com/spf13/cobra/pull/2235">spf13/cobra#2235</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/spf13/cobra/compare/v1.9.0...v1.9.1">https://github.com/spf13/cobra/compare/v1.9.0...v1.9.1</a></p>
<h2>v1.9.0</h2>
<h2>✨ Features</h2>
<ul>
<li>Allow linker to perform deadcode elimination for program using Cobra
by <a href="https://github.com/aarzilli"><code>@​aarzilli</code></a> in
<a
href="https://redirect.github.com/spf13/cobra/pull/1956">spf13/cobra#1956</a></li>
<li>Add default completion command even if there are no other
sub-commands by <a
href="https://github.com/marckhouzam"><code>@​marckhouzam</code></a> in
<a
href="https://redirect.github.com/spf13/cobra/pull/1559">spf13/cobra#1559</a></li>
<li>Add CompletionWithDesc helper by <a
href="https://github.com/ccoVeille"><code>@​ccoVeille</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2231">spf13/cobra#2231</a></li>
</ul>
<h2>🐛 Fixes</h2>
<ul>
<li>Fix deprecation comment for Command.SetOutput by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2172">spf13/cobra#2172</a></li>
<li>Replace deprecated ioutil usage by <a
href="https://github.com/nirs"><code>@​nirs</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2181">spf13/cobra#2181</a></li>
<li>Fix --version help and output for plugins by <a
href="https://github.com/nirs"><code>@​nirs</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2180">spf13/cobra#2180</a></li>
<li>Allow to reset the templates to the default by <a
href="https://github.com/marckhouzam"><code>@​marckhouzam</code></a> in
<a
href="https://redirect.github.com/spf13/cobra/pull/2229">spf13/cobra#2229</a></li>
</ul>
<h2>🤖 Completions</h2>
<ul>
<li>Make Powershell completion work in constrained mode by <a
href="https://github.com/lstemplinger"><code>@​lstemplinger</code></a>
in <a
href="https://redirect.github.com/spf13/cobra/pull/2196">spf13/cobra#2196</a></li>
<li>Improve detection for flags that accept multiple values by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2210">spf13/cobra#2210</a></li>
<li>add CompletionFunc type to help with completions by <a
href="https://github.com/ccoVeille"><code>@​ccoVeille</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2220">spf13/cobra#2220</a></li>
<li>Add similar whitespace escape logic to bash v2 completions than in
other completions by <a
href="https://github.com/kangasta"><code>@​kangasta</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/1743">spf13/cobra#1743</a></li>
<li>Print ActiveHelp for bash along other completions by <a
href="https://github.com/marckhouzam"><code>@​marckhouzam</code></a> in
<a
href="https://redirect.github.com/spf13/cobra/pull/2076">spf13/cobra#2076</a></li>
<li>fix(completions): Complete map flags multiple times by <a
href="https://github.com/gabe565"><code>@​gabe565</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2174">spf13/cobra#2174</a></li>
<li>fix(bash): nounset unbound file filter variable on empty extension
by <a href="https://github.com/scop"><code>@​scop</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2228">spf13/cobra#2228</a></li>
</ul>
<h2>🧪 Testing</h2>
<ul>
<li>Test also with go 1.23 by <a
href="https://github.com/nirs"><code>@​nirs</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2182">spf13/cobra#2182</a></li>
<li>Make detection for test-binary more universal by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2173">spf13/cobra#2173</a></li>
</ul>
<h2>✍🏼 Documentation</h2>
<ul>
<li>docs: update README.md by <a
href="https://github.com/eltociear"><code>@​eltociear</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2197">spf13/cobra#2197</a></li>
<li>Improve site formatting by <a
href="https://github.com/nirs"><code>@​nirs</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2183">spf13/cobra#2183</a></li>
<li>doc: add Conduit by <a
href="https://github.com/raulb"><code>@​raulb</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2230">spf13/cobra#2230</a></li>
<li>doc: azion project added to the list of CLIs that use cobra by <a
href="https://github.com/maxwelbm"><code>@​maxwelbm</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2198">spf13/cobra#2198</a></li>
<li>Fix broken links in active_help.md by <a
href="https://github.com/vuil"><code>@​vuil</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2202">spf13/cobra#2202</a></li>
<li>chore: fix function name in comment by <a
href="https://github.com/zhuhaicity"><code>@​zhuhaicity</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2216">spf13/cobra#2216</a></li>
</ul>
<h2>🔧 Dependency upgrades</h2>
<ul>
<li>build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.5 to
2.0.6 by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/spf13/cobra/pull/2206">spf13/cobra#2206</a></li>
<li>Update to latest go-md2man by <a
href="https://github.com/mikelolasagasti"><code>@​mikelolasagasti</code></a>
in <a
href="https://redirect.github.com/spf13/cobra/pull/2201">spf13/cobra#2201</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/spf13/cobra/commit/40b5bc1437a564fc795d388b23835e84f54cd1d1"><code>40b5bc1</code></a>
Revert &quot;Make detection for test-binary more universal (<a
href="https://redirect.github.com/spf13/cobra/issues/2173">#2173</a>)&quot;
(<a
href="https://redirect.github.com/spf13/cobra/issues/2235">#2235</a>)</li>
<li><a
href="https://github.com/spf13/cobra/commit/a97f9fd47b290016526c8af2dac0531fea5cd773"><code>a97f9fd</code></a>
fix CompletionFunc implementation (<a
href="https://redirect.github.com/spf13/cobra/issues/2234">#2234</a>)</li>
<li><a
href="https://github.com/spf13/cobra/commit/5f9c40898e795a9fb0fd5ca83b6e05c3720523d1"><code>5f9c408</code></a>
chore: Upgrade dependencies for v1.9.0 (<a
href="https://redirect.github.com/spf13/cobra/issues/2233">#2233</a>)</li>
<li><a
href="https://github.com/spf13/cobra/commit/24ada7fe71e3a3a8741dd52e0a7fc3b97450535a"><code>24ada7f</code></a>
Remove the default &quot;completion&quot; cmd if it is alone (<a
href="https://redirect.github.com/spf13/cobra/issues/1559">#1559</a>)</li>
<li><a
href="https://github.com/spf13/cobra/commit/680936a2200be363c61feda8cd29287f0726a48c"><code>680936a</code></a>
New logo</li>
<li><a
href="https://github.com/spf13/cobra/commit/8cb30f9ca53a004a6fe88c5cfcc79ac7b24fc638"><code>8cb30f9</code></a>
feat: add CompletionWithDesc helper (<a
href="https://redirect.github.com/spf13/cobra/issues/2231">#2231</a>)</li>
<li><a
href="https://github.com/spf13/cobra/commit/17b6dca2ffaf6113cbd1cf433ec988fa7d63c6f3"><code>17b6dca</code></a>
doc: add Conduit (<a
href="https://redirect.github.com/spf13/cobra/issues/2230">#2230</a>)</li>
<li><a
href="https://github.com/spf13/cobra/commit/ab5cadcc1bbe224b329726fc5f8b99d6f93e9805"><code>ab5cadc</code></a>
Allow to reset the templates to the default (<a
href="https://redirect.github.com/spf13/cobra/issues/2229">#2229</a>)</li>
<li><a
href="https://github.com/spf13/cobra/commit/4ba5566f5704a9c0d205e1ef3efc4896156d33fa"><code>4ba5566</code></a>
fix(bash): nounset unbound file filter variable on empty extension (<a
href="https://redirect.github.com/spf13/cobra/issues/2228">#2228</a>)</li>
<li><a
href="https://github.com/spf13/cobra/commit/41b26ec8bb59dfba580f722201bf371c4f5703dd"><code>41b26ec</code></a>
Print ActiveHelp for bash along other completions (<a
href="https://redirect.github.com/spf13/cobra/issues/2076">#2076</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/spf13/cobra/compare/v1.8.1...v1.9.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/spf13/cobra&package-manager=go_modules&previous-version=1.8.1&new-version=1.9.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 9 ++++-----
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/go.mod b/go.mod
index 4331340985e..8f882b684e1 100644
--- a/go.mod
+++ b/go.mod
@@ -41,7 +41,7 @@ require (
 	github.com/muesli/termenv v0.15.2
 	github.com/ory/dockertest/v3 v3.11.0
 	github.com/slack-go/slack v0.16.0
-	github.com/spf13/cobra v1.8.1
+	github.com/spf13/cobra v1.9.1
 	github.com/stretchr/testify v1.10.0
 	github.com/ulikunitz/xz v0.5.12
 	gitlab.com/gitlab-org/api/client-go v0.122.0
@@ -307,7 +307,7 @@ require (
 	github.com/spaolacci/murmur3 v1.1.0 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/cast v1.7.0 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/spf13/pflag v1.0.6 // indirect
 	github.com/spf13/viper v1.19.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/theupdateframework/go-tuf v0.7.0 // indirect
diff --git a/go.sum b/go.sum
index 50b2c0a2463..c567f303de3 100644
--- a/go.sum
+++ b/go.sum
@@ -256,7 +256,6 @@ github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3
 github.com/containerd/stargz-snapshotter/estargz v0.16.3 h1:7evrXtoh1mSbGj/pfRccTampEyKpjpOnS3CyiV1Ebr8=
 github.com/containerd/stargz-snapshotter/estargz v0.16.3/go.mod h1:uyr4BfYfOj3G9WBVE8cOlQmXAbPN9VEQpBBeJIuOipU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/cpuguy83/go-md2man/v2 v2.0.6 h1:XJtiaUW6dEEqVuZiMTn1ldk455QWwEIsMIJlo5vtkx0=
 github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
@@ -767,10 +766,10 @@ github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
 github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
 github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w=
 github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
-github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
-github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
+github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
+github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
+github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI=
 github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=

From 3bc2ddf71c7ce116711fe1add9ddb30621f23598 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Feb 2025 21:03:57 +0000
Subject: [PATCH 035/119] chore(deps): bump gitlab.com/gitlab-org/api/client-go
 from 0.122.0 to 0.123.0 (#5560)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[gitlab.com/gitlab-org/api/client-go](https://gitlab.com/gitlab-org/api/client-go)
from 0.122.0 to 0.123.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://gitlab.com/gitlab-org/api/client-go/tags">gitlab.com/gitlab-org/api/client-go's
releases</a>.</em></p>
<blockquote>
<h2>v0.123.0</h2>
<h2>0.123.0 (2025-02-14)</h2>
<h3>Improvements (2 changes)</h3>
<ul>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/-/commit/4365270e5291ff9b780d95a8e8564be1e0074d2e">Update
go test matrix to include v1.24</a> by <a
href="https://github.com/gitlab-dependency-update-bot"><code>@​gitlab-dependency-update-bot</code></a>
(<a
href="https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2145">merge
request</a>)</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/-/commit/4431cd05b4e1a7e07ff4a3658d6f5582f68f186c">Add
<code>service_desk_reply_to</code> field support to Issues</a> by <a
href="https://github.com/ebuildy"><code>@​ebuildy</code></a> (<a
href="https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2147">merge
request</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/commit/410a46abd44bb44da6cc4d56447c6ffd5610ac07"><code>410a46a</code></a>
Merge branch 'pguinoiseau/group-service-account-rotate-expires-at' into
'main'</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/commit/94295605f20acf8e706369ab164d14002ad31263"><code>9429560</code></a>
Add support for expires_at attribute in
GroupsService.RotateServiceAccountPer...</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/commit/8f066ed158c28e68466c3982efa47b3b1d5be60a"><code>8f066ed</code></a>
Merge branch 'renovate/golangci-golangci-lint-1.x' into 'main'</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/commit/5d94f1ad5804e58c3d803a9d41ee379c6fc29739"><code>5d94f1a</code></a>
Update golangci/golangci-lint Docker tag to v1.64.5</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/commit/9ce8bfc433132a230bffb9bae08797a4ba5002b3"><code>9ce8bfc</code></a>
Merge branch 'renovate/go-1.x' into 'main'</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/commit/4365270e5291ff9b780d95a8e8564be1e0074d2e"><code>4365270</code></a>
Update go test matrix to include v1.24</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/commit/f85e69ef4b166b8afa5b5932bf9056756ab5f13f"><code>f85e69e</code></a>
Merge branch 'add-member-role-id-to-group-share' into 'main'</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/commit/1af12fa6a8df505ebd260f4b9fac67ec5580c503"><code>1af12fa</code></a>
Add member_role_id to group share</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/commit/b5ce1ce1987072ddcc25417c0570785ee4424745"><code>b5ce1ce</code></a>
Merge branch 'renovate/golangci-golangci-lint-1.x' into 'main'</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/commit/cd7ca2913aad3f95c861585e373edf61b955539e"><code>cd7ca29</code></a>
Update golangci/golangci-lint Docker tag to v1.64.4</li>
<li>Additional commits viewable in <a
href="https://gitlab.com/gitlab-org/api/client-go/compare/v0.122.0...v0.123.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gitlab.com/gitlab-org/api/client-go&package-manager=go_modules&previous-version=0.122.0&new-version=0.123.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 8f882b684e1..9c946a6d7b4 100644
--- a/go.mod
+++ b/go.mod
@@ -44,7 +44,7 @@ require (
 	github.com/spf13/cobra v1.9.1
 	github.com/stretchr/testify v1.10.0
 	github.com/ulikunitz/xz v0.5.12
-	gitlab.com/gitlab-org/api/client-go v0.122.0
+	gitlab.com/gitlab-org/api/client-go v0.123.0
 	gocloud.dev v0.40.0
 	golang.org/x/crypto v0.33.0
 	golang.org/x/oauth2 v0.26.0
diff --git a/go.sum b/go.sum
index c567f303de3..b521e904fb2 100644
--- a/go.sum
+++ b/go.sum
@@ -829,8 +829,8 @@ github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 gitlab.com/digitalxero/go-conventional-commit v1.0.7 h1:8/dO6WWG+98PMhlZowt/YjuiKhqhGlOCwlIV8SqqGh8=
 gitlab.com/digitalxero/go-conventional-commit v1.0.7/go.mod h1:05Xc2BFsSyC5tKhK0y+P3bs0AwUtNuTp+mTpbCU/DZ0=
-gitlab.com/gitlab-org/api/client-go v0.122.0 h1:Nog85APtgquS+HHkMkP4DiZ6lXlUZYhQKqguS4OJYNM=
-gitlab.com/gitlab-org/api/client-go v0.122.0/go.mod h1:Jh0qjLILEdbO6z/OY94RD+3NDQRUKiuFSFYozN6cpKM=
+gitlab.com/gitlab-org/api/client-go v0.123.0 h1:W3LZ5QNyiSCJA0Zchkwz8nQIUzOuDoSWMZtRDT5DjPI=
+gitlab.com/gitlab-org/api/client-go v0.123.0/go.mod h1:Jh0qjLILEdbO6z/OY94RD+3NDQRUKiuFSFYozN6cpKM=
 go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80=
 go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=

From 10356d12fbe8d0e14f63cf0a6e6c5bc0a5d9efd1 Mon Sep 17 00:00:00 2001
From: Tim Schwenke <tim@trallnag.com>
Date: Mon, 17 Feb 2025 23:14:22 +0100
Subject: [PATCH 036/119] docs: Replace deprecated key kos.repository (#5557)

The key `kos.repository` has been deprecated in 2.5.

<https://goreleaser.com/deprecations/#kosrepository>

Replaced by `kos.repositories`, which is a list of strings instead of a
string.

 But it is still mentioned in this document as a valid example.

<https://goreleaser.com/customization/ko/>
---
 www/docs/customization/ko.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/docs/customization/ko.md b/www/docs/customization/ko.md
index ef542cd604f..3b747543016 100644
--- a/www/docs/customization/ko.md
+++ b/www/docs/customization/ko.md
@@ -163,7 +163,7 @@ builds:
       - arm64
 
 kos:
-  - repository: ghcr.io/caarlos0/test-ko
+  - repositories: [ghcr.io/caarlos0/test-ko]
     tags:
       - "{{.Version}}"
       - latest

From 1eff2149d998ef260a62acc21287137fcbf712e4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Feb 2025 22:32:51 +0000
Subject: [PATCH 037/119] chore(deps): bump
 github.com/awslabs/amazon-ecr-credential-helper/ecr-login from
 0.0.0-20240514230400-03fa26f5508f to 0.9.1 (#5554)

Bumps
[github.com/awslabs/amazon-ecr-credential-helper/ecr-login](https://github.com/awslabs/amazon-ecr-credential-helper)
from 0.0.0-20240514230400-03fa26f5508f to 0.9.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/awslabs/amazon-ecr-credential-helper/releases">github.com/awslabs/amazon-ecr-credential-helper/ecr-login's
releases</a>.</em></p>
<blockquote>
<h2>Amazon ECR Credential Helper - Release v0.9.1</h2>
<ul>
<li>Drop golang 1.21 support.</li>
<li>Upgrade dependencies.</li>
</ul>
<h2>Assets</h2>
<ul>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.1/release.tar.gz">release.tar.gz</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.1/release.tar.gz.sha256">SHA256</a>)</li>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.1/release-novendor.tar.gz">release-novendor.tar.gz</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.1/release-novendor.tar.gz.sha256">SHA256</a>)</li>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.1/linux-amd64/docker-credential-ecr-login">linux-amd64/docker-credential-ecr-login</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.1/linux-amd64/docker-credential-ecr-login.sha256">SHA256</a>)</li>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.1/linux-arm64/docker-credential-ecr-login">linux-arm64/docker-credential-ecr-login</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.1/linux-arm64/docker-credential-ecr-login.sha256">SHA256</a>)</li>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.1/darwin-amd64/docker-credential-ecr-login">darwin-amd64/docker-credential-ecr-login</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.1/darwin-amd64/docker-credential-ecr-login.sha256">SHA256</a>)</li>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.1/darwin-arm64/docker-credential-ecr-login">darwin-arm64/docker-credential-ecr-login</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.1/darwin-arm64/docker-credential-ecr-login.sha256">SHA256</a>)</li>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.1/windows-amd64/docker-credential-ecr-login.exe">windows-amd64/docker-credential-ecr-login.exe</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.1/windows-amd64/docker-credential-ecr-login.exe.sha256">SHA256</a>)</li>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.1/windows-arm64/docker-credential-ecr-login.exe">windows-arm64/docker-credential-ecr-login.exe</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.1/windows-arm64/docker-credential-ecr-login.exe.sha256">SHA256</a>)</li>
</ul>
<h2>Amazon ECR Credential Helper - Release v0.9.0</h2>
<ul>
<li>Enhancement - Added support for environment variable
<code>AWS_ECR_IGNORE_CREDS_STORAGE=true</code> to ignore ADD and DELETE
requests. This makes tools that try to <code>docker login</code> work
with registries managed the amazon-ecr-credential-helper. (<a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/issues/102">#102</a>
and <a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/pull/847">#847</a>)</li>
<li>Enhancement - Updated ECR pattern for new isolated regions. (<a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/pull/850">#850</a>)</li>
<li>Upgraded dependencies.</li>
</ul>
<h2>Assets</h2>
<ul>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.0/release.tar.gz">release.tar.gz</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.0/release.tar.gz.sha256">SHA256</a>)</li>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.0/release-novendor.tar.gz">release-novendor.tar.gz</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.0/release-novendor.tar.gz.sha256">SHA256</a>)</li>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.0/linux-amd64/docker-credential-ecr-login">linux-amd64/docker-credential-ecr-login</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.0/linux-amd64/docker-credential-ecr-login.sha256">SHA256</a>)</li>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.0/linux-arm64/docker-credential-ecr-login">linux-arm64/docker-credential-ecr-login</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.0/linux-arm64/docker-credential-ecr-login.sha256">SHA256</a>)</li>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.0/darwin-amd64/docker-credential-ecr-login">darwin-amd64/docker-credential-ecr-login</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.0/darwin-amd64/docker-credential-ecr-login.sha256">SHA256</a>)</li>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.0/darwin-arm64/docker-credential-ecr-login">darwin-arm64/docker-credential-ecr-login</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.0/darwin-arm64/docker-credential-ecr-login.sha256">SHA256</a>)</li>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.0/windows-amd64/docker-credential-ecr-login.exe">windows-amd64/docker-credential-ecr-login.exe</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.0/windows-amd64/docker-credential-ecr-login.exe.sha256">SHA256</a>)</li>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.0/windows-arm64/docker-credential-ecr-login.exe">windows-arm64/docker-credential-ecr-login.exe</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.9.0/windows-arm64/docker-credential-ecr-login.exe.sha256">SHA256</a>)</li>
</ul>
<h2>Amazon ECR Credential Helper - Release v0.8.0</h2>
<ul>
<li>Enhancement - Updated ECR pattern to match C2S environments. (<a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/issues/433">#433</a>)</li>
<li>Feature (Experimental) - Added support for building Windows ARM
credential helper binaries. (<a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/issues/795">#795</a>)</li>
</ul>
<h2>Assets</h2>
<ul>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.8.0/release.tar.gz">release.tar.gz</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.8.0/release.tar.gz.sha256">SHA256</a>)</li>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.8.0/release-novendor.tar.gz">release-novendor.tar.gz</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.8.0/release-novendor.tar.gz.sha256">SHA256</a>)</li>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.8.0/linux-amd64/docker-credential-ecr-login">linux-amd64/docker-credential-ecr-login</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.8.0/linux-amd64/docker-credential-ecr-login.sha256">SHA256</a>)</li>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.8.0/linux-arm64/docker-credential-ecr-login">linux-arm64/docker-credential-ecr-login</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.8.0/linux-arm64/docker-credential-ecr-login.sha256">SHA256</a>)</li>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.8.0/darwin-amd64/docker-credential-ecr-login">darwin-amd64/docker-credential-ecr-login</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.8.0/darwin-amd64/docker-credential-ecr-login.sha256">SHA256</a>)</li>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.8.0/darwin-arm64/docker-credential-ecr-login">darwin-arm64/docker-credential-ecr-login</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.8.0/darwin-arm64/docker-credential-ecr-login.sha256">SHA256</a>)</li>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.8.0/windows-amd64/docker-credential-ecr-login.exe">windows-amd64/docker-credential-ecr-login.exe</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.8.0/windows-amd64/docker-credential-ecr-login.exe.sha256">SHA256</a>)</li>
<li><a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.8.0/windows-arm64/docker-credential-ecr-login.exe">windows-arm64/docker-credential-ecr-login.exe</a>
(<a
href="https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.8.0/windows-arm64/docker-credential-ecr-login.exe.sha256">SHA256</a>)</li>
</ul>
<h2>Amazon ECR Credential Helper - Release v0.7.1</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/awslabs/amazon-ecr-credential-helper/blob/main/CHANGELOG.md">github.com/awslabs/amazon-ecr-credential-helper/ecr-login's
changelog</a>.</em></p>
<blockquote>
<h1>0.9.1</h1>
<ul>
<li>Drop golang 1.21 support.</li>
<li>Upgrade dependencies.</li>
</ul>
<h1>0.9.0</h1>
<ul>
<li>Enhancement - Added support for environment variable
<code>AWS_ECR_IGNORE_CREDS_STORAGE=true</code> to ignore ADD and DELETE
requests. This makes tools that try to <code>docker login</code> work
with registries managed the amazon-ecr-credential-helper. (<a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/issues/102">#102</a>
and <a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/pull/847">#847</a>)</li>
<li>Enhancement - Updated ECR pattern for new isolated regions. (<a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/pull/850">#850</a>)</li>
<li>Upgraded dependencies.</li>
</ul>
<h1>0.8.0</h1>
<ul>
<li>Enhancement - Updated ECR pattern to match C2S environments. (<a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/issues/433">#433</a>)</li>
<li>Feature (Experimental) - Added support for building Windows ARM
credential helper binaries. (<a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/issues/795">#795</a>)</li>
</ul>
<h1>0.7.1</h1>
<p><strong>Note: v0.7.1 is functionally equivalent to v0.7.0. We have
decided to create a duplicate release to reflect a more accurate
changelog, since our v0.7.0 release did not contain
any direct/indirect security patches.</strong></p>
<ul>
<li>Feature - Allow callers to set log output. (<a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/pull/309">#309</a>
and <a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/pull/312">#312</a>)</li>
<li>Upgrade dependencies for bug fixes.</li>
</ul>
<h1>0.7.0</h1>
<ul>
<li>Feature - Allow callers to set log output. (<a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/pull/309">#309</a>
and <a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/pull/312">#312</a>)</li>
<li>Upgrade dependencies for bug fixes and security patches.</li>
</ul>
<h1>0.6.0</h1>
<ul>
<li>Feature - Added support for <a
href="https://aws.amazon.com/single-sign-on/">AWS SSO</a> (<a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/issues/229">#229</a>)</li>
<li>Feature - Added support to assume roles via EC2 instance metadata.
(<a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/issues/282">#282</a>)</li>
<li>Feature - Added support for <a
href="https://go.dev/doc/go1.16#darwin">Apple Silicon</a> (<a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/pull/291">#291</a>)</li>
<li>Enhancement - The AWS shared config file
(<code>~/.aws/config</code>) is now always enabled.
(<code>AWS_SDK_LOAD_CONFIG</code> environment variable is no longer
supported) (<a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/issues/282">#282</a>)</li>
</ul>
<h1>0.5.0</h1>
<ul>
<li>Feature - Added support for <a href="https://gallery.ecr.aws">ECR
Public</a> (<a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/pull/253">#253</a>)</li>
<li>Feature - Added support for <a
href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html">EC2
IMDSv2</a> (<a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/pull/240">#240</a>)</li>
<li>Enhancement - The AWS shared config file
(<code>~/.aws/config</code>) is now enabled by default. This can be
disabled by setting the environment variable
<code>AWS_SDK_LOAD_CONFIG</code> to <code>false</code> (<a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/pull/201">#201</a>)</li>
<li>Bug - Fixed an issue where output from a
<code>credential_process</code> was sometimes too big for the default
buffer (<a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/pull/240">#240</a>)</li>
</ul>
<h1>0.4.0</h1>
<ul>
<li>Feature - Added support for chaining assumed roles in the shared
config file (<code>~/.aws/config</code>) defined by
<code>source_profile</code> and <code>credential_source</code> (<a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/pull/177">#177</a>)</li>
<li>Feature - Added support for Web Identities and <a
href="https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html">IAM
Roles for Service Accounts (IRSA)</a> with Kubernetes (<a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/pull/183">#183</a>)</li>
<li>Bug - Fixed the <code>make docker</code> target when the credential
helper git repository is used as a git submodule (<a
href="https://redirect.github.com/awslabs/amazon-ecr-credential-helper/issues/184">#184</a>)</li>
</ul>
<h1>0.3.1</h1>
<ul>
<li>Bug - Log directory is now automatically created when the helper
runs</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/awslabs/amazon-ecr-credential-helper/commits/v0.9.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/awslabs/amazon-ecr-credential-helper/ecr-login&package-manager=go_modules&previous-version=0.0.0-20240514230400-03fa26f5508f&new-version=0.9.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 32 ++++++++++++++---------------
 go.sum | 64 +++++++++++++++++++++++++++++-----------------------------
 2 files changed, 48 insertions(+), 48 deletions(-)

diff --git a/go.mod b/go.mod
index 9c946a6d7b4..911f5cfa031 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/agnivade/levenshtein v1.2.1
 	github.com/anchore/quill v0.5.1
 	github.com/atc0005/go-teams-notify/v2 v2.13.0
-	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20240514230400-03fa26f5508f
+	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.9.1
 	github.com/bluesky-social/indigo v0.0.0-20240813042137-4006c0eca043
 	github.com/caarlos0/ctrlc v1.2.0
 	github.com/caarlos0/env/v11 v11.3.1
@@ -124,28 +124,28 @@ require (
 	github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aws/aws-sdk-go v1.55.6
-	github.com/aws/aws-sdk-go-v2 v1.30.5 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.36.1 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.27.33 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.32 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.13 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.29.6 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.59 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.28 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.10 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.17 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.17 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.32 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.32 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.15 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.28.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.23.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.40.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.31.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.17 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.19 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.13 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.15 // indirect
 	github.com/aws/aws-sdk-go-v2/service/kms v1.35.7 // indirect
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.58.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.22.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.30.7 // indirect
-	github.com/aws/smithy-go v1.20.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.24.15 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.14 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.33.14 // indirect
+	github.com/aws/smithy-go v1.22.2 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/bahlo/generic-list-go v0.2.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
diff --git a/go.sum b/go.sum
index b521e904fb2..28089067055 100644
--- a/go.sum
+++ b/go.sum
@@ -137,52 +137,52 @@ github.com/atc0005/go-teams-notify/v2 v2.13.0 h1:nbDeHy89NjYlF/PEfLVF6lsserY9O5S
 github.com/atc0005/go-teams-notify/v2 v2.13.0/go.mod h1:WSv9moolRsBcpZbwEf6gZxj7h0uJlJskJq5zkEWKO8Y=
 github.com/aws/aws-sdk-go v1.55.6 h1:cSg4pvZ3m8dgYcgqB97MrcdjUmZ1BeMYKUxMMB89IPk=
 github.com/aws/aws-sdk-go v1.55.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
-github.com/aws/aws-sdk-go-v2 v1.30.5 h1:mWSRTwQAb0aLE17dSzztCVJWI9+cRMgqebndjwDyK0g=
-github.com/aws/aws-sdk-go-v2 v1.30.5/go.mod h1:CT+ZPWXbYrci8chcARI3OmI/qgd+f6WtuLOoaIA8PR0=
+github.com/aws/aws-sdk-go-v2 v1.36.1 h1:iTDl5U6oAhkNPba0e1t1hrwAo02ZMqbrGq4k5JBWM5E=
+github.com/aws/aws-sdk-go-v2 v1.36.1/go.mod h1:5PMILGVKiW32oDzjj6RU52yrNrDPUHcbZQYr1sM7qmM=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 h1:tW1/Rkad38LA15X4UQtjXZXNKsCgkshC3EbmcUmghTg=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3/go.mod h1:UbnqO+zjqk3uIt9yCACHJ9IVNhyhOCnYk8yA19SAWrM=
-github.com/aws/aws-sdk-go-v2/config v1.27.33 h1:Nof9o/MsmH4oa0s2q9a0k7tMz5x/Yj5k06lDODWz3BU=
-github.com/aws/aws-sdk-go-v2/config v1.27.33/go.mod h1:kEqdYzRb8dd8Sy2pOdEbExTTF5v7ozEXX0McgPE7xks=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.32 h1:7Cxhp/BnT2RcGy4VisJ9miUPecY+lyE9I8JvcZofn9I=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.32/go.mod h1:P5/QMF3/DCHbXGEGkdbilXHsyTBX5D3HSwcrSc9p20I=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.13 h1:pfQ2sqNpMVK6xz2RbqLEL0GH87JOwSxPV2rzm8Zsb74=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.13/go.mod h1:NG7RXPUlqfsCLLFfi0+IpKN4sCB9D9fw/qTaSB+xRoU=
+github.com/aws/aws-sdk-go-v2/config v1.29.6 h1:fqgqEKK5HaZVWLQoLiC9Q+xDlSp+1LYidp6ybGE2OGg=
+github.com/aws/aws-sdk-go-v2/config v1.29.6/go.mod h1:Ft+WLODzDQmCTHDvqAH1JfC2xxbZ0MxpZAcJqmE1LTQ=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.59 h1:9btwmrt//Q6JcSdgJOLI98sdr5p7tssS9yAsGe8aKP4=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.59/go.mod h1:NM8fM6ovI3zak23UISdWidyZuI1ghNe2xjzUZAyT+08=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.28 h1:KwsodFKVQTlI5EyhRSugALzsV6mG/SGrdjlMXSZSdso=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.28/go.mod h1:EY3APf9MzygVhKuPXAc5H+MkGb8k/DOSQjWS0LgkKqI=
 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.10 h1:zeN9UtUlA6FTx0vFSayxSX32HDw73Yb6Hh2izDSFxXY=
 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.10/go.mod h1:3HKuexPDcwLWPaqpW2UR/9n8N/u/3CKcGAzSs8p8u8g=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.17 h1:pI7Bzt0BJtYA0N/JEC6B8fJ4RBrEMi1LBrkMdFYNSnQ=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.17/go.mod h1:Dh5zzJYMtxfIjYW+/evjQ8uj2OyR/ve2KROHGHlSFqE=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.17 h1:Mqr/V5gvrhA2gvgnF42Zh5iMiQNcOYthFYwCyrnuWlc=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.17/go.mod h1:aLJpZlCmjE+V+KtN1q1uyZkfnUWpQGpbsn89XPKyzfU=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.32 h1:BjUcr3X3K0wZPGFg2bxOWW3VPN8rkE3/61zhP+IHviA=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.32/go.mod h1:80+OGC/bgzzFFTUmcuwD0lb4YutwQeKLFpmt6hoWapU=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.32 h1:m1GeXHVMJsRsUAqG6HjZWx9dj7F5TR+cF1bjyfYyBd4=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.32/go.mod h1:IitoQxGfaKdVLNg0hD8/DXmAqNy0H4K2H2Sf91ti8sI=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 h1:Pg9URiobXy85kgFev3og2CuOZ8JZUBENF+dcgWBaYNk=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.15 h1:Z5r7SycxmSllHYmaAZPpmN8GviDrSGhMS6bldqtXZPw=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.15/go.mod h1:CetW7bDE00QoGEmPUoZuRog07SGVAUVW6LFpNP0YfIg=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.28.0 h1:rdPrcOZmqT2F+yzmKEImrx5XUs7Hpf4V9Rp6E8mhsxQ=
-github.com/aws/aws-sdk-go-v2/service/ecr v1.28.0/go.mod h1:if7ybzzjOmDB8pat9FE35AHTY6ZxlYSy3YviSmFZv8c=
-github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.23.5 h1:452e/nFuqPvwPg+1OD2CG/v29R9MH8egJSJKh2Qduv8=
-github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.23.5/go.mod h1:8pvvNAklmq+hKmqyvFoMRg0bwg9sdGOvdwximmKiKP0=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4 h1:KypMCbLPPHEmf9DgMGw51jMj77VfGPAN2Kv4cfhlfgI=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4/go.mod h1:Vz1JQXliGcQktFTN/LN6uGppAIRoLBR2bMvIMP0gOjc=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.40.3 h1:a+210FCU/pR5hhKRaskRfX/ogcyyzFBrehcTk5DTAyU=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.40.3/go.mod h1:dtD3a4sjUjVL86e0NUvaqdGvds5ED6itUiZPDaT+Gh8=
+github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.31.2 h1:E6/Myrj9HgLF22medmDrKmbpm4ULsa+cIBNx3phirBk=
+github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.31.2/go.mod h1:OQ8NALFcchBJ/qruak6zKUQodovnTKKaReTuCkc5/9Y=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 h1:D4oz8/CzT9bAEYtVhSBmFj2dNOtaHOtMKc2vHBwYizA=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2/go.mod h1:Za3IHqTQ+yNcRHxu1OFucBh0ACZT4j4VQFF0BqpZcLY=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.17 h1:YPYe6ZmvUfDDDELqEKtAd6bo8zxhkm+XEFEzQisqUIE=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.17/go.mod h1:oBtcnYua/CgzCWYN7NZ5j7PotFDaFSUjCYVTtfyn7vw=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.19 h1:rfprUlsdzgl7ZL2KlXiUAoJnI/VxfHCvDFr2QDFj6u4=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.19/go.mod h1:SCWkEdRq8/7EK60NcvvQ6NXKuTcchAD4ROAsC37VEZE=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.13 h1:SYVGSFQHlchIcy6e7x12bsrxClCXSP5et8cqVhL8cuw=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.13/go.mod h1:kizuDaLX37bG5WZaoxGPQR/LNFXpxp0vsUnqfkWXfNE=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.15 h1:246A4lSTXWJw/rmlQI+TT2OcqeDMKBdyjEQrafMaQdA=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.15/go.mod h1:haVfg3761/WF7YPuJOER2MP0k4UAXyHaLclKXB6usDg=
 github.com/aws/aws-sdk-go-v2/service/kms v1.35.7 h1:v0D1LeMkA/X+JHAZWERrr+sUGOt8KrCZKnJA6KszkcE=
 github.com/aws/aws-sdk-go-v2/service/kms v1.35.7/go.mod h1:K9lwD0Rsx9+NSaJKsdAdlDK4b2G4KKOEve9PzHxPoMI=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.58.3 h1:hT8ZAZRIfqBqHbzKTII+CIiY8G2oC9OpLedkZ51DWl8=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.58.3/go.mod h1:Lcxzg5rojyVPU/0eFwLtcyTaek/6Mtic5B1gJo7e/zE=
-github.com/aws/aws-sdk-go-v2/service/sso v1.22.7 h1:pIaGg+08llrP7Q5aiz9ICWbY8cqhTkyy+0SHvfzQpTc=
-github.com/aws/aws-sdk-go-v2/service/sso v1.22.7/go.mod h1:eEygMHnTKH/3kNp9Jr1n3PdejuSNcgwLe1dWgQtO0VQ=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.7 h1:/Cfdu0XV3mONYKaOt1Gr0k1KvQzkzPyiKUdlWJqy+J4=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.7/go.mod h1:bCbAxKDqNvkHxRaIMnyVPXPo+OaPRwvmgzMxbz1VKSA=
-github.com/aws/aws-sdk-go-v2/service/sts v1.30.7 h1:NKTa1eqZYw8tiHSRGpP0VtTdub/8KNk8sDkNPFaOKDE=
-github.com/aws/aws-sdk-go-v2/service/sts v1.30.7/go.mod h1:NXi1dIAGteSaRLqYgarlhP/Ij0cFT+qmCwiJqWh/U5o=
-github.com/aws/smithy-go v1.20.4 h1:2HK1zBdPgRbjFOHlfeQZfpC4r72MOb9bZkiFwggKO+4=
-github.com/aws/smithy-go v1.20.4/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
-github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20240514230400-03fa26f5508f h1:Z0kS9pJDQgCg3u2lH6+CdYaFbyQtyukVTiUCG6re0E4=
-github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20240514230400-03fa26f5508f/go.mod h1:rAE739ssmE5O5fLuQ2y8uHdmOJaelE5I0Es3SxV0y1A=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.15 h1:/eE3DogBjYlvlbhd2ssWyeuovWunHLxfgw3s/OJa4GQ=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.15/go.mod h1:2PCJYpi7EKeA5SkStAmZlF6fi0uUABuhtF8ILHjGc3Y=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.14 h1:M/zwXiL2iXUrHputuXgmO94TVNmcenPHxgLXLutodKE=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.14/go.mod h1:RVwIw3y/IqxC2YEXSIkAzRDdEU1iRabDPaYjpGCbCGQ=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.14 h1:TzeR06UCMUq+KA3bDkujxK1GVGy+G8qQN/QVYzGLkQE=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.14/go.mod h1:dspXf/oYWGWo6DEvj98wpaTeqt5+DMidZD0A9BYTizc=
+github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ=
+github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
+github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.9.1 h1:50sS0RWhGpW/yZx2KcDNEb1u1MANv5BMEkJgcieEDTA=
+github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.9.1/go.mod h1:ErZOtbzuHabipRTDTor0inoRlYwbsV1ovwSxjGs/uJo=
 github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
 github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8=
 github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk=

From 4bee68910f1800954f59bc1035dbc5cf5ff2423f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 17 Feb 2025 22:35:19 +0000
Subject: [PATCH 038/119] chore(deps): bump github.com/google/go-github/v69
 from 69.0.0 to 69.2.0 (#5564)

Bumps
[github.com/google/go-github/v69](https://github.com/google/go-github)
from 69.0.0 to 69.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/go-github/releases">github.com/google/go-github/v69's
releases</a>.</em></p>
<blockquote>
<h2>v69.2.0</h2>
<p>This minor release contains the following changes:</p>
<ul>
<li>Add helper to get runID from Custom Deployment Protection Rule Event
(<a
href="https://redirect.github.com/google/go-github/issues/3476">#3476</a>)</li>
<li>feat: Add JSON marshal tests for dependabot alerts (<a
href="https://redirect.github.com/google/go-github/issues/3480">#3480</a>)</li>
<li>feat: Add sorting list options for secret scanning (<a
href="https://redirect.github.com/google/go-github/issues/3481">#3481</a>)</li>
<li>Bump version of go-github to v69.2.0 (<a
href="https://redirect.github.com/google/go-github/issues/3482">#3482</a>)</li>
</ul>
<h2>v69.1.0</h2>
<p>This minor release contains the following changes:</p>
<ul>
<li>Bump go-github from v68 to v69 in /scrape (<a
href="https://redirect.github.com/google/go-github/issues/3464">#3464</a>)</li>
<li>Use a max retry after duration for secondary rate limit if specified
(<a
href="https://redirect.github.com/google/go-github/issues/3438">#3438</a>)</li>
<li>docs: Clarify ListPullRequestsWithCommit usage (<a
href="https://redirect.github.com/google/go-github/issues/3465">#3465</a>)</li>
<li>fix: go 1.22 test breakage (<a
href="https://redirect.github.com/google/go-github/issues/3459">#3459</a>)</li>
<li>feat: Add link to bored-engineer/github-conditional-http-transport
to conditional requests documentation (<a
href="https://redirect.github.com/google/go-github/issues/3469">#3469</a>)</li>
<li>build(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0 in /tools
(<a
href="https://redirect.github.com/google/go-github/issues/3472">#3472</a>)</li>
<li>build(deps): bump golang.org/x/net from 0.34.0 to 0.35.0 in /scrape
(<a
href="https://redirect.github.com/google/go-github/issues/3470">#3470</a>)</li>
<li>build(deps): bump github.com/alecthomas/kong from 1.7.0 to 1.8.0 in
/tools (<a
href="https://redirect.github.com/google/go-github/issues/3471">#3471</a>)</li>
<li>Update workflow and tools to use Go1.24 and 1.23 (<a
href="https://redirect.github.com/google/go-github/issues/3474">#3474</a>)</li>
<li>chore: Only use master test runs for status badge (<a
href="https://redirect.github.com/google/go-github/issues/3475">#3475</a>)</li>
<li>feat: Add ListProvisionedScimGroupsForEnterprise inside SCIM service
(<a
href="https://redirect.github.com/google/go-github/issues/3467">#3467</a>)</li>
<li>fix: Add missing query params to AlertListOptions (<a
href="https://redirect.github.com/google/go-github/issues/3477">#3477</a>)</li>
<li>Bump version of go-github to v69.1.0 (<a
href="https://redirect.github.com/google/go-github/issues/3478">#3478</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/google/go-github/commit/0b11dbfbf17f29fb589087727789c6978d500f8d"><code>0b11dbf</code></a>
Bump version of go-github to v69.2.0 (<a
href="https://redirect.github.com/google/go-github/issues/3482">#3482</a>)</li>
<li><a
href="https://github.com/google/go-github/commit/e4c974e3b61750ce5477511f9f791fc045f8c7d0"><code>e4c974e</code></a>
feat: Add sorting list options for secret scanning (<a
href="https://redirect.github.com/google/go-github/issues/3481">#3481</a>)</li>
<li><a
href="https://github.com/google/go-github/commit/81dc7a9416fb14829fdd2130bee12dce7a95c1c2"><code>81dc7a9</code></a>
feat: Add JSON marshal tests for dependabot alerts (<a
href="https://redirect.github.com/google/go-github/issues/3480">#3480</a>)</li>
<li><a
href="https://github.com/google/go-github/commit/6c46d717264d1938f461babab0b768a4ed3f6f63"><code>6c46d71</code></a>
Add helper to get <code>runID</code> from Custom Deployment Protection
Rule Event (<a
href="https://redirect.github.com/google/go-github/issues/3476">#3476</a>)</li>
<li><a
href="https://github.com/google/go-github/commit/f867d00d8068adbd5db81c06ae7a630c1c424bd6"><code>f867d00</code></a>
Bump version of go-github to v69.1.0 (<a
href="https://redirect.github.com/google/go-github/issues/3478">#3478</a>)</li>
<li><a
href="https://github.com/google/go-github/commit/c4b2cb94de107a23bcac7b53df5d127ad5e8e4fe"><code>c4b2cb9</code></a>
fix: Add missing query params to AlertListOptions (<a
href="https://redirect.github.com/google/go-github/issues/3477">#3477</a>)</li>
<li><a
href="https://github.com/google/go-github/commit/77684a471bb9e7a677c09991025db547bdf82407"><code>77684a4</code></a>
feat: Add ListProvisionedScimGroupsForEnterprise inside SCIM service (<a
href="https://redirect.github.com/google/go-github/issues/3467">#3467</a>)</li>
<li><a
href="https://github.com/google/go-github/commit/ce42642afed56ca5ae63c2c1efeb87bf2762d2c6"><code>ce42642</code></a>
chore: Only use master test runs for status badge (<a
href="https://redirect.github.com/google/go-github/issues/3475">#3475</a>)</li>
<li><a
href="https://github.com/google/go-github/commit/26f71a3d3f6d53daf460238ab85e9e0c55f5dadd"><code>26f71a3</code></a>
Update workflow and tools to use Go1.24 and 1.23 (<a
href="https://redirect.github.com/google/go-github/issues/3474">#3474</a>)</li>
<li><a
href="https://github.com/google/go-github/commit/3d4784ce593890ed7b2c091b2260ab65b7d4ffdb"><code>3d4784c</code></a>
build(deps): bump github.com/alecthomas/kong from 1.7.0 to 1.8.0 in
/tools (#...</li>
<li>Additional commits viewable in <a
href="https://github.com/google/go-github/compare/v69.0.0...v69.2.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/google/go-github/v69&package-manager=go_modules&previous-version=69.0.0&new-version=69.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 911f5cfa031..d2b2d4bdb30 100644
--- a/go.mod
+++ b/go.mod
@@ -25,7 +25,7 @@ require (
 	github.com/distribution/distribution/v3 v3.0.0-rc.3
 	github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1
 	github.com/google/go-containerregistry v0.20.3
-	github.com/google/go-github/v69 v69.0.0
+	github.com/google/go-github/v69 v69.2.0
 	github.com/google/ko v0.17.1
 	github.com/google/uuid v1.6.0
 	github.com/goreleaser/fileglob v1.3.0
diff --git a/go.sum b/go.sum
index 28089067055..e453814e2d1 100644
--- a/go.sum
+++ b/go.sum
@@ -431,8 +431,8 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-containerregistry v0.20.3 h1:oNx7IdTI936V8CQRveCjaxOiegWwvM7kqkbXTpyiovI=
 github.com/google/go-containerregistry v0.20.3/go.mod h1:w00pIgBRDVUDFM6bq+Qx8lwNWK+cxgCuX1vd3PIBDNI=
-github.com/google/go-github/v69 v69.0.0 h1:YnFvZ3pEIZF8KHmI8xyQQe3mYACdkhnaTV2hr7CP2/w=
-github.com/google/go-github/v69 v69.0.0/go.mod h1:xne4jymxLR6Uj9b7J7PyTpkMYstEMMwGZa0Aehh1azM=
+github.com/google/go-github/v69 v69.2.0 h1:wR+Wi/fN2zdUx9YxSmYE0ktiX9IAR/BeePzeaUUbEHE=
+github.com/google/go-github/v69 v69.2.0/go.mod h1:xne4jymxLR6Uj9b7J7PyTpkMYstEMMwGZa0Aehh1azM=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/go-replayers/grpcreplay v1.3.0 h1:1Keyy0m1sIpqstQmgz307zhiJ1pV4uIlFds5weTmxbo=

From 58a3aec7995a4ab56696133a5a44edc1e588c20b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 18 Feb 2025 08:33:01 +0000
Subject: [PATCH 039/119] chore(deps): bump golang from `5429efb` to `2d40d4f`
 (#5565)

Bumps golang from `5429efb` to `2d40d4f`.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang&package-manager=docker&previous-version=1.24.0-alpine&new-version=1.24.0-alpine)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 13a27f4bbb3..0366f853e73 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.24.0-alpine@sha256:5429efb7de864db15bd99b91b67608d52f97945837c7f6f7d1b779f9bfe46281
+FROM golang:1.24.0-alpine@sha256:2d40d4fc278dad38be0777d5e2a88a2c6dee51b0b29c97a764fc6c6a11ca893c
 
 RUN apk add --no-cache bash \
 	build-base \

From b6c3a4bffdfb229493993a25d28c5a5fc544b5db Mon Sep 17 00:00:00 2001
From: Faisal Memon <fymemon@yahoo.com>
Date: Wed, 19 Feb 2025 18:57:14 -0800
Subject: [PATCH 040/119] fix: typo in manifest.go (#5571)

---
 internal/pipe/docker/manifest.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/pipe/docker/manifest.go b/internal/pipe/docker/manifest.go
index 5a87afcd590..efbee2874b3 100644
--- a/internal/pipe/docker/manifest.go
+++ b/internal/pipe/docker/manifest.go
@@ -169,6 +169,6 @@ func withDigest(name string, images []*artifact.Artifact) string {
 		}
 	}
 
-	log.Warnf("culd not find %q, did you mean %q?", name, suggestion)
+	log.Warnf("could not find %q, did you mean %q?", name, suggestion)
 	return name
 }

From 28734a196cf398df449c7f9597823eed187b70ad Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 20 Feb 2025 08:41:57 +0000
Subject: [PATCH 041/119] chore(deps): bump actions/cache from 4.2.0 to 4.2.1
 (#5572)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [actions/cache](https://github.com/actions/cache) from 4.2.0 to
4.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v4.2.1</h2>
<h2>What's Changed</h2>
<blockquote>
<p>[!IMPORTANT]
As a reminder, there were important backend changes to release v4.2.0,
see <a href="https://github.com/actions/cache/releases/tag/v4.2.0">those
release notes</a> and <a
href="https://github.com/actions/cache/discussions/1510">the
announcement</a> for more details.</p>
</blockquote>
<ul>
<li>docs: GitHub is spelled incorrectly in caching-strategies.md by <a
href="https://github.com/janco-absa"><code>@​janco-absa</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1526">actions/cache#1526</a></li>
<li>docs: Make the &quot;always save prime numbers&quot; example more
clear by <a href="https://github.com/Tobbe"><code>@​Tobbe</code></a> in
<a
href="https://redirect.github.com/actions/cache/pull/1525">actions/cache#1525</a></li>
<li>Update force deletion docs due a recent deprecation by <a
href="https://github.com/sebbalex"><code>@​sebbalex</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1500">actions/cache#1500</a></li>
<li>Bump <code>@​actions/cache</code> to v4.0.1 by <a
href="https://github.com/robherley"><code>@​robherley</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1554">actions/cache#1554</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/janco-absa"><code>@​janco-absa</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1526">actions/cache#1526</a></li>
<li><a href="https://github.com/Tobbe"><code>@​Tobbe</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1525">actions/cache#1525</a></li>
<li><a href="https://github.com/sebbalex"><code>@​sebbalex</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1500">actions/cache#1500</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v4.2.0...v4.2.1">https://github.com/actions/cache/compare/v4.2.0...v4.2.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>4.2.1</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.1</li>
</ul>
<h3>4.2.0</h3>
<p>TLDR; The cache backend service has been rewritten from the ground up
for improved performance and reliability. <a
href="https://github.com/actions/cache">actions/cache</a> now integrates
with the new cache service (v2) APIs.</p>
<p>The new service will gradually roll out as of <strong>February 1st,
2025</strong>. The legacy service will also be sunset on the same date.
Changes in these release are <strong>fully backward
compatible</strong>.</p>
<p><strong>We are deprecating some versions of this action</strong>. We
recommend upgrading to version <code>v4</code> or <code>v3</code> as
soon as possible before <strong>February 1st, 2025.</strong> (Upgrade
instructions below).</p>
<p>If you are using pinned SHAs, please use the SHAs of versions
<code>v4.2.0</code> or <code>v3.4.0</code></p>
<p>If you do not upgrade, all workflow runs using any of the deprecated
<a href="https://github.com/actions/cache">actions/cache</a> will
fail.</p>
<p>Upgrading to the recommended versions will not break your
workflows.</p>
<h3>4.1.2</h3>
<ul>
<li>Add GitHub Enterprise Cloud instances hostname filters to inform API
endpoint choices - <a
href="https://redirect.github.com/actions/cache/pull/1474">#1474</a></li>
<li>Security fix: Bump braces from 3.0.2 to 3.0.3 - <a
href="https://redirect.github.com/actions/cache/pull/1475">#1475</a></li>
</ul>
<h3>4.1.1</h3>
<ul>
<li>Restore original behavior of <code>cache-hit</code> output - <a
href="https://redirect.github.com/actions/cache/pull/1467">#1467</a></li>
</ul>
<h3>4.1.0</h3>
<ul>
<li>Ensure <code>cache-hit</code> output is set when a cache is missed -
<a
href="https://redirect.github.com/actions/cache/pull/1404">#1404</a></li>
<li>Deprecate <code>save-always</code> input - <a
href="https://redirect.github.com/actions/cache/pull/1452">#1452</a></li>
</ul>
<h3>4.0.2</h3>
<ul>
<li>Fixed restore <code>fail-on-cache-miss</code> not working.</li>
</ul>
<h3>4.0.1</h3>
<ul>
<li>Updated <code>isGhes</code> check</li>
</ul>
<h3>4.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -&gt; node
20</li>
</ul>
<h3>3.4.0</h3>
<ul>
<li>Integrated with the new cache service (v2) APIs</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/cache/commit/0c907a75c2c80ebcb7f088228285e798b750cf8f"><code>0c907a7</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1554">#1554</a>
from actions/robherley/v4.2.1</li>
<li><a
href="https://github.com/actions/cache/commit/710893c2369beb60748049b671f18c43a3656fce"><code>710893c</code></a>
bump <code>@​actions/cache</code> to v4.0.1</li>
<li><a
href="https://github.com/actions/cache/commit/9fa7e61ec7e1f44ac75218e7aaea81da8856fd11"><code>9fa7e61</code></a>
Update force deletion docs due a recent deprecation (<a
href="https://redirect.github.com/actions/cache/issues/1500">#1500</a>)</li>
<li><a
href="https://github.com/actions/cache/commit/36f1e144e1c8edb0a652766b484448563d8baf46"><code>36f1e14</code></a>
docs: Make the &quot;always save prime numbers&quot; example more clear
(<a
href="https://redirect.github.com/actions/cache/issues/1525">#1525</a>)</li>
<li><a
href="https://github.com/actions/cache/commit/53aa38c736a561b9c17b62df3fe885a17b78ee6d"><code>53aa38c</code></a>
Correct GitHub Spelling in caching-strategies.md (<a
href="https://redirect.github.com/actions/cache/issues/1526">#1526</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/cache/compare/1bd1e32a3bdc45362d1e726936510720a7c30a57...0c907a75c2c80ebcb7f088228285e798b750cf8f">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=4.2.0&new-version=4.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/release.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d5365279702..a05000214d3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -68,7 +68,7 @@ jobs:
           version: 3.x
           repo-token: ${{ secrets.GITHUB_TOKEN }}
       - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v2
-      - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
+      - uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4
         with:
           path: |
             ./dist/*.deb
@@ -103,7 +103,7 @@ jobs:
       - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v4
         with:
           go-version: stable
-      - uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
+      - uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4
         with:
           path: |
             ./dist/*.deb

From 4f1b7c81d2ee48af5b804d67cec8c74f44d66ff3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 20 Feb 2025 09:17:37 +0000
Subject: [PATCH 042/119] chore(deps): bump github.com/klauspost/compress from
 1.17.11 to 1.18.0 (#5573)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[github.com/klauspost/compress](https://github.com/klauspost/compress)
from 1.17.11 to 1.18.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/klauspost/compress/releases">github.com/klauspost/compress's
releases</a>.</em></p>
<blockquote>
<h2>v1.18.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Deprecate Go 1.21 and add 1.24 by <a
href="https://github.com/klauspost"><code>@​klauspost</code></a> in <a
href="https://redirect.github.com/klauspost/compress/pull/1055">klauspost/compress#1055</a></li>
<li>Add unsafe little endian loaders by <a
href="https://github.com/klauspost"><code>@​klauspost</code></a> in <a
href="https://redirect.github.com/klauspost/compress/pull/1036">klauspost/compress#1036</a></li>
<li>fix: check <code>r.err != nil</code> but return a nil value error
<code>err</code> by <a
href="https://github.com/alingse"><code>@​alingse</code></a> in <a
href="https://redirect.github.com/klauspost/compress/pull/1028">klauspost/compress#1028</a></li>
<li>refactor: use built-in <code>min</code> function by <a
href="https://github.com/Juneezee"><code>@​Juneezee</code></a> in <a
href="https://redirect.github.com/klauspost/compress/pull/1038">klauspost/compress#1038</a></li>
<li>zstd: use <code>slices.Max</code> for max value in slice by <a
href="https://github.com/Juneezee"><code>@​Juneezee</code></a> in <a
href="https://redirect.github.com/klauspost/compress/pull/1041">klauspost/compress#1041</a></li>
<li>flate: Simplify L4-6 loading by <a
href="https://github.com/klauspost"><code>@​klauspost</code></a> in <a
href="https://redirect.github.com/klauspost/compress/pull/1043">klauspost/compress#1043</a></li>
<li>flate: Simplify matchlen (remove asm) by <a
href="https://github.com/klauspost"><code>@​klauspost</code></a> in <a
href="https://redirect.github.com/klauspost/compress/pull/1045">klauspost/compress#1045</a></li>
<li>s2: Add block decode fuzzer by <a
href="https://github.com/klauspost"><code>@​klauspost</code></a> in <a
href="https://redirect.github.com/klauspost/compress/pull/1044">klauspost/compress#1044</a></li>
<li>s2: Improve small block compression speed w/o asm by <a
href="https://github.com/klauspost"><code>@​klauspost</code></a> in <a
href="https://redirect.github.com/klauspost/compress/pull/1048">klauspost/compress#1048</a></li>
<li>flate: Fix matchlen L5+L6 by <a
href="https://github.com/klauspost"><code>@​klauspost</code></a> in <a
href="https://redirect.github.com/klauspost/compress/pull/1049">klauspost/compress#1049</a></li>
<li>flate: Cleanup &amp; reduce casts by <a
href="https://github.com/klauspost"><code>@​klauspost</code></a> in <a
href="https://redirect.github.com/klauspost/compress/pull/1050">klauspost/compress#1050</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/tcpdumppy"><code>@​tcpdumppy</code></a>
made their first contribution in <a
href="https://redirect.github.com/klauspost/compress/pull/1021">klauspost/compress#1021</a></li>
<li><a href="https://github.com/sam9291"><code>@​sam9291</code></a> made
their first contribution in <a
href="https://redirect.github.com/klauspost/compress/pull/1022">klauspost/compress#1022</a></li>
<li><a href="https://github.com/dezza"><code>@​dezza</code></a> made
their first contribution in <a
href="https://redirect.github.com/klauspost/compress/pull/1023">klauspost/compress#1023</a></li>
<li><a href="https://github.com/alingse"><code>@​alingse</code></a> made
their first contribution in <a
href="https://redirect.github.com/klauspost/compress/pull/1028">klauspost/compress#1028</a></li>
<li><a href="https://github.com/hyunsooda"><code>@​hyunsooda</code></a>
made their first contribution in <a
href="https://redirect.github.com/klauspost/compress/pull/1031">klauspost/compress#1031</a></li>
<li><a href="https://github.com/Juneezee"><code>@​Juneezee</code></a>
made their first contribution in <a
href="https://redirect.github.com/klauspost/compress/pull/1038">klauspost/compress#1038</a></li>
<li><a href="https://github.com/Bbulatov"><code>@​Bbulatov</code></a>
made their first contribution in <a
href="https://redirect.github.com/klauspost/compress/pull/1052">klauspost/compress#1052</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/klauspost/compress/compare/v1.17.11...v1.18.0">https://github.com/klauspost/compress/compare/v1.17.11...v1.18.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/klauspost/compress/commit/8e79dc4b98d4c5a09c62a2546b79c14edf7c3e38"><code>8e79dc4</code></a>
Deprecate Go 1.21 and add 1.24 (<a
href="https://redirect.github.com/klauspost/compress/issues/1055">#1055</a>)</li>
<li><a
href="https://github.com/klauspost/compress/commit/df8e99c8d015080686afb9b70a88791dd16a97a6"><code>df8e99c</code></a>
build(deps): bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/klauspost/compress/issues/1053">#1053</a>)</li>
<li><a
href="https://github.com/klauspost/compress/commit/7787431d606fe7748391cb5009cee0cf966d1cd9"><code>7787431</code></a>
zstd: fix unused debug code (<a
href="https://redirect.github.com/klauspost/compress/issues/1052">#1052</a>)</li>
<li><a
href="https://github.com/klauspost/compress/commit/0bf3ecbea777ec39f7919b47e464a046254e29a8"><code>0bf3ecb</code></a>
flate: Cleanup &amp; reduce casts (<a
href="https://redirect.github.com/klauspost/compress/issues/1050">#1050</a>)</li>
<li><a
href="https://github.com/klauspost/compress/commit/e0f89a9638ea2c7d21d9de0044efde931959eabe"><code>e0f89a9</code></a>
flate: Fix matchlen L5+L6 (<a
href="https://redirect.github.com/klauspost/compress/issues/1049">#1049</a>)</li>
<li><a
href="https://github.com/klauspost/compress/commit/c8a8470492769c69e56a348e5142734cab19664e"><code>c8a8470</code></a>
s2: Improve small block compression speed w/o asm (<a
href="https://redirect.github.com/klauspost/compress/issues/1048">#1048</a>)</li>
<li><a
href="https://github.com/klauspost/compress/commit/b05b993abb0da411a09cff9387877a4026c38906"><code>b05b993</code></a>
s2: Add block decode fuzzer (<a
href="https://redirect.github.com/klauspost/compress/issues/1044">#1044</a>)</li>
<li><a
href="https://github.com/klauspost/compress/commit/aafbabd27ac86586bf3d7458e4efe99476716623"><code>aafbabd</code></a>
flate: Simplify matchlen (remove asm) (<a
href="https://redirect.github.com/klauspost/compress/issues/1045">#1045</a>)</li>
<li><a
href="https://github.com/klauspost/compress/commit/dbaa9c1172b66d27d918b0e82a014d97f5dea2e5"><code>dbaa9c1</code></a>
flate: Simplify l4-6 loading (<a
href="https://redirect.github.com/klauspost/compress/issues/1043">#1043</a>)</li>
<li><a
href="https://github.com/klauspost/compress/commit/4fa2036c90af5117d4c79f9fa9872bdb16de613c"><code>4fa2036</code></a>
Add unsafe little endian loaders (<a
href="https://redirect.github.com/klauspost/compress/issues/1036">#1036</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/klauspost/compress/compare/v1.17.11...v1.18.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/klauspost/compress&package-manager=go_modules&previous-version=1.17.11&new-version=1.18.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index d2b2d4bdb30..b8e8c030d32 100644
--- a/go.mod
+++ b/go.mod
@@ -248,7 +248,7 @@ require (
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/klauspost/compress v1.17.11
+	github.com/klauspost/compress v1.18.0
 	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect
diff --git a/go.sum b/go.sum
index e453814e2d1..a2b32571c22 100644
--- a/go.sum
+++ b/go.sum
@@ -560,8 +560,8 @@ github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
-github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
+github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
+github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
 github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM=
 github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
 github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU=

From 38e04e1fdc39d798a1883502ce4739eb836df35b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 21 Feb 2025 08:31:11 +0000
Subject: [PATCH 043/119] chore(deps): bump sigstore/cosign-installer from
 3.8.0 to 3.8.1 (#5577)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
from 3.8.0 to 3.8.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign-installer/releases">sigstore/cosign-installer's
releases</a>.</em></p>
<blockquote>
<h2>v3.8.1</h2>
<h2>What's Changed</h2>
<ul>
<li>use cosign 2.4.3 and other updates by <a
href="https://github.com/cpanato"><code>@​cpanato</code></a> in <a
href="https://redirect.github.com/sigstore/cosign-installer/pull/182">sigstore/cosign-installer#182</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/cosign-installer/compare/v3...v3.8.1">https://github.com/sigstore/cosign-installer/compare/v3...v3.8.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sigstore/cosign-installer/commit/d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a"><code>d7d6bc7</code></a>
use cosign 2.4.3 and other updates (<a
href="https://redirect.github.com/sigstore/cosign-installer/issues/182">#182</a>)</li>
<li>See full diff in <a
href="https://github.com/sigstore/cosign-installer/compare/v3.8.0...v3.8.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/cosign-installer&package-manager=github_actions&previous-version=3.8.0&new-version=3.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/build.yml       | 2 +-
 .github/workflows/nightly-oss.yml | 2 +-
 .github/workflows/release.yml     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ba9f86bd8b9..ae3afd02d08 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -69,7 +69,7 @@ jobs:
         run: |
           rustup default stable
           cargo binstall cargo-zigbuild
-      - uses: sigstore/cosign-installer@v3.8.0
+      - uses: sigstore/cosign-installer@v3.8.1
       - uses: anchore/sbom-action/download-syft@v0.18.0
       - run: task setup
       - run: task build
diff --git a/.github/workflows/nightly-oss.yml b/.github/workflows/nightly-oss.yml
index 336aa66fca2..1749559101a 100644
--- a/.github/workflows/nightly-oss.yml
+++ b/.github/workflows/nightly-oss.yml
@@ -56,7 +56,7 @@ jobs:
       - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v4
         with:
           go-version: stable
-      - uses: sigstore/cosign-installer@v3.8.0
+      - uses: sigstore/cosign-installer@v3.8.1
       - uses: anchore/sbom-action/download-syft@v0.18.0
       - uses: crazy-max/ghaction-upx@v3
         with:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a05000214d3..82c5f72ed62 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -110,7 +110,7 @@ jobs:
             ./dist/*.rpm
             ./dist/*.apk
           key: ${{ github.ref }}
-      - uses: sigstore/cosign-installer@v3.8.0
+      - uses: sigstore/cosign-installer@v3.8.1
       - uses: anchore/sbom-action/download-syft@v0.18.0
       - uses: crazy-max/ghaction-upx@v3
         with:

From 3df46ef1e38bc3333a19c7d2d56cf6ef955b3538 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Fri, 21 Feb 2025 22:31:54 -0300
Subject: [PATCH 044/119] refactor: ko.doBuild

---
 internal/pipe/ko/ko.go | 142 ++++++++++++++++++++---------------------
 1 file changed, 71 insertions(+), 71 deletions(-)

diff --git a/internal/pipe/ko/ko.go b/internal/pipe/ko/ko.go
index 053b2842b20..122de376a0d 100644
--- a/internal/pipe/ko/ko.go
+++ b/internal/pipe/ko/ko.go
@@ -158,7 +158,9 @@ func (p Pipe) Run(ctx *context.Context) error {
 func (Pipe) Publish(ctx *context.Context) error {
 	g := semerrgroup.New(ctx.Parallelism)
 	for _, ko := range ctx.Config.Kos {
-		g.Go(doBuild(ctx, ko))
+		g.Go(func() error {
+			return doBuild(ctx, ko)
+		})
 	}
 	return g.Wait()
 }
@@ -257,84 +259,82 @@ func (o *buildOptions) makeBuilder(ctx *context.Context) (*build.Caching, error)
 	return build.NewCaching(b)
 }
 
-func doBuild(ctx *context.Context, ko config.Ko) func() error {
-	return func() error {
-		opts, err := buildBuildOptions(ctx, ko)
-		if err != nil {
-			return err
-		}
+func doBuild(ctx *context.Context, ko config.Ko) error {
+	opts, err := buildBuildOptions(ctx, ko)
+	if err != nil {
+		return err
+	}
 
-		b, err := opts.makeBuilder(ctx)
-		if err != nil {
-			return fmt.Errorf("makeBuilder: %w", err)
-		}
-		r, err := b.Build(ctx, opts.importPath)
-		if err != nil {
-			return fmt.Errorf("build: %w", err)
-		}
+	b, err := opts.makeBuilder(ctx)
+	if err != nil {
+		return fmt.Errorf("makeBuilder: %w", err)
+	}
+	r, err := b.Build(ctx, opts.importPath)
+	if err != nil {
+		return fmt.Errorf("build: %w", err)
+	}
 
-		po := &options.PublishOptions{
-			DockerRepo:          opts.imageRepos[0],
-			Bare:                opts.bare,
-			PreserveImportPaths: opts.preserveImportPaths,
-			BaseImportPaths:     opts.baseImportPaths,
-			Tags:                opts.tags,
-			Local:               ctx.Snapshot,
-			LocalDomain:         "goreleaser.ko.local",
-		}
-		var p publish.Interface
-		if ctx.Snapshot {
-			p, err = publish.NewDaemon(
-				options.MakeNamer(po),
-				opts.tags,
-				publish.WithLocalDomain(po.LocalDomain),
-			)
-		} else {
-			p, err = publish.NewDefault(
-				opts.imageRepos[0],
-				publish.WithTags(opts.tags),
-				publish.WithNamer(options.MakeNamer(po)),
-				publish.WithAuthFromKeychain(keychain),
-			)
-		}
-		if err != nil {
-			return fmt.Errorf("newPublisher: %w", err)
-		}
-		defer func() { _ = p.Close() }()
-		ref, err := p.Publish(ctx, r, opts.importPath)
-		if err != nil {
-			return fmt.Errorf("publish: %w", err)
-		}
-		if err := p.Close(); err != nil {
-			return fmt.Errorf("close: %w", err)
-		}
+	po := &options.PublishOptions{
+		DockerRepo:          opts.imageRepos[0],
+		Bare:                opts.bare,
+		PreserveImportPaths: opts.preserveImportPaths,
+		BaseImportPaths:     opts.baseImportPaths,
+		Tags:                opts.tags,
+		Local:               ctx.Snapshot,
+		LocalDomain:         "goreleaser.ko.local",
+	}
+	var p publish.Interface
+	if ctx.Snapshot {
+		p, err = publish.NewDaemon(
+			options.MakeNamer(po),
+			opts.tags,
+			publish.WithLocalDomain(po.LocalDomain),
+		)
+	} else {
+		p, err = publish.NewDefault(
+			opts.imageRepos[0],
+			publish.WithTags(opts.tags),
+			publish.WithNamer(options.MakeNamer(po)),
+			publish.WithAuthFromKeychain(keychain),
+		)
+	}
+	if err != nil {
+		return fmt.Errorf("newPublisher: %w", err)
+	}
+	defer func() { _ = p.Close() }()
+	ref, err := p.Publish(ctx, r, opts.importPath)
+	if err != nil {
+		return fmt.Errorf("publish: %w", err)
+	}
+	if err := p.Close(); err != nil {
+		return fmt.Errorf("close: %w", err)
+	}
 
-		ctx.Artifacts.Add(makeArtifact(
-			ko.ID,
-			ref.Name(),
-			ref.Context().Digest(ref.Identifier()).DigestStr(),
-		))
+	ctx.Artifacts.Add(makeArtifact(
+		ko.ID,
+		ref.Name(),
+		ref.Context().Digest(ref.Identifier()).DigestStr(),
+	))
 
-		if ctx.Snapshot || len(opts.imageRepos) == 1 {
-			// do not copy images when snapshoting, as these images will be
-			// local only anyway.
-			return nil
-		}
+	if ctx.Snapshot || len(opts.imageRepos) == 1 {
+		// do not copy images when snapshoting, as these images will be
+		// local only anyway.
+		return nil
+	}
 
-		src := ref.Name()
-		for i := 1; i < len(opts.imageRepos); i++ {
-			for _, tag := range opts.tags {
-				dst := opts.imageRepos[i] + ":" + tag
-				digest, err := copyImage(src, dst)
-				if err != nil {
-					return err
-				}
-				ctx.Artifacts.Add(makeArtifact(ko.ID, dst, digest))
+	src := ref.Name()
+	for i := 1; i < len(opts.imageRepos); i++ {
+		for _, tag := range opts.tags {
+			dst := opts.imageRepos[i] + ":" + tag
+			digest, err := copyImage(src, dst)
+			if err != nil {
+				return err
 			}
+			ctx.Artifacts.Add(makeArtifact(ko.ID, dst, digest))
 		}
-
-		return nil
 	}
+
+	return nil
 }
 
 func findBuild(ctx *context.Context, ko config.Ko) (config.Build, error) {

From cf8fd23198adbdd43f79f3eedd3e26be3801ecbd Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Fri, 21 Feb 2025 22:39:00 -0300
Subject: [PATCH 045/119] refactor: moving builtarget into builders/golang
 (#5569)

---
 internal/builders/buildtarget/targets.go      | 295 ------------------
 internal/builders/golang/build.go             |  38 ++-
 internal/builders/golang/targets.go           | 295 +++++++++++++++++-
 .../{buildtarget => golang}/targets_test.go   |  22 +-
 4 files changed, 326 insertions(+), 324 deletions(-)
 delete mode 100644 internal/builders/buildtarget/targets.go
 rename internal/builders/{buildtarget => golang}/targets_test.go (93%)

diff --git a/internal/builders/buildtarget/targets.go b/internal/builders/buildtarget/targets.go
deleted file mode 100644
index b904ae9bcb9..00000000000
--- a/internal/builders/buildtarget/targets.go
+++ /dev/null
@@ -1,295 +0,0 @@
-// Package buildtarget can generate a list of targets based on a matrix of
-// goos, goarch, goarm, goamd64, gomips and go version.
-package buildtarget
-
-// TODO: move this to internal/builders/golang, as it actually is related to
-// and used in the go builder only.
-
-import (
-	"fmt"
-	"regexp"
-
-	"github.com/caarlos0/log"
-	"github.com/goreleaser/goreleaser/v2/pkg/config"
-)
-
-type target struct {
-	os, arch, amd64, go386, arm, arm64, mips, ppc64, riscv64 string
-}
-
-func (t target) String() string {
-	if extra := t.amd64 + t.go386 + t.arm + t.arm64 + t.mips + t.ppc64 + t.riscv64; extra != "" {
-		return fmt.Sprintf("%s_%s_%s", t.os, t.arch, extra)
-	}
-	return fmt.Sprintf("%s_%s", t.os, t.arch)
-}
-
-// List compiles the list of targets for the given builds.
-func List(build config.Build) ([]string, error) {
-	//nolint:prealloc
-	var targets []target
-	//nolint:prealloc
-	var result []string
-	for _, target := range allBuildTargets(build) {
-		if !contains(target.os, validGoos) {
-			return result, fmt.Errorf("invalid goos: %s", target.os)
-		}
-		if !contains(target.arch, validGoarch) {
-			return result, fmt.Errorf("invalid goarch: %s", target.arch)
-		}
-		if target.amd64 != "" && !contains(target.amd64, validGoamd64) {
-			return result, fmt.Errorf("invalid goamd64: %s", target.amd64)
-		}
-		if target.go386 != "" && !contains(target.go386, validGo386) {
-			return result, fmt.Errorf("invalid go386: %s", target.go386)
-		}
-		if target.arm != "" && !contains(target.arm, validGoarm) {
-			return result, fmt.Errorf("invalid goarm: %s", target.arm)
-		}
-		if target.arm64 != "" && !validGoarm64.MatchString(target.arm64) {
-			return result, fmt.Errorf("invalid goarm64: %s", target.arm64)
-		}
-		if target.mips != "" && !contains(target.mips, validGomips) {
-			return result, fmt.Errorf("invalid gomips: %s", target.mips)
-		}
-		if target.ppc64 != "" && !contains(target.ppc64, validGoppc64) {
-			return result, fmt.Errorf("invalid goppc64: %s", target.ppc64)
-		}
-		if target.riscv64 != "" && !contains(target.riscv64, validGoriscv64) {
-			return result, fmt.Errorf("invalid goriscv64: %s", target.riscv64)
-		}
-		if !valid(target) {
-			log.WithField("target", target).Debug("skipped invalid build")
-			continue
-		}
-		if ignored(build, target) {
-			log.WithField("target", target).Debug("skipped ignored build")
-			continue
-		}
-		targets = append(targets, target)
-	}
-	for _, target := range targets {
-		result = append(result, target.String())
-	}
-	return result, nil
-}
-
-func allBuildTargets(build config.Build) (targets []target) {
-	for _, goos := range build.Goos {
-		for _, goarch := range build.Goarch {
-			switch goarch {
-			case "386":
-				for _, go386 := range build.Go386 {
-					targets = append(targets, target{
-						os:    goos,
-						arch:  goarch,
-						go386: go386,
-					})
-				}
-			case "amd64":
-				for _, goamd64 := range build.Goamd64 {
-					targets = append(targets, target{
-						os:    goos,
-						arch:  goarch,
-						amd64: goamd64,
-					})
-				}
-			case "arm64":
-				for _, goarm64 := range build.Goarm64 {
-					targets = append(targets, target{
-						os:    goos,
-						arch:  goarch,
-						arm64: goarm64,
-					})
-				}
-			case "arm":
-				for _, goarm := range build.Goarm {
-					targets = append(targets, target{
-						os:   goos,
-						arch: goarch,
-						arm:  goarm,
-					})
-				}
-			case "mips", "mipsle", "mips64", "mips64le":
-				for _, gomips := range build.Gomips {
-					targets = append(targets, target{
-						os:   goos,
-						arch: goarch,
-						mips: gomips,
-					})
-				}
-			case "ppc64", "ppc64le":
-				for _, goppc64 := range build.Goppc64 {
-					targets = append(targets, target{
-						os:    goos,
-						arch:  goarch,
-						ppc64: goppc64,
-					})
-				}
-			case "riscv64":
-				for _, goriscv64 := range build.Goriscv64 {
-					targets = append(targets, target{
-						os:      goos,
-						arch:    goarch,
-						riscv64: goriscv64,
-					})
-				}
-			default:
-				targets = append(targets, target{
-					os:   goos,
-					arch: goarch,
-				})
-			}
-		}
-	}
-	return
-}
-
-// TODO: this could be improved by using a map.
-// https://github.com/goreleaser/goreleaser/pull/522#discussion_r164245014
-func ignored(build config.Build, target target) bool {
-	for _, ig := range build.Ignore {
-		if ig.Goos != "" && ig.Goos != target.os {
-			continue
-		}
-		if ig.Goarch != "" && ig.Goarch != target.arch {
-			continue
-		}
-		if ig.Goamd64 != "" && ig.Goamd64 != target.amd64 {
-			continue
-		}
-		if ig.Go386 != "" && ig.Go386 != target.go386 {
-			continue
-		}
-		if ig.Goarm != "" && ig.Goarm != target.arm {
-			continue
-		}
-		if ig.Goarm64 != "" && ig.Goarm64 != target.arm64 {
-			continue
-		}
-		if ig.Gomips != "" && ig.Gomips != target.mips {
-			continue
-		}
-		if ig.Goppc64 != "" && ig.Goppc64 != target.ppc64 {
-			continue
-		}
-		if ig.Goriscv64 != "" && ig.Goriscv64 != target.riscv64 {
-			continue
-		}
-		return true
-	}
-	return false
-}
-
-func valid(target target) bool {
-	return contains(target.os+target.arch, validTargets)
-}
-
-func contains(s string, ss []string) bool {
-	for _, z := range ss {
-		if z == s {
-			return true
-		}
-	}
-	return false
-}
-
-// lists from https://go.dev/doc/install/source#environment
-//
-//nolint:gochecknoglobals
-var (
-	validTargets = []string{
-		"aixppc64",
-		"android386",
-		"androidamd64",
-		"androidarm",
-		"androidarm64",
-		"darwinamd64",
-		"darwinarm64",
-		"dragonflyamd64",
-		"freebsd386",
-		"freebsdamd64",
-		"freebsdarm",
-		"freebsdarm64", // not on the official list for some reason, yet its supported on go 1.14+
-		"illumosamd64",
-		"iosarm64",
-		"jswasm",
-		"wasip1wasm",
-		"linux386",
-		"linuxamd64",
-		"linuxarm",
-		"linuxarm64",
-		"linuxppc64",
-		"linuxppc64le",
-		"linuxmips",
-		"linuxmipsle",
-		"linuxmips64",
-		"linuxmips64le",
-		"linuxs390x",
-		"linuxriscv64",
-		"linuxloong64",
-		"netbsd386",
-		"netbsdamd64",
-		"netbsdarm",
-		"netbsdarm64", // not on the official list for some reason, yet its supported on go 1.13+
-		"openbsd386",
-		"openbsdamd64",
-		"openbsdarm",
-		"openbsdarm64",
-		"plan9386",
-		"plan9amd64",
-		"plan9arm",
-		"solarisamd64",
-		"solarissparc",
-		"solarissparc64",
-		"windowsarm",
-		"windowsarm64",
-		"windows386",
-		"windowsamd64",
-	}
-
-	validGoos = []string{
-		"aix",
-		"android",
-		"darwin",
-		"dragonfly",
-		"freebsd",
-		"illumos",
-		"ios",
-		"js",
-		"linux",
-		"netbsd",
-		"openbsd",
-		"plan9",
-		"solaris",
-		"windows",
-		"wasip1",
-	}
-
-	validGoarch = []string{
-		"386",
-		"amd64",
-		"arm",
-		"arm64",
-		"mips",
-		"mips64",
-		"mips64le",
-		"mipsle",
-		"ppc64",
-		"ppc64le",
-		"s390x",
-		"wasm",
-		"riscv64",
-		"loong64",
-		"sparc",
-		"sparc64",
-	}
-
-	validGoamd64   = []string{"v1", "v2", "v3", "v4"}
-	validGo386     = []string{"sse2", "softfloat"}
-	validGoarm     = []string{"5", "6", "7"}
-	validGoarm64   = regexp.MustCompile(`(v8\.[0-9]|v9\.[0-5])((,lse|,crypto)?)+`)
-	validGomips    = []string{"hardfloat", "softfloat"}
-	validGoppc64   = []string{"power8", "power9", "power10"}
-	validGoriscv64 = []string{"rva20u64", "rva22u64"}
-)
diff --git a/internal/builders/golang/build.go b/internal/builders/golang/build.go
index 5bed40ea4de..4998732cb67 100644
--- a/internal/builders/golang/build.go
+++ b/internal/builders/golang/build.go
@@ -14,7 +14,6 @@ import (
 	"dario.cat/mergo"
 	"github.com/caarlos0/log"
 	"github.com/goreleaser/goreleaser/v2/internal/artifact"
-	"github.com/goreleaser/goreleaser/v2/internal/builders/buildtarget"
 	"github.com/goreleaser/goreleaser/v2/internal/builders/common"
 	"github.com/goreleaser/goreleaser/v2/internal/experimental"
 	"github.com/goreleaser/goreleaser/v2/internal/logext"
@@ -24,6 +23,15 @@ import (
 	"github.com/goreleaser/goreleaser/v2/pkg/context"
 )
 
+const (
+	defaultGoamd64   = "v1"
+	defaultGo386     = "sse2"
+	defaultGoarm64   = "v8.0"
+	defaultGomips    = "hardfloat"
+	defaultGoppc64   = "power8"
+	defaultGoriscv64 = "rva20u64"
+)
+
 // Default builder instance.
 //
 //nolint:gochecknoglobals
@@ -116,28 +124,28 @@ func (*Builder) WithDefaults(build config.Build) (config.Build, error) {
 			build.Goarch = []string{"amd64", "arm64", "386"}
 		}
 		if len(build.Goamd64) == 0 {
-			build.Goamd64 = []string{"v1"}
+			build.Goamd64 = []string{defaultGoamd64}
 		}
 		if len(build.Go386) == 0 {
-			build.Go386 = []string{"sse2"}
+			build.Go386 = []string{defaultGo386}
 		}
 		if len(build.Goarm) == 0 {
 			build.Goarm = []string{experimental.DefaultGOARM()}
 		}
 		if len(build.Goarm64) == 0 {
-			build.Goarm64 = []string{"v8.0"}
+			build.Goarm64 = []string{defaultGoarm64}
 		}
 		if len(build.Gomips) == 0 {
-			build.Gomips = []string{"hardfloat"}
+			build.Gomips = []string{defaultGomips}
 		}
 		if len(build.Goppc64) == 0 {
-			build.Goppc64 = []string{"power8"}
+			build.Goppc64 = []string{defaultGoppc64}
 		}
 		if len(build.Goriscv64) == 0 {
-			build.Goriscv64 = []string{"rva20u64"}
+			build.Goriscv64 = []string{defaultGoriscv64}
 		}
 
-		targets, err := buildtarget.List(build)
+		targets, err := listTargets(build)
 		if err != nil {
 			return build, err
 		}
@@ -173,29 +181,29 @@ func (b *Builder) FixTarget(target string) string {
 
 func fixTarget(target string) string {
 	if strings.HasSuffix(target, "_amd64") {
-		return target + "_v1"
+		return target + "_" + defaultGoamd64
 	}
 	if strings.HasSuffix(target, "_386") {
-		return target + "_sse2"
+		return target + "_" + defaultGo386
 	}
 	if strings.HasSuffix(target, "_arm") {
 		return target + "_" + experimental.DefaultGOARM()
 	}
 	if strings.HasSuffix(target, "_arm64") {
-		return target + "_v8.0"
+		return target + "_" + defaultGoarm64
 	}
 	if strings.HasSuffix(target, "_mips") ||
 		strings.HasSuffix(target, "_mips64") ||
 		strings.HasSuffix(target, "_mipsle") ||
 		strings.HasSuffix(target, "_mips64le") {
-		return target + "_hardfloat"
+		return target + "_" + defaultGomips
 	}
 	if strings.HasSuffix(target, "_ppc64") ||
 		strings.HasSuffix(target, "_ppc64le") {
-		return target + "_power8"
+		return target + "_" + defaultGoppc64
 	}
 	if strings.HasSuffix(target, "_riscv64") {
-		return target + "_rva20u64"
+		return target + "_" + defaultGoriscv64
 	}
 	return target
 }
@@ -337,7 +345,7 @@ func (*Builder) Build(ctx *context.Context, build config.Build, options api.Opti
 func withOverrides(ctx *context.Context, build config.Build, target Target) (config.BuildDetails, error) {
 	optsTarget := target.Target
 	for _, o := range build.BuildDetailsOverrides {
-		overrideTarget, err := tmpl.New(ctx).Apply(formatTarget(o))
+		overrideTarget, err := tmpl.New(ctx).Apply(formatBuildTarget(o))
 		if err != nil {
 			return build.BuildDetails, err
 		}
diff --git a/internal/builders/golang/targets.go b/internal/builders/golang/targets.go
index 2cdf23f73e8..991012ef5a4 100644
--- a/internal/builders/golang/targets.go
+++ b/internal/builders/golang/targets.go
@@ -1,13 +1,31 @@
 package golang
 
 import (
+	"fmt"
+	"regexp"
+
+	"github.com/caarlos0/log"
 	"github.com/goreleaser/goreleaser/v2/internal/tmpl"
 	"github.com/goreleaser/goreleaser/v2/pkg/config"
 )
 
-func formatTarget(o config.BuildDetailsOverride) string {
-	target := o.Goos + "_" + o.Goarch
-	if extra := o.Goamd64 + o.Go386 + o.Goarm + o.Goarm64 + o.Gomips + o.Goppc64 + o.Goriscv64; extra != "" {
+func formatBuildTarget(o config.BuildDetailsOverride) string {
+	return formatTarget(Target{
+		Goos:      o.Goos,
+		Goarch:    o.Goarch,
+		Goamd64:   o.Goamd64,
+		Go386:     o.Go386,
+		Goarm:     o.Goarm,
+		Goarm64:   o.Goarm64,
+		Gomips:    o.Gomips,
+		Goppc64:   o.Goppc64,
+		Goriscv64: o.Goriscv64,
+	})
+}
+
+func formatTarget(t Target) string {
+	target := t.Goos + "_" + t.Goarch
+	if extra := t.Goamd64 + t.Go386 + t.Goarm + t.Goarm64 + t.Gomips + t.Goppc64 + t.Goriscv64; extra != "" {
 		target += "_" + extra
 	}
 	return target
@@ -61,3 +79,274 @@ func (t Target) env() []string {
 		"GORISCV64=" + t.Goriscv64,
 	}
 }
+
+func listTargets(build config.Build) ([]string, error) {
+	//nolint:prealloc
+	var targets []Target
+	//nolint:prealloc
+	var result []string
+	for _, target := range allBuildTargets(build) {
+		if !contains(target.Goos, validGoos) {
+			return result, fmt.Errorf("invalid goos: %s", target.Goos)
+		}
+		if !contains(target.Goarch, validGoarch) {
+			return result, fmt.Errorf("invalid goarch: %s", target.Goarch)
+		}
+		if target.Goamd64 != "" && !contains(target.Goamd64, validGoamd64) {
+			return result, fmt.Errorf("invalid goamd64: %s", target.Goamd64)
+		}
+		if target.Go386 != "" && !contains(target.Go386, validGo386) {
+			return result, fmt.Errorf("invalid go386: %s", target.Go386)
+		}
+		if target.Goarm != "" && !contains(target.Goarm, validGoarm) {
+			return result, fmt.Errorf("invalid goarm: %s", target.Goarm)
+		}
+		if target.Goarm64 != "" && !validGoarm64.MatchString(target.Goarm64) {
+			return result, fmt.Errorf("invalid goarm64: %s", target.Goarm64)
+		}
+		if target.Gomips != "" && !contains(target.Gomips, validGomips) {
+			return result, fmt.Errorf("invalid gomips: %s", target.Gomips)
+		}
+		if target.Goppc64 != "" && !contains(target.Goppc64, validGoppc64) {
+			return result, fmt.Errorf("invalid goppc64: %s", target.Goppc64)
+		}
+		if target.Goriscv64 != "" && !contains(target.Goriscv64, validGoriscv64) {
+			return result, fmt.Errorf("invalid goriscv64: %s", target.Goriscv64)
+		}
+		if !valid(target) {
+			log.WithField("target", target).Debug("skipped invalid build")
+			continue
+		}
+		if ignored(build, target) {
+			log.WithField("target", target).Debug("skipped ignored build")
+			continue
+		}
+		targets = append(targets, target)
+	}
+	for _, target := range targets {
+		result = append(result, target.String())
+	}
+	return result, nil
+}
+
+func allBuildTargets(build config.Build) []Target {
+	var targets []Target
+	for _, goos := range build.Goos {
+		for _, goarch := range build.Goarch {
+			switch goarch {
+			case "386":
+				for _, go386 := range build.Go386 {
+					targets = append(targets, Target{
+						Goos:   goos,
+						Goarch: goarch,
+						Go386:  go386,
+					})
+				}
+			case "amd64":
+				for _, goamd64 := range build.Goamd64 {
+					targets = append(targets, Target{
+						Goos:    goos,
+						Goarch:  goarch,
+						Goamd64: goamd64,
+					})
+				}
+			case "arm64":
+				for _, goarm64 := range build.Goarm64 {
+					targets = append(targets, Target{
+						Goos:    goos,
+						Goarch:  goarch,
+						Goarm64: goarm64,
+					})
+				}
+			case "arm":
+				for _, goarm := range build.Goarm {
+					targets = append(targets, Target{
+						Goos:   goos,
+						Goarch: goarch,
+						Goarm:  goarm,
+					})
+				}
+			case "mips", "mipsle", "mips64", "mips64le":
+				for _, gomips := range build.Gomips {
+					targets = append(targets, Target{
+						Goos:   goos,
+						Goarch: goarch,
+						Gomips: gomips,
+					})
+				}
+			case "ppc64", "ppc64le":
+				for _, goppc64 := range build.Goppc64 {
+					targets = append(targets, Target{
+						Goos:    goos,
+						Goarch:  goarch,
+						Goppc64: goppc64,
+					})
+				}
+			case "riscv64":
+				for _, goriscv64 := range build.Goriscv64 {
+					targets = append(targets, Target{
+						Goos:      goos,
+						Goarch:    goarch,
+						Goriscv64: goriscv64,
+					})
+				}
+			default:
+				targets = append(targets, Target{
+					Goos:   goos,
+					Goarch: goarch,
+				})
+			}
+		}
+	}
+	for i := range targets {
+		targets[i].Target = formatTarget(targets[i])
+	}
+	return targets
+}
+
+func ignored(build config.Build, target Target) bool {
+	for _, ig := range build.Ignore {
+		if ig.Goos != "" && ig.Goos != target.Goos {
+			continue
+		}
+		if ig.Goarch != "" && ig.Goarch != target.Goarch {
+			continue
+		}
+		if ig.Goamd64 != "" && ig.Goamd64 != target.Goamd64 {
+			continue
+		}
+		if ig.Go386 != "" && ig.Go386 != target.Go386 {
+			continue
+		}
+		if ig.Goarm != "" && ig.Goarm != target.Goarm {
+			continue
+		}
+		if ig.Goarm64 != "" && ig.Goarm64 != target.Goarm64 {
+			continue
+		}
+		if ig.Gomips != "" && ig.Gomips != target.Gomips {
+			continue
+		}
+		if ig.Goppc64 != "" && ig.Goppc64 != target.Goppc64 {
+			continue
+		}
+		if ig.Goriscv64 != "" && ig.Goriscv64 != target.Goriscv64 {
+			continue
+		}
+		return true
+	}
+	return false
+}
+
+func valid(target Target) bool {
+	return contains(target.Goos+target.Goarch, validTargets)
+}
+
+func contains(s string, ss []string) bool {
+	for _, z := range ss {
+		if z == s {
+			return true
+		}
+	}
+	return false
+}
+
+// lists from https://go.dev/doc/install/source#environment
+//
+//nolint:gochecknoglobals
+var (
+	validTargets = []string{
+		"aixppc64",
+		"android386",
+		"androidamd64",
+		"androidarm",
+		"androidarm64",
+		"darwinamd64",
+		"darwinarm64",
+		"dragonflyamd64",
+		"freebsd386",
+		"freebsdamd64",
+		"freebsdarm",
+		"freebsdarm64",
+		"illumosamd64",
+		"iosarm64",
+		"jswasm",
+		"wasip1wasm",
+		"linux386",
+		"linuxamd64",
+		"linuxarm",
+		"linuxarm64",
+		"linuxppc64",
+		"linuxppc64le",
+		"linuxmips",
+		"linuxmipsle",
+		"linuxmips64",
+		"linuxmips64le",
+		"linuxs390x",
+		"linuxriscv64",
+		"linuxloong64",
+		"netbsd386",
+		"netbsdamd64",
+		"netbsdarm",
+		"netbsdarm64",
+		"openbsd386",
+		"openbsdamd64",
+		"openbsdarm",
+		"openbsdarm64",
+		"plan9386",
+		"plan9amd64",
+		"plan9arm",
+		"solarisamd64",
+		"solarissparc",
+		"solarissparc64",
+		"windowsarm",
+		"windowsarm64",
+		"windows386",
+		"windowsamd64",
+	}
+
+	validGoos = []string{
+		"aix",
+		"android",
+		"darwin",
+		"dragonfly",
+		"freebsd",
+		"illumos",
+		"ios",
+		"js",
+		"linux",
+		"netbsd",
+		"openbsd",
+		"plan9",
+		"solaris",
+		"windows",
+		"wasip1",
+	}
+
+	validGoarch = []string{
+		"386",
+		"amd64",
+		"arm",
+		"arm64",
+		"mips",
+		"mips64",
+		"mips64le",
+		"mipsle",
+		"ppc64",
+		"ppc64le",
+		"s390x",
+		"wasm",
+		"riscv64",
+		"loong64",
+		"sparc",
+		"sparc64",
+	}
+
+	validGoamd64   = []string{"v1", "v2", "v3", "v4"}
+	validGo386     = []string{"sse2", "softfloat"}
+	validGoarm     = []string{"5", "6", "7"}
+	validGoarm64   = regexp.MustCompile(`(v8\.[0-9]|v9\.[0-5])((,lse|,crypto)?)+`)
+	validGomips    = []string{"hardfloat", "softfloat"}
+	validGoppc64   = []string{"power8", "power9", "power10"}
+	validGoriscv64 = []string{"rva20u64", "rva22u64"}
+)
diff --git a/internal/builders/buildtarget/targets_test.go b/internal/builders/golang/targets_test.go
similarity index 93%
rename from internal/builders/buildtarget/targets_test.go
rename to internal/builders/golang/targets_test.go
index f337b1d6012..abeae130c7d 100644
--- a/internal/builders/buildtarget/targets_test.go
+++ b/internal/builders/golang/targets_test.go
@@ -1,4 +1,4 @@
-package buildtarget
+package golang
 
 import (
 	"fmt"
@@ -111,7 +111,7 @@ func TestAllBuildTargets(t *testing.T) {
 	}
 
 	t.Run("go 1.18", func(t *testing.T) {
-		result, err := List(build)
+		result, err := listTargets(build)
 		require.NoError(t, err)
 		require.Equal(t, []string{
 			"linux_386_softfloat",
@@ -163,7 +163,7 @@ func TestAllBuildTargets(t *testing.T) {
 	})
 
 	t.Run("invalid goos", func(t *testing.T) {
-		_, err := List(config.Build{
+		_, err := listTargets(config.Build{
 			Goos:    []string{"invalid"},
 			Goarch:  []string{"amd64"},
 			Goamd64: []string{"v2"},
@@ -172,7 +172,7 @@ func TestAllBuildTargets(t *testing.T) {
 	})
 
 	t.Run("invalid goarch", func(t *testing.T) {
-		_, err := List(config.Build{
+		_, err := listTargets(config.Build{
 			Goos:   []string{"linux"},
 			Goarch: []string{"invalid"},
 		})
@@ -180,7 +180,7 @@ func TestAllBuildTargets(t *testing.T) {
 	})
 
 	t.Run("invalid goarm", func(t *testing.T) {
-		_, err := List(config.Build{
+		_, err := listTargets(config.Build{
 			Goos:   []string{"linux"},
 			Goarch: []string{"arm"},
 			Goarm:  []string{"invalid"},
@@ -189,7 +189,7 @@ func TestAllBuildTargets(t *testing.T) {
 	})
 
 	t.Run("invalid gomips", func(t *testing.T) {
-		_, err := List(config.Build{
+		_, err := listTargets(config.Build{
 			Goos:   []string{"linux"},
 			Goarch: []string{"mips"},
 			Gomips: []string{"invalid"},
@@ -198,7 +198,7 @@ func TestAllBuildTargets(t *testing.T) {
 	})
 
 	t.Run("invalid goamd64", func(t *testing.T) {
-		_, err := List(config.Build{
+		_, err := listTargets(config.Build{
 			Goos:    []string{"linux"},
 			Goarch:  []string{"amd64"},
 			Goamd64: []string{"invalid"},
@@ -267,14 +267,14 @@ func TestGoosGoarchCombos(t *testing.T) {
 	}
 	for _, p := range platforms {
 		t.Run(fmt.Sprintf("%v %v valid=%v", p.os, p.arch, p.valid), func(t *testing.T) {
-			require.Equal(t, p.valid, valid(target{os: p.os, arch: p.arch}))
+			require.Equal(t, p.valid, valid(Target{Goos: p.os, Goarch: p.arch}))
 		})
 	}
 }
 
-func TestList(t *testing.T) {
+func TestListTargets(t *testing.T) {
 	t.Run("success", func(t *testing.T) {
-		targets, err := List(config.Build{
+		targets, err := listTargets(config.Build{
 			Goos:    []string{"linux"},
 			Goarch:  []string{"amd64"},
 			Goamd64: []string{"v2"},
@@ -285,7 +285,7 @@ func TestList(t *testing.T) {
 	})
 
 	t.Run("success with dir", func(t *testing.T) {
-		targets, err := List(config.Build{
+		targets, err := listTargets(config.Build{
 			Goos:    []string{"linux"},
 			Goarch:  []string{"amd64"},
 			Goamd64: []string{"v2"},

From 68106919565e82b67600774990b364b4d62ee6ec Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sat, 22 Feb 2025 10:55:31 -0300
Subject: [PATCH 046/119] feat: kos.disable (#5580)

---
 internal/pipe/ko/ko.go       | 15 +++++++-
 internal/pipe/ko/ko_test.go  | 66 ++++++++++++++++++++++++++++++++++++
 pkg/config/config.go         |  3 ++
 www/docs/customization/ko.md |  6 ++++
 4 files changed, 89 insertions(+), 1 deletion(-)

diff --git a/internal/pipe/ko/ko.go b/internal/pipe/ko/ko.go
index 122de376a0d..119a2f3d69b 100644
--- a/internal/pipe/ko/ko.go
+++ b/internal/pipe/ko/ko.go
@@ -30,6 +30,7 @@ import (
 	"github.com/goreleaser/goreleaser/v2/internal/artifact"
 	"github.com/goreleaser/goreleaser/v2/internal/deprecate"
 	"github.com/goreleaser/goreleaser/v2/internal/ids"
+	"github.com/goreleaser/goreleaser/v2/internal/pipe"
 	"github.com/goreleaser/goreleaser/v2/internal/semerrgroup"
 	"github.com/goreleaser/goreleaser/v2/internal/skips"
 	"github.com/goreleaser/goreleaser/v2/internal/tmpl"
@@ -157,12 +158,24 @@ func (p Pipe) Run(ctx *context.Context) error {
 // Publish executes the Pipe.
 func (Pipe) Publish(ctx *context.Context) error {
 	g := semerrgroup.New(ctx.Parallelism)
+	skips := pipe.SkipMemento{}
 	for _, ko := range ctx.Config.Kos {
 		g.Go(func() error {
+			disable, err := tmpl.New(ctx).Bool(ko.Disable)
+			if err != nil {
+				return err
+			}
+			if disable {
+				skips.Remember(pipe.Skip("configuration is disabled"))
+				return nil
+			}
 			return doBuild(ctx, ko)
 		})
 	}
-	return g.Wait()
+	if err := g.Wait(); err != nil {
+		return err
+	}
+	return skips.Evaluate()
 }
 
 type buildOptions struct {
diff --git a/internal/pipe/ko/ko_test.go b/internal/pipe/ko/ko_test.go
index 65b3c046c9d..4f1c6b2216f 100644
--- a/internal/pipe/ko/ko_test.go
+++ b/internal/pipe/ko/ko_test.go
@@ -13,6 +13,7 @@ import (
 	"github.com/google/go-containerregistry/pkg/name"
 	"github.com/google/go-containerregistry/pkg/v1/remote"
 	"github.com/goreleaser/goreleaser/v2/internal/artifact"
+	"github.com/goreleaser/goreleaser/v2/internal/pipe"
 	"github.com/goreleaser/goreleaser/v2/internal/skips"
 	"github.com/goreleaser/goreleaser/v2/internal/testctx"
 	"github.com/goreleaser/goreleaser/v2/internal/testlib"
@@ -463,6 +464,71 @@ func TestSnapshot(t *testing.T) {
 	require.Equal(t, "default", manifests[0].Extra[artifact.ExtraID])
 }
 
+func TestDisable(t *testing.T) {
+	testlib.SkipIfWindows(t, "ko doesn't work in windows")
+	testlib.CheckDocker(t)
+	ctx := testctx.NewWithCfg(config.Project{
+		ProjectName: "test",
+		Builds: []config.Build{
+			{
+				ID: "foo",
+				BuildDetails: config.BuildDetails{
+					Ldflags: []string{"-s", "-w"},
+					Flags:   []string{"-tags", "netgo"},
+					Env:     []string{"GOCACHE=" + t.TempDir()},
+				},
+			},
+		},
+		Kos: []config.Ko{
+			{
+				ID:         "disabled",
+				Build:      "foo",
+				Disable:    "{{ not (isEnvSet \"FOO\")}}",
+				Repository: "NOPE",
+			},
+			{
+				ID:         "default",
+				Build:      "foo",
+				Repository: "testimage",
+				WorkingDir: "./testdata/app/",
+				Tags:       []string{"latest"},
+			},
+		},
+	}, testctx.WithVersion("1.2.0"), testctx.Snapshot)
+
+	require.NoError(t, Pipe{}.Default(ctx))
+	err := Pipe{}.Run(ctx)
+	require.Error(t, err)
+	require.True(t, pipe.IsSkip(err))
+
+	manifests := ctx.Artifacts.Filter(artifact.ByType(artifact.DockerManifest)).List()
+	require.Len(t, manifests, 1)
+	require.NotEmpty(t, manifests[0].Name)
+	require.Equal(t, manifests[0].Name, manifests[0].Path)
+	require.NotEmpty(t, manifests[0].Extra[artifact.ExtraDigest])
+	require.Equal(t, "default", manifests[0].Extra[artifact.ExtraID])
+}
+
+func TestDisableInvalidTemplate(t *testing.T) {
+	testlib.SkipIfWindows(t, "ko doesn't work in windows")
+	testlib.CheckDocker(t)
+	ctx := testctx.NewWithCfg(config.Project{
+		ProjectName: "test",
+		Builds:      []config.Build{{ID: "foo"}},
+		Kos: []config.Ko{
+			{
+				ID:         "disabled",
+				Build:      "foo",
+				Disable:    "{{ .nope }}",
+				Repository: "NOPE",
+			},
+		},
+	})
+
+	require.NoError(t, Pipe{}.Default(ctx))
+	testlib.RequireTemplateError(t, Pipe{}.Publish(ctx))
+}
+
 func TestKoValidateMainPathIssue4382(t *testing.T) {
 	// testing the validation of the main path directly to cover many cases
 	require.NoError(t, validateMainPath(""))
diff --git a/pkg/config/config.go b/pkg/config/config.go
index ac1fa37d9a9..271ae9c3d2b 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -414,6 +414,9 @@ type Ko struct {
 	Bare                bool              `yaml:"bare,omitempty" json:"bare,omitempty"`
 	PreserveImportPaths bool              `yaml:"preserve_import_paths,omitempty" json:"preserve_import_paths,omitempty"`
 	BaseImportPaths     bool              `yaml:"base_import_paths,omitempty" json:"base_import_paths,omitempty"`
+
+	// v2.7+
+	Disable string `yaml:"disable,omitempty" json:"disable,omitempty" jsonschema:"oneof_type=string;boolean"`
 }
 
 // Scoop contains the scoop.sh section.
diff --git a/www/docs/customization/ko.md b/www/docs/customization/ko.md
index 3b747543016..a917267759f 100644
--- a/www/docs/customization/ko.md
+++ b/www/docs/customization/ko.md
@@ -124,6 +124,12 @@ kos:
       - FOO=bar
       - SOMETHING=value
 
+    # Whether to disable this particular Ko configuration.
+    #
+    # Templates: allowed.
+    # <!-- md:inline_version v2.8-unreleased -->.
+    disable: "{{ .IsSnapshot }}"
+
     # Bare uses a tag on the $KO_DOCKER_REPO without anything additional.
     bare: true
 

From 2a8f70b1477b5860db9f1619081d6c642d1e40de Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sat, 22 Feb 2025 11:12:21 -0300
Subject: [PATCH 047/119] docs: update

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 www/docs/customization/cloudsmith.md |  7 ++++++-
 www/docs/static/schema-pro.json      | 12 +++++++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/www/docs/customization/cloudsmith.md b/www/docs/customization/cloudsmith.md
index 333d4348399..4cf96bfa722 100644
--- a/www/docs/customization/cloudsmith.md
+++ b/www/docs/customization/cloudsmith.md
@@ -73,9 +73,14 @@ cloudsmiths:
     # Map of which distribution to use for each format.
     # Publish will be skipped if this is empty/not found.
     distributions:
-      deb: "ubuntu/xenial"
       rpm: "el/7"
       alpine: "alpine/v3.8"
+      # You can also set multiple distributions for a format.
+      #
+      # <!-- md:inline_version v2.8-unreleased -->
+      deb:
+      - "ubuntu/xenial"
+      - "ubuntu/focal"
 
     # The component (channel) for the package (e.g. 'main', 'unstable', etc).
     # <!-- md:inline_version v2.7 -->
diff --git a/www/docs/static/schema-pro.json b/www/docs/static/schema-pro.json
index 5d62cde0220..08d3ea0663a 100644
--- a/www/docs/static/schema-pro.json
+++ b/www/docs/static/schema-pro.json
@@ -1135,7 +1135,7 @@
 					},
 					"distributions": {
 						"additionalProperties": {
-							"type": "string"
+							"$ref": "#/$defs/StringArray"
 						},
 						"type": "object"
 					},
@@ -2146,6 +2146,16 @@
 					},
 					"base_import_paths": {
 						"type": "boolean"
+					},
+					"disable": {
+						"oneOf": [
+							{
+								"type": "string"
+							},
+							{
+								"type": "boolean"
+							}
+						]
 					}
 				},
 				"additionalProperties": false,

From 1c6e7b17850f1670a3fb4dce0ff906434c1f44f4 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sat, 22 Feb 2025 11:32:58 -0300
Subject: [PATCH 048/119] docs: update

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 www/docs/customization/templates.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/www/docs/customization/templates.md b/www/docs/customization/templates.md
index cbaf2d210d3..a44e476a9fc 100644
--- a/www/docs/customization/templates.md
+++ b/www/docs/customization/templates.md
@@ -37,6 +37,7 @@ In fields that support templates, these fields are always available:
 | `.IsDraft`             | `true` if `release.draft` is set in the configuration, `false` otherwise                                   |
 | `.IsSnapshot`          | `true` if `--snapshot` is set, `false` otherwise                                                           |
 | `.IsNightly`           | `true` if `--nightly` is set, `false` otherwise                                                            |
+| `.IsRelease`           | `true` if regular release (not a nightly nor a snapshot) (since v2.8)[^pro]                                |
 | `.IsSingleTarget`      | `true` if `--single-target` is set, `false` otherwise (since v2.3)                                         |
 | `.Env`                 | a map with system's environment variables                                                                  |
 | `.Date`                | current UTC date in RFC 3339 format                                                                        |

From 8b5db558f4fccf68abe9f501d473366e8f10543a Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sat, 22 Feb 2025 12:35:00 -0300
Subject: [PATCH 049/119] docs: update

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 www/docs/customization/notarize.md | 176 +++++++++++++++++++++++++++--
 www/docs/static/schema-pro.json    |  82 +++++++++++++-
 www/mkdocs.yml                     |   6 +-
 3 files changed, 252 insertions(+), 12 deletions(-)

diff --git a/www/docs/customization/notarize.md b/www/docs/customization/notarize.md
index 1ca8470ade4..95b0c8d4ac2 100644
--- a/www/docs/customization/notarize.md
+++ b/www/docs/customization/notarize.md
@@ -1,15 +1,17 @@
-# Notarize macOS binaries
+# Notarize macOS binaries and DMGs
 
 GoReleaser can sign & notarize macOS binaries
-(and [Universal Binaries][unibin]) using [anchore/quill][quill].
+(and [Universal Binaries][unibin]) using [anchore/quill][quill], and DMGs on
+native macOS.
 
-To use it, you'll need:
+To use these features, you'll need:
 
 - An [Apple Developer Account](https://developer.apple.com/) ($99/year).
 - A [certificate](https://developer.apple.com/account/resources/certificates/add)
   from said account. It should be of "Developer ID Application" type.
-  This will give you a `.cer` file. You'll need to import it into KeyChain.app,
-  and then export it as a `.p12` file. It'll will have a password.
+  This will give you a `.cer` file. You'll need to import it into
+  `KeyChain.app`, and then export it as a `.p12` file. It'll will have a
+  password.
 - An App Store Connect
   [API key](https://appstoreconnect.apple.com/access/integrations/api/new).
   This will give you a `.p8` file.
@@ -19,6 +21,20 @@ So you should end up with:
 1. a `Certificates.p12` file and the password to open it
 1. a `ApiKey_AAABBBCCC.p8` file
 
+## "Binaries only"
+
+If you only want to sign and notarize your binaries, this is probably the best
+alternative.
+
+It has no external dependencies, and works on any operating system.
+
+!!! warning
+
+    Do not use this method if you create [App Bundles][appbundles].
+    App Bundles in which only the binary is signed/notarized are deemed damaged
+    by macOS.
+    In that case, use the native signing and notarizing documented below.
+
 Read the commented configuration excerpt below to learn how to use these files.
 
 ```yaml title=".goreleaser.yaml"
@@ -38,7 +54,7 @@ notarize:
         - build2
 
       # Before notarizing, we need to sign the binary.
-      # This blocks defines the configuration for doing so.
+      # This block defines the configuration for doing so.
       sign:
         # The .p12 certificate file path or its base64'd contents.
         #
@@ -99,12 +115,158 @@ notarize:
     base64 -w0 < ./ApiKey_AAABBBCCC.p8
     ```
 
-## Signing only
+### Signing only
 
 <!-- md:version v2.1 -->
 
 If you want to only sign the binaries, but not notarize them, you can simply
 leave the `notarize` section of your configuration empty.
 
+## Signing and notarizing App Bundles (and DMGs)
+
+<!-- md:pro -->
+<!-- md:version v2.8-unreleased -->
+
+This method can sign and notarize [App Bundles][appbundles], but it depends on
+`xcrun` and `codesign`.
+
+For now, it'll only work if you package your app as a [DMG][DMG], but we might
+add more support in future releases.
+
+To use this, you'll need all the steps from before, plus a profile.
+You can create the profile with:
+
+```bash
+xcrun notarytool store-credentials $MACOS_NOTARY_PROFILE \
+  --key $KEY_PATH \
+  --key-id $MACOS_NOTARY_KEY_ID \
+  --issuer $MACOS_NOTARY_ISSUER_ID \
+  --keychain $KEYCHAIN_PATH
+```
+
+See the configuration options below.
+
+```yaml title=".goreleaser.yaml"
+notarize:
+  macos_native:
+    - # Whether this configuration is enabled or not.
+      #
+      # Default: false.
+      # Templates: allowed.
+      enabled: "true"
+
+      # IDs to use to filter the built binaries.
+      #
+      # Default: the project name.
+      ids:
+        - build1
+        - build2
+
+      # Before notarizing, we need to sign the app bundle.
+      # This block defines the configuration for doing so.
+      sign:
+        # The path to the Keychain, if needed.
+        #
+        # Templates: allowed.
+        keychain: "{{ .Env.KEYCHAIN_PATH }}"
+
+        # The identity in Keychain.
+        #
+        # Templates: allowed.
+        identity: "Developer ID Application: Carlos Becker"
+
+        # Options to pass to 'codesign'.
+        options: [runtime]
+
+        # Allows to set the signature entitlements XML file.
+        #
+        # Templates: allowed.
+        entitlements: ./path/to/entitlements.xml
+
+      # Then, we notarize the DMGs.
+      notarize:
+        # Profile name.
+        #
+        # Templates: allowed.
+        profile_name: "{{ .Env.MACOS_NOTARY_PROFILE }}"
+
+        # Whether to wait for the notarization to finish.
+        # Not recommended, as it could take a really long time.
+        wait: true
+```
+
+The way this works is:
+
+```mermaid
+graph TD
+  A[Build Binaries] -->|Optionally| B[Create Universal Binaries]
+  A --> C
+  B --> C[Create App Bundles]
+  C --> D[Sign App Bundles]
+  D --> E[Create DMGs]
+  E --> F[Notarize DMGs]
+```
+
+<details>
+  <summary>
+    Set up in GitHub Actions
+  </summary>
+
+```yaml
+name: goreleaser
+# ...
+
+jobs:
+  goreleaser:
+    runs-on: macos-latest # only on macos
+    steps:
+      # ...
+      - env:
+          MACOS_SIGN_P12: ${{ secrets.MACOS_SIGN_P12 }} # base64 .p12 key
+          MACOS_SIGN_PASSWORD: ${{ secrets.MACOS_SIGN_PASSWORD }} # password to open the .p12 file
+          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} # a password for our temporary keychain
+          MACOS_NOTARY_PROFILE: ${{ secrets.MACOS_NOTARY_PROFILE }} # the profile name to create and use for notarization
+          MACOS_NOTARY_KEY: ${{ secrets.MACOS_NOTARY_KEY }} # base64 .p8 key
+          MACOS_NOTARY_KEY_ID: ${{ secrets.MACOS_NOTARY_KEY_ID }} # the .p8 key ID
+          MACOS_NOTARY_ISSUER_ID: ${{ secrets.MACOS_NOTARY_ISSUER_ID }} # the issuer UUID
+        run: |
+          # create variables
+          CERTIFICATE_PATH=$RUNNER_TEMP/goreleaser.p12
+          KEY_PATH=$RUNNER_TEMP/goreleaser.p8
+          KEYCHAIN_PATH=$RUNNER_TEMP/goreleaser.keychain-db
+
+          # import certificate and key from secrets
+          echo -n "$MACOS_SIGN_P12" | base64 --decode -o $CERTIFICATE_PATH
+          echo -n "$MACOS_NOTARY_KEY" | base64 --decode -o $KEY_PATH
+
+          # create temporary keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+          # import certificate to keychain
+          security import $CERTIFICATE_PATH -P "$MACOS_SIGN_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+          security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security list-keychain -d user -s $KEYCHAIN_PATH
+
+          # create notary profile
+          xcrun notarytool store-credentials $MACOS_NOTARY_PROFILE \
+            --key $KEY_PATH \
+            --key-id $MACOS_NOTARY_KEY_ID \
+            --issuer $MACOS_NOTARY_ISSUER_ID \
+            --keychain $KEYCHAIN_PATH
+
+      # TODO: need to export KEYCHAIN_PATH to the pipeline
+```
+
+!!! important
+
+    Make sure to read the [official GitHub Guide][gh-guide] as well.
+
+</details>
+
 [unibin]: ./universalbinaries.md
+[appbundles]: ./app_bundles.md
 [quill]: https://github.com/anchore/quill
+[DMG]: ./dmg.md
+[gh-guide]: https://docs.github.com/en/actions/use-cases-and-examples/deploying/installing-an-apple-certificate-on-macos-runners-for-xcode-development
diff --git a/www/docs/static/schema-pro.json b/www/docs/static/schema-pro.json
index 08d3ea0663a..bce840293f0 100644
--- a/www/docs/static/schema-pro.json
+++ b/www/docs/static/schema-pro.json
@@ -2336,6 +2336,21 @@
 					"key_id"
 				]
 			},
+			"MacOSNotarizeNative": {
+				"properties": {
+					"profile_name": {
+						"type": "string"
+					},
+					"wait": {
+						"type": "boolean"
+					}
+				},
+				"additionalProperties": false,
+				"type": "object",
+				"required": [
+					"profile_name"
+				]
+			},
 			"MacOSSign": {
 				"properties": {
 					"certificate": {
@@ -2355,6 +2370,30 @@
 					"password"
 				]
 			},
+			"MacOSSignNative": {
+				"properties": {
+					"identity": {
+						"type": "string"
+					},
+					"keychain": {
+						"type": "string"
+					},
+					"options": {
+						"items": {
+							"type": "string"
+						},
+						"type": "array"
+					},
+					"entitlements": {
+						"type": "string"
+					}
+				},
+				"additionalProperties": false,
+				"type": "object",
+				"required": [
+					"identity"
+				]
+			},
 			"MacOSSignNotarize": {
 				"properties": {
 					"ids": {
@@ -2386,6 +2425,38 @@
 					"sign"
 				]
 			},
+			"MacOSSignNotarizeNative": {
+				"properties": {
+					"ids": {
+						"items": {
+							"type": "string"
+						},
+						"type": "array"
+					},
+					"enabled": {
+						"oneOf": [
+							{
+								"type": "string"
+							},
+							{
+								"type": "boolean"
+							}
+						]
+					},
+					"sign": {
+						"$ref": "#/$defs/MacOSSignNative"
+					},
+					"notarize": {
+						"$ref": "#/$defs/MacOSNotarizeNative"
+					}
+				},
+				"additionalProperties": false,
+				"type": "object",
+				"required": [
+					"sign",
+					"notarize"
+				]
+			},
 			"Mastodon": {
 				"properties": {
 					"enabled": {
@@ -3224,13 +3295,16 @@
 							"$ref": "#/$defs/MacOSSignNotarize"
 						},
 						"type": "array"
+					},
+					"macos_native": {
+						"items": {
+							"$ref": "#/$defs/MacOSSignNotarizeNative"
+						},
+						"type": "array"
 					}
 				},
 				"additionalProperties": false,
-				"type": "object",
-				"required": [
-					"macos"
-				]
+				"type": "object"
 			},
 			"OpenCollective": {
 				"properties": {
diff --git a/www/mkdocs.yml b/www/mkdocs.yml
index b3d4f7cedae..0aa953e9c5f 100644
--- a/www/mkdocs.yml
+++ b/www/mkdocs.yml
@@ -286,7 +286,11 @@ markdown_extensions:
       slugify: !!python/object/apply:pymdownx.slugs.slugify
         kwds:
           case: lower
-  - pymdownx.superfences
+  - pymdownx.superfences:
+      custom_fences:
+        - name: mermaid
+          class: mermaid
+          format: !!python/name:pymdownx.superfences.fence_code_format
   - pymdownx.tasklist:
       custom_checkbox: true
   - footnotes

From dd560fec29789a59fedc66aa5f94920b5c88d306 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sat, 22 Feb 2025 12:40:19 -0300
Subject: [PATCH 050/119] docs: update

---
 www/docs/customization/notarize.md | 22 ++++++++--------------
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/www/docs/customization/notarize.md b/www/docs/customization/notarize.md
index 95b0c8d4ac2..f64ebf319ba 100644
--- a/www/docs/customization/notarize.md
+++ b/www/docs/customization/notarize.md
@@ -21,7 +21,7 @@ So you should end up with:
 1. a `Certificates.p12` file and the password to open it
 1. a `ApiKey_AAABBBCCC.p8` file
 
-## "Binaries only"
+## Binaries only
 
 If you only want to sign and notarize your binaries, this is probably the best
 alternative.
@@ -73,6 +73,8 @@ notarize:
         entitlements: ./path/to/entitlements.xml
 
       # Then, we notarize the binaries.
+      #
+      # Leave this section empty if you only want to sign the binaries. (<!-- md:version-inline v2.1 -->).
       notarize:
         # The issuer ID.
         # Its the UUID you see when creating the App Store Connect key.
@@ -115,17 +117,10 @@ notarize:
     base64 -w0 < ./ApiKey_AAABBBCCC.p8
     ```
 
-### Signing only
-
-<!-- md:version v2.1 -->
-
-If you want to only sign the binaries, but not notarize them, you can simply
-leave the `notarize` section of your configuration empty.
+## App Bundles and DMGs
 
-## Signing and notarizing App Bundles (and DMGs)
-
-<!-- md:pro -->
 <!-- md:version v2.8-unreleased -->
+<!-- md:pro -->
 
 This method can sign and notarize [App Bundles][appbundles], but it depends on
 `xcrun` and `codesign`.
@@ -212,6 +207,9 @@ graph TD
     Set up in GitHub Actions
   </summary>
 
+Make sure to read the [official GitHub Guide][gh-guide] as well, but this is how
+we are doing it, in case you want to save some time:
+
 ```yaml
 name: goreleaser
 # ...
@@ -259,10 +257,6 @@ jobs:
       # TODO: need to export KEYCHAIN_PATH to the pipeline
 ```
 
-!!! important
-
-    Make sure to read the [official GitHub Guide][gh-guide] as well.
-
 </details>
 
 [unibin]: ./universalbinaries.md

From 283dc4612175690f27d5a4d254e076ac1c67b149 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sat, 22 Feb 2025 12:42:11 -0300
Subject: [PATCH 051/119] docs: update

---
 www/docs/customization/notarize.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/www/docs/customization/notarize.md b/www/docs/customization/notarize.md
index f64ebf319ba..a779120fd63 100644
--- a/www/docs/customization/notarize.md
+++ b/www/docs/customization/notarize.md
@@ -1,4 +1,4 @@
-# Notarize macOS binaries and DMGs
+# Notarize macOS applications
 
 GoReleaser can sign & notarize macOS binaries
 (and [Universal Binaries][unibin]) using [anchore/quill][quill], and DMGs on
@@ -21,7 +21,7 @@ So you should end up with:
 1. a `Certificates.p12` file and the password to open it
 1. a `ApiKey_AAABBBCCC.p8` file
 
-## Binaries only
+## Binaries
 
 If you only want to sign and notarize your binaries, this is probably the best
 alternative.
@@ -117,7 +117,7 @@ notarize:
     base64 -w0 < ./ApiKey_AAABBBCCC.p8
     ```
 
-## App Bundles and DMGs
+## Application Bundles and DMGs
 
 <!-- md:version v2.8-unreleased -->
 <!-- md:pro -->

From 1ca6871167cde51c2bac6f1ee64e0b083123c71e Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sat, 22 Feb 2025 14:16:10 -0300
Subject: [PATCH 052/119] docs: update

---
 www/docs/customization/notarize.md | 57 ++++++++++++++++++++++--------
 1 file changed, 42 insertions(+), 15 deletions(-)

diff --git a/www/docs/customization/notarize.md b/www/docs/customization/notarize.md
index a779120fd63..69776bb1223 100644
--- a/www/docs/customization/notarize.md
+++ b/www/docs/customization/notarize.md
@@ -132,7 +132,7 @@ To use this, you'll need all the steps from before, plus a profile.
 You can create the profile with:
 
 ```bash
-xcrun notarytool store-credentials $MACOS_NOTARY_PROFILE \
+xcrun notarytool store-credentials $MACOS_NOTARY_PROFILE_NAME \
   --key $KEY_PATH \
   --key-id $MACOS_NOTARY_KEY_ID \
   --issuer $MACOS_NOTARY_ISSUER_ID \
@@ -183,7 +183,7 @@ notarize:
         # Profile name.
         #
         # Templates: allowed.
-        profile_name: "{{ .Env.MACOS_NOTARY_PROFILE }}"
+        profile_name: "{{ .Env.MACOS_NOTARY_PROFILE_NAME }}"
 
         # Whether to wait for the notarization to finish.
         # Not recommended, as it could take a really long time.
@@ -203,9 +203,9 @@ graph TD
 ```
 
 <details>
-  <summary>
-    Set up in GitHub Actions
-  </summary>
+  <summary>Set up in GitHub Actions</summary>
+
+**This is only needed for native notarization.**
 
 Make sure to read the [official GitHub Guide][gh-guide] as well, but this is how
 we are doing it, in case you want to save some time:
@@ -217,16 +217,34 @@ name: goreleaser
 jobs:
   goreleaser:
     runs-on: macos-latest # only on macos
+    env:
+      # The base64 of the contents of your '.p12' key.
+      MACOS_SIGN_P12: ${{ secrets.MACOS_SIGN_P12 }}
+
+      # The password to open the '.p12' key.
+      MACOS_SIGN_PASSWORD: ${{ secrets.MACOS_SIGN_PASSWORD }}
+
+      # A password for our temporary keychain
+      KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+
+      # The profile name to create and use for notarization.
+      # Single worded lowercase strings seems to work better.
+      MACOS_NOTARY_PROFILE_NAME: ${{ secrets.MACOS_NOTARY_PROFILE_NAME }}
+
+      # The base64 of the contents of your '.p8' key.
+      MACOS_NOTARY_KEY: ${{ secrets.MACOS_NOTARY_KEY }}
+
+      # The ID of the '.p8' key.
+      # You can find it in the filename, as well as the Apple Developer Portal
+      # website.
+      MACOS_NOTARY_KEY_ID: ${{ secrets.MACOS_NOTARY_KEY_ID }}
+
+      # The issuer UUID.
+      # You can find it in the Apple Developer Portal website.
+      MACOS_NOTARY_ISSUER_ID: ${{ secrets.MACOS_NOTARY_ISSUER_ID }}
     steps:
       # ...
-      - env:
-          MACOS_SIGN_P12: ${{ secrets.MACOS_SIGN_P12 }} # base64 .p12 key
-          MACOS_SIGN_PASSWORD: ${{ secrets.MACOS_SIGN_PASSWORD }} # password to open the .p12 file
-          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} # a password for our temporary keychain
-          MACOS_NOTARY_PROFILE: ${{ secrets.MACOS_NOTARY_PROFILE }} # the profile name to create and use for notarization
-          MACOS_NOTARY_KEY: ${{ secrets.MACOS_NOTARY_KEY }} # base64 .p8 key
-          MACOS_NOTARY_KEY_ID: ${{ secrets.MACOS_NOTARY_KEY_ID }} # the .p8 key ID
-          MACOS_NOTARY_ISSUER_ID: ${{ secrets.MACOS_NOTARY_ISSUER_ID }} # the issuer UUID
+      - name: "setup-keychain"
         run: |
           # create variables
           CERTIFICATE_PATH=$RUNNER_TEMP/goreleaser.p12
@@ -248,13 +266,22 @@ jobs:
           security list-keychain -d user -s $KEYCHAIN_PATH
 
           # create notary profile
-          xcrun notarytool store-credentials $MACOS_NOTARY_PROFILE \
+          xcrun notarytool store-credentials $MACOS_NOTARY_PROFILE_NAME \
             --key $KEY_PATH \
             --key-id $MACOS_NOTARY_KEY_ID \
             --issuer $MACOS_NOTARY_ISSUER_ID \
             --keychain $KEYCHAIN_PATH
 
-      # TODO: need to export KEYCHAIN_PATH to the pipeline
+          # export the keychain path
+          echo "KEYCHAIN_PATH=$KEYCHAIN_PATH" >>$GITHUB_ENV
+
+      # ...
+
+      - uses: goreleaser/goreleaser-action@v6
+        with:
+          distribution: goreleaser-pro
+          version: "~> v2"
+          args: release --clean
 ```
 
 </details>

From 7860f676552882ba004ce987973c8ced24e56ad3 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sat, 22 Feb 2025 15:25:06 -0300
Subject: [PATCH 053/119] docs: update

---
 www/docs/customization/notarize.md | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/www/docs/customization/notarize.md b/www/docs/customization/notarize.md
index 69776bb1223..279a4b4adaf 100644
--- a/www/docs/customization/notarize.md
+++ b/www/docs/customization/notarize.md
@@ -208,7 +208,10 @@ graph TD
 **This is only needed for native notarization.**
 
 Make sure to read the [official GitHub Guide][gh-guide] as well, but this is how
-we are doing it, in case you want to save some time:
+we are doing it, in case you want to save some time.
+
+You can also take a look at this
+[live example](https://github.com/goreleaser/example-notarized-apps).
 
 ```yaml
 name: goreleaser
@@ -228,7 +231,6 @@ jobs:
       KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
 
       # The profile name to create and use for notarization.
-      # Single worded lowercase strings seems to work better.
       MACOS_NOTARY_PROFILE_NAME: ${{ secrets.MACOS_NOTARY_PROFILE_NAME }}
 
       # The base64 of the contents of your '.p8' key.
@@ -266,10 +268,10 @@ jobs:
           security list-keychain -d user -s $KEYCHAIN_PATH
 
           # create notary profile
-          xcrun notarytool store-credentials $MACOS_NOTARY_PROFILE_NAME \
-            --key $KEY_PATH \
-            --key-id $MACOS_NOTARY_KEY_ID \
-            --issuer $MACOS_NOTARY_ISSUER_ID \
+          xcrun notarytool store-credentials "$MACOS_NOTARY_PROFILE_NAME" \
+            --key "$KEY_PATH" \
+            --key-id "$MACOS_NOTARY_KEY_ID" \
+            --issuer "$MACOS_NOTARY_ISSUER_ID" \
             --keychain $KEYCHAIN_PATH
 
           # export the keychain path

From 906ba5f7de264a332a09de3366a8e64214f338fc Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sat, 22 Feb 2025 15:26:37 -0300
Subject: [PATCH 054/119] docs: update

---
 www/docs/customization/notarize.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/www/docs/customization/notarize.md b/www/docs/customization/notarize.md
index 279a4b4adaf..f7abdd2b2fe 100644
--- a/www/docs/customization/notarize.md
+++ b/www/docs/customization/notarize.md
@@ -1,8 +1,8 @@
 # Notarize macOS applications
 
 GoReleaser can sign & notarize macOS binaries
-(and [Universal Binaries][unibin]) using [anchore/quill][quill], and DMGs on
-native macOS.
+(and [Universal Binaries][unibin]) using [anchore/quill][quill], and
+[App Bundles][appbundles] inside [DMGs][DMG] on native macOS.
 
 To use these features, you'll need:
 

From cec41bc13f68bbb609b97ada8a92964fdbaeacfd Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sat, 22 Feb 2025 15:42:02 -0300
Subject: [PATCH 055/119] docs: update

---
 www/docs/customization/notarize.md |  1 +
 www/docs/pro.md                    | 10 ++++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/www/docs/customization/notarize.md b/www/docs/customization/notarize.md
index f7abdd2b2fe..bc8fbaf55f0 100644
--- a/www/docs/customization/notarize.md
+++ b/www/docs/customization/notarize.md
@@ -171,6 +171,7 @@ notarize:
         identity: "Developer ID Application: Carlos Becker"
 
         # Options to pass to 'codesign'.
+        # You will generally want to add 'runtime' here.
         options: [runtime]
 
         # Allows to set the signature entitlements XML file.
diff --git a/www/docs/pro.md b/www/docs/pro.md
index 4f5f3850a6b..171042f3a6f 100644
--- a/www/docs/pro.md
+++ b/www/docs/pro.md
@@ -3,15 +3,18 @@
 GoReleaser Pro is a paid, closed-source GoReleaser distribution with some
 additional features:
 
+- [x] Native macOS [App Bundles][appbundles]/[DMG][DMG] signing and notarization;
+- [x] Use [AI](customization/changelog.md#enhance-with-ai) to improve/format
+      your release notes;
 - [x] Further filter artifacts with `if` statements;
-- [x] Create macOS [App Bundles](customization/app_bundles.md);
+- [x] Create macOS [App Bundles][appbundles];
 - [x] Easily create `alpine`, `apt`, and `yum` repositories with the
       [CloudSmith integration](customization/cloudsmith.md);
 - [x] Have [global defaults for homepage, description, etc](customization/metadata.md);
 - [x] Run [hooks before publishing](customization/beforepublish.md) artifacts;
 - [x] Cross publish (e.g. releases to GitLab, pushes Homebrew Tap to GitHub);
 - [x] Keep [DockerHub image descriptions up to date](customization/dockerhub.md);
-- [x] Create [macOS disk images (DMGs)](customization/dmg.md);
+- [x] Create [macOS disk images (DMGs)][DMG];
 - [x] Create [Windows installers](customization/msi.md);
 - [x] Use `goreleaser release --single-target` to build the whole pipeline for a
       single architecture locally;
@@ -97,3 +100,6 @@ Please, make sure you read and agree with our [EULA](eula.md).
 ---
 
 **✨✨ Thanks for your support! ✨✨**
+
+[appbundles]: customization/app_bundles.md
+[DMG]: customization/dmg.md

From 387406e404b5241a3e32a1c1727c1b1d912e69dd Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sat, 22 Feb 2025 15:42:38 -0300
Subject: [PATCH 056/119] docs: fix title

---
 www/mkdocs.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/mkdocs.yml b/www/mkdocs.yml
index 0aa953e9c5f..1044866cd25 100644
--- a/www/mkdocs.yml
+++ b/www/mkdocs.yml
@@ -170,7 +170,7 @@ nav:
           - customization/winget.md
           - NUR: customization/nix.md
           - AUR: customization/aur.md
-          - AURSources: customization/aursources.md
+          - AUR (Sources): customization/aursources.md
           - Krew: customization/krew.md
           - Scoop: customization/scoop.md
           - customization/changelog.md

From 6893c8cb8b0ed275d92a7842f6691cc04e4b15cf Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sat, 22 Feb 2025 15:59:53 -0300
Subject: [PATCH 057/119] docs: update

---
 www/docs/customization/notarize.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/www/docs/customization/notarize.md b/www/docs/customization/notarize.md
index bc8fbaf55f0..2a5cafe8bb4 100644
--- a/www/docs/customization/notarize.md
+++ b/www/docs/customization/notarize.md
@@ -203,8 +203,7 @@ graph TD
   E --> F[Notarize DMGs]
 ```
 
-<details>
-  <summary>Set up in GitHub Actions</summary>
+### GitHub Actions
 
 **This is only needed for native notarization.**
 
@@ -214,7 +213,10 @@ we are doing it, in case you want to save some time.
 You can also take a look at this
 [live example](https://github.com/goreleaser/example-notarized-apps).
 
-```yaml
+<details>
+  <summary>Workflow code</summary>
+
+```yaml title=".github/workflows/release.yml"
 name: goreleaser
 # ...
 

From 70f16ff3aa711f69240bb6140abcc38e02295c33 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sat, 22 Feb 2025 17:37:22 -0300
Subject: [PATCH 058/119] docs: update

---
 flake.lock                             |   6 +-
 www/docs/customization/notarize.md     | 168 +++++++++++++++++++------
 www/docs/overrides/hooks/shortcodes.py |   6 +-
 www/docs/pro.md                        |   3 +-
 4 files changed, 137 insertions(+), 46 deletions(-)

diff --git a/flake.lock b/flake.lock
index 0bc555b8188..099564ab4a4 100644
--- a/flake.lock
+++ b/flake.lock
@@ -54,11 +54,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1739020877,
-        "narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=",
+        "lastModified": 1737469691,
+        "narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "a79cfe0ebd24952b580b1cf08cd906354996d547",
+        "rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab",
         "type": "github"
       },
       "original": {
diff --git a/www/docs/customization/notarize.md b/www/docs/customization/notarize.md
index 2a5cafe8bb4..49aef1d4bc2 100644
--- a/www/docs/customization/notarize.md
+++ b/www/docs/customization/notarize.md
@@ -1,8 +1,18 @@
 # Notarize macOS applications
 
-GoReleaser can sign & notarize macOS binaries
-(and [Universal Binaries][unibin]) using [anchore/quill][quill], and
-[App Bundles][appbundles] inside [DMGs][DMG] on native macOS.
+GoReleaser has two ways to do notarization for macOS:
+
+1. Cross-platform using [anchore/quill][quill];
+2. Native using `codesign` and `xcrun` (only on macOS);
+
+The first can be used with binaries/[universal binaries][unibin] only.
+Note that putting a signed and notarized binary inside a non-notarized `.app`
+does not work!
+
+The second is the recommended way if you need to ship
+[App Bundles][appbundles] inside [DMGs][DMG].
+
+## Getting the keys
 
 To use these features, you'll need:
 
@@ -21,21 +31,34 @@ So you should end up with:
 1. a `Certificates.p12` file and the password to open it
 1. a `ApiKey_AAABBBCCC.p8` file
 
-## Binaries
+If you plan to use them in GitHub Actions (or another CI), you'll need to
+`base64` encode them as well.
+
+??? tip "base64 encoding"
 
-If you only want to sign and notarize your binaries, this is probably the best
+    To base64 encode a file, you run this:
+
+    ```bash
+    base64 -w0 < ./Certificates.p12
+    base64 -w0 < ./ApiKey_AAABBBCCC.p8
+    ```
+
+## Cross-platform
+
+If you only need to sign and notarize your binaries, this is probably the best
 alternative.
 
 It has no external dependencies, and works on any operating system.
 
-!!! warning
+???+ danger "Do not use with App Bundles"
 
     Do not use this method if you create [App Bundles][appbundles].
     App Bundles in which only the binary is signed/notarized are deemed damaged
     by macOS.
-    In that case, use the native signing and notarizing documented below.
+    In that case, use the [native signing](#application-bundles-and-dmgs) and
+    notarizing documented below.
 
-Read the commented configuration excerpt below to learn how to use these files.
+Read the commented configuration excerpt below to learn how to use do it.
 
 ```yaml title=".goreleaser.yaml"
 notarize:
@@ -74,7 +97,8 @@ notarize:
 
       # Then, we notarize the binaries.
       #
-      # Leave this section empty if you only want to sign the binaries. (<!-- md:version-inline v2.1 -->).
+      # You can leave this section empty if you only want
+      # to sign the binaries (<!-- md:inline_version v2.1 -->).
       notarize:
         # The issuer ID.
         # Its the UUID you see when creating the App Store Connect key.
@@ -108,16 +132,51 @@ notarize:
 
 <!-- md:templates -->
 
-!!! tip "base64"
+### GitHub Actions
 
-    To base64 a file, you run this:
+In this case, signing and notarizing inside GitHub Actions is just a matter of
+adding the environment variables to the `goreleaser-action` setup.
 
-    ```bash
-    base64 -w0 < ./Certificates.p12
-    base64 -w0 < ./ApiKey_AAABBBCCC.p8
-    ```
+<details>
+  <summary>release.yml</summary>
+
+```yaml title=".github/workflows/release.yml"
+name: goreleaser
+# ...
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    env:
+      # The base64 of the contents of your '.p12' key.
+      MACOS_SIGN_P12: ${{ secrets.MACOS_SIGN_P12 }}
+
+      # The password to open the '.p12' key.
+      MACOS_SIGN_PASSWORD: ${{ secrets.MACOS_SIGN_PASSWORD }}
+
+      # The base64 of the contents of your '.p8' key.
+      MACOS_NOTARY_KEY: ${{ secrets.MACOS_NOTARY_KEY }}
+
+      # The ID of the '.p8' key.
+      # You can find it in the filename, as well as the Apple Developer Portal
+      # website.
+      MACOS_NOTARY_KEY_ID: ${{ secrets.MACOS_NOTARY_KEY_ID }}
 
-## Application Bundles and DMGs
+      # The issuer UUID.
+      # You can find it in the Apple Developer Portal website.
+      MACOS_NOTARY_ISSUER_ID: ${{ secrets.MACOS_NOTARY_ISSUER_ID }}
+    steps:
+      # ...
+      - uses: goreleaser/goreleaser-action@v6
+        with:
+          distribution: goreleaser-pro
+          version: "~> v2"
+          args: release --clean
+```
+
+</details>
+
+## Native
 
 <!-- md:version v2.8-unreleased -->
 <!-- md:pro -->
@@ -125,20 +184,9 @@ notarize:
 This method can sign and notarize [App Bundles][appbundles], but it depends on
 `xcrun` and `codesign`.
 
-For now, it'll only work if you package your app as a [DMG][DMG], but we might
+For now, it'll only works if you package your app as a [DMG][DMG], but we might
 add more support in future releases.
 
-To use this, you'll need all the steps from before, plus a profile.
-You can create the profile with:
-
-```bash
-xcrun notarytool store-credentials $MACOS_NOTARY_PROFILE_NAME \
-  --key $KEY_PATH \
-  --key-id $MACOS_NOTARY_KEY_ID \
-  --issuer $MACOS_NOTARY_ISSUER_ID \
-  --keychain $KEYCHAIN_PATH
-```
-
 See the configuration options below.
 
 ```yaml title=".goreleaser.yaml"
@@ -191,17 +239,20 @@ notarize:
         wait: true
 ```
 
-The way this works is:
+<!-- md:templates -->
 
-```mermaid
-graph TD
-  A[Build Binaries] -->|Optionally| B[Create Universal Binaries]
-  A --> C
-  B --> C[Create App Bundles]
-  C --> D[Sign App Bundles]
-  D --> E[Create DMGs]
-  E --> F[Notarize DMGs]
-```
+??? tip "Creating a profile"
+
+    To use this, you'll need to create a profile with `notarytool`.
+    You can do so in your machine with:
+
+    ```bash
+    xcrun notarytool store-credentials "$MACOS_NOTARY_PROFILE_NAME" \
+      --key "$KEY_PATH" \
+      --key-id "$MACOS_NOTARY_KEY_ID" \
+      --issuer "$MACOS_NOTARY_ISSUER_ID" \
+      --keychain $KEYCHAIN_PATH
+    ```
 
 ### GitHub Actions
 
@@ -214,7 +265,7 @@ You can also take a look at this
 [live example](https://github.com/goreleaser/example-notarized-apps).
 
 <details>
-  <summary>Workflow code</summary>
+  <summary>release.yml</summary>
 
 ```yaml title=".github/workflows/release.yml"
 name: goreleaser
@@ -291,6 +342,45 @@ jobs:
 
 </details>
 
+## How it works
+
+To make the behavior of this featur a bit clearer, this is the order in which
+the relevant steps are executed:
+
+=== "Cross-platform"
+
+    The cross-platform version uses [quill][] under the hood.
+    It is imported as a Go library and built into GoReleaser, so this just
+    works.
+
+    ```mermaid
+    graph LR
+      A[Create Binaries] --> B[Sign Binaries]
+      B --> C[Notarize Binaries]
+    ```
+
+    Once the binaries are built, the notary step does everything in a single
+    run.
+    The signed binaries are then used from that point forward.
+
+=== "Native"
+
+    The native version runs `codesign` and `xcrun notarytool`.
+    It only works on macOS and needs access to a Keychain.
+
+    ```mermaid
+    graph LR
+      A[Create Binaries] --> B[Create App Bundles]
+      B --> C[Sign App Bundles]
+      C --> D[Create DMGs]
+      D --> E[Notarize DMGs]
+    ```
+
+    Here things get a little bit more complicated.
+    First, it only signs App Bundles, so they need to be created first.
+    Once the App Bundle is signed, it needs to be packaged in a DMG.
+    Finally, the DMG is notarized and used from that point on.
+
 [unibin]: ./universalbinaries.md
 [appbundles]: ./app_bundles.md
 [quill]: https://github.com/anchore/quill
diff --git a/www/docs/overrides/hooks/shortcodes.py b/www/docs/overrides/hooks/shortcodes.py
index f5cf8a5ae89..acea846c6ea 100644
--- a/www/docs/overrides/hooks/shortcodes.py
+++ b/www/docs/overrides/hooks/shortcodes.py
@@ -68,8 +68,8 @@ def _alpha_block():
 
 def _templates_ad():
     return "".join([
-        f"<div class=\"admonition tip\">",
-        f"<p class=\"admonition-title\">Tip</p>",
+        f"<details class=\"tip\">",
+        f"<summary>Template Language</summary>",
         f"<p>Discover more about the <a href=\"/customization/templates/\">name template engine</a>.</p>",
-        f"</div>"
+        f"</details>"
     ])
diff --git a/www/docs/pro.md b/www/docs/pro.md
index 171042f3a6f..ef1eb93adeb 100644
--- a/www/docs/pro.md
+++ b/www/docs/pro.md
@@ -3,7 +3,8 @@
 GoReleaser Pro is a paid, closed-source GoReleaser distribution with some
 additional features:
 
-- [x] Native macOS [App Bundles][appbundles]/[DMG][DMG] signing and notarization;
+- [x] Native macOS App Bundles signing and DMG
+      [notarization](customization/notarize.md#native);
 - [x] Use [AI](customization/changelog.md#enhance-with-ai) to improve/format
       your release notes;
 - [x] Further filter artifacts with `if` statements;

From 71066eb7f3b4f5541f6868cc9fcd14212ab3e485 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sat, 22 Feb 2025 17:47:43 -0300
Subject: [PATCH 059/119] docs: fix htmtest

---
 www/docs/customization/notarize.md | 4 ++--
 www/htmltest.yml                   | 3 +++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/www/docs/customization/notarize.md b/www/docs/customization/notarize.md
index 49aef1d4bc2..44cbe007a5d 100644
--- a/www/docs/customization/notarize.md
+++ b/www/docs/customization/notarize.md
@@ -55,8 +55,8 @@ It has no external dependencies, and works on any operating system.
     Do not use this method if you create [App Bundles][appbundles].
     App Bundles in which only the binary is signed/notarized are deemed damaged
     by macOS.
-    In that case, use the [native signing](#application-bundles-and-dmgs) and
-    notarizing documented below.
+    In that case, use the [native signing](#native) and notarizing documented
+    below.
 
 Read the commented configuration excerpt below to learn how to use do it.
 
diff --git a/www/htmltest.yml b/www/htmltest.yml
index 5a0e05f9316..75371591325 100644
--- a/www/htmltest.yml
+++ b/www/htmltest.yml
@@ -19,6 +19,9 @@ IgnoreURLs:
   - gofi.sh
   - visualstudio.com
   - iron.security
+  - hub.docker.com
+  - wixtoolset.org
+  - docs.gitlab.com
 IgnoreDirs:
   - overrides
 IgnoreDirectoryMissingTrailingSlash: true

From 59c2a546b4412aadb380b0ae9a62bed3b1469fc1 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sat, 22 Feb 2025 17:56:59 -0300
Subject: [PATCH 060/119] refactor: improve semerrogroup usage

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 internal/pipe/blob/blob.go | 11 +++--------
 internal/pipe/ko/ko.go     | 11 +++--------
 2 files changed, 6 insertions(+), 16 deletions(-)

diff --git a/internal/pipe/blob/blob.go b/internal/pipe/blob/blob.go
index fb34a32960f..7ecd794169a 100644
--- a/internal/pipe/blob/blob.go
+++ b/internal/pipe/blob/blob.go
@@ -40,8 +40,7 @@ func (Pipe) Default(ctx *context.Context) error {
 
 // Publish to specified blob bucket url.
 func (Pipe) Publish(ctx *context.Context) error {
-	g := semerrgroup.New(ctx.Parallelism)
-	skips := pipe.SkipMemento{}
+	g := semerrgroup.NewSkipAware(semerrgroup.New(ctx.Parallelism))
 	for _, conf := range ctx.Config.Blobs {
 		g.Go(func() error {
 			b, err := tmpl.New(ctx).Bool(conf.Disable)
@@ -49,14 +48,10 @@ func (Pipe) Publish(ctx *context.Context) error {
 				return err
 			}
 			if b {
-				skips.Remember(pipe.Skip("configuration is disabled"))
-				return nil
+				return pipe.Skip("configuration is disabled")
 			}
 			return doUpload(ctx, conf)
 		})
 	}
-	if err := g.Wait(); err != nil {
-		return err
-	}
-	return skips.Evaluate()
+	return g.Wait()
 }
diff --git a/internal/pipe/ko/ko.go b/internal/pipe/ko/ko.go
index 119a2f3d69b..3cce24ab514 100644
--- a/internal/pipe/ko/ko.go
+++ b/internal/pipe/ko/ko.go
@@ -157,8 +157,7 @@ func (p Pipe) Run(ctx *context.Context) error {
 
 // Publish executes the Pipe.
 func (Pipe) Publish(ctx *context.Context) error {
-	g := semerrgroup.New(ctx.Parallelism)
-	skips := pipe.SkipMemento{}
+	g := semerrgroup.NewSkipAware(semerrgroup.New(ctx.Parallelism))
 	for _, ko := range ctx.Config.Kos {
 		g.Go(func() error {
 			disable, err := tmpl.New(ctx).Bool(ko.Disable)
@@ -166,16 +165,12 @@ func (Pipe) Publish(ctx *context.Context) error {
 				return err
 			}
 			if disable {
-				skips.Remember(pipe.Skip("configuration is disabled"))
-				return nil
+				return pipe.Skip("configuration is disabled")
 			}
 			return doBuild(ctx, ko)
 		})
 	}
-	if err := g.Wait(); err != nil {
-		return err
-	}
-	return skips.Evaluate()
+	return g.Wait()
 }
 
 type buildOptions struct {

From 097fe7f23d4dc964eaa29f1027d1ad7cb573a13d Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sat, 22 Feb 2025 18:03:32 -0300
Subject: [PATCH 061/119] fix: improve log

---
 internal/middleware/errhandler/error.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/middleware/errhandler/error.go b/internal/middleware/errhandler/error.go
index 1e799ad4a17..ebb3f2fdcb1 100644
--- a/internal/middleware/errhandler/error.go
+++ b/internal/middleware/errhandler/error.go
@@ -17,7 +17,7 @@ func Handle(action middleware.Action) middleware.Action {
 			return nil
 		}
 		if pipe.IsSkip(err) {
-			log.WithField("reason", err.Error()).Warn("pipe skipped")
+			log.WithField("reason", err.Error()).Warn("pipe skipped or partially skipped")
 			return nil
 		}
 		return err

From f477d4ae8eee3a8f63f23ca1c3fc5b59165860fa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Feb 2025 09:18:18 +0000
Subject: [PATCH 062/119] chore(deps): bump github/codeql-action from 3.28.9 to
 3.28.10 (#5582)

Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.28.9 to 3.28.10.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.28.10</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.10 - 21 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li>
<li>Address an issue where the CodeQL Bundle would occasionally fail to
decompress on macOS. <a
href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.10/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.28.10 - 21 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li>
<li>Address an issue where the CodeQL Bundle would occasionally fail to
decompress on macOS. <a
href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li>
</ul>
<h2>3.28.9 - 07 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2753">#2753</a></li>
</ul>
<h2>3.28.8 - 29 Jan 2025</h2>
<ul>
<li>Enable support for Kotlin 2.1.10 when running with CodeQL CLI
v2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2744">#2744</a></li>
</ul>
<h2>3.28.7 - 29 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.6 - 27 Jan 2025</h2>
<ul>
<li>Re-enable debug artifact upload for CLI versions 2.20.3 or greater.
<a
href="https://redirect.github.com/github/codeql-action/pull/2726">#2726</a></li>
</ul>
<h2>3.28.5 - 24 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2717">#2717</a></li>
</ul>
<h2>3.28.4 - 23 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.3 - 22 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2707">#2707</a></li>
<li>Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise
Server instance which occurred when the CodeQL Bundle had been synced to
the instance using the <a
href="https://github.com/github/codeql-action-sync-tool">CodeQL Action
sync tool</a> and the Actions runner did not have Zstandard installed.
<a
href="https://redirect.github.com/github/codeql-action/pull/2710">#2710</a></li>
<li>Uploading debug artifacts for CodeQL analysis is temporarily
disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2712">#2712</a></li>
</ul>
<h2>3.28.2 - 21 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.1 - 10 Jan 2025</h2>
<ul>
<li>CodeQL Action v2 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v3. For more information, see <a
href="https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/">this
changelog post</a>. <a
href="https://redirect.github.com/github/codeql-action/pull/2677">#2677</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d"><code>b56ba49</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2778">#2778</a>
from github/update-v3.28.10-9856c48b1</li>
<li><a
href="https://github.com/github/codeql-action/commit/60c9c77c33f2cd66390a3778d54de88b735b2526"><code>60c9c77</code></a>
Update changelog for v3.28.10</li>
<li><a
href="https://github.com/github/codeql-action/commit/9856c48b1a54789454314b4c32ef2354fe213208"><code>9856c48</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2773">#2773</a>
from github/redsun82/rust</li>
<li><a
href="https://github.com/github/codeql-action/commit/9572e09da430b4c71f7488e4195b4ca6ce1c6ef0"><code>9572e09</code></a>
Rust: fix log string</li>
<li><a
href="https://github.com/github/codeql-action/commit/1a529366ac3620317d953e2d4018eafa7459cb1c"><code>1a52936</code></a>
Rust: special case default setup</li>
<li><a
href="https://github.com/github/codeql-action/commit/cf7e90952bcceaebd4a548c2809ea6a5d461a1bc"><code>cf7e909</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2772">#2772</a>
from github/update-bundle/codeql-bundle-v2.20.5</li>
<li><a
href="https://github.com/github/codeql-action/commit/b7006aab6d38638d18e38a27c18f67138529c2f8"><code>b7006aa</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.20.5</li>
<li><a
href="https://github.com/github/codeql-action/commit/cfedae723eaced5e13052b529375e7b00d49a9cd"><code>cfedae7</code></a>
Rust: throw configuration errors if requested and not correctly
enabled</li>
<li><a
href="https://github.com/github/codeql-action/commit/3971ed2a74ede0669fa7f4f5af4292030280dbfd"><code>3971ed2</code></a>
Merge branch 'main' into redsun82/rust</li>
<li><a
href="https://github.com/github/codeql-action/commit/d38c6e60dfb0232f85e388dd416559ed07da5f3a"><code>d38c6e6</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2775">#2775</a>
from github/angelapwen/bump-octokit</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0...b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.9&new-version=3.28.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/codeql.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index dbd2581de61..d50cbfe15df 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -25,6 +25,6 @@ jobs:
       - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v4
         with:
           go-version: stable
-      - uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3
-      - uses: github/codeql-action/autobuild@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3
-      - uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3
+      - uses: github/codeql-action/init@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3
+      - uses: github/codeql-action/autobuild@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3
+      - uses: github/codeql-action/analyze@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3

From 584a51b1bd021ff25703e355056e5e760f03e9fd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 24 Feb 2025 23:12:21 +0000
Subject: [PATCH 063/119] chore(deps): bump github.com/go-jose/go-jose/v4 from
 4.0.4 to 4.0.5 in the go_modules group (#5584)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps the go_modules group with 1 update:
[github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose).

Updates `github.com/go-jose/go-jose/v4` from 4.0.4 to 4.0.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/go-jose/go-jose/releases">github.com/go-jose/go-jose/v4's
releases</a>.</em></p>
<blockquote>
<h2>v4.0.5</h2>
<h2>What's Changed</h2>
<ul>
<li>Don't allow unbounded amounts of splits by <a
href="https://github.com/mcpherrinm"><code>@​mcpherrinm</code></a> in <a
href="https://redirect.github.com/go-jose/go-jose/pull/167">go-jose/go-jose#167</a></li>
</ul>
<p>Fixes <a
href="https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78">https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78</a></p>
<p>Various other dependency updates, small fixes, and documentation
updates in the full changelog</p>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/tgeoghegan"><code>@​tgeoghegan</code></a> made
their first contribution in <a
href="https://redirect.github.com/go-jose/go-jose/pull/161">go-jose/go-jose#161</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/go-jose/go-jose/compare/v4.0.4...v4.0.5">https://github.com/go-jose/go-jose/compare/v4.0.4...v4.0.5</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22"><code>99b346c</code></a>
Don't allow unbounded amounts of splits (<a
href="https://redirect.github.com/go-jose/go-jose/issues/167">#167</a>)</li>
<li><a
href="https://github.com/go-jose/go-jose/commit/22811e77bac0d484ff060d5c4351b7e295df92fb"><code>22811e7</code></a>
Fix broken link in README.md (<a
href="https://redirect.github.com/go-jose/go-jose/issues/161">#161</a>)</li>
<li><a
href="https://github.com/go-jose/go-jose/commit/9dde8493b25c1b301ca97110f57c7774513f572c"><code>9dde849</code></a>
Remove CLA mentions from CONTRIBUTING.md (<a
href="https://redirect.github.com/go-jose/go-jose/issues/160">#160</a>)</li>
<li><a
href="https://github.com/go-jose/go-jose/commit/89172c5b51f2a7492b6fc2ea22d03777c4673bbe"><code>89172c5</code></a>
Bump golang.org/x/crypto from 0.31.0 to 0.32.0 (<a
href="https://redirect.github.com/go-jose/go-jose/issues/158">#158</a>)</li>
<li><a
href="https://github.com/go-jose/go-jose/commit/ee05e015574c7d4c55b9a802e9637327d7d2606a"><code>ee05e01</code></a>
Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (<a
href="https://redirect.github.com/go-jose/go-jose/issues/157">#157</a>)</li>
<li><a
href="https://github.com/go-jose/go-jose/commit/c0aef3ef5eaf5ad5fdfae9de426ebea91778f3e4"><code>c0aef3e</code></a>
Bump golang.org/x/crypto from 0.25.0 to 0.31.0 (<a
href="https://redirect.github.com/go-jose/go-jose/issues/156">#156</a>)</li>
<li><a
href="https://github.com/go-jose/go-jose/commit/fdc2ceb0bbe2a29c582edfe07ea914c8dacd7e1b"><code>fdc2ceb</code></a>
Remove export disclaimer (<a
href="https://redirect.github.com/go-jose/go-jose/issues/146">#146</a>)</li>
<li><a
href="https://github.com/go-jose/go-jose/commit/10c69ef86e2b6997b25552aa391b48f1240cfe66"><code>10c69ef</code></a>
Short circuit return errors from <code>JSONWebKey.UnmarshalJSON()</code>
(<a
href="https://redirect.github.com/go-jose/go-jose/issues/141">#141</a>)</li>
<li>See full diff in <a
href="https://github.com/go-jose/go-jose/compare/v4.0.4...v4.0.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-jose/go-jose/v4&package-manager=go_modules&previous-version=4.0.4&new-version=4.0.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/goreleaser/goreleaser/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b8e8c030d32..660616ca8ef 100644
--- a/go.mod
+++ b/go.mod
@@ -190,7 +190,7 @@ require (
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.6.1 // indirect
 	github.com/go-git/go-git/v5 v5.13.1 // indirect
-	github.com/go-jose/go-jose/v4 v4.0.4 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.5 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/analysis v0.23.0 // indirect
diff --git a/go.sum b/go.sum
index a2b32571c22..d8c2878428f 100644
--- a/go.sum
+++ b/go.sum
@@ -346,8 +346,8 @@ github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMj
 github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
 github.com/go-git/go-git/v5 v5.13.1 h1:DAQ9APonnlvSWpvolXWIuV6Q6zXy2wHbN4cVlNR5Q+M=
 github.com/go-git/go-git/v5 v5.13.1/go.mod h1:qryJB4cSBoq3FRoBRf5A77joojuBcmPJ0qu3XXXVixc=
-github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
-github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
+github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE=
+github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=

From 780cc080608df84d36a45f4eb0b576270278b5fb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 25 Feb 2025 08:34:27 +0000
Subject: [PATCH 064/119] chore(deps): bump dagger/dagger-for-github from 7.0.6
 to 8.0.0 (#5585)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[dagger/dagger-for-github](https://github.com/dagger/dagger-for-github)
from 7.0.6 to 8.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dagger/dagger-for-github/releases">dagger/dagger-for-github's
releases</a>.</em></p>
<blockquote>
<h2>8.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>chore: bump default dagger version to v0.16.1 by <a
href="https://github.com/sipsma"><code>@​sipsma</code></a> in <a
href="https://redirect.github.com/dagger/dagger-for-github/pull/175">dagger/dagger-for-github#175</a></li>
<li>feat: makes dagger version required by <a
href="https://github.com/jpadams"><code>@​jpadams</code></a> in <a
href="https://redirect.github.com/dagger/dagger-for-github/pull/176">dagger/dagger-for-github#176</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dagger/dagger-for-github/compare/v7...8.0.0">https://github.com/dagger/dagger-for-github/compare/v7...8.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dagger/dagger-for-github/commit/e47aba410ef9bb9ed81a4d2a97df31061e5e842e"><code>e47aba4</code></a>
chore: remove dev module for version bumps</li>
<li><a
href="https://github.com/dagger/dagger-for-github/commit/bdb568fee581b0d2a6594398fe72f21e8cc17142"><code>bdb568f</code></a>
chore: update README action 8.0.0, dagger latest</li>
<li><a
href="https://github.com/dagger/dagger-for-github/commit/252049295eac4b773cd78b7cf516bc14a1a252fd"><code>2520492</code></a>
feat: makes dagger version required</li>
<li><a
href="https://github.com/dagger/dagger-for-github/commit/361ee54b83748b86a9592e223498bba78061e17f"><code>361ee54</code></a>
chore: bump default dagger version to v0.16.1</li>
<li>See full diff in <a
href="https://github.com/dagger/dagger-for-github/compare/v7.0.6...8.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dagger/dagger-for-github&package-manager=github_actions&previous-version=7.0.6&new-version=8.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/codeql.yml       | 2 +-
 .github/workflows/dagger-build.yml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index d50cbfe15df..34348eec250 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -17,7 +17,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-      - uses: dagger/dagger-for-github@v7.0.6
+      - uses: dagger/dagger-for-github@8.0.0
         with:
           verb: develop
           args: "-q"
diff --git a/.github/workflows/dagger-build.yml b/.github/workflows/dagger-build.yml
index f5e341f161e..2b425ebc263 100644
--- a/.github/workflows/dagger-build.yml
+++ b/.github/workflows/dagger-build.yml
@@ -22,10 +22,10 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
         with:
           fetch-depth: 0
-      - uses: dagger/dagger-for-github@v7.0.6
+      - uses: dagger/dagger-for-github@8.0.0
         with:
           args: build -o ./goreleaser
           engine-stop: false
-      - uses: dagger/dagger-for-github@v7.0.6
+      - uses: dagger/dagger-for-github@8.0.0
         with:
           args: test coverage-report -o ./coverage.txt

From 5d1ac7bca94a929200b622af4f6a442b01d61b88 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 25 Feb 2025 08:58:46 +0000
Subject: [PATCH 065/119] chore(deps): bump github.com/muesli/termenv from
 0.15.2 to 0.16.0 (#5588)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [github.com/muesli/termenv](https://github.com/muesli/termenv)
from 0.15.2 to 0.16.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/muesli/termenv/releases">github.com/muesli/termenv's
releases</a>.</em></p>
<blockquote>
<h2>v0.16.0</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps): bump github.com/mattn/go-isatty from 0.0.18 to 0.0.19
by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>
in <a
href="https://redirect.github.com/muesli/termenv/pull/137">muesli/termenv#137</a></li>
<li>build(deps): bump golang.org/x/sys from 0.7.0 to 0.10.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/muesli/termenv/pull/142">muesli/termenv#142</a></li>
<li>fix(output): export output writer by <a
href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a>
in <a
href="https://redirect.github.com/muesli/termenv/pull/122">muesli/termenv#122</a></li>
<li>docs: update alacritty OSC 8 support documentation by <a
href="https://github.com/Thesmader"><code>@​Thesmader</code></a> in <a
href="https://redirect.github.com/muesli/termenv/pull/157">muesli/termenv#157</a></li>
<li>fix(termenv): prevent hang in Emacs shell by <a
href="https://github.com/bard"><code>@​bard</code></a> in <a
href="https://redirect.github.com/muesli/termenv/pull/152">muesli/termenv#152</a></li>
<li>feat: ghostty is truecolor by <a
href="https://github.com/caarlos0"><code>@​caarlos0</code></a> in <a
href="https://redirect.github.com/muesli/termenv/pull/161">muesli/termenv#161</a></li>
<li>fix: do not use ioutil and other fixes by <a
href="https://github.com/caarlos0"><code>@​caarlos0</code></a> in <a
href="https://redirect.github.com/muesli/termenv/pull/162">muesli/termenv#162</a></li>
<li>Use <code>uniseg.StringWidth</code> by <a
href="https://github.com/maaslalani"><code>@​maaslalani</code></a> in <a
href="https://redirect.github.com/muesli/termenv/pull/164">muesli/termenv#164</a></li>
<li>Add support for building on z/OS by <a
href="https://github.com/dustin-ward"><code>@​dustin-ward</code></a> in
<a
href="https://redirect.github.com/muesli/termenv/pull/165">muesli/termenv#165</a></li>
<li>feat: Profile.Name() by <a
href="https://github.com/caarlos0"><code>@​caarlos0</code></a> in <a
href="https://redirect.github.com/muesli/termenv/pull/163">muesli/termenv#163</a></li>
<li>Fix lint comments (godot) by <a
href="https://github.com/maaslalani"><code>@​maaslalani</code></a> in <a
href="https://redirect.github.com/muesli/termenv/pull/160">muesli/termenv#160</a></li>
<li>feat: mark more term as truecolor by <a
href="https://github.com/caarlos0"><code>@​caarlos0</code></a> in <a
href="https://redirect.github.com/muesli/termenv/pull/171">muesli/termenv#171</a></li>
<li>feat: rio is truecolor, xterm is ansi by <a
href="https://github.com/caarlos0"><code>@​caarlos0</code></a> in <a
href="https://redirect.github.com/muesli/termenv/pull/174">muesli/termenv#174</a></li>
<li>build(deps): bump golang.org/x/crypto from 0.3.0 to 0.31.0 in
/examples/ssh by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/muesli/termenv/pull/175">muesli/termenv#175</a></li>
<li>update deps, fixes lint issues by <a
href="https://github.com/caarlos0"><code>@​caarlos0</code></a> in <a
href="https://redirect.github.com/muesli/termenv/pull/183">muesli/termenv#183</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Thesmader"><code>@​Thesmader</code></a>
made their first contribution in <a
href="https://redirect.github.com/muesli/termenv/pull/157">muesli/termenv#157</a></li>
<li><a href="https://github.com/bard"><code>@​bard</code></a> made their
first contribution in <a
href="https://redirect.github.com/muesli/termenv/pull/152">muesli/termenv#152</a></li>
<li><a
href="https://github.com/maaslalani"><code>@​maaslalani</code></a> made
their first contribution in <a
href="https://redirect.github.com/muesli/termenv/pull/164">muesli/termenv#164</a></li>
<li><a
href="https://github.com/dustin-ward"><code>@​dustin-ward</code></a>
made their first contribution in <a
href="https://redirect.github.com/muesli/termenv/pull/165">muesli/termenv#165</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/muesli/termenv/compare/v0.15.2...v0.16.0">https://github.com/muesli/termenv/compare/v0.15.2...v0.16.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/muesli/termenv/commit/2e6fa35162bb1c735367736319813b2dc01a77a4"><code>2e6fa35</code></a>
fix: more lint issues</li>
<li><a
href="https://github.com/muesli/termenv/commit/44c68255681e21655a4f8d8627c554c51a9288e9"><code>44c6825</code></a>
ci: fix lint-soft job</li>
<li><a
href="https://github.com/muesli/termenv/commit/46061a44b288d8c54460c0d821c20cf20d45d72c"><code>46061a4</code></a>
ci: fix lint job</li>
<li><a
href="https://github.com/muesli/termenv/commit/44e5a501a8e59d1c239cd995a9fb2b6ecfe1be02"><code>44e5a50</code></a>
chore(deps): update actions</li>
<li><a
href="https://github.com/muesli/termenv/commit/34b0cf0d640735abc99dfac8b7517518c015f975"><code>34b0cf0</code></a>
fix: goveralls, maybe</li>
<li><a
href="https://github.com/muesli/termenv/commit/b470d69e6d6356496491a7e0e6ad8377b1e0b2a1"><code>b470d69</code></a>
fix: lint issues</li>
<li><a
href="https://github.com/muesli/termenv/commit/944e1cdb0261e2e5ff8675d7ad914abae78431ac"><code>944e1cd</code></a>
build(deps): update go-isatty, uniseg, x/sys</li>
<li><a
href="https://github.com/muesli/termenv/commit/8c990cd6cf4b22bbbb3f94dc189f11d21b2ab028"><code>8c990cd</code></a>
build(deps): bump golang.org/x/crypto in /examples/ssh</li>
<li><a
href="https://github.com/muesli/termenv/commit/0d230cb6eb152b659a6657da6bce9f6b3bcd6523"><code>0d230cb</code></a>
feat: rio is truecolor, xterm is ansi (<a
href="https://redirect.github.com/muesli/termenv/issues/174">#174</a>)</li>
<li><a
href="https://github.com/muesli/termenv/commit/82936c5ea257b458deb5238e6093773b42c43773"><code>82936c5</code></a>
feat: mark more terminals as truecolor (<a
href="https://redirect.github.com/muesli/termenv/issues/171">#171</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/muesli/termenv/compare/v0.15.2...v0.16.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/muesli/termenv&package-manager=go_modules&previous-version=0.15.2&new-version=0.16.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 660616ca8ef..c5573ae71d7 100644
--- a/go.mod
+++ b/go.mod
@@ -38,7 +38,7 @@ require (
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/muesli/mango-cobra v1.2.0
 	github.com/muesli/roff v0.1.0
-	github.com/muesli/termenv v0.15.2
+	github.com/muesli/termenv v0.16.0
 	github.com/ory/dockertest/v3 v3.11.0
 	github.com/slack-go/slack v0.16.0
 	github.com/spf13/cobra v1.9.1
diff --git a/go.sum b/go.sum
index d8c2878428f..2cca128a1e2 100644
--- a/go.sum
+++ b/go.sum
@@ -639,8 +639,8 @@ github.com/muesli/mango-pflag v0.1.0 h1:UADqbYgpUyRoBja3g6LUL+3LErjpsOwaC9ywvBWe
 github.com/muesli/mango-pflag v0.1.0/go.mod h1:YEQomTxaCUp8PrbhFh10UfbhbQrM/xJ4i2PB8VTLLW0=
 github.com/muesli/roff v0.1.0 h1:YD0lalCotmYuF5HhZliKWlIx7IEhiXeSfq7hNjFqGF8=
 github.com/muesli/roff v0.1.0/go.mod h1:pjAHQM9hdUUwm/krAfrLGgJkXJ+YuhtsfZ42kieB2Ig=
-github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo=
-github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8=
+github.com/muesli/termenv v0.16.0 h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc=
+github.com/muesli/termenv v0.16.0/go.mod h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk=
 github.com/multiformats/go-base32 v0.1.0 h1:pVx9xoSPqEIQG8o+UbAe7DNi51oej1NtK+aGkbLYxPE=
 github.com/multiformats/go-base32 v0.1.0/go.mod h1:Kj3tFY6zNr+ABYMqeUNeGvkIC/UYgtWibDcT0rExnbI=
 github.com/multiformats/go-base36 v0.2.0 h1:lFsAbNOGeKtuKozrtBsAkSVhv1p9D0/qedU9rQyccr0=

From 740905873e42e42d97c7cb0d0f1a07ce7703a963 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 25 Feb 2025 08:58:52 +0000
Subject: [PATCH 066/119] chore(deps): bump golang.org/x/oauth2 from 0.26.0 to
 0.27.0 (#5586)

Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from
0.26.0 to 0.27.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/oauth2/commit/681b4d8edca1bcfea5bce685d77ea7b82ed3e7b3"><code>681b4d8</code></a>
jws: split token into fixed number of parts</li>
<li><a
href="https://github.com/golang/oauth2/commit/3f78298beea38fb76a3fbca33e3056f4b7eb5502"><code>3f78298</code></a>
all: upgrade go directive to at least 1.23.0 [generated]</li>
<li><a
href="https://github.com/golang/oauth2/commit/109dabf9017129171d1807e485ca5633ecd095ac"><code>109dabf</code></a>
endpoints: add links/provider for Discord</li>
<li><a
href="https://github.com/golang/oauth2/commit/ac571fa341c2a2b979d2b2c8341fd24767ef5d47"><code>ac571fa</code></a>
oauth2: fix docs for Config.DeviceAuth</li>
<li><a
href="https://github.com/golang/oauth2/commit/314ee5b92bf23c4973aa8e61eba3ff458e80eef2"><code>314ee5b</code></a>
endpoints: add patreon endpoint</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.26.0...v0.27.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/oauth2&package-manager=go_modules&previous-version=0.26.0&new-version=0.27.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index c5573ae71d7..170df78aefa 100644
--- a/go.mod
+++ b/go.mod
@@ -47,7 +47,7 @@ require (
 	gitlab.com/gitlab-org/api/client-go v0.123.0
 	gocloud.dev v0.40.0
 	golang.org/x/crypto v0.33.0
-	golang.org/x/oauth2 v0.26.0
+	golang.org/x/oauth2 v0.27.0
 	golang.org/x/sync v0.11.0
 	golang.org/x/text v0.22.0
 	golang.org/x/tools v0.30.0
diff --git a/go.sum b/go.sum
index 2cca128a1e2..741a2d76ecf 100644
--- a/go.sum
+++ b/go.sum
@@ -960,8 +960,8 @@ golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
 golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
 golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.26.0 h1:afQXWNNaeC4nvZ0Ed9XvCCzXM6UHJG7iCg0W4fPqSBE=
-golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
+golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=

From 548d790088d795ce6a7d71d311469747e2c4562d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 25 Feb 2025 09:09:18 +0000
Subject: [PATCH 067/119] chore(deps): bump golang.org/x/crypto from 0.33.0 to
 0.35.0 (#5587)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from
0.33.0 to 0.35.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22"><code>7292932</code></a>
ssh: limit the size of the internal packet queue while waiting for
KEX</li>
<li><a
href="https://github.com/golang/crypto/commit/f66f74b0a406b5f6909183531ace593857f1646c"><code>f66f74b</code></a>
acme/autocert: check host policy before probing the cache</li>
<li><a
href="https://github.com/golang/crypto/commit/b0784b7bfbe0b2c9a59afc1248ed3cb4b6652e85"><code>b0784b7</code></a>
x509roots/fallback: drop obsolete build constraint</li>
<li><a
href="https://github.com/golang/crypto/commit/911360c8a4f464342b9fe7c23632be57fca87b20"><code>911360c</code></a>
all: bump golang.org/x/crypto dependencies of asm generators</li>
<li><a
href="https://github.com/golang/crypto/commit/89ff08d67c4d79f9ac619aaf1f7388888798651f"><code>89ff08d</code></a>
all: upgrade go directive to at least 1.23.0 [generated]</li>
<li><a
href="https://github.com/golang/crypto/commit/e47973b1c1089f6c67ab89261f7aa067b3d611d2"><code>e47973b</code></a>
all: update certs for go1.24</li>
<li>See full diff in <a
href="https://github.com/golang/crypto/compare/v0.33.0...v0.35.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/crypto&package-manager=go_modules&previous-version=0.33.0&new-version=0.35.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 170df78aefa..5154aad9924 100644
--- a/go.mod
+++ b/go.mod
@@ -46,7 +46,7 @@ require (
 	github.com/ulikunitz/xz v0.5.12
 	gitlab.com/gitlab-org/api/client-go v0.123.0
 	gocloud.dev v0.40.0
-	golang.org/x/crypto v0.33.0
+	golang.org/x/crypto v0.35.0
 	golang.org/x/oauth2 v0.27.0
 	golang.org/x/sync v0.11.0
 	golang.org/x/text v0.22.0
diff --git a/go.sum b/go.sum
index 741a2d76ecf..bb11b04a7ad 100644
--- a/go.sum
+++ b/go.sum
@@ -919,8 +919,8 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
-golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
-golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
+golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
+golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c h1:7dEasQXItcW1xKJ2+gg5VOiBnqWrJc+rq0DPKyvvdbY=
 golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8=

From feff89672216e04a39f60d63166c018426c1b15c Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Tue, 25 Feb 2025 11:21:12 -0300
Subject: [PATCH 068/119] docs: mention url_template change

refs https://github.com/orgs/goreleaser/discussions/5589
---
 www/docs/customization/release.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/www/docs/customization/release.md b/www/docs/customization/release.md
index 0c4bdeb7005..d7e8b4a1bd4 100644
--- a/www/docs/customization/release.md
+++ b/www/docs/customization/release.md
@@ -68,6 +68,9 @@ release:
   # publish a binary from a monorepo into a public repository somewhere, without
   # the tag prefix.
   #
+  # Note: if you change this, you might want to change 'url_template' in the
+  # subsequent publishers and announcers.
+  #
   # This feature is only available in GoReleaser Pro.
   # Default: '{{ .PrefixedCurrentTag }}'.
   # Templates: allowed.

From 8311e4a11df26e574578973b9acd39018c1dfcb0 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Tue, 25 Feb 2025 22:41:02 -0300
Subject: [PATCH 069/119] fix: artifact extras.format for archive when binary

---
 internal/pipe/archive/archive.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/pipe/archive/archive.go b/internal/pipe/archive/archive.go
index a83255e36e9..7c5c0054905 100644
--- a/internal/pipe/archive/archive.go
+++ b/internal/pipe/archive/archive.go
@@ -298,7 +298,7 @@ func skip(ctx *context.Context, archive config.Archive, binaries []*artifact.Art
 			Target:    binary.Target,
 			Extra: map[string]interface{}{
 				artifact.ExtraID:       archive.ID,
-				artifact.ExtraFormat:   archive.Format,
+				artifact.ExtraFormat:   "binary",
 				artifact.ExtraBinary:   binary.Name,
 				artifact.ExtraReplaces: binaries[0].Extra[artifact.ExtraReplaces],
 			},

From 4a246b6b4ab227274daaffb8d81b794252821087 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Tue, 25 Feb 2025 22:42:29 -0300
Subject: [PATCH 070/119] fix: snapcraft build filters

---
 internal/pipe/snapcraft/snapcraft.go      | 18 ++++++++----------
 internal/pipe/snapcraft/snapcraft_test.go |  6 +-----
 2 files changed, 9 insertions(+), 15 deletions(-)

diff --git a/internal/pipe/snapcraft/snapcraft.go b/internal/pipe/snapcraft/snapcraft.go
index 8cf4bceff73..6f6d53172b7 100644
--- a/internal/pipe/snapcraft/snapcraft.go
+++ b/internal/pipe/snapcraft/snapcraft.go
@@ -143,11 +143,6 @@ func (Pipe) Default(ctx *context.Context) error {
 				snap.ChannelTemplates = []string{"edge", "beta", "candidate", "stable"}
 			}
 		}
-		if len(snap.Builds) == 0 {
-			for _, b := range ctx.Config.Builds {
-				snap.Builds = append(snap.Builds, b.ID)
-			}
-		}
 		ids.Inc(snap.ID)
 	}
 	return ids.Validate()
@@ -190,12 +185,15 @@ func doRun(ctx *context.Context, snap config.Snapcraft) error {
 	}
 
 	g := semerrgroup.NewBlockingFirst(semerrgroup.New(ctx.Parallelism))
+	filters := []artifact.Filter{
+		artifact.ByGoos("linux"),
+		artifact.ByType(artifact.Binary),
+	}
+	if len(snap.IDs) > 0 {
+		filters = append(filters, artifact.ByIDs(snap.IDs...))
+	}
 	for platform, binaries := range ctx.Artifacts.Filter(
-		artifact.And(
-			artifact.ByGoos("linux"),
-			artifact.ByType(artifact.Binary),
-			artifact.ByIDs(snap.Builds...),
-		),
+		artifact.And(filters...),
 	).GroupByPlatform() {
 		arch := linuxArch(platform)
 		if !isValidArch(arch) {
diff --git a/internal/pipe/snapcraft/snapcraft_test.go b/internal/pipe/snapcraft/snapcraft_test.go
index f5498d270c0..7c42d28a6cb 100644
--- a/internal/pipe/snapcraft/snapcraft_test.go
+++ b/internal/pipe/snapcraft/snapcraft_test.go
@@ -495,7 +495,6 @@ func TestExtraFile(t *testing.T) {
 
 func TestDefault(t *testing.T) {
 	ctx := testctx.NewWithCfg(config.Project{
-		Builds: []config.Build{{ID: "foo"}},
 		Snapcrafts: []config.Snapcraft{{
 			Description: "hi",
 			Summary:     "hi",
@@ -503,7 +502,6 @@ func TestDefault(t *testing.T) {
 	})
 	require.NoError(t, Pipe{}.Default(ctx))
 	require.Equal(t, defaultNameTemplate, ctx.Config.Snapcrafts[0].NameTemplate)
-	require.Equal(t, []string{"foo"}, ctx.Config.Snapcrafts[0].Builds)
 	require.Equal(t, []string{"edge", "beta", "candidate", "stable"}, ctx.Config.Snapcrafts[0].ChannelTemplates)
 	require.Equal(t, "stable", ctx.Config.Snapcrafts[0].Grade)
 	require.Equal(t, "strict", ctx.Config.Snapcrafts[0].Confinement)
@@ -531,8 +529,7 @@ func TestDefaultNoSummary(t *testing.T) {
 
 func TestDefaultGradeTmpl(t *testing.T) {
 	ctx := testctx.NewWithCfg(config.Project{
-		Env:    []string{"Grade=devel"},
-		Builds: []config.Build{{ID: "foo"}},
+		Env: []string{"Grade=devel"},
 		Snapcrafts: []config.Snapcraft{
 			{
 				Grade:       "{{.Env.Grade}}",
@@ -543,7 +540,6 @@ func TestDefaultGradeTmpl(t *testing.T) {
 	})
 	require.NoError(t, Pipe{}.Default(ctx))
 	require.Equal(t, defaultNameTemplate, ctx.Config.Snapcrafts[0].NameTemplate)
-	require.Equal(t, []string{"foo"}, ctx.Config.Snapcrafts[0].Builds)
 	require.Equal(t, []string{"edge", "beta"}, ctx.Config.Snapcrafts[0].ChannelTemplates)
 	require.Equal(t, "devel", ctx.Config.Snapcrafts[0].Grade)
 }

From 8441b6e46014c37225f891dcabfd49cd90bbef32 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Tue, 25 Feb 2025 22:43:22 -0300
Subject: [PATCH 071/119] feat: archive.builds -> archive.ids

refs #5596
---
 internal/pipe/archive/archive.go |  8 ++++++--
 pkg/config/config.go             |  5 ++++-
 www/docs/deprecations.md         | 21 +++++++++++++++++++++
 3 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/internal/pipe/archive/archive.go b/internal/pipe/archive/archive.go
index 7c5c0054905..93e0cfaf637 100644
--- a/internal/pipe/archive/archive.go
+++ b/internal/pipe/archive/archive.go
@@ -76,6 +76,10 @@ func (Pipe) Default(ctx *context.Context) error {
 		if archive.ID == "" {
 			archive.ID = "default"
 		}
+		if len(archive.Builds) > 0 {
+			deprecate.Notice(ctx, "archives.builds")
+			archive.IDs = append(archive.IDs, archive.Builds...)
+		}
 		if len(archive.Files) == 0 {
 			archive.Files = []config.File{
 				{Source: "license*", Default: true},
@@ -117,8 +121,8 @@ func (Pipe) Run(ctx *context.Context) error {
 			artifact.ByType(artifact.CArchive),
 			artifact.ByType(artifact.CShared),
 		)}
-		if len(archive.Builds) > 0 {
-			filter = append(filter, artifact.ByIDs(archive.Builds...))
+		if len(archive.IDs) > 0 {
+			filter = append(filter, artifact.ByIDs(archive.IDs...))
 		}
 
 		isBinary := slices.Contains(archive.Formats, "binary")
diff --git a/pkg/config/config.go b/pkg/config/config.go
index 271ae9c3d2b..cc224a8679e 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -751,7 +751,7 @@ type UPX struct {
 // Archive config used for the archive.
 type Archive struct {
 	ID                        string           `yaml:"id,omitempty" json:"id,omitempty"`
-	Builds                    []string         `yaml:"builds,omitempty" json:"builds,omitempty"`
+	IDs                       []string         `yaml:"ids,omitempty" json:"ids,omitempty"`
 	BuildsInfo                FileInfo         `yaml:"builds_info,omitempty" json:"builds_info,omitempty"`
 	NameTemplate              string           `yaml:"name_template,omitempty" json:"name_template,omitempty"`
 	Formats                   StringArray      `yaml:"formats,omitempty" json:"formats,omitempty" jsonschema:"enum=tar,enum=tgz,enum=tar.gz,enum=zip,enum=gz,enum=tar.xz,enum=txz,enum=binary,default=tar.gz"`
@@ -764,6 +764,9 @@ type Archive struct {
 
 	// Deprecated: use [Formats] instead.
 	Format string `yaml:"format,omitempty" json:"format,omitempty" jsonschema:"enum=tar,enum=tgz,enum=tar.gz,enum=zip,enum=gz,enum=tar.xz,enum=txz,enum=binary,default=tar.gz"`
+
+	// Deprecated: use [IDs] instead.
+	Builds []string `yaml:"builds,omitempty" json:"builds,omitempty"`
 }
 
 type ReleaseNotesMode string
diff --git a/www/docs/deprecations.md b/www/docs/deprecations.md
index 2e48d4cac43..3c54e0a66ac 100644
--- a/www/docs/deprecations.md
+++ b/www/docs/deprecations.md
@@ -39,6 +39,27 @@ Description.
 
 -->
 
+### archives.builds
+
+> since v2.8
+
+The `builds` field has been replaced with the `ids`, which is the nomenclature
+used everywhere else.
+
+=== "Before"
+
+    ```yaml
+    archives:
+      builds: [a, b]
+    ```
+
+=== "After"
+
+    ```yaml
+    archives:
+      ids: [a, b]
+    ```
+
 ### archives.format
 
 > since v2.6

From a7399570605ab91b850b8853b973471d1baf0311 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Tue, 25 Feb 2025 22:43:56 -0300
Subject: [PATCH 072/119] feat: nfpms.builds -> nfpms.ids

refs #5596
---
 internal/pipe/nfpm/nfpm.go      | 10 +++++++---
 internal/pipe/nfpm/nfpm_test.go |  2 +-
 pkg/config/config.go            |  5 ++++-
 www/docs/deprecations.md        | 21 +++++++++++++++++++++
 4 files changed, 33 insertions(+), 5 deletions(-)

diff --git a/internal/pipe/nfpm/nfpm.go b/internal/pipe/nfpm/nfpm.go
index 365dd46e1fe..49e5059ef1a 100644
--- a/internal/pipe/nfpm/nfpm.go
+++ b/internal/pipe/nfpm/nfpm.go
@@ -73,6 +73,10 @@ func (Pipe) Default(ctx *context.Context) error {
 		if fpm.Maintainer == "" {
 			deprecate.NoticeCustom(ctx, "nfpms.maintainer", "`{{ .Property }}` should always be set, check {{ .URL }} for more info")
 		}
+		if len(fpm.Builds) > 0 {
+			deprecate.Notice(ctx, "nfpms.builds")
+			fpm.IDs = append(fpm.IDs, fpm.Builds...)
+		}
 		ids.Inc(fpm.ID)
 	}
 
@@ -115,14 +119,14 @@ func doRun(ctx *context.Context, fpm config.NFPM) error {
 			artifact.ByGoos("aix"),
 		),
 	}
-	if len(fpm.Builds) > 0 {
-		filters = append(filters, artifact.ByIDs(fpm.Builds...))
+	if len(fpm.IDs) > 0 {
+		filters = append(filters, artifact.ByIDs(fpm.IDs...))
 	}
 	linuxBinaries := ctx.Artifacts.
 		Filter(artifact.And(filters...)).
 		GroupByPlatform()
 	if len(linuxBinaries) == 0 {
-		return fmt.Errorf("no linux/unix binaries found for builds %v", fpm.Builds)
+		return fmt.Errorf("no linux/unix binaries found for builds %v", fpm.IDs)
 	}
 	g := semerrgroup.New(ctx.Parallelism)
 	for _, format := range fpm.Formats {
diff --git a/internal/pipe/nfpm/nfpm_test.go b/internal/pipe/nfpm/nfpm_test.go
index afb3c0a3203..c76f8abf3c9 100644
--- a/internal/pipe/nfpm/nfpm_test.go
+++ b/internal/pipe/nfpm/nfpm_test.go
@@ -940,7 +940,7 @@ func TestNoBuildsFound(t *testing.T) {
 		NFPMs: []config.NFPM{
 			{
 				Formats: []string{"deb"},
-				Builds:  []string{"nope"},
+				IDs:     []string{"nope"},
 			},
 		},
 	})
diff --git a/pkg/config/config.go b/pkg/config/config.go
index cc224a8679e..b8815631444 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -823,7 +823,7 @@ type NFPM struct {
 	Overrides        map[string]NFPMOverridables `yaml:"overrides,omitempty" json:"overrides,omitempty"`
 
 	ID          string   `yaml:"id,omitempty" json:"id,omitempty"`
-	Builds      []string `yaml:"builds,omitempty" json:"builds,omitempty"`
+	IDs         []string `yaml:"ids,omitempty" json:"ids,omitempty"`
 	Formats     []string `yaml:"formats,omitempty" json:"formats,omitempty" jsonschema:"enum=apk,enum=deb,enum=rpm,enum=termux.deb,enum=archlinux,enum=ipk"`
 	Section     string   `yaml:"section,omitempty" json:"section,omitempty"`
 	Priority    string   `yaml:"priority,omitempty" json:"priority,omitempty"`
@@ -839,6 +839,9 @@ type NFPM struct {
 	Meta        bool     `yaml:"meta,omitempty" json:"meta,omitempty"` // make package without binaries - only deps
 
 	ParsedMTime time.Time `yaml:"-" json:"-"`
+
+	// Deprecated: use [IDs] instead.
+	Builds []string `yaml:"builds,omitempty" json:"builds,omitempty"`
 }
 
 type Libdirs struct {
diff --git a/www/docs/deprecations.md b/www/docs/deprecations.md
index 3c54e0a66ac..f7a4fefb1e1 100644
--- a/www/docs/deprecations.md
+++ b/www/docs/deprecations.md
@@ -60,6 +60,27 @@ used everywhere else.
       ids: [a, b]
     ```
 
+### nfpms.builds
+
+> since v2.8
+
+The `builds` field has been replaced with the `ids`, which is the nomenclature
+used everywhere else.
+
+=== "Before"
+
+    ```yaml
+    nfpms:
+      builds: [a, b]
+    ```
+
+=== "After"
+
+    ```yaml
+    nfpms:
+      ids: [a, b]
+    ```
+
 ### archives.format
 
 > since v2.6

From ab54e21df1d3b674f98595cc0250649346cb996b Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Tue, 25 Feb 2025 22:44:19 -0300
Subject: [PATCH 073/119] feat: snaps.builds -> snaps.ids

refs #5596
---
 internal/pipe/snapcraft/snapcraft_test.go |  8 ++++----
 pkg/config/config.go                      |  5 ++++-
 www/docs/deprecations.md                  | 21 +++++++++++++++++++++
 3 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/internal/pipe/snapcraft/snapcraft_test.go b/internal/pipe/snapcraft/snapcraft_test.go
index 7c42d28a6cb..c7d1c90b96a 100644
--- a/internal/pipe/snapcraft/snapcraft_test.go
+++ b/internal/pipe/snapcraft/snapcraft_test.go
@@ -62,7 +62,7 @@ func TestRunPipe(t *testing.T) {
 				Summary:          "test summary {{.ProjectName}}",
 				Description:      "test description {{.ProjectName}}",
 				Publish:          true,
-				Builds:           []string{"foo"},
+				IDs:              []string{"foo"},
 				ChannelTemplates: []string{"stable"},
 			},
 			{
@@ -70,7 +70,7 @@ func TestRunPipe(t *testing.T) {
 				Summary:          "test summary",
 				Description:      "test description",
 				Publish:          true,
-				Builds:           []string{"foo", "bar"},
+				IDs:              []string{"foo", "bar"},
 				ChannelTemplates: []string{"stable"},
 			},
 			{
@@ -78,7 +78,7 @@ func TestRunPipe(t *testing.T) {
 				Summary:          "test summary",
 				Description:      "test description",
 				Publish:          true,
-				Builds:           []string{"bar"},
+				IDs:              []string{"bar"},
 				ChannelTemplates: []string{"stable"},
 			},
 			{
@@ -86,7 +86,7 @@ func TestRunPipe(t *testing.T) {
 				Summary:          "test summary",
 				Description:      "test description",
 				Publish:          true,
-				Builds:           []string{"bar"},
+				IDs:              []string{"bar"},
 				ChannelTemplates: []string{"stable"},
 				Disable:          "{{.Env.SKIP}}",
 			},
diff --git a/pkg/config/config.go b/pkg/config/config.go
index b8815631444..5d35bec95ea 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -1119,7 +1119,7 @@ type Snapcraft struct {
 	NameTemplate     string                             `yaml:"name_template,omitempty" json:"name_template,omitempty"`
 	Publish          bool                               `yaml:"publish,omitempty" json:"publish,omitempty"`
 	ID               string                             `yaml:"id,omitempty" json:"id,omitempty"`
-	Builds           []string                           `yaml:"builds,omitempty" json:"builds,omitempty"`
+	IDs              []string                           `yaml:"ids,omitempty" json:"ids,omitempty"`
 	Name             string                             `yaml:"name,omitempty" json:"name,omitempty"`
 	Title            string                             `yaml:"title,omitempty" json:"title,omitempty"`
 	Summary          string                             `yaml:"summary" json:"summary"`
@@ -1138,6 +1138,9 @@ type Snapcraft struct {
 	Disable          string                             `yaml:"disable,omitempty" json:"disable,omitempty" jsonschema:"oneof_type=string;boolean"`
 
 	Files []SnapcraftExtraFiles `yaml:"extra_files,omitempty" json:"extra_files,omitempty"`
+
+	// Deprecated: use IDs.
+	Builds []string `yaml:"builds,omitempty" json:"builds,omitempty"`
 }
 
 // SnapcraftExtraFiles config.
diff --git a/www/docs/deprecations.md b/www/docs/deprecations.md
index f7a4fefb1e1..7097c8269d8 100644
--- a/www/docs/deprecations.md
+++ b/www/docs/deprecations.md
@@ -60,6 +60,27 @@ used everywhere else.
       ids: [a, b]
     ```
 
+### snaps.builds
+
+> since v2.8
+
+The `builds` field has been replaced with the `ids`, which is the nomenclature
+used everywhere else.
+
+=== "Before"
+
+    ```yaml
+    snaps:
+      builds: [a, b]
+    ```
+
+=== "After"
+
+    ```yaml
+    snaps:
+      ids: [a, b]
+    ```
+
 ### nfpms.builds
 
 > since v2.8

From 0e446c4bc8e436e73213443bde9d82931af4c1cf Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Tue, 25 Feb 2025 22:47:38 -0300
Subject: [PATCH 074/119] docs: update changes from builds to ids

---
 www/docs/customization/archive.md   | 7 +++++--
 www/docs/customization/nfpm.md      | 8 +++++---
 www/docs/customization/snapcraft.md | 7 +++++--
 3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/www/docs/customization/archive.md b/www/docs/customization/archive.md
index 3151904d465..a13ca1ca7d8 100644
--- a/www/docs/customization/archive.md
+++ b/www/docs/customization/archive.md
@@ -14,8 +14,11 @@ archives:
     # Default: 'default'.
     id: my-archive
 
-    # Builds reference which build instances should be archived in this archive.
-    builds:
+    # IDs of the builds which should be archived in this archive.
+    #
+    # <!-- md:inline_version v2.8-unreleased --> (use 'builds' in previous versions).
+    # Default: empty (include all).
+    ids:
       - default
 
     # Archive formats.
diff --git a/www/docs/customization/nfpm.md b/www/docs/customization/nfpm.md
index 325b73c0220..fe046c0d14c 100644
--- a/www/docs/customization/nfpm.md
+++ b/www/docs/customization/nfpm.md
@@ -26,9 +26,11 @@ nfpms:
     # Templates: allowed.
     file_name_template: "{{ .ConventionalFileName }}"
 
-    # Build IDs for the builds you want to create NFPM packages for.
-    # Default: '' (no filtering).
-    builds:
+    # IDs of the builds which should be archived in this package.
+    #
+    # <!-- md:inline_version v2.8-unreleased --> (use 'builds' in previous versions).
+    # Default: empty (include all).
+    ids:
       - foo
       - bar
 
diff --git a/www/docs/customization/snapcraft.md b/www/docs/customization/snapcraft.md
index e596e734bdb..bca3cae4dc3 100644
--- a/www/docs/customization/snapcraft.md
+++ b/www/docs/customization/snapcraft.md
@@ -23,8 +23,11 @@ snapcrafts:
     # Default: 'default'.
     id: foo
 
-    # Build IDs for the builds you want to create snapcraft packages for.
-    builds:
+    # IDs of the builds which should be archived in this package.
+    #
+    # <!-- md:inline_version v2.8-unreleased --> (use 'builds' in previous versions).
+    # Default: empty (include all).
+    ids:
       - foo
       - bar
 

From f5c4c89d1212e5c2e24017c4aac2447dbe04d4c9 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Tue, 25 Feb 2025 22:55:44 -0300
Subject: [PATCH 075/119] feat: aurs.disable and aur_sources.disable

closes #5593
---
 internal/pipe/aur/aur.go                    | 12 ++++++++++--
 internal/pipe/aur/aur_test.go               |  6 +++++-
 internal/pipe/aursources/aursources.go      | 12 ++++++++++--
 internal/pipe/aursources/aursources_test.go |  6 +++++-
 pkg/config/config.go                        |  6 ++++++
 www/docs/customization/aur.md               |  6 ++++++
 www/docs/customization/aursources.md        |  6 ++++++
 7 files changed, 48 insertions(+), 6 deletions(-)

diff --git a/internal/pipe/aur/aur.go b/internal/pipe/aur/aur.go
index 194146c89b9..bb8c36525f1 100644
--- a/internal/pipe/aur/aur.go
+++ b/internal/pipe/aur/aur.go
@@ -82,13 +82,21 @@ func (Pipe) Run(ctx *context.Context) error {
 }
 
 func runAll(ctx *context.Context, cli client.ReleaseURLTemplater) error {
+	skips := pipe.SkipMemento{}
 	for _, aur := range ctx.Config.AURs {
-		err := doRun(ctx, aur, cli)
+		disable, err := tmpl.New(ctx).Bool(aur.Disable)
 		if err != nil {
 			return err
 		}
+		if disable {
+			skips.Remember(pipe.Skip("configuration is disabled"))
+			continue
+		}
+		if err := doRun(ctx, aur, cli); err != nil {
+			return err
+		}
 	}
-	return nil
+	return skips.Evaluate()
 }
 
 func doRun(ctx *context.Context, aur config.AUR, cl client.ReleaseURLTemplater) error {
diff --git a/internal/pipe/aur/aur_test.go b/internal/pipe/aur/aur_test.go
index 08aa2ca0d5b..27ad31640cc 100644
--- a/internal/pipe/aur/aur_test.go
+++ b/internal/pipe/aur/aur_test.go
@@ -10,6 +10,7 @@ import (
 	"github.com/goreleaser/goreleaser/v2/internal/client"
 	"github.com/goreleaser/goreleaser/v2/internal/git"
 	"github.com/goreleaser/goreleaser/v2/internal/golden"
+	"github.com/goreleaser/goreleaser/v2/internal/pipe"
 	"github.com/goreleaser/goreleaser/v2/internal/skips"
 	"github.com/goreleaser/goreleaser/v2/internal/testctx"
 	"github.com/goreleaser/goreleaser/v2/internal/testlib"
@@ -507,6 +508,9 @@ func TestRunPipeMultipleConfigurations(t *testing.T) {
 			Dist:        folder,
 			ProjectName: "foo",
 			AURs: []config.AUR{
+				{
+					Disable: "true",
+				},
 				{
 					Name:        "foo",
 					IDs:         []string{"foo"},
@@ -566,7 +570,7 @@ func TestRunPipeMultipleConfigurations(t *testing.T) {
 	client := client.NewMock()
 
 	require.NoError(t, Pipe{}.Default(ctx))
-	require.NoError(t, runAll(ctx, client))
+	require.True(t, pipe.IsSkip(runAll(ctx, client)), "should partial skip")
 	require.NoError(t, Pipe{}.Publish(ctx))
 
 	dir := t.TempDir()
diff --git a/internal/pipe/aursources/aursources.go b/internal/pipe/aursources/aursources.go
index cd100793618..0452e0ff0a4 100644
--- a/internal/pipe/aursources/aursources.go
+++ b/internal/pipe/aursources/aursources.go
@@ -93,13 +93,21 @@ func (Pipe) Run(ctx *context.Context) error {
 }
 
 func runAll(ctx *context.Context, cli client.ReleaseURLTemplater) error {
+	skips := pipe.SkipMemento{}
 	for _, aur := range ctx.Config.AURSources {
-		err := doRun(ctx, aur, cli)
+		disable, err := tmpl.New(ctx).Bool(aur.Disable)
 		if err != nil {
 			return err
 		}
+		if disable {
+			skips.Remember(pipe.Skip("configuration is disabled"))
+			continue
+		}
+		if err := doRun(ctx, aur, cli); err != nil {
+			return err
+		}
 	}
-	return nil
+	return skips.Evaluate()
 }
 
 func doRun(ctx *context.Context, aur config.AURSource, cl client.ReleaseURLTemplater) error {
diff --git a/internal/pipe/aursources/aursources_test.go b/internal/pipe/aursources/aursources_test.go
index 713fc40dc14..be43e75e379 100644
--- a/internal/pipe/aursources/aursources_test.go
+++ b/internal/pipe/aursources/aursources_test.go
@@ -10,6 +10,7 @@ import (
 	"github.com/goreleaser/goreleaser/v2/internal/client"
 	"github.com/goreleaser/goreleaser/v2/internal/git"
 	"github.com/goreleaser/goreleaser/v2/internal/golden"
+	"github.com/goreleaser/goreleaser/v2/internal/pipe"
 	"github.com/goreleaser/goreleaser/v2/internal/skips"
 	"github.com/goreleaser/goreleaser/v2/internal/testctx"
 	"github.com/goreleaser/goreleaser/v2/internal/testlib"
@@ -426,6 +427,9 @@ func TestRunPipeMultipleConfigurations(t *testing.T) {
 			Dist:        folder,
 			ProjectName: "foo",
 			AURSources: []config.AURSource{
+				{
+					Disable: `{{printf "true"}}`,
+				},
 				{
 					Name:        "foo",
 					IDs:         []string{"foo"},
@@ -483,7 +487,7 @@ func TestRunPipeMultipleConfigurations(t *testing.T) {
 	client := client.NewMock()
 
 	require.NoError(t, Pipe{}.Default(ctx))
-	require.NoError(t, runAll(ctx, client))
+	require.True(t, pipe.IsSkip(runAll(ctx, client)), "should partially skip")
 	require.NoError(t, Pipe{}.Publish(ctx))
 
 	dir := t.TempDir()
diff --git a/pkg/config/config.go b/pkg/config/config.go
index 5d35bec95ea..6b85e6b9f84 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -220,6 +220,9 @@ type AUR struct {
 	PrivateKey            string       `yaml:"private_key,omitempty" json:"private_key,omitempty"`
 	Goamd64               string       `yaml:"goamd64,omitempty" json:"goamd64,omitempty"`
 	Directory             string       `yaml:"directory,omitempty" json:"directory,omitempty"`
+
+	// v2.8+
+	Disable string `yaml:"disable,omitempty" json:"disable,omitempty" jsonschema:"oneof_type=string;boolean"`
 }
 
 type AURSource struct {
@@ -250,6 +253,9 @@ type AURSource struct {
 	PrivateKey            string       `yaml:"private_key,omitempty" json:"private_key,omitempty"`
 	Goamd64               string       `yaml:"goamd64,omitempty" json:"goamd64,omitempty"`
 	Directory             string       `yaml:"directory,omitempty" json:"directory,omitempty"`
+
+	// v2.8+
+	Disable string `yaml:"disable,omitempty" json:"disable,omitempty" jsonschema:"oneof_type=string;boolean"`
 }
 
 // Homebrew contains the brew section.
diff --git a/www/docs/customization/aur.md b/www/docs/customization/aur.md
index 79e67de3eba..a6dd7f42ca6 100644
--- a/www/docs/customization/aur.md
+++ b/www/docs/customization/aur.md
@@ -163,6 +163,12 @@ aurs:
     # Default: '.'.
     # Templates: allowed.
     directory: "."
+
+    # Whether to disable this particular AUR configuration.
+    #
+    # Templates: allowed.
+    # <!-- md:inline_version v2.8-unreleased -->.
+    disable: "{{ .IsSnapshot }}"
 ```
 
 <!-- md:templates -->
diff --git a/www/docs/customization/aursources.md b/www/docs/customization/aursources.md
index cda377c9aa6..8845a6cf599 100644
--- a/www/docs/customization/aursources.md
+++ b/www/docs/customization/aursources.md
@@ -166,6 +166,12 @@ aur_sources:
     # Default: '.'.
     # Templates: allowed.
     directory: "."
+
+    # Whether to disable this particular AUR configuration.
+    #
+    # Templates: allowed.
+    # <!-- md:inline_version v2.8-unreleased -->.
+    disable: "{{ .IsSnapshot }}"
 ```
 
 <!-- md:templates -->

From 74810130aeec5a7722131ae3c3e6f157bbcc764b Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Tue, 25 Feb 2025 23:03:05 -0300
Subject: [PATCH 076/119] reafactor(github): use github.Ptr instead of
 github.String/Bool/etc

---
 internal/client/github.go      | 44 +++++++++++++++++-----------------
 internal/client/github_test.go |  8 +++----
 2 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/internal/client/github.go b/internal/client/github.go
index d48119bda5c..7d6a6b42a56 100644
--- a/internal/client/github.go
+++ b/internal/client/github.go
@@ -93,7 +93,7 @@ func (c *githubClient) GenerateReleaseNotes(ctx *context.Context, repo Repo, pre
 	c.checkRateLimit(ctx)
 	notes, _, err := c.client.Repositories.GenerateReleaseNotes(ctx, repo.Owner, repo.Name, &github.GenerateNotesOptions{
 		TagName:         current,
-		PreviousTagName: github.String(prev),
+		PreviousTagName: github.Ptr(prev),
 	})
 	if err != nil {
 		return "", err
@@ -228,11 +228,11 @@ func (c *githubClient) OpenPullRequest(
 		base.Owner,
 		base.Name,
 		&github.NewPullRequest{
-			Title: github.String(title),
-			Base:  github.String(base.Branch),
-			Head:  github.String(headString(base, head)),
-			Body:  github.String(strings.Join([]string{tpl, prFooter}, "\n")),
-			Draft: github.Bool(draft),
+			Title: github.Ptr(title),
+			Base:  github.Ptr(base.Branch),
+			Head:  github.Ptr(headString(base, head)),
+			Body:  github.Ptr(strings.Join([]string{tpl, prFooter}, "\n")),
+			Draft: github.Ptr(draft),
 		},
 	)
 	if err != nil {
@@ -260,7 +260,7 @@ func (c *githubClient) SyncFork(ctx *context.Context, head, base Repo) error {
 		head.Owner,
 		head.Name,
 		&github.RepoMergeUpstreamRequest{
-			Branch: github.String(branch),
+			Branch: github.Ptr(branch),
 		},
 	)
 	if res != nil {
@@ -292,11 +292,11 @@ func (c *githubClient) CreateFile(
 
 	options := &github.RepositoryContentFileOptions{
 		Committer: &github.CommitAuthor{
-			Name:  github.String(commitAuthor.Name),
-			Email: github.String(commitAuthor.Email),
+			Name:  github.Ptr(commitAuthor.Name),
+			Email: github.Ptr(commitAuthor.Email),
 		},
 		Content: content,
-		Message: github.String(message),
+		Message: github.Ptr(message),
 	}
 
 	// Set the branch if we got it above...otherwise, just default to
@@ -324,7 +324,7 @@ func (c *githubClient) CreateFile(
 			}
 
 			if _, _, err := c.client.Git.CreateRef(ctx, repo.Owner, repo.Name, &github.Reference{
-				Ref: github.String("refs/heads/" + branch),
+				Ref: github.Ptr("refs/heads/" + branch),
 				Object: &github.GitObject{
 					SHA: defRef.Object.SHA,
 				},
@@ -350,7 +350,7 @@ func (c *githubClient) CreateFile(
 		return fmt.Errorf("could not get %q: %w", path, err)
 	}
 
-	options.SHA = github.String(file.GetSHA())
+	options.SHA = github.Ptr(file.GetSHA())
 	if _, _, err := c.client.Repositories.UpdateFile(
 		ctx,
 		repo.Owner,
@@ -380,13 +380,13 @@ func (c *githubClient) CreateRelease(ctx *context.Context, body string) (string,
 	body = truncateReleaseBody(body)
 
 	data := &github.RepositoryRelease{
-		Name:    github.String(title),
-		TagName: github.String(ctx.Git.CurrentTag),
-		Body:    github.String(body),
+		Name:    github.Ptr(title),
+		TagName: github.Ptr(ctx.Git.CurrentTag),
+		Body:    github.Ptr(body),
 		// Always start with a draft release while uploading artifacts.
 		// PublishRelease will undraft it.
-		Draft:      github.Bool(true),
-		Prerelease: github.Bool(ctx.PreRelease),
+		Draft:      github.Ptr(true),
+		Prerelease: github.Ptr(ctx.PreRelease),
 	}
 
 	if target := ctx.Config.Release.TargetCommitish; target != "" {
@@ -395,7 +395,7 @@ func (c *githubClient) CreateRelease(ctx *context.Context, body string) (string,
 			return "", err
 		}
 		if target != "" {
-			data.TargetCommitish = github.String(target)
+			data.TargetCommitish = github.Ptr(target)
 		}
 	}
 
@@ -418,17 +418,17 @@ func (c *githubClient) PublishRelease(ctx *context.Context, releaseID string) er
 		return fmt.Errorf("non-numeric release ID %q: %w", releaseID, err)
 	}
 	data := &github.RepositoryRelease{
-		Draft: github.Bool(draft),
+		Draft: github.Ptr(draft),
 	}
 	latest, err := tmpl.New(ctx).Apply(ctx.Config.Release.MakeLatest)
 	if err != nil {
 		return fmt.Errorf("templating GitHub make_latest: %w", err)
 	}
 	if latest != "" {
-		data.MakeLatest = github.String(latest)
+		data.MakeLatest = github.Ptr(latest)
 	}
 	if ctx.Config.Release.DiscussionCategoryName != "" {
-		data.DiscussionCategoryName = github.String(ctx.Config.Release.DiscussionCategoryName)
+		data.DiscussionCategoryName = github.Ptr(ctx.Config.Release.DiscussionCategoryName)
 	}
 	release, err := c.updateRelease(ctx, releaseIDInt, data)
 	if err != nil {
@@ -469,7 +469,7 @@ func (c *githubClient) createOrUpdateRelease(ctx *context.Context, data *github.
 	}
 
 	data.Draft = release.Draft
-	data.Body = github.String(getReleaseNotes(release.GetBody(), body, ctx.Config.Release.ReleaseNotesMode))
+	data.Body = github.Ptr(getReleaseNotes(release.GetBody(), body, ctx.Config.Release.ReleaseNotesMode))
 	return c.updateRelease(ctx, release.GetID(), data)
 }
 
diff --git a/internal/client/github_test.go b/internal/client/github_test.go
index 4799fb4c5e7..a34398ed1fc 100644
--- a/internal/client/github_test.go
+++ b/internal/client/github_test.go
@@ -432,8 +432,8 @@ func TestGitHubOpenPullRequestCrossRepo(t *testing.T) {
 
 		if r.URL.Path == "/repos/someone/something/contents/.github/PULL_REQUEST_TEMPLATE.md" {
 			content := github.RepositoryContent{
-				Encoding: github.String("base64"),
-				Content:  github.String(base64.StdEncoding.EncodeToString([]byte(testPRTemplate))),
+				Encoding: github.Ptr("base64"),
+				Content:  github.Ptr(base64.StdEncoding.EncodeToString([]byte(testPRTemplate))),
 			}
 			bts, _ := json.Marshal(content)
 			_, _ = w.Write(bts)
@@ -493,8 +493,8 @@ func TestGitHubOpenPullRequestHappyPath(t *testing.T) {
 
 		if r.URL.Path == "/repos/someone/something/contents/.github/PULL_REQUEST_TEMPLATE.md" {
 			content := github.RepositoryContent{
-				Encoding: github.String("base64"),
-				Content:  github.String(base64.StdEncoding.EncodeToString([]byte(testPRTemplate))),
+				Encoding: github.Ptr("base64"),
+				Content:  github.Ptr(base64.StdEncoding.EncodeToString([]byte(testPRTemplate))),
 			}
 			bts, _ := json.Marshal(content)
 			_, _ = w.Write(bts)

From dbfccf9a81d82ec9902a8ff20d7d994286ff8ab1 Mon Sep 17 00:00:00 2001
From: Filip Strozik <filip.strozik@outlook.com>
Date: Wed, 26 Feb 2025 13:43:08 +0100
Subject: [PATCH 077/119] docs: correct redirect link for the `Name Templates`
 article (#5599)

---
 www/docs/customization/templates.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/docs/customization/templates.md b/www/docs/customization/templates.md
index a44e476a9fc..a5e27120b8e 100644
--- a/www/docs/customization/templates.md
+++ b/www/docs/customization/templates.md
@@ -159,7 +159,7 @@ On all fields, you have these available functions:
 | `replace "v1.2" "v" ""`           | replaces all matches. See [ReplaceAll](https://pkg.go.dev/strings#ReplaceAll).                                             |
 | `split "1.2" "."`                 | split string at separator. See [Split](https://pkg.go.dev/strings#Split)                                                   |
 | `time "01/02/2006"`               | current UTC time in the specified format (this is not deterministic, a new time for every call).                           |
-| `contains "foobar" "foo"`         | checks whether the first string contains the second. See [ToLower](https://pkg.go.dev/strings#Contains)                    |
+| `contains "foobar" "foo"`         | checks whether the first string contains the second. See [Contains](https://pkg.go.dev/strings#Contains)                    |
 | `tolower "V1.2"`                  | makes input string lowercase. See [ToLower](https://pkg.go.dev/strings#ToLower).                                           |
 | `toupper "v1.2"`                  | makes input string uppercase. See [ToUpper](https://pkg.go.dev/strings#ToUpper).                                           |
 | `trim " v1.2  "`                  | removes all leading and trailing white space. See [TrimSpace](https://pkg.go.dev/strings#TrimSpace).                       |

From 7d4640e0fc25fca12b2717d09d36358266016ad7 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Wed, 26 Feb 2025 09:49:41 -0300
Subject: [PATCH 078/119] chore: schema update

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 www/docs/static/schema-pro.json | 50 +++++++++++++++++++++++++++++----
 1 file changed, 44 insertions(+), 6 deletions(-)

diff --git a/www/docs/static/schema-pro.json b/www/docs/static/schema-pro.json
index bce840293f0..5e4ef1d228f 100644
--- a/www/docs/static/schema-pro.json
+++ b/www/docs/static/schema-pro.json
@@ -104,6 +104,16 @@
 					},
 					"directory": {
 						"type": "string"
+					},
+					"disable": {
+						"oneOf": [
+							{
+								"type": "string"
+							},
+							{
+								"type": "boolean"
+							}
+						]
 					}
 				},
 				"additionalProperties": false,
@@ -228,6 +238,16 @@
 					},
 					"directory": {
 						"type": "string"
+					},
+					"disable": {
+						"oneOf": [
+							{
+								"type": "string"
+							},
+							{
+								"type": "boolean"
+							}
+						]
 					}
 				},
 				"additionalProperties": false,
@@ -348,7 +368,7 @@
 					"id": {
 						"type": "string"
 					},
-					"builds": {
+					"ids": {
 						"items": {
 							"type": "string"
 						},
@@ -416,6 +436,12 @@
 							"binary"
 						],
 						"default": "tar.gz"
+					},
+					"builds": {
+						"items": {
+							"type": "string"
+						},
+						"type": "array"
 					}
 				},
 				"additionalProperties": false,
@@ -2666,15 +2692,12 @@
 					"id": {
 						"type": "string"
 					},
-					"builds": {
+					"ids": {
 						"items": {
 							"type": "string"
 						},
 						"type": "array"
 					},
-					"if": {
-						"type": "string"
-					},
 					"formats": {
 						"items": {
 							"type": "string",
@@ -2724,6 +2747,15 @@
 					},
 					"meta": {
 						"type": "boolean"
+					},
+					"if": {
+						"type": "string"
+					},
+					"builds": {
+						"items": {
+							"type": "string"
+						},
+						"type": "array"
 					}
 				},
 				"additionalProperties": false,
@@ -4302,7 +4334,7 @@
 					"id": {
 						"type": "string"
 					},
-					"builds": {
+					"ids": {
 						"items": {
 							"type": "string"
 						},
@@ -4397,6 +4429,12 @@
 							"$ref": "#/$defs/SnapcraftExtraFiles"
 						},
 						"type": "array"
+					},
+					"builds": {
+						"items": {
+							"type": "string"
+						},
+						"type": "array"
 					}
 				},
 				"additionalProperties": false,

From 778b994ad0bbf0819392bcc1e9583b338e397070 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Wed, 26 Feb 2025 11:33:30 -0300
Subject: [PATCH 079/119] docs: update

---
 www/docs/customization/templates.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/www/docs/customization/templates.md b/www/docs/customization/templates.md
index a5e27120b8e..56b2a6355a7 100644
--- a/www/docs/customization/templates.md
+++ b/www/docs/customization/templates.md
@@ -38,6 +38,7 @@ In fields that support templates, these fields are always available:
 | `.IsSnapshot`          | `true` if `--snapshot` is set, `false` otherwise                                                           |
 | `.IsNightly`           | `true` if `--nightly` is set, `false` otherwise                                                            |
 | `.IsRelease`           | `true` if regular release (not a nightly nor a snapshot) (since v2.8)[^pro]                                |
+| `.IsMerging`           | `true` if you are running with `--merge` (since v2.8)[^pro]                                                |
 | `.IsSingleTarget`      | `true` if `--single-target` is set, `false` otherwise (since v2.3)                                         |
 | `.Env`                 | a map with system's environment variables                                                                  |
 | `.Date`                | current UTC date in RFC 3339 format                                                                        |

From e6fcf9dd6cb7bc8865b7719b75926eede12b06a4 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Wed, 26 Feb 2025 21:38:12 -0300
Subject: [PATCH 080/119] fix(docker): log img digest after push

---
 internal/pipe/docker/docker.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/internal/pipe/docker/docker.go b/internal/pipe/docker/docker.go
index 709a241bff7..1563da07dda 100644
--- a/internal/pipe/docker/docker.go
+++ b/internal/pipe/docker/docker.go
@@ -322,6 +322,9 @@ func dockerPush(ctx *context.Context, image *artifact.Artifact) error {
 		return err
 	}
 
+	log.WithField("image", image.Name).
+		WithField("digest", digest).
+		Info("pushed")
 	art := &artifact.Artifact{
 		Type:   artifact.DockerImage,
 		Name:   image.Name,
@@ -329,12 +332,13 @@ func dockerPush(ctx *context.Context, image *artifact.Artifact) error {
 		Goarch: image.Goarch,
 		Goos:   image.Goos,
 		Goarm:  image.Goarm,
-		Extra:  map[string]interface{}{},
+		Extra: map[string]interface{}{
+			artifact.ExtraDigest: digest,
+		},
 	}
 	if docker.ID != "" {
 		art.Extra[artifact.ExtraID] = docker.ID
 	}
-	art.Extra[artifact.ExtraDigest] = digest
 
 	ctx.Artifacts.Add(art)
 	return nil

From 2e8eda25efa008f7371c59a9e507d8916fcbbd48 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Wed, 26 Feb 2025 21:43:11 -0300
Subject: [PATCH 081/119] fix(docker): retry manifest push

---
 internal/pipe/docker/api.go        |  3 ++-
 internal/pipe/docker/api_docker.go | 20 ++++++++++++++++++++
 internal/pipe/docker/manifest.go   |  6 ++++--
 3 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/internal/pipe/docker/api.go b/internal/pipe/docker/api.go
index 25213573a83..9c8e23e42bb 100644
--- a/internal/pipe/docker/api.go
+++ b/internal/pipe/docker/api.go
@@ -57,7 +57,8 @@ func runCommand(ctx *context.Context, dir, binary string, args ...string) error
 	log.
 		WithField("cmd", append([]string{binary}, args[0])).
 		WithField("cwd", dir).
-		WithField("args", args[1:]).Debug("running")
+		WithField("args", args[1:]).
+		Debug("running")
 	if err := cmd.Run(); err != nil {
 		return fmt.Errorf("%w: %s", err, b.String())
 	}
diff --git a/internal/pipe/docker/api_docker.go b/internal/pipe/docker/api_docker.go
index 8a2bdfbd0bc..9f69bf6e680 100644
--- a/internal/pipe/docker/api_docker.go
+++ b/internal/pipe/docker/api_docker.go
@@ -3,7 +3,9 @@ package docker
 import (
 	"fmt"
 	"regexp"
+	"strings"
 
+	"github.com/caarlos0/log"
 	"github.com/goreleaser/goreleaser/v2/pkg/context"
 )
 
@@ -16,9 +18,15 @@ func init() {
 	})
 }
 
+const maxRetries = 10
+
 type dockerManifester struct{}
 
 func (m dockerManifester) Create(ctx *context.Context, manifest string, images, flags []string) error {
+	return m.tryCreate(ctx, manifest, images, flags, 0)
+}
+
+func (m dockerManifester) tryCreate(ctx *context.Context, manifest string, images, flags []string, try int) error {
 	_ = runCommand(ctx, ".", "docker", "manifest", "rm", manifest)
 
 	args := []string{"manifest", "create", manifest}
@@ -26,6 +34,18 @@ func (m dockerManifester) Create(ctx *context.Context, manifest string, images,
 	args = append(args, flags...)
 
 	if err := runCommand(ctx, ".", "docker", args...); err != nil {
+		if strings.Contains(err.Error(), "manifest verification failed for digest") && try < maxRetries {
+			// this error happens every so often for some reason... retry
+			log.WithField("try", try+1).
+				WithField("maxRetries", maxRetries).
+				WithField("manifest", manifest).
+				WithField("images", images).
+				WithField("flags", flags).
+				WithError(err).
+				Warn("got an error while creating the manifest, will retry")
+			return m.tryCreate(ctx, manifest, images, flags, try+1)
+		}
+
 		return fmt.Errorf("failed to create %s: %w", manifest, err)
 	}
 	return nil
diff --git a/internal/pipe/docker/manifest.go b/internal/pipe/docker/manifest.go
index efbee2874b3..2597c2fc67d 100644
--- a/internal/pipe/docker/manifest.go
+++ b/internal/pipe/docker/manifest.go
@@ -88,7 +88,9 @@ func (ManifestPipe) Publish(ctx *context.Context) error {
 
 			manifester := manifesters[manifest.Use]
 
-			log.WithField("manifest", name).WithField("images", images).Info("creating")
+			log.WithField("manifest", name).
+				WithField("images", images).
+				Info("creating")
 			if err := manifester.Create(ctx, name, images, manifest.CreateFlags); err != nil {
 				return err
 			}
@@ -102,7 +104,7 @@ func (ManifestPipe) Publish(ctx *context.Context) error {
 				art.Extra[artifact.ExtraID] = manifest.ID
 			}
 
-			log.WithField("manifest", name).Info("pushing")
+			log.WithField("manifest", name).Info("created, pushing")
 			digest, err := manifester.Push(ctx, name, manifest.PushFlags)
 			if err != nil {
 				return err

From b97353a2f58a15366b692cc3123e2a769614c057 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Wed, 26 Feb 2025 21:46:54 -0300
Subject: [PATCH 082/119] fix(docker): add config to artifact extra

---
 internal/pipe/docker/docker.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/internal/pipe/docker/docker.go b/internal/pipe/docker/docker.go
index 1563da07dda..53752504bf6 100644
--- a/internal/pipe/docker/docker.go
+++ b/internal/pipe/docker/docker.go
@@ -333,6 +333,7 @@ func dockerPush(ctx *context.Context, image *artifact.Artifact) error {
 		Goos:   image.Goos,
 		Goarm:  image.Goarm,
 		Extra: map[string]interface{}{
+			dockerConfigExtra:    docker,
 			artifact.ExtraDigest: digest,
 		},
 	}

From feab4290f486e13d9a5257d90c4ec4bee1cc6540 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Wed, 26 Feb 2025 22:37:06 -0300
Subject: [PATCH 083/119] fix(gitlab): use direct asset path (#5598)

---
 internal/client/gitlab.go      |  40 +++++--
 internal/client/gitlab_test.go | 184 ++++++++++++++++++++-------------
 2 files changed, 145 insertions(+), 79 deletions(-)

diff --git a/internal/client/gitlab.go b/internal/client/gitlab.go
index 19bbeda71bf..09d687a730f 100644
--- a/internal/client/gitlab.go
+++ b/internal/client/gitlab.go
@@ -10,6 +10,7 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/Masterminds/semver/v3"
 	"github.com/caarlos0/log"
 	"github.com/goreleaser/goreleaser/v2/internal/artifact"
 	"github.com/goreleaser/goreleaser/v2/internal/tmpl"
@@ -28,6 +29,8 @@ var (
 type gitlabClient struct {
 	client   *gitlab.Client
 	authType gitlab.AuthType
+
+	isV17OrLater bool
 }
 
 // newGitLab returns a gitlab client implementation.
@@ -66,12 +69,28 @@ func newGitLab(ctx *context.Context, token string, opts ...gitlab.ClientOptionFu
 	if err != nil {
 		return &gitlabClient{}, err
 	}
+
 	return &gitlabClient{
-		client:   client,
-		authType: authType,
+		client:       client,
+		authType:     authType,
+		isV17OrLater: isV17(client),
 	}, nil
 }
 
+func isV17(client *gitlab.Client) bool {
+	v, _, err := client.Version.GetVersion(nil)
+	if err != nil {
+		log.WithError(err).Warn("could not get gitlab version")
+		return false
+	}
+	vv, err := semver.NewVersion(v.Version)
+	if err != nil {
+		log.WithError(err).Warn("could not parse gitlab version")
+		return false
+	}
+	return vv.GreaterThanEqual(semver.New(17, 0, 0, "", ""))
+}
+
 func (c *gitlabClient) checkIsPrivateToken() error {
 	if c.authType == gitlab.PrivateToken {
 		return nil
@@ -533,14 +552,21 @@ func (c *gitlabClient) Upload(
 
 	name := artifact.Name
 	filename := "/" + name
+	opt := &gitlab.CreateReleaseLinkOptions{
+		Name: &name,
+		URL:  &linkURL,
+	}
+	if c.isV17OrLater {
+		opt.DirectAssetPath = &filename
+	} else {
+		opt.FilePath = &filename
+	}
+
 	releaseLink, resp, err := c.client.ReleaseLinks.CreateReleaseLink(
 		projectID,
 		releaseID,
-		&gitlab.CreateReleaseLinkOptions{
-			Name:     &name,
-			URL:      &linkURL,
-			FilePath: &filename,
-		})
+		opt,
+	)
 	if err != nil {
 		// this status means the asset already exists
 		if resp != nil && resp.StatusCode == http.StatusBadRequest && releaseLink != nil {
diff --git a/internal/client/gitlab_test.go b/internal/client/gitlab_test.go
index 7b0e1521f93..313a053dc87 100644
--- a/internal/client/gitlab_test.go
+++ b/internal/client/gitlab_test.go
@@ -195,78 +195,91 @@ func TestGitLabURLsDownloadTemplate(t *testing.T) {
 	}
 
 	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			first := true
-			srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-				defer r.Body.Close()
-
-				if !strings.Contains(r.URL.Path, "assets/links") {
-					_, _ = io.Copy(io.Discard, r.Body)
-					w.WriteHeader(http.StatusOK)
-					fmt.Fprint(w, "{}")
-					return
-				}
-
-				if first {
-					http.Error(w, `{"message":{"name":["has already been taken"]}}`, http.StatusBadRequest)
-					first = false
-					return
-				}
-
-				defer w.WriteHeader(http.StatusOK)
-				defer fmt.Fprint(w, "{}")
-				b, err := io.ReadAll(r.Body)
-				assert.NoError(t, err)
-
-				reqBody := map[string]interface{}{}
-				err = json.Unmarshal(b, &reqBody)
-				assert.NoError(t, err)
-
-				url := reqBody["url"].(string)
-				assert.Truef(t, strings.HasSuffix(url, tt.wantURL), "expected %q to end with %q", url, tt.wantURL)
-			}))
-			defer srv.Close()
-
-			ctx := testctx.NewWithCfg(config.Project{
-				ProjectName: "projectname",
-				Env: []string{
-					"GORELEASER_TEST_GITLAB_URLS_DOWNLOAD=https://gitlab.mycompany.com",
-				},
-				Release: config.Release{
-					GitLab: config.Repo{
-						Owner: "test",
-						Name:  "test",
+		for _, version := range []string{"16.3.4", "17.1.2"} {
+			t.Run(tt.name+"_"+version, func(t *testing.T) {
+				first := true
+				srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+					defer r.Body.Close()
+
+					if strings.Contains(r.URL.Path, "version") {
+						fmt.Fprintf(w, `{"version":%q}`, version)
+						w.WriteHeader(http.StatusOK)
+						return
+					}
+
+					if !strings.Contains(r.URL.Path, "assets/links") {
+						_, _ = io.Copy(io.Discard, r.Body)
+						w.WriteHeader(http.StatusOK)
+						fmt.Fprint(w, "{}")
+						return
+					}
+
+					if first {
+						http.Error(w, `{"message":{"name":["has already been taken"]}}`, http.StatusBadRequest)
+						first = false
+						return
+					}
+
+					defer w.WriteHeader(http.StatusOK)
+					defer fmt.Fprint(w, "{}")
+					b, err := io.ReadAll(r.Body)
+					assert.NoError(t, err)
+
+					reqBody := map[string]string{}
+					assert.NoError(t, json.Unmarshal(b, &reqBody))
+
+					if version[:2] == "17" {
+						assert.NotEmpty(t, reqBody["direct_asset_path"])
+					} else {
+						assert.NotEmpty(t, reqBody["filepath"])
+					}
+
+					url := reqBody["url"]
+					assert.Truef(t, strings.HasSuffix(url, tt.wantURL), "expected %q to end with %q", url, tt.wantURL)
+				}))
+				defer srv.Close()
+
+				ctx := testctx.NewWithCfg(config.Project{
+					ProjectName: "projectname",
+					Env: []string{
+						"GORELEASER_TEST_GITLAB_URLS_DOWNLOAD=https://gitlab.mycompany.com",
 					},
-					ReplaceExistingArtifacts: true,
-				},
-				GitLabURLs: config.GitLabURLs{
-					API:                srv.URL,
-					Download:           tt.downloadURL,
-					UsePackageRegistry: tt.usePackageRegistry,
-				},
-			}, testctx.WithVersion("1.0.0"))
+					Release: config.Release{
+						GitLab: config.Repo{
+							Owner: "test",
+							Name:  "test",
+						},
+						ReplaceExistingArtifacts: true,
+					},
+					GitLabURLs: config.GitLabURLs{
+						API:                srv.URL,
+						Download:           tt.downloadURL,
+						UsePackageRegistry: tt.usePackageRegistry,
+					},
+				}, testctx.WithVersion("1.0.0"))
 
-			tmpFile, err := os.CreateTemp(t.TempDir(), "")
-			require.NoError(t, err)
-			t.Cleanup(func() {
-				_ = tmpFile.Close()
-			})
+				tmpFile, err := os.CreateTemp(t.TempDir(), "")
+				require.NoError(t, err)
+				t.Cleanup(func() {
+					_ = tmpFile.Close()
+				})
 
-			client, err := newGitLab(ctx, ctx.Token)
-			require.NoError(t, err)
+				client, err := newGitLab(ctx, ctx.Token)
+				require.NoError(t, err)
 
-			err = client.Upload(ctx, "1234", &artifact.Artifact{Name: "test", Path: "some-path"}, tmpFile)
-			if errors.As(err, &RetriableError{}) {
 				err = client.Upload(ctx, "1234", &artifact.Artifact{Name: "test", Path: "some-path"}, tmpFile)
-			}
-			if tt.wantErr {
-				require.Error(t, err)
-				retriable := errors.As(err, &RetriableError{})
-				require.False(t, retriable, "should be a final error")
-				return
-			}
-			require.NoError(t, err)
-		})
+				if errors.As(err, &RetriableError{}) {
+					err = client.Upload(ctx, "1234", &artifact.Artifact{Name: "test", Path: "some-path"}, tmpFile)
+				}
+				if tt.wantErr {
+					require.Error(t, err)
+					retriable := errors.As(err, &RetriableError{})
+					require.False(t, retriable, "should be a final error")
+					return
+				}
+				require.NoError(t, err)
+			})
+		}
 	}
 }
 
@@ -336,7 +349,7 @@ func TestGitLabCreateReleaseReleaseNotExists(t *testing.T) {
 			_, err = client.CreateRelease(ctx, "body")
 			require.NoError(t, err)
 			require.True(t, createdRelease)
-			require.Equal(t, 2, totalRequests)
+			require.Equal(t, 3, totalRequests)
 		})
 	}
 }
@@ -392,7 +405,7 @@ func TestGitLabCreateReleaseReleaseExists(t *testing.T) {
 	_, err = client.CreateRelease(ctx, "body")
 	require.NoError(t, err)
 	require.True(t, createdRelease)
-	require.Equal(t, 2, totalRequests)
+	require.Equal(t, 3, totalRequests)
 }
 
 func TestGitLabCreateReleaseUnknownHTTPError(t *testing.T) {
@@ -416,7 +429,7 @@ func TestGitLabCreateReleaseUnknownHTTPError(t *testing.T) {
 
 	_, err = client.CreateRelease(ctx, "body")
 	require.Error(t, err)
-	require.Equal(t, 1, totalRequests)
+	require.Equal(t, 2, totalRequests)
 }
 
 func TestGitLabGetDefaultBranch(t *testing.T) {
@@ -446,11 +459,14 @@ func TestGitLabGetDefaultBranch(t *testing.T) {
 
 	_, err = client.getDefaultBranch(ctx, repo)
 	require.NoError(t, err)
-	require.Equal(t, 1, totalRequests)
+	require.Equal(t, 2, totalRequests)
 }
 
 func TestGitLabGetDefaultBranchEnv(t *testing.T) {
-	srv := httptest.NewServer(http.HandlerFunc(func(http.ResponseWriter, *http.Request) {
+	srv := httptest.NewServer(http.HandlerFunc(func(_ http.ResponseWriter, r *http.Request) {
+		if strings.HasSuffix(r.URL.Path, "/version") {
+			return
+		}
 		t.Error("shouldn't have made any calls to the API")
 	}))
 	t.Cleanup(srv.Close)
@@ -773,6 +789,12 @@ func TestGitLabOpenPullRequestCrossRepo(t *testing.T) {
 	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		defer r.Body.Close()
 
+		if r.URL.Path == "/api/v4/version" {
+			_, err := io.Copy(w, strings.NewReader(`{ "version": "17.1.2" }`))
+			assert.NoError(t, err)
+			return
+		}
+
 		if r.URL.Path == "/api/v4/projects/someone/something" {
 			_, err := io.Copy(w, strings.NewReader(`{ "id": 32156 }`))
 			assert.NoError(t, err)
@@ -824,6 +846,12 @@ func TestGitLabOpenPullRequestBaseEmpty(t *testing.T) {
 	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		defer r.Body.Close()
 
+		if r.URL.Path == "/api/v4/version" {
+			_, err := io.Copy(w, strings.NewReader(`{ "version": "17.1.2" }`))
+			assert.NoError(t, err)
+			return
+		}
+
 		if r.URL.Path == "/api/v4/projects/someone/something" {
 			_, err := io.Copy(w, strings.NewReader(`{ "default_branch": "main" }`))
 			assert.NoError(t, err)
@@ -871,6 +899,12 @@ func TestGitLabOpenPullRequestDraft(t *testing.T) {
 	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		defer r.Body.Close()
 
+		if r.URL.Path == "/api/v4/version" {
+			_, err := io.Copy(w, strings.NewReader(`{ "version": "17.1.2" }`))
+			assert.NoError(t, err)
+			return
+		}
+
 		if r.URL.Path == "/api/v4/projects/someone/something" {
 			_, err := io.Copy(w, strings.NewReader(`{ "default_branch": "main" }`))
 			assert.NoError(t, err)
@@ -918,6 +952,12 @@ func TestGitLabOpenPullBaseBranchGiven(t *testing.T) {
 	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		defer r.Body.Close()
 
+		if r.URL.Path == "/api/v4/version" {
+			_, err := io.Copy(w, strings.NewReader(`{ "version": "17.1.2" }`))
+			assert.NoError(t, err)
+			return
+		}
+
 		if r.URL.Path == "/api/v4/projects/someone/something/merge_requests" {
 			got, err := io.ReadAll(r.Body)
 			assert.NoError(t, err)

From 0c57052112621a131921a75c1f0a19dc7af17214 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 27 Feb 2025 08:37:06 +0000
Subject: [PATCH 084/119] chore(deps): bump docker/setup-buildx-action from
 3.9.0 to 3.10.0 (#5602)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[docker/setup-buildx-action](https://github.com/docker/setup-buildx-action)
from 3.9.0 to 3.10.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.10.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.54.0 to 0.56.0 in
<a
href="https://redirect.github.com/docker/setup-buildx-action/pull/408">docker/setup-buildx-action#408</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-buildx-action/compare/v3.9.0...v3.10.0">https://github.com/docker/setup-buildx-action/compare/v3.9.0...v3.10.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2"><code>b5ca514</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-buildx-action/issues/408">#408</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/1418a4ef330cff3d80e8707b47780be815fb20db"><code>1418a4e</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/setup-buildx-action/commit/93acf831ce48bc806b62b1e892b89fca8bf213e0"><code>93acf83</code></a>
build(deps): bump <code>@​docker/actions-toolkit</code> from 0.54.0 to
0.56.0</li>
<li>See full diff in <a
href="https://github.com/docker/setup-buildx-action/compare/f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca...b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-buildx-action&package-manager=github_actions&previous-version=3.9.0&new-version=3.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/build.yml       | 2 +-
 .github/workflows/nightly-oss.yml | 2 +-
 .github/workflows/release.yml     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ae3afd02d08..3a54f1ad3c1 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -46,7 +46,7 @@ jobs:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
       - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3
         if: matrix.os == 'ubuntu-latest'
-      - uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3
+      - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
         if: matrix.os == 'ubuntu-latest'
       - name: setup-snapcraft
         if: matrix.os == 'ubuntu-latest'
diff --git a/.github/workflows/nightly-oss.yml b/.github/workflows/nightly-oss.yml
index 1749559101a..9cc561216fd 100644
--- a/.github/workflows/nightly-oss.yml
+++ b/.github/workflows/nightly-oss.yml
@@ -52,7 +52,7 @@ jobs:
           version: 3.x
           repo-token: ${{ secrets.GITHUB_TOKEN }}
       - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v2
-      - uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3
+      - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
       - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v4
         with:
           go-version: stable
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 82c5f72ed62..094a197e4c3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -97,7 +97,7 @@ jobs:
           version: 3.x
           repo-token: ${{ secrets.GITHUB_TOKEN }}
       - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v2
-      - uses: docker/setup-buildx-action@f7ce87c1d6bead3e36075b2ce75da1f6cc28aaca # v3
+      - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
       - name: setup-snapcraft
         run: sudo snap install snapcraft --classic
       - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v4

From 2b7d0cdcac6a50487d7b004f185fa9eda27ccff2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 27 Feb 2025 08:53:46 +0000
Subject: [PATCH 085/119] chore(deps): bump docker/setup-qemu-action from 3.4.0
 to 3.5.0 (#5603)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[docker/setup-qemu-action](https://github.com/docker/setup-qemu-action)
from 3.4.0 to 3.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.5.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.54.0 to 0.56.0 in
<a
href="https://redirect.github.com/docker/setup-qemu-action/pull/205">docker/setup-qemu-action#205</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-qemu-action/compare/v3.4.0...v3.5.0">https://github.com/docker/setup-qemu-action/compare/v3.4.0...v3.5.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/5964de0df58d5ad28b04d8fe2e6b80ad47105b91"><code>5964de0</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/205">#205</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/862b6633f805f5f6aa43ff50a2177924d5a38852"><code>862b663</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/138de3b6464b863fed6a98c1fae46faa58f98dee"><code>138de3b</code></a>
build(deps): bump <code>@​docker/actions-toolkit</code> from 0.54.0 to
0.56.0</li>
<li>See full diff in <a
href="https://github.com/docker/setup-qemu-action/compare/4574d27a4764455b42196d70a065bc6853246a25...5964de0df58d5ad28b04d8fe2e6b80ad47105b91">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-qemu-action&package-manager=github_actions&previous-version=3.4.0&new-version=3.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/build.yml       | 2 +-
 .github/workflows/nightly-oss.yml | 2 +-
 .github/workflows/release.yml     | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 3a54f1ad3c1..13003ddf830 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -44,7 +44,7 @@ jobs:
         with:
           version: 3.x
           repo-token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v3
+      - uses: docker/setup-qemu-action@5964de0df58d5ad28b04d8fe2e6b80ad47105b91 # v3
         if: matrix.os == 'ubuntu-latest'
       - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
         if: matrix.os == 'ubuntu-latest'
diff --git a/.github/workflows/nightly-oss.yml b/.github/workflows/nightly-oss.yml
index 9cc561216fd..3d7ec3779d9 100644
--- a/.github/workflows/nightly-oss.yml
+++ b/.github/workflows/nightly-oss.yml
@@ -51,7 +51,7 @@ jobs:
         with:
           version: 3.x
           repo-token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v2
+      - uses: docker/setup-qemu-action@5964de0df58d5ad28b04d8fe2e6b80ad47105b91 # v2
       - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
       - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v4
         with:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 094a197e4c3..96b342c7b7c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -67,7 +67,7 @@ jobs:
         with:
           version: 3.x
           repo-token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v2
+      - uses: docker/setup-qemu-action@5964de0df58d5ad28b04d8fe2e6b80ad47105b91 # v2
       - uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4
         with:
           path: |
@@ -96,7 +96,7 @@ jobs:
         with:
           version: 3.x
           repo-token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: docker/setup-qemu-action@4574d27a4764455b42196d70a065bc6853246a25 # v2
+      - uses: docker/setup-qemu-action@5964de0df58d5ad28b04d8fe2e6b80ad47105b91 # v2
       - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
       - name: setup-snapcraft
         run: sudo snap install snapcraft --classic

From 2702a8707c920cdd7b99f811ea6de2f5a4fae0aa Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 28 Feb 2025 08:53:04 +0000
Subject: [PATCH 086/119] chore(deps): bump github.com/goreleaser/nfpm/v2 from
 2.41.2 to 2.41.3 (#5606)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[github.com/goreleaser/nfpm/v2](https://github.com/goreleaser/nfpm) from
2.41.2 to 2.41.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/goreleaser/nfpm/releases">github.com/goreleaser/nfpm/v2's
releases</a>.</em></p>
<blockquote>
<h2>v2.41.3</h2>
<h2>Changelog</h2>
<h3>Bug fixes</h3>
<ul>
<li>38a851d7736fe3c0a5bbdd3e0402b200093d062d: fix(deb): content file
modes to support gdebi (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/904">#904</a>)
(<a
href="https://github.com/erikgeiser"><code>@​erikgeiser</code></a>)</li>
<li>7a6c105aedf4a212962eb2277ea35e9d439e99fd: fix(rpm): signing for rpm
&lt;= 4.16 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/910">#910</a>)
(<a href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li>
</ul>
<h3>Other work</h3>
<ul>
<li>14dcdfeb0b8228b93b067b92319579285b84679f: docs: update cmd docs (<a
href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/goreleaser/nfpm/compare/v2.41.2...v2.41.3">https://github.com/goreleaser/nfpm/compare/v2.41.2...v2.41.3</a></p>
<h2>Helping out</h2>
<p>This release is only possible thanks to <strong>all</strong> the
support of <strong>awesome people</strong>!</p>
<p>Want to be one of them?
You can <a href="https://goreleaser.com/sponsors/">sponsor</a> or <a
href="https://goreleaser.com/contributing">contribute with code</a>.</p>
<h2>Where to go next?</h2>
<ul>
<li>nFPM is a satellite project from GoReleaser. <a
href="https://goreleaser.com">Check it out</a>!</li>
<li>Find examples and commented usage of all options in our <a
href="https://nfpm.goreleaser.com/">website</a>.</li>
<li>Reach out on <a href="https://discord.gg/RGEBtg8vQ6">Discord</a> and
<a href="https://twitter.com/goreleaser">Twitter</a>!</li>
</ul>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --><!-- raw HTML
omitted --></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/goreleaser/nfpm/commit/7a6c105aedf4a212962eb2277ea35e9d439e99fd"><code>7a6c105</code></a>
fix(rpm): signing for rpm &lt;= 4.16 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/910">#910</a>)</li>
<li><a
href="https://github.com/goreleaser/nfpm/commit/505f7abb79e64b49d2e218ed61de7aa3e026306b"><code>505f7ab</code></a>
chore(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/909">#909</a>)</li>
<li><a
href="https://github.com/goreleaser/nfpm/commit/63c9fedf034a85d7eea53fb4256f787856cb8cbb"><code>63c9fed</code></a>
chore(deps): bump github.com/klauspost/compress from 1.17.11 to 1.18.0
(<a
href="https://redirect.github.com/goreleaser/nfpm/issues/908">#908</a>)</li>
<li><a
href="https://github.com/goreleaser/nfpm/commit/af0cd99bf6c860ce8115a65b2a7d99b62d9534f1"><code>af0cd99</code></a>
chore(deps): bump actions/cache from 4.2.0 to 4.2.1 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/907">#907</a>)</li>
<li><a
href="https://github.com/goreleaser/nfpm/commit/4fe07d0afde91de2755abe9e5e1f98382c777b5a"><code>4fe07d0</code></a>
chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/906">#906</a>)</li>
<li><a
href="https://github.com/goreleaser/nfpm/commit/38a851d7736fe3c0a5bbdd3e0402b200093d062d"><code>38a851d</code></a>
fix(deb): content file modes to support gdebi (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/904">#904</a>)</li>
<li><a
href="https://github.com/goreleaser/nfpm/commit/0d4053627b0383c117f26c4b6c80927ff855e84f"><code>0d40536</code></a>
chore(deps): bump sigstore/cosign-installer from 3.7.0 to 3.8.0 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/905">#905</a>)</li>
<li><a
href="https://github.com/goreleaser/nfpm/commit/388cff1301509d694f1fe1ddc033750056da42da"><code>388cff1</code></a>
chore(deps): bump dependabot/fetch-metadata from 2.2.0 to 2.3.0 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/902">#902</a>)</li>
<li><a
href="https://github.com/goreleaser/nfpm/commit/9708afd8b9cbed7d5ec57279364a09c2daa7ce6d"><code>9708afd</code></a>
chore(deps): bump anchore/sbom-action from 0.17.9 to 0.18.0 (<a
href="https://redirect.github.com/goreleaser/nfpm/issues/901">#901</a>)</li>
<li><a
href="https://github.com/goreleaser/nfpm/commit/b6a1a9dd5312178e168e63b50a3489bb75f9e3f5"><code>b6a1a9d</code></a>
chore(deps): bump github.com/ProtonMail/go-crypto from 1.1.4 to 1.1.5
(<a
href="https://redirect.github.com/goreleaser/nfpm/issues/900">#900</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/goreleaser/nfpm/compare/v2.41.2...v2.41.3">compare
view</a></li>
</ul>
</details>
<br />

<details>
<summary>Most Recent Ignore Conditions Applied to This Pull
Request</summary>

| Dependency Name | Ignore Conditions |
| --- | --- |
| github.com/goreleaser/nfpm/v2 | [>= 2.24.a, < 2.25] |
</details>


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/goreleaser/nfpm/v2&package-manager=go_modules&previous-version=2.41.2&new-version=2.41.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 5154aad9924..6570161db8c 100644
--- a/go.mod
+++ b/go.mod
@@ -29,7 +29,7 @@ require (
 	github.com/google/ko v0.17.1
 	github.com/google/uuid v1.6.0
 	github.com/goreleaser/fileglob v1.3.0
-	github.com/goreleaser/nfpm/v2 v2.41.2
+	github.com/goreleaser/nfpm/v2 v2.41.3
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/invopop/jsonschema v0.13.0
 	github.com/jarcoal/httpmock v1.3.1
@@ -118,7 +118,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.3.0 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
-	github.com/ProtonMail/go-crypto v1.1.4 // indirect
+	github.com/ProtonMail/go-crypto v1.1.6 // indirect
 	github.com/alessio/shellescape v1.4.2 // indirect
 	github.com/anchore/go-logger v0.0.0-20241005132348-65b4486fbb28 // indirect
 	github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb // indirect
diff --git a/go.sum b/go.sum
index bb11b04a7ad..540b36124e5 100644
--- a/go.sum
+++ b/go.sum
@@ -102,8 +102,8 @@ github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERo
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
 github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
-github.com/ProtonMail/go-crypto v1.1.4 h1:G5U5asvD5N/6/36oIw3k2bOfBn5XVcZrb7PBjzzKKoE=
-github.com/ProtonMail/go-crypto v1.1.4/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
+github.com/ProtonMail/go-crypto v1.1.6 h1:ZcV+Ropw6Qn0AX9brlQLAUXfqLBc7Bl+f/DmNxpLfdw=
+github.com/ProtonMail/go-crypto v1.1.6/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
 github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k=
 github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw=
 github.com/ProtonMail/gopenpgp/v2 v2.7.1 h1:Awsg7MPc2gD3I7IFac2qE3Gdls0lZW8SzrFZ3k1oz0s=
@@ -473,8 +473,8 @@ github.com/goreleaser/chglog v0.6.2 h1:qroqdMHzwoAPTHHzJtbCfYbwg/yWJrNQApZ6IQAq8
 github.com/goreleaser/chglog v0.6.2/go.mod h1:BP0xQQc6B8aM+4dhvSLlVTv0rvhuOF0JacDO1+h7L3U=
 github.com/goreleaser/fileglob v1.3.0 h1:/X6J7U8lbDpQtBvGcwwPS6OpzkNVlVEsFUVRx9+k+7I=
 github.com/goreleaser/fileglob v1.3.0/go.mod h1:Jx6BoXv3mbYkEzwm9THo7xbr5egkAraxkGorbJb4RxU=
-github.com/goreleaser/nfpm/v2 v2.41.2 h1:yOjpPlft5zpMPusbIWICphycIjE5orpY/IyMbkBbIJU=
-github.com/goreleaser/nfpm/v2 v2.41.2/go.mod h1:zvk0z+wsPKe7Qdsp7z0ZJ9asnbwwhJUEsdOsPkgVC1E=
+github.com/goreleaser/nfpm/v2 v2.41.3 h1:IRRsqv5NgiCKUy57HjQgfVBFb44VH8+r1mWeEF8OuA4=
+github.com/goreleaser/nfpm/v2 v2.41.3/go.mod h1:0t54RfPX6/iKANsVLbB3XgtfQXzG1nS4HmSavN92qVY=
 github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=

From ce4c4a602e0a9e1f562d4e649eb95761d26a1dbe Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 28 Feb 2025 10:05:47 -0300
Subject: [PATCH 087/119] chore(deps): bump actions/cache from 4.2.1 to 4.2.2
 (#5605)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 .github/workflows/release.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 96b342c7b7c..aebb8c6cc35 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -68,7 +68,7 @@ jobs:
           version: 3.x
           repo-token: ${{ secrets.GITHUB_TOKEN }}
       - uses: docker/setup-qemu-action@5964de0df58d5ad28b04d8fe2e6b80ad47105b91 # v2
-      - uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4
+      - uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
         with:
           path: |
             ./dist/*.deb
@@ -103,7 +103,7 @@ jobs:
       - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v4
         with:
           go-version: stable
-      - uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4
+      - uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
         with:
           path: |
             ./dist/*.deb

From 45781f0f8491fcd8261a7f9b5fd4a223b0a8af96 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 28 Feb 2025 10:06:20 -0300
Subject: [PATCH 088/119] chore(deps): bump codecov/codecov-action from 5.3.1
 to 5.4.0 (#5601)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 13003ddf830..6d1ad837009 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -74,7 +74,7 @@ jobs:
       - run: task setup
       - run: task build
       - run: task test
-      - uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5
+      - uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
         if: matrix.os == 'ubuntu-latest'
         with:
           file: ./coverage.txt

From b15b28c8c756576c7e05874562049660510cb529 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Mar 2025 08:25:37 +0000
Subject: [PATCH 089/119] chore(deps): bump docker/setup-qemu-action from 3.5.0
 to 3.6.0 (#5608)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[docker/setup-qemu-action](https://github.com/docker/setup-qemu-action)
from 3.5.0 to 3.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.6.0</h2>
<ul>
<li>Display binfmt version by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/202">docker/setup-qemu-action#202</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-qemu-action/compare/v3.5.0...v3.6.0">https://github.com/docker/setup-qemu-action/compare/v3.5.0...v3.6.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/29109295f81e9208d7d86ff1c6c12d2833863392"><code>2910929</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/202">#202</a>
from crazy-max/binfmt-version</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/7ffe24aa9a8440b164354dd7e2e6793b43bc73fa"><code>7ffe24a</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/setup-qemu-action/commit/17bc18bb05034c78f2ede32a8bbefcb428ed3f54"><code>17bc18b</code></a>
display binfmt version</li>
<li>See full diff in <a
href="https://github.com/docker/setup-qemu-action/compare/5964de0df58d5ad28b04d8fe2e6b80ad47105b91...29109295f81e9208d7d86ff1c6c12d2833863392">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-qemu-action&package-manager=github_actions&previous-version=3.5.0&new-version=3.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/build.yml       | 2 +-
 .github/workflows/nightly-oss.yml | 2 +-
 .github/workflows/release.yml     | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 6d1ad837009..aa4ea5dff9c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -44,7 +44,7 @@ jobs:
         with:
           version: 3.x
           repo-token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: docker/setup-qemu-action@5964de0df58d5ad28b04d8fe2e6b80ad47105b91 # v3
+      - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3
         if: matrix.os == 'ubuntu-latest'
       - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
         if: matrix.os == 'ubuntu-latest'
diff --git a/.github/workflows/nightly-oss.yml b/.github/workflows/nightly-oss.yml
index 3d7ec3779d9..24ea8e9aede 100644
--- a/.github/workflows/nightly-oss.yml
+++ b/.github/workflows/nightly-oss.yml
@@ -51,7 +51,7 @@ jobs:
         with:
           version: 3.x
           repo-token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: docker/setup-qemu-action@5964de0df58d5ad28b04d8fe2e6b80ad47105b91 # v2
+      - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v2
       - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
       - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v4
         with:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index aebb8c6cc35..1e2f447bb99 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -67,7 +67,7 @@ jobs:
         with:
           version: 3.x
           repo-token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: docker/setup-qemu-action@5964de0df58d5ad28b04d8fe2e6b80ad47105b91 # v2
+      - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v2
       - uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
         with:
           path: |
@@ -96,7 +96,7 @@ jobs:
         with:
           version: 3.x
           repo-token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: docker/setup-qemu-action@5964de0df58d5ad28b04d8fe2e6b80ad47105b91 # v2
+      - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v2
       - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3
       - name: setup-snapcraft
         run: sudo snap install snapcraft --classic

From df2d2534281b2ce9c86b2fc23ad5037595803018 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Mar 2025 09:06:51 +0000
Subject: [PATCH 090/119] chore(deps): bump gitlab.com/gitlab-org/api/client-go
 from 0.123.0 to 0.124.0 (#5609)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[gitlab.com/gitlab-org/api/client-go](https://gitlab.com/gitlab-org/api/client-go)
from 0.123.0 to 0.124.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://gitlab.com/gitlab-org/api/client-go/tags">gitlab.com/gitlab-org/api/client-go's
releases</a>.</em></p>
<blockquote>
<h2>v0.124.0</h2>
<h2>0.124.0 (2025-02-28)</h2>
<h3>Breaking Changes (4 changes)</h3>
<ul>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/-/commit/65524df62bbcef5ad2debf21aef51bac8c4c3526">Refactor
ShareWithGroup as a Named Struct instead of an Anonymous Struct</a> by
<a href="https://github.com/heidi"><code>@​heidi</code></a>.berry (<a
href="https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2181">merge
request</a>)</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/-/commit/6d63332b5704b5dff060e88c058215738b4abae7">Add
support for instance member roles API, and align
<code>CreateMemberRoleOptions</code>...</a> by <a
href="https://github.com/heidi"><code>@​heidi</code></a>.berry (<a
href="https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2179">merge
request</a>)</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/-/commit/42ec248d8b3bd359b57740e4f9b0f3d03ba02b97">Switch
to using BasicMergeRequest for API endpoints that use it</a> by <a
href="https://github.com/heidi"><code>@​heidi</code></a>.berry (<a
href="https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2176">merge
request</a>)</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/-/commit/761f7de049e19f7486ebe1bda00b713713e6885d">Add
state option when listing project access tokens. This requires
that...</a> by <a
href="https://github.com/heidi"><code>@​heidi</code></a>.berry (<a
href="https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2170">merge
request</a>)</li>
</ul>
<h3>Improvements (13 changes)</h3>
<ul>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/-/commit/fd06b55dbfc6ff2ca15706648b512d85f35fcf2f">Add
bundled reviewable command for ease of local development</a> by <a
href="https://github.com/heidi"><code>@​heidi</code></a>.berry (<a
href="https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2180">merge
request</a>)</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/-/commit/bf2d5c0f6bb8b93a005ceac6f9f60c0feea8d633">Add
function for uploading a wiki attachment</a> by <a
href="https://github.com/heidi"><code>@​heidi</code></a>.berry (<a
href="https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2177">merge
request</a>)</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/-/commit/c103a6b83ef874d727e9f3760d82647b588f69e9">Add
internal flag when creating different types of notes. Update
documentation...</a> by <a
href="https://github.com/heidi"><code>@​heidi</code></a>.berry (<a
href="https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2172">merge
request</a>)</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/-/commit/27f52bd13d5d087bba18972404141acce4c17716">Add
<code>Internal</code> support to <code>CreateIssueNoteOptions</code></a>
by <a href="https://github.com/ebuildy"><code>@​ebuildy</code></a> (<a
href="https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2154">merge
request</a>)</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/-/commit/601d75bc57337619b2bc2c1964070d1c98fdcfa0">Add
support for Secure Files API</a> by <a
href="https://github.com/heidi"><code>@​heidi</code></a>.berry (<a
href="https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2171">merge
request</a>)</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/-/commit/ece925e686e8cea22f00d2263e2c845c5b1d0f51">add
ci_delete_pipelines_in_seconds to project edit and read</a> by <a
href="https://github.com/kingcrunch"><code>@​kingcrunch</code></a> (<a
href="https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2158">merge
request</a>)</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/-/commit/72e52c99db72b3fd6200c01d9aa1a72d67a24738">Add
filter to group variables update and delete</a> by <a
href="https://github.com/heidi"><code>@​heidi</code></a>.berry (<a
href="https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2169">merge
request</a>)</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/-/commit/4c519f881c7ad7decaa80de47ef861d8803da5dc">Add
support for group releases API</a> by <a
href="https://github.com/heidi"><code>@​heidi</code></a>.berry (<a
href="https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2162">merge
request</a>)</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/-/commit/390a3caceaba82f2cf351f129ca78050c6a83217">Add
description to personal access token APIs</a> by <a
href="https://github.com/heidi"><code>@​heidi</code></a>.berry (<a
href="https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2165">merge
request</a>)</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/-/commit/23a6b28a8ebe475067b8da47646c737af8efaf1a">Add
description to group access token APIs</a> by <a
href="https://github.com/heidi"><code>@​heidi</code></a>.berry (<a
href="https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2166">merge
request</a>)</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/-/commit/bb10e8c656627f4d4781e82da1004b2d7f3a3bda">Add
description to project access token APIs</a> by <a
href="https://github.com/heidi"><code>@​heidi</code></a>.berry (<a
href="https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2167">merge
request</a>)</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/-/commit/82645d9d45e889d22d20d502de12f8ccb573744b">Add
'username' support to AddProjectMemberOptions</a> by <a
href="https://github.com/sy-be"><code>@​sy-be</code></a> (<a
href="https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2163">merge
request</a>)</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/-/commit/380a7809d2997f78e16419a0b337059e7a234532">Update
Group Hooks to add missing options and fix documentation links</a> by <a
href="https://github.com/heidi"><code>@​heidi</code></a>.berry (<a
href="https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2159">merge
request</a>)</li>
</ul>
<h3>Breaking Change (1 change)</h3>
<ul>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/-/commit/a17c2255e18d05fcb7216ec750ae525994aaf221">Fix
return value of CreateMergeRequestDependency to return a single...</a>
by <a href="https://github.com/llxp"><code>@​llxp</code></a> (<a
href="https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2174">merge
request</a>)</li>
</ul>
<h3>Features (1 change)</h3>
<ul>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/-/commit/2826180657895a6bc511d251dd421ebaa473af39">Add
support for project security settings API</a> by <a
href="https://github.com/heidi"><code>@​heidi</code></a>.berry (<a
href="https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2157">merge
request</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/commit/04cfd773c7d4ba42bf5afb72a7d060e56a741b96"><code>04cfd77</code></a>
Merge branch 'named-struct-for-shared-with-group' into 'main'</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/commit/65524df62bbcef5ad2debf21aef51bac8c4c3526"><code>65524df</code></a>
Refactor ShareWithGroup as a Named Struct instead of an Anonymous
Struct</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/commit/1be346515886d867c8ffa546d2bb024728e18051"><code>1be3465</code></a>
Merge branch 'support-instance-custom-roles' into 'main'</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/commit/6d63332b5704b5dff060e88c058215738b4abae7"><code>6d63332</code></a>
Add support for instance member roles API, and align
`CreateMemberRoleOptions...</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/commit/8b50e96906f36c68681131c2722f53761bc7dcdd"><code>8b50e96</code></a>
Merge branch 'use-basic-merge-request' into 'main'</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/commit/42ec248d8b3bd359b57740e4f9b0f3d03ba02b97"><code>42ec248</code></a>
Switch to using BasicMergeRequest for API endpoints that use it</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/commit/34a11062f6c976692b035061a90a1f7d4721e328"><code>34a1106</code></a>
Merge branch 'add-reviewable-command' into 'main'</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/commit/fd06b55dbfc6ff2ca15706648b512d85f35fcf2f"><code>fd06b55</code></a>
Add bundled reviewable command for ease of local development</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/commit/3d91c3aa06ded04529e8ec191e2a6b679d7fbbb9"><code>3d91c3a</code></a>
Merge branch 'add-wiki-attachment-uploads' into 'main'</li>
<li><a
href="https://gitlab.com/gitlab-org/api/client-go/commit/bf2d5c0f6bb8b93a005ceac6f9f60c0feea8d633"><code>bf2d5c0</code></a>
Add function for uploading a wiki attachment</li>
<li>Additional commits viewable in <a
href="https://gitlab.com/gitlab-org/api/client-go/compare/v0.123.0...v0.124.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gitlab.com/gitlab-org/api/client-go&package-manager=go_modules&previous-version=0.123.0&new-version=0.124.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 6570161db8c..68a25376e71 100644
--- a/go.mod
+++ b/go.mod
@@ -44,7 +44,7 @@ require (
 	github.com/spf13/cobra v1.9.1
 	github.com/stretchr/testify v1.10.0
 	github.com/ulikunitz/xz v0.5.12
-	gitlab.com/gitlab-org/api/client-go v0.123.0
+	gitlab.com/gitlab-org/api/client-go v0.124.0
 	gocloud.dev v0.40.0
 	golang.org/x/crypto v0.35.0
 	golang.org/x/oauth2 v0.27.0
diff --git a/go.sum b/go.sum
index 540b36124e5..a892ea65390 100644
--- a/go.sum
+++ b/go.sum
@@ -829,8 +829,8 @@ github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 gitlab.com/digitalxero/go-conventional-commit v1.0.7 h1:8/dO6WWG+98PMhlZowt/YjuiKhqhGlOCwlIV8SqqGh8=
 gitlab.com/digitalxero/go-conventional-commit v1.0.7/go.mod h1:05Xc2BFsSyC5tKhK0y+P3bs0AwUtNuTp+mTpbCU/DZ0=
-gitlab.com/gitlab-org/api/client-go v0.123.0 h1:W3LZ5QNyiSCJA0Zchkwz8nQIUzOuDoSWMZtRDT5DjPI=
-gitlab.com/gitlab-org/api/client-go v0.123.0/go.mod h1:Jh0qjLILEdbO6z/OY94RD+3NDQRUKiuFSFYozN6cpKM=
+gitlab.com/gitlab-org/api/client-go v0.124.0 h1:6i/uAl3QZur0F4S+42d9/k8y1Lf+htPqQ9YgXZJ2oQI=
+gitlab.com/gitlab-org/api/client-go v0.124.0/go.mod h1:Jh0qjLILEdbO6z/OY94RD+3NDQRUKiuFSFYozN6cpKM=
 go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80=
 go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=

From e28232c38efc17e1b59d1bb00c9007cc7d6865eb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Mar 2025 08:59:57 +0000
Subject: [PATCH 091/119] chore(deps): bump golang from 1.24.0-alpine to
 1.24.1-alpine (#5614)

Bumps golang from 1.24.0-alpine to 1.24.1-alpine.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang&package-manager=docker&previous-version=1.24.0-alpine&new-version=1.24.1-alpine)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 0366f853e73..282601535fa 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.24.0-alpine@sha256:2d40d4fc278dad38be0777d5e2a88a2c6dee51b0b29c97a764fc6c6a11ca893c
+FROM golang:1.24.1-alpine@sha256:43c094ad24b6ac0546c62193baeb3e6e49ce14d3250845d166c77c25f64b0386
 
 RUN apk add --no-cache bash \
 	build-base \

From 39c1b1ccbf4d25b77f91828873460b8dc80a6898 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Wed, 5 Mar 2025 23:16:31 -0300
Subject: [PATCH 092/119] fix: notarize timeout being typed as string in
 jsonschema

refs #5618

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 pkg/config/config.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/config/config.go b/pkg/config/config.go
index 6b85e6b9f84..c394f2d2472 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -1065,7 +1065,7 @@ type MacOSNotarize struct {
 	IssuerID string        `yaml:"issuer_id" json:"issuer_id"`
 	Key      string        `yaml:"key" json:"key"`
 	KeyID    string        `yaml:"key_id" json:"key_id"`
-	Timeout  time.Duration `yaml:"timeout,omitempty" json:"timeout,omitempty"`
+	Timeout  time.Duration `yaml:"timeout,omitempty" json:"timeout,omitempty" jsonschema:"type=string"`
 	Wait     bool          `yaml:"wait,omitempty" json:"wait,omitempty"`
 }
 

From 8675c4c618691580f6d1ac2bd993f12b7a7cdfe7 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Wed, 5 Mar 2025 23:17:23 -0300
Subject: [PATCH 093/119] chore: update schema

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 www/docs/static/schema-pro.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/docs/static/schema-pro.json b/www/docs/static/schema-pro.json
index 5e4ef1d228f..172b2cf51b4 100644
--- a/www/docs/static/schema-pro.json
+++ b/www/docs/static/schema-pro.json
@@ -2348,7 +2348,7 @@
 						"type": "string"
 					},
 					"timeout": {
-						"type": "integer"
+						"type": "string"
 					},
 					"wait": {
 						"type": "boolean"

From c7f89663c5304eee87aac5f569083af69aed0a93 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Wed, 5 Mar 2025 23:51:51 -0300
Subject: [PATCH 094/119] docs: commit_author fields are templateable

closes #5613
---
 www/docs/customization/aur.md        | 1 +
 www/docs/customization/aursources.md | 1 +
 www/docs/customization/homebrew.md   | 1 +
 www/docs/customization/krew.md       | 1 +
 www/docs/customization/nix.md        | 1 +
 www/docs/customization/scoop.md      | 1 +
 www/docs/customization/winget.md     | 1 +
 7 files changed, 7 insertions(+)

diff --git a/www/docs/customization/aur.md b/www/docs/customization/aur.md
index a6dd7f42ca6..abca5f9912c 100644
--- a/www/docs/customization/aur.md
+++ b/www/docs/customization/aur.md
@@ -127,6 +127,7 @@ aurs:
       install -Dm644 "./manpages/mybin.1.gz" "${pkgdir}/usr/share/man/man1/mybin.1.gz"
 
     # Git author used to commit to the repository.
+    # Templates: allowed.
     commit_author:
       name: goreleaserbot
       email: bot@goreleaser.com
diff --git a/www/docs/customization/aursources.md b/www/docs/customization/aursources.md
index 8845a6cf599..d0a9fc50d47 100644
--- a/www/docs/customization/aursources.md
+++ b/www/docs/customization/aursources.md
@@ -130,6 +130,7 @@ aur_sources:
       install -Dsm755 ./myapp "${pkgdir}/usr/bin/myapp"
 
     # Git author used to commit to the repository.
+    # Templates: allowed.
     commit_author:
       name: goreleaserbot
       email: bot@goreleaser.com
diff --git a/www/docs/customization/homebrew.md b/www/docs/customization/homebrew.md
index 13ee8e44765..08638d772df 100644
--- a/www/docs/customization/homebrew.md
+++ b/www/docs/customization/homebrew.md
@@ -82,6 +82,7 @@ brews:
     custom_require: custom_download_strategy
 
     # Git author used to commit to the repository.
+    # Templates: allowed.
     commit_author:
       name: goreleaserbot
       email: bot@goreleaser.com
diff --git a/www/docs/customization/krew.md b/www/docs/customization/krew.md
index 5025f2bcba3..8c5e4841dde 100644
--- a/www/docs/customization/krew.md
+++ b/www/docs/customization/krew.md
@@ -48,6 +48,7 @@ krews:
     url_template: "http://github.mycompany.com/foo/bar/releases/{{ .Tag }}/{{ .ArtifactName }}"
 
     # Git author used to commit to the repository.
+    # Templates: allowed.
     commit_author:
       name: goreleaserbot
       email: bot@goreleaser.com
diff --git a/www/docs/customization/nix.md b/www/docs/customization/nix.md
index ef60ddb3bb1..d4bb8480ecc 100644
--- a/www/docs/customization/nix.md
+++ b/www/docs/customization/nix.md
@@ -33,6 +33,7 @@ nix:
     url_template: "https://github.mycompany.com/foo/bar/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
 
     # Git author used to commit to the repository.
+    # Templates: allowed.
     commit_author:
       name: goreleaserbot
       email: bot@goreleaser.com
diff --git a/www/docs/customization/scoop.md b/www/docs/customization/scoop.md
index 085ccdda1b8..5b51dc55fce 100644
--- a/www/docs/customization/scoop.md
+++ b/www/docs/customization/scoop.md
@@ -42,6 +42,7 @@ scoops:
     use: msi
 
     # Git author used to commit to the repository.
+    # Templates: allowed.
     commit_author:
       name: goreleaserbot
       email: bot@goreleaser.com
diff --git a/www/docs/customization/winget.md b/www/docs/customization/winget.md
index 8aaaa470fed..031f59f56bd 100644
--- a/www/docs/customization/winget.md
+++ b/www/docs/customization/winget.md
@@ -88,6 +88,7 @@ winget:
     url_template: "https://github.mycompany.com/foo/bar/releases/download/{{ .Tag }}/{{ .ArtifactName }}"
 
     # Git author used to commit to the repository.
+    # Templates: allowed.
     commit_author:
       name: goreleaserbot
       email: bot@goreleaser.com

From 8ff0e5a48093c7f25aa419365bf84a766b8edd61 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 6 Mar 2025 08:38:43 +0000
Subject: [PATCH 095/119] chore(deps): bump golang.org/x/crypto from 0.35.0 to
 0.36.0 (#5622)

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from
0.35.0 to 0.36.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/crypto/commit/49bf5b80c8108983f588ecabd7bf996e6e63a515"><code>49bf5b8</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/crypto/commit/24852b6b3fe89f0f239f5e7181473a28e39ae814"><code>24852b6</code></a>
ssh: add decode support for banners</li>
<li><a
href="https://github.com/golang/crypto/commit/bbc689cf5cfb1b9f9ea88939690590d3521c2487"><code>bbc689c</code></a>
ssh: use a more straightforward return value</li>
<li>See full diff in <a
href="https://github.com/golang/crypto/compare/v0.35.0...v0.36.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/crypto&package-manager=go_modules&previous-version=0.35.0&new-version=0.36.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 10 +++++-----
 go.sum | 20 ++++++++++----------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/go.mod b/go.mod
index 68a25376e71..04cca1d2852 100644
--- a/go.mod
+++ b/go.mod
@@ -46,10 +46,10 @@ require (
 	github.com/ulikunitz/xz v0.5.12
 	gitlab.com/gitlab-org/api/client-go v0.124.0
 	gocloud.dev v0.40.0
-	golang.org/x/crypto v0.35.0
+	golang.org/x/crypto v0.36.0
 	golang.org/x/oauth2 v0.27.0
-	golang.org/x/sync v0.11.0
-	golang.org/x/text v0.22.0
+	golang.org/x/sync v0.12.0
+	golang.org/x/text v0.23.0
 	golang.org/x/tools v0.30.0
 	gopkg.in/mail.v2 v2.3.1
 	gopkg.in/yaml.v3 v3.0.1
@@ -349,8 +349,8 @@ require (
 	golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect
 	golang.org/x/mod v0.23.0 // indirect
 	golang.org/x/net v0.35.0 // indirect
-	golang.org/x/sys v0.30.0 // indirect
-	golang.org/x/term v0.29.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/term v0.30.0 // indirect
 	golang.org/x/time v0.9.0 // indirect
 	golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9 // indirect
 	google.golang.org/api v0.197.0 // indirect
diff --git a/go.sum b/go.sum
index a892ea65390..b472dc8b439 100644
--- a/go.sum
+++ b/go.sum
@@ -919,8 +919,8 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
-golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
-golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c h1:7dEasQXItcW1xKJ2+gg5VOiBnqWrJc+rq0DPKyvvdbY=
 golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8=
@@ -973,8 +973,8 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
-golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
+golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1001,16 +1001,16 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
-golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
-golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
-golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
+golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
+golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -1019,8 +1019,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
-golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
 golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=

From 6176e985909063e67b401d6d41055d9788a641fb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 6 Mar 2025 08:55:47 +0000
Subject: [PATCH 096/119] chore(deps): bump golang.org/x/tools from 0.30.0 to
 0.31.0 (#5626)

Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.30.0
to 0.31.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/tools/commit/6a5b66bef78dc7a1cf8593b276f35102ec0cb11c"><code>6a5b66b</code></a>
go.mod: update golang.org/x dependencies</li>
<li><a
href="https://github.com/golang/tools/commit/25a90befcdf96d15f13dd947b7395c8531dc67de"><code>25a90be</code></a>
gopls/internal/golang: Implementations for func types</li>
<li><a
href="https://github.com/golang/tools/commit/db6008cb90f09485deb11255e5dd6da114b4ecef"><code>db6008c</code></a>
go/types/internal/play: show Cursor.Stack of selected node</li>
<li><a
href="https://github.com/golang/tools/commit/ece9e9ba0760eb361376c8a890b24e89db031d9e"><code>ece9e9b</code></a>
gopls/doc/generate: add status in codelenses and inlayhints</li>
<li><a
href="https://github.com/golang/tools/commit/340f21a49b9cad20d07a2b58e483a991084dc481"><code>340f21a</code></a>
gopls: move gopls/doc/generate package</li>
<li><a
href="https://github.com/golang/tools/commit/07219402b2fc707689574d91ee3cfd2c9a544a87"><code>0721940</code></a>
gopls/internal/analysis/modernize: strings.Fields -&gt; FieldsSeq</li>
<li><a
href="https://github.com/golang/tools/commit/8d38122b0b1a9991f490aa06b7bfca7b4140bdad"><code>8d38122</code></a>
gopls/internal/cache: reproduce and fix crash on if cond overflow</li>
<li><a
href="https://github.com/golang/tools/commit/d81d6fcce1a24f2b8d0a9493f4d84b75c80176e4"><code>d81d6fc</code></a>
gopls/internal/util/asm: better assembly parsing</li>
<li><a
href="https://github.com/golang/tools/commit/455db21bd963fea3efdf0473e0ddce37313b8f91"><code>455db21</code></a>
gopls/internal/cache/parsego: fix OOB crash in fixInitStmt</li>
<li><a
href="https://github.com/golang/tools/commit/2b1f55036370bc9a05bed74aa13fa85fecce40e2"><code>2b1f550</code></a>
gopls/internal/analysis/gofix: allow literal array lengths</li>
<li>Additional commits viewable in <a
href="https://github.com/golang/tools/compare/v0.30.0...v0.31.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/tools&package-manager=go_modules&previous-version=0.30.0&new-version=0.31.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 04cca1d2852..43dc23403c4 100644
--- a/go.mod
+++ b/go.mod
@@ -50,7 +50,7 @@ require (
 	golang.org/x/oauth2 v0.27.0
 	golang.org/x/sync v0.12.0
 	golang.org/x/text v0.23.0
-	golang.org/x/tools v0.30.0
+	golang.org/x/tools v0.31.0
 	gopkg.in/mail.v2 v2.3.1
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -347,8 +347,8 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect
-	golang.org/x/mod v0.23.0 // indirect
-	golang.org/x/net v0.35.0 // indirect
+	golang.org/x/mod v0.24.0 // indirect
+	golang.org/x/net v0.37.0 // indirect
 	golang.org/x/sys v0.31.0 // indirect
 	golang.org/x/term v0.30.0 // indirect
 	golang.org/x/time v0.9.0 // indirect
diff --git a/go.sum b/go.sum
index b472dc8b439..0f4ed1f7bab 100644
--- a/go.sum
+++ b/go.sum
@@ -936,8 +936,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM=
-golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
+golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -957,8 +957,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
-golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=
-golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=
+golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
+golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
 golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
@@ -1040,8 +1040,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps=
-golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY=
-golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY=
+golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU=
+golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From 15fa2f0346a4a3b55628a05059a27bfbbf88a991 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 6 Mar 2025 08:56:05 +0000
Subject: [PATCH 097/119] chore(deps): bump golang.org/x/oauth2 from 0.27.0 to
 0.28.0 (#5623)

Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from
0.27.0 to 0.28.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/golang/oauth2/commit/0042180b24f3cfe500f4cad3cabbc33c0a341f78"><code>0042180</code></a>
oauth2: Deep copy context client in NewClient</li>
<li><a
href="https://github.com/golang/oauth2/commit/ce350bff61d844ec163c2a0c0eaf35c71948cae7"><code>ce350bf</code></a>
oauth2: remove unneeded TokenSource implementation in transport
test</li>
<li><a
href="https://github.com/golang/oauth2/commit/44967abe9097d1169118ef5de80b29ef293edc15"><code>44967ab</code></a>
google: fix typos</li>
<li><a
href="https://github.com/golang/oauth2/commit/9c82a8cf7ac23b0c34d335ffae37db2995a5ad37"><code>9c82a8c</code></a>
oauth2.go: use a more straightforward return value</li>
<li>See full diff in <a
href="https://github.com/golang/oauth2/compare/v0.27.0...v0.28.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang.org/x/oauth2&package-manager=go_modules&previous-version=0.27.0&new-version=0.28.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 43dc23403c4..aa23da7960d 100644
--- a/go.mod
+++ b/go.mod
@@ -47,7 +47,7 @@ require (
 	gitlab.com/gitlab-org/api/client-go v0.124.0
 	gocloud.dev v0.40.0
 	golang.org/x/crypto v0.36.0
-	golang.org/x/oauth2 v0.27.0
+	golang.org/x/oauth2 v0.28.0
 	golang.org/x/sync v0.12.0
 	golang.org/x/text v0.23.0
 	golang.org/x/tools v0.31.0
diff --git a/go.sum b/go.sum
index 0f4ed1f7bab..c47cf42cb76 100644
--- a/go.sum
+++ b/go.sum
@@ -960,8 +960,8 @@ golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
 golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
 golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
-golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=
+golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=

From b464219a78999b46ff8e8841cbd9d7d190188291 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Thu, 6 Mar 2025 21:55:40 -0300
Subject: [PATCH 098/119] feat(aur,aursources): support install scripts (#5621)

closes #5485

---------

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 internal/pipe/aur/aur.go                      |  9 ++++++
 internal/pipe/aur/aur_test.go                 | 28 +++++++++++++------
 internal/pipe/aur/testdata/TestFullAur.golden |  1 +
 .../with-more-opts.pkgbuild.golden            |  1 +
 .../aur/testdata/TestRunPipe.pkgbuild.golden  |  1 +
 .../pipe/aur/testdata/TestRunPipe.sh.golden   | 11 ++++++++
 internal/pipe/aur/testdata/install.sh         | 11 ++++++++
 internal/pipe/aur/tmpl.go                     |  4 +++
 internal/pipe/aursources/aursources.go        |  8 ++++++
 internal/pipe/aursources/aursources_test.go   | 27 ++++++++++++------
 .../with-more-opts.pkgbuild.golden            |  1 +
 .../testdata/TestRunPipe.pkgbuild.golden      |  1 +
 .../aursources/testdata/TestRunPipe.sh.golden | 11 ++++++++
 internal/pipe/aursources/testdata/install.sh  | 11 ++++++++
 internal/pipe/aursources/tmpl.go              |  4 +++
 pkg/config/config.go                          |  2 ++
 www/docs/customization/aur.md                 |  7 +++++
 www/docs/customization/aursources.md          |  7 +++++
 18 files changed, 129 insertions(+), 16 deletions(-)
 create mode 100644 internal/pipe/aur/testdata/TestRunPipe.sh.golden
 create mode 100644 internal/pipe/aur/testdata/install.sh
 create mode 100644 internal/pipe/aursources/testdata/TestRunPipe.sh.golden
 create mode 100644 internal/pipe/aursources/testdata/install.sh

diff --git a/internal/pipe/aur/aur.go b/internal/pipe/aur/aur.go
index bb8c36525f1..5d09c7014e9 100644
--- a/internal/pipe/aur/aur.go
+++ b/internal/pipe/aur/aur.go
@@ -248,6 +248,7 @@ func applyTemplate(ctx *context.Context, tpl string, data templateData) (string,
 				"fixLines":   fixLines,
 				"pkgArray":   toPkgBuildArray,
 				"quoteField": quoteField,
+				"trimsuffix": strings.TrimSuffix,
 			}).
 			Parse(tpl),
 	)
@@ -319,6 +320,7 @@ func dataFor(ctx *context.Context, cfg config.AUR, cl client.ReleaseURLTemplater
 		Depends:      cfg.Depends,
 		OptDepends:   cfg.OptDepends,
 		Package:      cfg.Package,
+		Install:      cfg.Install,
 	}
 
 	for _, art := range artifacts {
@@ -411,6 +413,13 @@ func doPublish(ctx *context.Context, pkgs []*artifact.Artifact) error {
 		Name: fmt.Sprintf("%x", sha256.Sum256([]byte(cfg.GitURL))),
 	})
 
+	if cfg.Install != "" {
+		pkgs = append(pkgs, &artifact.Artifact{
+			Name: strings.TrimSuffix(cfg.Name, "-bin") + ".install",
+			Path: cfg.Install,
+		})
+	}
+
 	files := make([]client.RepoFile, 0, len(pkgs))
 	for _, pkg := range pkgs {
 		content, err := os.ReadFile(pkg.Path)
diff --git a/internal/pipe/aur/aur_test.go b/internal/pipe/aur/aur_test.go
index 27ad31640cc..3dc50543279 100644
--- a/internal/pipe/aur/aur_test.go
+++ b/internal/pipe/aur/aur_test.go
@@ -52,6 +52,7 @@ func createTemplateData() templateData {
 		},
 		License: "MIT",
 		Version: "0.1.3",
+		Install: "./testdata/install.sh",
 		Package: `# bin
 		install -Dm755 "./goreleaser" "${pkgdir}/usr/bin/goreleaser"
 
@@ -182,6 +183,7 @@ func TestFullPipe(t *testing.T) {
 				ctx.Config.AURs[0].OptDepends = []string{"wget: stuff", "foo: bar"}
 				ctx.Config.AURs[0].Provides = []string{"git", "svn"}
 				ctx.Config.AURs[0].Conflicts = []string{"libcurl", "cvs", "blah"}
+				ctx.Config.AURs[0].Install = "./testdata/install.sh"
 			},
 		},
 		"default-gitlab": {
@@ -390,6 +392,7 @@ func TestRunPipe(t *testing.T) {
 					IDs:         []string{"foo"},
 					GitURL:      url,
 					PrivateKey:  key,
+					Install:     "./testdata/install.sh",
 				},
 			},
 			GitHubURLs: config.GitHubURLs{
@@ -495,7 +498,11 @@ func TestRunPipe(t *testing.T) {
 	require.NoError(t, runAll(ctx, client))
 	require.NoError(t, Pipe{}.Publish(ctx))
 
-	requireEqualRepoFiles(t, folder, ".", "foo", url)
+	requireEqualRepoFilesMap(t, ".", url, map[string]string{
+		"PKGBUILD":    filepath.Join(folder, "aur", "foo-bin.pkgbuild"),
+		".SRCINFO":    filepath.Join(folder, "aur", "foo-bin.srcinfo"),
+		"foo.install": "./testdata/install.sh",
+	})
 }
 
 func TestRunPipeMultipleConfigurations(t *testing.T) {
@@ -872,19 +879,16 @@ func TestSkip(t *testing.T) {
 	})
 }
 
-func requireEqualRepoFiles(tb testing.TB, distDir, repoDir, name, url string) {
+func requireEqualRepoFilesMap(tb testing.TB, repoDir, url string, files map[string]string) {
 	tb.Helper()
 	dir := tb.TempDir()
 	_, err := git.Run(testctx.New(), "-C", dir, "clone", url, "repo")
 	require.NoError(tb, err)
 
-	for reponame, ext := range map[string]string{
-		"PKGBUILD": ".pkgbuild",
-		".SRCINFO": ".srcinfo",
-	} {
-		path := filepath.Join(distDir, "aur", name+"-bin"+ext)
-		bts, err := os.ReadFile(path)
+	for reponame, distpath := range files {
+		bts, err := os.ReadFile(distpath)
 		require.NoError(tb, err)
+		ext := filepath.Ext(distpath)
 		golden.RequireEqualExt(tb, bts, ext)
 
 		bts, err = os.ReadFile(filepath.Join(dir, "repo", repoDir, reponame))
@@ -892,3 +896,11 @@ func requireEqualRepoFiles(tb testing.TB, distDir, repoDir, name, url string) {
 		golden.RequireEqualExt(tb, bts, ext)
 	}
 }
+
+func requireEqualRepoFiles(tb testing.TB, distDir, repoDir, name, url string) {
+	tb.Helper()
+	requireEqualRepoFilesMap(tb, repoDir, url, map[string]string{
+		"PKGBUILD": filepath.Join(distDir, "aur", name+"-bin.pkgbuild"),
+		".SRCINFO": filepath.Join(distDir, "aur", name+"-bin.srcinfo"),
+	})
+}
diff --git a/internal/pipe/aur/testdata/TestFullAur.golden b/internal/pipe/aur/testdata/TestFullAur.golden
index 80a11daa969..2ef8e8da1af 100644
--- a/internal/pipe/aur/testdata/TestFullAur.golden
+++ b/internal/pipe/aur/testdata/TestFullAur.golden
@@ -16,6 +16,7 @@ conflicts=('nope')
 depends=('nope')
 optdepends=('nfpm')
 backup=('/etc/mypkg.conf' '/var/share/mypkg')
+install=test.install
 
 source_x86_64=("${pkgname}_${pkgver}_x86_64.tar.gz::https://github.com/caarlos0/test/releases/download/v0.1.3/test_Linux_x86_64.tar.gz")
 sha256sums_x86_64=('1633f61598ab0791e213135923624eb342196b3494909c91899bcd0560f84c67')
diff --git a/internal/pipe/aur/testdata/TestFullPipe/with-more-opts.pkgbuild.golden b/internal/pipe/aur/testdata/TestFullPipe/with-more-opts.pkgbuild.golden
index 2cf4cd15131..89629330499 100644
--- a/internal/pipe/aur/testdata/TestFullPipe/with-more-opts.pkgbuild.golden
+++ b/internal/pipe/aur/testdata/TestFullPipe/with-more-opts.pkgbuild.golden
@@ -13,6 +13,7 @@ provides=('git' 'svn')
 conflicts=('libcurl' 'cvs' 'blah')
 depends=('curl' 'bash')
 optdepends=('wget: stuff' 'foo: bar')
+install=with-more-opts.install
 
 source_x86_64=("${pkgname}_${pkgver}_x86_64.tar.gz::https://dummyhost/download/v1.0.1-foo/bin.tar.gz")
 sha256sums_x86_64=('e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855')
diff --git a/internal/pipe/aur/testdata/TestRunPipe.pkgbuild.golden b/internal/pipe/aur/testdata/TestRunPipe.pkgbuild.golden
index 360cee83ff9..af446eb47ec 100644
--- a/internal/pipe/aur/testdata/TestRunPipe.pkgbuild.golden
+++ b/internal/pipe/aur/testdata/TestRunPipe.pkgbuild.golden
@@ -9,6 +9,7 @@ arch=('aarch64' 'armv7h' 'i686' 'x86_64')
 license=('MIT')
 provides=('foo')
 conflicts=('foo')
+install=foo.install
 
 source_aarch64=("${pkgname}_${pkgver}_aarch64.tar.gz::https://dummyhost/download/v1.0.1/arm64.tar.gz")
 sha256sums_aarch64=('e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855')
diff --git a/internal/pipe/aur/testdata/TestRunPipe.sh.golden b/internal/pipe/aur/testdata/TestRunPipe.sh.golden
new file mode 100644
index 00000000000..89041fd231d
--- /dev/null
+++ b/internal/pipe/aur/testdata/TestRunPipe.sh.golden
@@ -0,0 +1,11 @@
+post_install() {
+	echo "post_install "
+}
+
+post_upgrade() {
+	echo "post_upgrade "
+}
+
+pre_remove() {
+	echo "pre_remove"
+}
diff --git a/internal/pipe/aur/testdata/install.sh b/internal/pipe/aur/testdata/install.sh
new file mode 100644
index 00000000000..89041fd231d
--- /dev/null
+++ b/internal/pipe/aur/testdata/install.sh
@@ -0,0 +1,11 @@
+post_install() {
+	echo "post_install "
+}
+
+post_upgrade() {
+	echo "post_upgrade "
+}
+
+pre_remove() {
+	echo "pre_remove"
+}
diff --git a/internal/pipe/aur/tmpl.go b/internal/pipe/aur/tmpl.go
index a33e10eb1a0..7a4f8da67ae 100644
--- a/internal/pipe/aur/tmpl.go
+++ b/internal/pipe/aur/tmpl.go
@@ -17,6 +17,7 @@ type templateData struct {
 	Arches          []string
 	Rel             string
 	Package         string
+	Install         string
 }
 
 type releasePackage struct {
@@ -57,6 +58,9 @@ optdepends=({{ pkgArray . }})
 {{- with .Backup }}
 backup=({{ pkgArray . }})
 {{- end }}
+{{- if .Install }}
+install={{ trimsuffix .Name "-bin" }}.install
+{{- end }}
 
 {{ range .ReleasePackages -}}
 source_{{ .Arch }}=("${pkgname}_${pkgver}_{{ .Arch }}.{{ .Format }}::{{ .DownloadURL }}")
diff --git a/internal/pipe/aursources/aursources.go b/internal/pipe/aursources/aursources.go
index 0452e0ff0a4..003378b58aa 100644
--- a/internal/pipe/aursources/aursources.go
+++ b/internal/pipe/aursources/aursources.go
@@ -285,6 +285,7 @@ func dataFor(ctx *context.Context, cfg config.AURSource, cl client.ReleaseURLTem
 		Build:        cfg.Build,
 		Package:      cfg.Package,
 		Arches:       cfg.Arches,
+		Install:      cfg.Install,
 	}
 
 	for _, art := range artifacts {
@@ -372,6 +373,13 @@ func doPublish(ctx *context.Context, pkgs []*artifact.Artifact) error {
 		Name: fmt.Sprintf("%x", sha256.Sum256([]byte(cfg.GitURL))),
 	})
 
+	if cfg.Install != "" {
+		pkgs = append(pkgs, &artifact.Artifact{
+			Name: cfg.Name + ".install",
+			Path: cfg.Install,
+		})
+	}
+
 	files := make([]client.RepoFile, 0, len(pkgs))
 	for _, pkg := range pkgs {
 		content, err := os.ReadFile(pkg.Path)
diff --git a/internal/pipe/aursources/aursources_test.go b/internal/pipe/aursources/aursources_test.go
index be43e75e379..fdd28753fc4 100644
--- a/internal/pipe/aursources/aursources_test.go
+++ b/internal/pipe/aursources/aursources_test.go
@@ -159,6 +159,7 @@ func TestFullPipe(t *testing.T) {
 				ctx.Config.AURSources[0].OptDepends = []string{"wget: stuff", "foo: bar"}
 				ctx.Config.AURSources[0].Provides = []string{"git", "svn"}
 				ctx.Config.AURSources[0].Conflicts = []string{"libcurl", "cvs", "blah"}
+				ctx.Config.AURSources[0].Install = "./testdata/install.sh"
 			},
 		},
 		"default-gitlab": {
@@ -365,6 +366,7 @@ func TestRunPipe(t *testing.T) {
 					IDs:         []string{"foo"},
 					GitURL:      url,
 					PrivateKey:  key,
+					Install:     "./testdata/install.sh",
 				},
 			},
 			GitHubURLs: config.GitHubURLs{
@@ -414,7 +416,11 @@ func TestRunPipe(t *testing.T) {
 	require.NoError(t, runAll(ctx, client))
 	require.NoError(t, Pipe{}.Publish(ctx))
 
-	requireEqualRepoFiles(t, folder, ".", "foo", url)
+	requireEqualRepoFilesMap(t, ".", url, map[string]string{
+		"PKGBUILD":    filepath.Join(folder, "aur", "foo.pkgbuild"),
+		".SRCINFO":    filepath.Join(folder, "aur", "foo.srcinfo"),
+		"foo.install": "./testdata/install.sh",
+	})
 }
 
 func TestRunPipeMultipleConfigurations(t *testing.T) {
@@ -789,19 +795,16 @@ func TestSkip(t *testing.T) {
 	})
 }
 
-func requireEqualRepoFiles(tb testing.TB, distDir, repoDir, name, url string) {
+func requireEqualRepoFilesMap(tb testing.TB, repoDir, url string, files map[string]string) {
 	tb.Helper()
 	dir := tb.TempDir()
 	_, err := git.Run(testctx.New(), "-C", dir, "clone", url, "repo")
 	require.NoError(tb, err)
 
-	for reponame, ext := range map[string]string{
-		"PKGBUILD": ".pkgbuild",
-		".SRCINFO": ".srcinfo",
-	} {
-		path := filepath.Join(distDir, "aur", name+ext)
-		bts, err := os.ReadFile(path)
+	for reponame, distpath := range files {
+		bts, err := os.ReadFile(distpath)
 		require.NoError(tb, err)
+		ext := filepath.Ext(distpath)
 		golden.RequireEqualExt(tb, bts, ext)
 
 		bts, err = os.ReadFile(filepath.Join(dir, "repo", repoDir, reponame))
@@ -809,3 +812,11 @@ func requireEqualRepoFiles(tb testing.TB, distDir, repoDir, name, url string) {
 		golden.RequireEqualExt(tb, bts, ext)
 	}
 }
+
+func requireEqualRepoFiles(tb testing.TB, distDir, repoDir, name, url string) {
+	tb.Helper()
+	requireEqualRepoFilesMap(tb, repoDir, url, map[string]string{
+		"PKGBUILD": filepath.Join(distDir, "aur", name+".pkgbuild"),
+		".SRCINFO": filepath.Join(distDir, "aur", name+".srcinfo"),
+	})
+}
diff --git a/internal/pipe/aursources/testdata/TestFullPipe/with-more-opts.pkgbuild.golden b/internal/pipe/aursources/testdata/TestFullPipe/with-more-opts.pkgbuild.golden
index 4a53ca82b05..252c5221ab0 100644
--- a/internal/pipe/aursources/testdata/TestFullPipe/with-more-opts.pkgbuild.golden
+++ b/internal/pipe/aursources/testdata/TestFullPipe/with-more-opts.pkgbuild.golden
@@ -14,5 +14,6 @@ conflicts=('libcurl' 'cvs' 'blah')
 depends=('curl' 'bash')
 makedepends=('go' 'git')
 optdepends=('wget: stuff' 'foo: bar')
+install=with-more-opts.install
 source=("${pkgname}_${pkgver}.tar.gz::https://dummyhost/download/v1.0.1-foo/sources.tar.gz")
 sha256sums=('e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855')
diff --git a/internal/pipe/aursources/testdata/TestRunPipe.pkgbuild.golden b/internal/pipe/aursources/testdata/TestRunPipe.pkgbuild.golden
index 66f57520e5b..6752ea2e9ac 100644
--- a/internal/pipe/aursources/testdata/TestRunPipe.pkgbuild.golden
+++ b/internal/pipe/aursources/testdata/TestRunPipe.pkgbuild.golden
@@ -10,5 +10,6 @@ license=('MIT')
 provides=('foo')
 conflicts=('foo')
 makedepends=('go' 'git')
+install=foo.install
 source=("${pkgname}_${pkgver}.tar.gz::https://dummyhost/download/v1.0.1/source.tar.gz")
 sha256sums=('e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855')
diff --git a/internal/pipe/aursources/testdata/TestRunPipe.sh.golden b/internal/pipe/aursources/testdata/TestRunPipe.sh.golden
new file mode 100644
index 00000000000..89041fd231d
--- /dev/null
+++ b/internal/pipe/aursources/testdata/TestRunPipe.sh.golden
@@ -0,0 +1,11 @@
+post_install() {
+	echo "post_install "
+}
+
+post_upgrade() {
+	echo "post_upgrade "
+}
+
+pre_remove() {
+	echo "pre_remove"
+}
diff --git a/internal/pipe/aursources/testdata/install.sh b/internal/pipe/aursources/testdata/install.sh
new file mode 100644
index 00000000000..89041fd231d
--- /dev/null
+++ b/internal/pipe/aursources/testdata/install.sh
@@ -0,0 +1,11 @@
+post_install() {
+	echo "post_install "
+}
+
+post_upgrade() {
+	echo "post_upgrade "
+}
+
+pre_remove() {
+	echo "pre_remove"
+}
diff --git a/internal/pipe/aursources/tmpl.go b/internal/pipe/aursources/tmpl.go
index c75c8cebe20..762ff625e58 100644
--- a/internal/pipe/aursources/tmpl.go
+++ b/internal/pipe/aursources/tmpl.go
@@ -20,6 +20,7 @@ type templateData struct {
 	Prepare      string
 	Build        string
 	Package      string
+	Install      string
 }
 
 type sources struct {
@@ -62,6 +63,9 @@ optdepends=({{ pkgArray . }})
 {{- with .Backup }}
 backup=({{ pkgArray . }})
 {{- end }}
+{{- if .Install }}
+install={{ .Name }}.install
+{{- end }}
 
 {{- with .Sources }}
 source=("${pkgname}_${pkgver}.{{ .Format }}::{{ .DownloadURL }}")
diff --git a/pkg/config/config.go b/pkg/config/config.go
index c394f2d2472..9ff269200b4 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -223,6 +223,7 @@ type AUR struct {
 
 	// v2.8+
 	Disable string `yaml:"disable,omitempty" json:"disable,omitempty" jsonschema:"oneof_type=string;boolean"`
+	Install string `yaml:"install,omitempty" json:"install,omitempty"`
 }
 
 type AURSource struct {
@@ -256,6 +257,7 @@ type AURSource struct {
 
 	// v2.8+
 	Disable string `yaml:"disable,omitempty" json:"disable,omitempty" jsonschema:"oneof_type=string;boolean"`
+	Install string `yaml:"install,omitempty" json:"install,omitempty"`
 }
 
 // Homebrew contains the brew section.
diff --git a/www/docs/customization/aur.md b/www/docs/customization/aur.md
index abca5f9912c..338624afc02 100644
--- a/www/docs/customization/aur.md
+++ b/www/docs/customization/aur.md
@@ -126,6 +126,13 @@ aurs:
       # man pages
       install -Dm644 "./manpages/mybin.1.gz" "${pkgdir}/usr/share/man/man1/mybin.1.gz"
 
+    # This will be added into the package as 'name.install'.
+    # In this file, you may define functions like `pre_install`, `post_install`,
+    # and so on.
+    #
+    # <!-- md:inline_version v2.8-unreleased -->.
+    install: ./scripts/install.sh
+
     # Git author used to commit to the repository.
     # Templates: allowed.
     commit_author:
diff --git a/www/docs/customization/aursources.md b/www/docs/customization/aursources.md
index d0a9fc50d47..244b51f0cc0 100644
--- a/www/docs/customization/aursources.md
+++ b/www/docs/customization/aursources.md
@@ -129,6 +129,13 @@ aur_sources:
       cd "${pkgname}_${pkgver}"
       install -Dsm755 ./myapp "${pkgdir}/usr/bin/myapp"
 
+    # This will be added into the package as 'name.install'.
+    # In this file, you may define functions like `pre_install`, `post_install`,
+    # and so on.
+    #
+    # <!-- md:inline_version v2.8-unreleased -->.
+    install: ./scripts/install.sh
+
     # Git author used to commit to the repository.
     # Templates: allowed.
     commit_author:

From b7d36907b97dbdb6722256c5f7949e81ea73d7a9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 7 Mar 2025 08:47:17 +0000
Subject: [PATCH 099/119] chore(deps): bump github.com/charmbracelet/keygen
 from 0.5.1 to 0.5.3 (#5628)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[github.com/charmbracelet/keygen](https://github.com/charmbracelet/keygen)
from 0.5.1 to 0.5.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/charmbracelet/keygen/releases">github.com/charmbracelet/keygen's
releases</a>.</em></p>
<blockquote>
<h2>v0.5.3</h2>
<h2>Changelog</h2>
<h3>Bug fixes</h3>
<ul>
<li>fdbb599b81acd53822d8235e5a60c2f653a372ba: fix: no toolchain (<a
href="https://github.com/caarlos0"><code>@​caarlos0</code></a>)</li>
</ul>
<hr />
<p><!-- raw HTML omitted --><!-- raw HTML omitted --><!-- raw HTML
omitted --></p>
<p>Thoughts? Questions? We love hearing from you. Feel free to reach out
on <a href="https://twitter.com/charmcli">Twitter</a>, <a
href="https://mastodon.technology/@charm">The Fediverse</a>, or on <a
href="https://charm.sh/chat">Discord</a>.</p>
<h2>v0.5.2</h2>
<h2>Changelog</h2>
<h3>New Features</h3>
<ul>
<li>c42588beaa824fd6674e943ce3383e8d981567ba: feat(ci): add lint-sync
workflow and update linters and workflow (<a
href="https://github.com/aymanbagabas"><code>@​aymanbagabas</code></a>)</li>
</ul>
<h3>Other work</h3>
<ul>
<li>11a1d3bcd5737895d9bcbe4b17aee976d2ece7ec: ci: sync dependabot config
(<a
href="https://redirect.github.com/charmbracelet/keygen/issues/29">#29</a>)
(<a href="https://github.com/charmcli"><code>@​charmcli</code></a>)</li>
</ul>
<hr />
<p><!-- raw HTML omitted --><!-- raw HTML omitted --><!-- raw HTML
omitted --></p>
<p>Thoughts? Questions? We love hearing from you. Feel free to reach out
on <a href="https://twitter.com/charmcli">Twitter</a>, <a
href="https://mastodon.technology/@charm">The Fediverse</a>, or on <a
href="https://charm.sh/chat">Discord</a>.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/charmbracelet/keygen/commit/fdbb599b81acd53822d8235e5a60c2f653a372ba"><code>fdbb599</code></a>
fix: no toolchain</li>
<li><a
href="https://github.com/charmbracelet/keygen/commit/dd25f0e44eef70668208f96ecc15dc57c72d2619"><code>dd25f0e</code></a>
chore(deps): mandatory go update</li>
<li><a
href="https://github.com/charmbracelet/keygen/commit/878bc1ef5e7bcd40715a7c3ec2561a3e48b89ab1"><code>878bc1e</code></a>
chore(deps): bump golang.org/x/crypto from 0.33.0 to 0.35.0 (<a
href="https://redirect.github.com/charmbracelet/keygen/issues/31">#31</a>)</li>
<li><a
href="https://github.com/charmbracelet/keygen/commit/c42588beaa824fd6674e943ce3383e8d981567ba"><code>c42588b</code></a>
feat(ci): add lint-sync workflow and update linters and workflow</li>
<li><a
href="https://github.com/charmbracelet/keygen/commit/11a1d3bcd5737895d9bcbe4b17aee976d2ece7ec"><code>11a1d3b</code></a>
ci: sync dependabot config (<a
href="https://redirect.github.com/charmbracelet/keygen/issues/29">#29</a>)</li>
<li><a
href="https://github.com/charmbracelet/keygen/commit/43a94e5b9ba0689cf31726bc88c5e463f465eb78"><code>43a94e5</code></a>
chore(deps): bump golang.org/x/crypto from 0.32.0 to 0.33.0 (<a
href="https://redirect.github.com/charmbracelet/keygen/issues/28">#28</a>)</li>
<li><a
href="https://github.com/charmbracelet/keygen/commit/1dfb9e31f537a4b7f65e80f3b0633f417b901661"><code>1dfb9e3</code></a>
chore(deps): bump golang.org/x/crypto from 0.31.0 to 0.32.0 (<a
href="https://redirect.github.com/charmbracelet/keygen/issues/26">#26</a>)</li>
<li><a
href="https://github.com/charmbracelet/keygen/commit/cca1d60f0c1edf638502c2581b668aac86efd01c"><code>cca1d60</code></a>
chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 (<a
href="https://redirect.github.com/charmbracelet/keygen/issues/25">#25</a>)</li>
<li><a
href="https://github.com/charmbracelet/keygen/commit/c9c7e7f983cd3b7761f52ae8d089dfffef4ec25a"><code>c9c7e7f</code></a>
chore(deps): bump golang.org/x/crypto from 0.29.0 to 0.30.0 (<a
href="https://redirect.github.com/charmbracelet/keygen/issues/24">#24</a>)</li>
<li><a
href="https://github.com/charmbracelet/keygen/commit/b75f56726ce3f5c95dcd1d3fdc5e9ad5644c8b5a"><code>b75f567</code></a>
chore(deps): bump golang.org/x/crypto from 0.28.0 to 0.29.0 (<a
href="https://redirect.github.com/charmbracelet/keygen/issues/23">#23</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/charmbracelet/keygen/compare/v0.5.1...v0.5.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/charmbracelet/keygen&package-manager=go_modules&previous-version=0.5.1&new-version=0.5.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index aa23da7960d..db6ed4ac306 100644
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,7 @@ require (
 	github.com/caarlos0/go-shellwords v1.0.12
 	github.com/caarlos0/go-version v0.2.0
 	github.com/caarlos0/log v0.4.8
-	github.com/charmbracelet/keygen v0.5.1
+	github.com/charmbracelet/keygen v0.5.3
 	github.com/charmbracelet/lipgloss v1.0.0
 	github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589
 	github.com/dghubble/go-twitter v0.0.0-20211115160449-93a8679adecb
diff --git a/go.sum b/go.sum
index c47cf42cb76..05a7f54a048 100644
--- a/go.sum
+++ b/go.sum
@@ -233,8 +233,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/charmbracelet/bubbletea v1.3.0 h1:fPMyirm0u3Fou+flch7hlJN9krlnVURrkUVDwqXjoAc=
 github.com/charmbracelet/bubbletea v1.3.0/go.mod h1:eTaHfqbIwvBhFQM/nlT1NsGc4kp8jhF8LfUK67XiTDM=
-github.com/charmbracelet/keygen v0.5.1 h1:zBkkYPtmKDVTw+cwUyY6ZwGDhRxXkEp0Oxs9sqMLqxI=
-github.com/charmbracelet/keygen v0.5.1/go.mod h1:zznJVmK/GWB6dAtjluqn2qsttiCBhA5MZSiwb80fcHw=
+github.com/charmbracelet/keygen v0.5.3 h1:2MSDC62OUbDy6VmjIE2jM24LuXUvKywLCmaJDmr/Z/4=
+github.com/charmbracelet/keygen v0.5.3/go.mod h1:TcpNoMAO5GSmhx3SgcEMqCrtn8BahKhB8AlwnLjRUpk=
 github.com/charmbracelet/lipgloss v1.0.0 h1:O7VkGDvqEdGi93X+DeqsQ7PKHDgtQfF8j8/O2qFMQNg=
 github.com/charmbracelet/lipgloss v1.0.0/go.mod h1:U5fy9Z+C38obMs+T+tJqst9VGzlOYGj4ri9reL3qUlo=
 github.com/charmbracelet/x/ansi v0.8.0 h1:9GTq3xq9caJW8ZrBTe0LIe2fvfLR/bYXKTx2llXn7xE=

From 4eadca5a5ba825d84f0e6bafe915e3c84f000324 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sat, 8 Mar 2025 10:39:34 -0300
Subject: [PATCH 100/119] docs: update

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 www/docs/customization/templates.md | 4 +++-
 www/docs/static/schema-pro.json     | 6 ++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/www/docs/customization/templates.md b/www/docs/customization/templates.md
index 56b2a6355a7..c7a3664ca61 100644
--- a/www/docs/customization/templates.md
+++ b/www/docs/customization/templates.md
@@ -71,6 +71,8 @@ In fields that support templates, these fields are always available:
 [^git-summary]:
     It is generated by `git describe --dirty --always --tags`, the
     format will be `{Tag}-$N-{CommitSHA}`
+    If using Pro with a `monorepo.tag_prefix`, it will be passed to `describe`
+    as `--match={prefix}*`.
 
 [^git-tag-subject]: As reported by `git tag -l --format='%(contents:subject)'`
 
@@ -160,7 +162,7 @@ On all fields, you have these available functions:
 | `replace "v1.2" "v" ""`           | replaces all matches. See [ReplaceAll](https://pkg.go.dev/strings#ReplaceAll).                                             |
 | `split "1.2" "."`                 | split string at separator. See [Split](https://pkg.go.dev/strings#Split)                                                   |
 | `time "01/02/2006"`               | current UTC time in the specified format (this is not deterministic, a new time for every call).                           |
-| `contains "foobar" "foo"`         | checks whether the first string contains the second. See [Contains](https://pkg.go.dev/strings#Contains)                    |
+| `contains "foobar" "foo"`         | checks whether the first string contains the second. See [Contains](https://pkg.go.dev/strings#Contains)                   |
 | `tolower "V1.2"`                  | makes input string lowercase. See [ToLower](https://pkg.go.dev/strings#ToLower).                                           |
 | `toupper "v1.2"`                  | makes input string uppercase. See [ToUpper](https://pkg.go.dev/strings#ToUpper).                                           |
 | `trim " v1.2  "`                  | removes all leading and trailing white space. See [TrimSpace](https://pkg.go.dev/strings#TrimSpace).                       |
diff --git a/www/docs/static/schema-pro.json b/www/docs/static/schema-pro.json
index 172b2cf51b4..84fd073e39b 100644
--- a/www/docs/static/schema-pro.json
+++ b/www/docs/static/schema-pro.json
@@ -114,6 +114,9 @@
 								"type": "boolean"
 							}
 						]
+					},
+					"install": {
+						"type": "string"
 					}
 				},
 				"additionalProperties": false,
@@ -248,6 +251,9 @@
 								"type": "boolean"
 							}
 						]
+					},
+					"install": {
+						"type": "string"
 					}
 				},
 				"additionalProperties": false,

From 79801b45f5cbfcf0a09245597526430b8298c641 Mon Sep 17 00:00:00 2001
From: Oleksandr Redko <oleksandr.red+github@gmail.com>
Date: Sat, 8 Mar 2025 05:40:55 -0800
Subject: [PATCH 101/119] fix: package comment for packagejson (#5629)

The PR fixes package comment for `packagejson` and enables
`revive.package-comments` to detect this issue in the future.
---
 .golangci.yaml                      | 2 ++
 internal/packagejson/packagejson.go | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.golangci.yaml b/.golangci.yaml
index 86e7547351f..37ab28e873f 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -85,6 +85,8 @@ linters-settings:
     disable:
       - error-is-as # false positive
 issues:
+  include:
+    - EXC0013 # Enable revive.package-comments
   exclude-rules:
     - path: _test\.go
       linters:
diff --git a/internal/packagejson/packagejson.go b/internal/packagejson/packagejson.go
index 6979662982a..4607bf8d8fe 100644
--- a/internal/packagejson/packagejson.go
+++ b/internal/packagejson/packagejson.go
@@ -1,4 +1,4 @@
-// Package cargo provides NodeJS/Bun package.json parsing.
+// Package packagejson provides NodeJS/Bun package.json parsing.
 package packagejson
 
 import (

From 3645c9ecef97aa404caae9375265d8870c254720 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sat, 8 Mar 2025 10:57:22 -0300
Subject: [PATCH 102/119] feat(changelog): allow to use format when using the
 git changeloger (#5627)

The git changeloger now uses a custom format that yields a JSON, which
we later parse.

With this, I refactored most of how the changelog works, and now abbrev,
filtering, sorting, and grouping, are all done with structured data
instead of plain strings.

This allows to:

- properly handle commit abbrevs when using custom formats
- customize format when using 'use: git`, including adding author name
and email
- properly handle filters when the format doesn't have a leading SHA

closes #5595

---------

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 internal/client/client.go                     |  10 +-
 internal/pipe/changelog/changelog.go          | 240 +++++++++-------
 internal/pipe/changelog/changelog_test.go     | 260 ++++++++++++------
 .../TestIssue5595/abbrev-sha.md.golden        |  17 ++
 .../testdata/TestIssue5595/no-sha.md.golden   |  17 ++
 pkg/config/config.go                          |   2 +-
 www/docs/customization/changelog.md           |  42 ++-
 7 files changed, 378 insertions(+), 210 deletions(-)
 create mode 100644 internal/pipe/changelog/testdata/TestIssue5595/abbrev-sha.md.golden
 create mode 100644 internal/pipe/changelog/testdata/TestIssue5595/no-sha.md.golden

diff --git a/internal/client/client.go b/internal/client/client.go
index 358a9197224..9c295cc6f8b 100644
--- a/internal/client/client.go
+++ b/internal/client/client.go
@@ -64,11 +64,11 @@ type Client interface {
 
 // ChangelogItem represents a changelog item, basically, a commit and its author.
 type ChangelogItem struct {
-	SHA            string
-	Message        string
-	AuthorName     string
-	AuthorEmail    string
-	AuthorUsername string
+	SHA            string `json:"sha"`
+	Message        string `json:"message"`
+	AuthorName     string `json:"name"`
+	AuthorEmail    string `json:"email"`
+	AuthorUsername string `json:"-"`
 }
 
 // ReleaseURLTemplater provides the release URL as a template, containing the
diff --git a/internal/pipe/changelog/changelog.go b/internal/pipe/changelog/changelog.go
index b862e6ff9dd..6bbf3269a38 100644
--- a/internal/pipe/changelog/changelog.go
+++ b/internal/pipe/changelog/changelog.go
@@ -3,6 +3,7 @@ package changelog
 
 import (
 	"cmp"
+	"encoding/json"
 	"errors"
 	"fmt"
 	"os"
@@ -18,16 +19,16 @@ import (
 	"github.com/goreleaser/goreleaser/v2/pkg/context"
 )
 
+// Item is a type alias of [client.Changelog].
+type Item = client.ChangelogItem
+
 // ErrInvalidSortDirection happens when the sort order is invalid.
 var ErrInvalidSortDirection = errors.New("invalid sort direction")
 
-const li = "* "
-
-type useChangelog string
+// ErrInvalidSortDirection happens when a group has no title.
+var ErrEmptyGroupTitle = errors.New("group title cannot be empty")
 
-func (u useChangelog) formatable() bool {
-	return u != "github-native"
-}
+const li = "* "
 
 const (
 	useGit          = "git"
@@ -52,7 +53,12 @@ func (Pipe) Skip(ctx *context.Context) (bool, error) {
 
 func (Pipe) Default(ctx *context.Context) error {
 	if ctx.Config.Changelog.Format == "" {
-		ctx.Config.Changelog.Format = "{{ .SHA }}: {{ .Message }} ({{ with .AuthorUsername }}@{{ . }}{{ else }}{{ .AuthorName }} <{{ .AuthorEmail }}>{{ end }})"
+		switch ctx.Config.Changelog.Use {
+		case "", "git":
+			ctx.Config.Changelog.Format = "{{ .SHA }} {{ .Message }}"
+		default:
+			ctx.Config.Changelog.Format = "{{ .SHA }}: {{ .Message }} ({{ with .AuthorUsername }}@{{ . }}{{ else }}{{ .AuthorName }} <{{ .AuthorEmail }}>{{ end }})"
+		}
 	}
 	return nil
 }
@@ -83,12 +89,7 @@ func (Pipe) Run(ctx *context.Context) error {
 		return err
 	}
 
-	entries, err := buildChangelog(ctx)
-	if err != nil {
-		return err
-	}
-
-	changes, err := formatChangelog(ctx, entries)
+	changes, err := buildChangelog(ctx)
 	if err != nil {
 		return err
 	}
@@ -135,41 +136,26 @@ func newLineFor(ctx *context.Context) string {
 	return "\n"
 }
 
-func abbrevEntry(s string, abbr int) string {
+func abbrevEntry(sha string, abbr int) string {
 	switch abbr {
 	case 0:
-		return s
+		return sha
 	case -1:
-		_, rest, _ := strings.Cut(s, " ")
-		return rest
+		return ""
 	default:
-		commit, rest, _ := strings.Cut(s, " ")
-		if abbr > len(commit) {
-			return s
+		if abbr > len(sha) {
+			return sha
 		}
-		return fmt.Sprintf("%s %s", commit[:abbr], rest)
-	}
-}
-
-func abbrev(entries []string, abbr int) []string {
-	result := make([]string, 0, len(entries))
-	for _, entry := range entries {
-		result = append(result, abbrevEntry(entry, abbr))
+		return sha[:abbr]
 	}
-	return result
 }
 
-func formatChangelog(ctx *context.Context, entries []string) (string, error) {
-	if !useChangelog(ctx.Config.Changelog.Use).formatable() {
-		return strings.Join(entries, newLineFor(ctx)), nil
-	}
-
-	entries = abbrev(entries, ctx.Config.Changelog.Abbrev)
-
+func formatChangelog(ctx *context.Context, entries []Item) (string, error) {
 	result := []string{title("Changelog", 2)}
 	if len(ctx.Config.Changelog.Groups) == 0 {
 		log.Debug("not grouping entries")
-		return strings.Join(append(result, filterAndPrefixItems(entries)...), newLineFor(ctx)), nil
+		lines, err := formatEntries(ctx, entries)
+		return strings.Join(append(result, lines...), newLineFor(ctx)), err
 	}
 
 	log.Debug("grouping entries")
@@ -181,7 +167,11 @@ func formatChangelog(ctx *context.Context, entries []string) (string, error) {
 		}
 		if group.Regexp == "" {
 			// If no regexp is provided, we purge all strikethrough entries and add remaining entries to the list
-			item.entries = filterAndPrefixItems(entries)
+			lines, err := formatEntries(ctx, entries)
+			if err != nil {
+				return "", err
+			}
+			item.entries = lines
 			// clear array
 			entries = nil
 		} else {
@@ -193,10 +183,14 @@ func formatChangelog(ctx *context.Context, entries []string) (string, error) {
 			log.Debugf("group: %#v", group)
 			i := 0
 			for _, entry := range entries {
-				match := re.MatchString(entry)
+				match := re.MatchString(entry.Message)
 				log.Debugf("entry: %s match: %b\n", entry, match)
 				if match {
-					item.entries = append(item.entries, li+entry)
+					line, err := formatEntry(ctx, entry)
+					if err != nil {
+						return "", err
+					}
+					item.entries = append(item.entries, line)
 				} else {
 					// Keep unmatched entry.
 					entries[i] = entry
@@ -226,14 +220,8 @@ func groupSort(i, j changelogGroup) int {
 	return cmp.Compare(i.order, j.order)
 }
 
-func filterAndPrefixItems(ss []string) []string {
-	var r []string
-	for _, s := range ss {
-		if s != "" {
-			r = append(r, li+s)
-		}
-	}
-	return r
+func prefixItem(s string) string {
+	return li + s
 }
 
 func loadFromFile(file string) (string, error) {
@@ -254,33 +242,48 @@ func checkSortDirection(mode string) error {
 	}
 }
 
-func buildChangelog(ctx *context.Context) ([]string, error) {
-	l, err := getChangeloger(ctx)
-	if err != nil {
-		return nil, err
+func buildChangelog(ctx *context.Context) (string, error) {
+	var cl staticChangeloger
+	var err error
+	switch ctx.Config.Changelog.Use {
+	case "github-native":
+		cl, err = newGithubChangeloger(ctx)
+	default:
+		cl, err = newCustomizedChangelog(ctx)
 	}
-	log, err := l.Log(ctx)
 	if err != nil {
-		return nil, err
-	}
-	entries := strings.Split(log, "\n")
-	if lastLine := entries[len(entries)-1]; strings.TrimSpace(lastLine) == "" {
-		entries = entries[0 : len(entries)-1]
-	}
-	if !useChangelog(ctx.Config.Changelog.Use).formatable() {
-		return entries, nil
+		return "", err
 	}
-	entries, err = filterEntries(ctx, entries)
-	if err != nil {
-		return entries, err
+	return cl.Log(ctx)
+}
+
+func formatEntry(ctx *context.Context, entry Item) (string, error) {
+	line, err := tmpl.New(ctx).WithExtraFields(tmpl.Fields{
+		"SHA":            abbrevEntry(entry.SHA, ctx.Config.Changelog.Abbrev),
+		"Message":        entry.Message,
+		"AuthorUsername": entry.AuthorUsername,
+		"AuthorName":     entry.AuthorName,
+		"AuthorEmail":    entry.AuthorEmail,
+	}).Apply(ctx.Config.Changelog.Format)
+	return prefixItem(line), err
+}
+
+func formatEntries(ctx *context.Context, entries []Item) ([]string, error) {
+	var lines []string
+	for _, entry := range entries {
+		line, err := formatEntry(ctx, entry)
+		if err != nil {
+			return nil, err
+		}
+		lines = append(lines, line)
 	}
-	return sortEntries(ctx, entries), nil
+	return lines, nil
 }
 
-func filterEntries(ctx *context.Context, entries []string) ([]string, error) {
+func filterEntries(ctx *context.Context, entries []Item) ([]Item, error) {
 	filters := ctx.Config.Changelog.Filters
 	if len(filters.Include) > 0 {
-		var newEntries []string
+		var newEntries []Item
 		for _, filter := range filters.Include {
 			r, err := regexp.Compile(filter)
 			if err != nil {
@@ -300,15 +303,13 @@ func filterEntries(ctx *context.Context, entries []string) ([]string, error) {
 	return entries, nil
 }
 
-func sortEntries(ctx *context.Context, entries []string) []string {
+func sortEntries(ctx *context.Context, entries []Item) []Item {
 	direction := ctx.Config.Changelog.Sort
 	if direction == "" {
 		return entries
 	}
-	slices.SortFunc(entries, func(i, j string) int {
-		imsg := extractCommitInfo(i)
-		jmsg := extractCommitInfo(j)
-		compareRes := strings.Compare(imsg, jmsg)
+	slices.SortFunc(entries, func(i, j Item) int {
+		compareRes := strings.Compare(i.Message, j.Message)
 		if direction == "asc" {
 			return compareRes
 		}
@@ -317,28 +318,24 @@ func sortEntries(ctx *context.Context, entries []string) []string {
 	return entries
 }
 
-func keep(filter *regexp.Regexp, entries []string) (result []string) {
+func keep(filter *regexp.Regexp, entries []Item) (result []Item) {
 	for _, entry := range entries {
-		if filter.MatchString(extractCommitInfo(entry)) {
+		if filter.MatchString(entry.Message) {
 			result = append(result, entry)
 		}
 	}
 	return result
 }
 
-func remove(filter *regexp.Regexp, entries []string) (result []string) {
+func remove(filter *regexp.Regexp, entries []Item) (result []Item) {
 	for _, entry := range entries {
-		if !filter.MatchString(extractCommitInfo(entry)) {
+		if !filter.MatchString(entry.Message) {
 			result = append(result, entry)
 		}
 	}
 	return result
 }
 
-func extractCommitInfo(line string) string {
-	return strings.Join(strings.Split(line, " ")[1:], " ")
-}
-
 func getChangeloger(ctx *context.Context) (changeloger, error) {
 	switch ctx.Config.Changelog.Use {
 	case useGit, "":
@@ -349,14 +346,22 @@ func getChangeloger(ctx *context.Context) (changeloger, error) {
 			return gitChangeloger{}, nil
 		}
 		return newSCMChangeloger(ctx)
-	case useGitHubNative:
-		return newGithubChangeloger(ctx)
 	default:
 		return nil, fmt.Errorf("invalid changelog.use: %q", ctx.Config.Changelog.Use)
 	}
 }
 
-func newGithubChangeloger(ctx *context.Context) (changeloger, error) {
+func newCustomizedChangelog(ctx *context.Context) (staticChangeloger, error) {
+	changeloger, err := getChangeloger(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return wrappingChangeloger{
+		changeloger: changeloger,
+	}, nil
+}
+
+func newGithubChangeloger(ctx *context.Context) (staticChangeloger, error) {
 	cli, err := client.NewGitHubReleaseNotesGenerator(ctx, ctx.Token)
 	if err != nil {
 		return nil, err
@@ -425,13 +430,22 @@ func loadContent(ctx *context.Context, fileName, tmplName string) (string, error
 }
 
 type changeloger interface {
+	Log(ctx *context.Context) ([]Item, error)
+}
+
+type staticChangeloger interface {
 	Log(ctx *context.Context) (string, error)
 }
 
 type gitChangeloger struct{}
 
-func (g gitChangeloger) Log(ctx *context.Context) (string, error) {
-	args := []string{"log", "--pretty=oneline", "--no-decorate", "--no-color"}
+func (g gitChangeloger) Log(ctx *context.Context) ([]Item, error) {
+	args := []string{
+		"log",
+		"--no-decorate",
+		"--no-color",
+		`--pretty=format:{"sha":"%H","message":"%s","author":"%an","email":"%aE"}`,
+	}
 	// if prev is empty, it means we don't have a previous tag, so we don't
 	// pass any more args, which should everything.
 	// if current is empty, it shouldn't matter, as it will then log
@@ -440,35 +454,33 @@ func (g gitChangeloger) Log(ctx *context.Context) (string, error) {
 	if prev != "" {
 		args = append(args, fmt.Sprintf("%s..%s", prev, current))
 	}
-	return git.Run(ctx, args...)
+	out, err := git.Run(ctx, args...)
+	if err != nil {
+		return nil, err
+	}
+	var entries []Item
+	for _, s := range strings.Split(out, "\n") {
+		if strings.TrimSpace(s) == "" {
+			continue
+		}
+		var entry Item
+		if err := json.Unmarshal([]byte(s), &entry); err != nil {
+			return nil, fmt.Errorf("changelog: invalid json: %s: %s", s, err)
+		}
+		entries = append(entries, entry)
+	}
+	return entries, nil
 }
 
 type scmChangeloger struct {
 	client client.Client
 	repo   client.Repo
+	abbrev int
 }
 
-func (c *scmChangeloger) Log(ctx *context.Context) (string, error) {
+func (c *scmChangeloger) Log(ctx *context.Context) ([]Item, error) {
 	prev, current := ctx.Git.PreviousTag, ctx.Git.CurrentTag
-	items, err := c.client.Changelog(ctx, c.repo, prev, current)
-	if err != nil {
-		return "", err
-	}
-	var lines []string
-	for _, item := range items {
-		line, err := tmpl.New(ctx).WithExtraFields(tmpl.Fields{
-			"SHA":            item.SHA,
-			"Message":        item.Message,
-			"AuthorUsername": item.AuthorUsername,
-			"AuthorName":     item.AuthorName,
-			"AuthorEmail":    item.AuthorEmail,
-		}).Apply(ctx.Config.Changelog.Format)
-		if err != nil {
-			return "", err
-		}
-		lines = append(lines, line)
-	}
-	return strings.Join(lines, "\n"), nil
+	return c.client.Changelog(ctx, c.repo, prev, current)
 }
 
 type githubNativeChangeloger struct {
@@ -479,3 +491,19 @@ type githubNativeChangeloger struct {
 func (c *githubNativeChangeloger) Log(ctx *context.Context) (string, error) {
 	return c.client.GenerateReleaseNotes(ctx, c.repo, ctx.Git.PreviousTag, ctx.Git.CurrentTag)
 }
+
+type wrappingChangeloger struct {
+	changeloger changeloger
+}
+
+func (w wrappingChangeloger) Log(ctx *context.Context) (string, error) {
+	entries, err := w.changeloger.Log(ctx)
+	if err != nil {
+		return "", err
+	}
+	entries, err = filterEntries(ctx, entries)
+	if err != nil {
+		return "", err
+	}
+	return formatChangelog(ctx, sortEntries(ctx, entries))
+}
diff --git a/internal/pipe/changelog/changelog_test.go b/internal/pipe/changelog/changelog_test.go
index f2a32b14ed9..78b63adb837 100644
--- a/internal/pipe/changelog/changelog_test.go
+++ b/internal/pipe/changelog/changelog_test.go
@@ -11,6 +11,7 @@ import (
 
 	"github.com/goreleaser/goreleaser/v2/internal/client"
 	"github.com/goreleaser/goreleaser/v2/internal/git"
+	"github.com/goreleaser/goreleaser/v2/internal/golden"
 	"github.com/goreleaser/goreleaser/v2/internal/testctx"
 	"github.com/goreleaser/goreleaser/v2/internal/testlib"
 	"github.com/goreleaser/goreleaser/v2/pkg/config"
@@ -18,6 +19,30 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+func TestDefault(t *testing.T) {
+	t.Run("empty", func(t *testing.T) {
+		ctx := testctx.NewWithCfg(config.Project{
+			Changelog: config.Changelog{
+				Sort: "desc",
+			},
+		})
+		require.NoError(t, Pipe{}.Default(ctx))
+		require.NotEmpty(t, ctx.Config.Changelog.Format)
+		require.NotContains(t, ctx.Config.Changelog.Format, "Author")
+	})
+	t.Run("github", func(t *testing.T) {
+		ctx := testctx.NewWithCfg(config.Project{
+			Changelog: config.Changelog{
+				Use:  useGitHub,
+				Sort: "asc",
+			},
+		})
+		require.NoError(t, Pipe{}.Default(ctx))
+		require.NotEmpty(t, ctx.Config.Changelog.Format)
+		require.Contains(t, ctx.Config.Changelog.Format, "Author")
+	})
+}
+
 func TestDescription(t *testing.T) {
 	require.NotEmpty(t, Pipe{}.String())
 }
@@ -25,6 +50,7 @@ func TestDescription(t *testing.T) {
 func TestChangelogProvidedViaFlag(t *testing.T) {
 	ctx := testctx.New()
 	ctx.ReleaseNotesFile = "testdata/changes.md"
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.NoError(t, Pipe{}.Run(ctx))
 	require.Equal(t, "c0ff33 coffee\n", ctx.ReleaseNotes)
 }
@@ -32,6 +58,7 @@ func TestChangelogProvidedViaFlag(t *testing.T) {
 func TestChangelogProvidedViaFlagIsAWhitespaceOnlyFile(t *testing.T) {
 	ctx := testctx.New()
 	ctx.ReleaseNotesFile = "testdata/changes-empty.md"
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.NoError(t, Pipe{}.Run(ctx))
 	require.Equal(t, "\n", ctx.ReleaseNotes)
 }
@@ -39,6 +66,7 @@ func TestChangelogProvidedViaFlagIsAWhitespaceOnlyFile(t *testing.T) {
 func TestChangelogProvidedViaFlagIsReallyEmpty(t *testing.T) {
 	ctx := testctx.New()
 	ctx.ReleaseNotesFile = "testdata/changes-really-empty.md"
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.NoError(t, Pipe{}.Run(ctx))
 	require.Equal(t, "", ctx.ReleaseNotes)
 }
@@ -46,6 +74,7 @@ func TestChangelogProvidedViaFlagIsReallyEmpty(t *testing.T) {
 func TestChangelogTmplProvidedViaFlagIsReallyEmpty(t *testing.T) {
 	ctx := testctx.New()
 	ctx.ReleaseNotesTmpl = "testdata/changes-really-empty.md"
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.NoError(t, Pipe{}.Run(ctx))
 	require.Equal(t, "", ctx.ReleaseNotes)
 }
@@ -54,6 +83,7 @@ func TestTemplatedChangelogProvidedViaFlag(t *testing.T) {
 	ctx := testctx.New(testctx.WithCurrentTag("v0.0.1"), withFirstCommit(t))
 	ctx.ReleaseNotesFile = "testdata/changes.md"
 	ctx.ReleaseNotesTmpl = "testdata/changes-templated.md"
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.NoError(t, Pipe{}.Run(ctx))
 	require.Equal(t, "c0ff33 coffee v0.0.1\n", ctx.ReleaseNotes)
 }
@@ -61,6 +91,7 @@ func TestTemplatedChangelogProvidedViaFlag(t *testing.T) {
 func TestTemplatedChangelogProvidedViaFlagResultIsEmpty(t *testing.T) {
 	ctx := testctx.New(testctx.WithCurrentTag("v0.0.1"), withFirstCommit(t))
 	ctx.ReleaseNotesTmpl = "testdata/changes-templated-empty.md"
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.NoError(t, Pipe{}.Run(ctx))
 	require.Equal(t, "\n\n", ctx.ReleaseNotes)
 }
@@ -68,18 +99,21 @@ func TestTemplatedChangelogProvidedViaFlagResultIsEmpty(t *testing.T) {
 func TestChangelogProvidedViaFlagDoesntExist(t *testing.T) {
 	ctx := testctx.New()
 	ctx.ReleaseNotesFile = "testdata/changes.nope"
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.ErrorIs(t, Pipe{}.Run(ctx), os.ErrNotExist)
 }
 
 func TestReleaseHeaderProvidedViaFlagDoesntExist(t *testing.T) {
 	ctx := testctx.New()
 	ctx.ReleaseHeaderFile = "testdata/header.nope"
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.ErrorIs(t, Pipe{}.Run(ctx), os.ErrNotExist)
 }
 
 func TestReleaseFooterProvidedViaFlagDoesntExist(t *testing.T) {
 	ctx := testctx.New()
 	ctx.ReleaseFooterFile = "testdata/footer.nope"
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.ErrorIs(t, Pipe{}.Run(ctx), os.ErrNotExist)
 }
 
@@ -111,6 +145,7 @@ func TestChangelog(t *testing.T) {
 			},
 		},
 	}, testctx.WithCurrentTag("v0.0.2"), testctx.WithPreviousTag("v0.0.1"))
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.NoError(t, Pipe{}.Run(ctx))
 	require.Contains(t, ctx.ReleaseNotes, "## Changelog")
 	require.NotContains(t, ctx.ReleaseNotes, "first")
@@ -161,6 +196,7 @@ func TestChangelogInclude(t *testing.T) {
 			},
 		},
 	}, testctx.WithCurrentTag("v0.0.2"), testctx.WithPreviousTag("v0.0.1"))
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.NoError(t, Pipe{}.Run(ctx))
 	require.Contains(t, ctx.ReleaseNotes, "## Changelog")
 	require.NotContains(t, ctx.ReleaseNotes, "first")
@@ -215,6 +251,7 @@ func TestChangelogForGitlab(t *testing.T) {
 		testctx.WithCurrentTag("v0.0.2"),
 		testctx.WithPreviousTag("v0.0.1"),
 	)
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.NoError(t, Pipe{}.Run(ctx))
 	require.Contains(t, ctx.ReleaseNotes, "## Changelog")
 	require.NotContains(t, ctx.ReleaseNotes, "first")
@@ -239,8 +276,12 @@ func TestChangelogSort(t *testing.T) {
 	testlib.GitCommit(t, "a: commit")
 	testlib.GitCommit(t, "b: commit")
 	testlib.GitTag(t, "v1.0.0")
-	ctx := testctx.New(
-
+	ctx := testctx.NewWithCfg(
+		config.Project{
+			Changelog: config.Changelog{
+				Format: "{{.Message}}",
+			},
+		},
 		testctx.WithCurrentTag("v1.0.0"),
 		testctx.WithPreviousTag("v0.9.9"),
 	)
@@ -276,13 +317,17 @@ func TestChangelogSort(t *testing.T) {
 	} {
 		t.Run("changelog sort='"+cfg.Sort+"'", func(t *testing.T) {
 			ctx.Config.Changelog.Sort = cfg.Sort
-			entries, err := buildChangelog(ctx)
+			log, err := buildChangelog(ctx)
 			require.NoError(t, err)
-			require.Len(t, entries, len(cfg.Entries))
+			entries := strings.Split(strings.TrimSpace(log), "\n")
 			var changes []string
 			for _, line := range entries {
-				changes = append(changes, extractCommitInfo(line))
+				if line == "" || line[0] == '#' {
+					continue
+				}
+				changes = append(changes, strings.TrimPrefix(line, li))
 			}
+			require.Len(t, changes, len(cfg.Entries))
 			require.EqualValues(t, cfg.Entries, changes)
 		})
 	}
@@ -290,15 +335,15 @@ func TestChangelogSort(t *testing.T) {
 
 func Benchmark_sortEntries(b *testing.B) {
 	ctx := testctx.New()
-	entries := []string{
-		"added feature 1",
-		"fixed bug 2",
-		"ignored: whatever",
-		"docs: whatever",
-		"something about cArs we dont need",
-		"feat: added that thing",
-		"Merge pull request #999 from goreleaser/some-branch",
-		"this is not a Merge pull request",
+	entries := []Item{
+		{SHA: "cafebabe", Message: "added feature 1"},
+		{SHA: "cafebabe", Message: "fixed bug 2"},
+		{SHA: "cafebabe", Message: "ignored: whatever"},
+		{SHA: "cafebabe", Message: "docs: whatever"},
+		{SHA: "cafebabe", Message: "something about cArs we dont need"},
+		{SHA: "cafebabe", Message: "feat: added that thing"},
+		{SHA: "cafebabe", Message: "Merge pull request #999 from goreleaser/some-branch"},
+		{SHA: "cafebabe", Message: "this is not a Merge pull request"},
 	}
 
 	b.Run("asc", func(b *testing.B) {
@@ -338,6 +383,7 @@ func TestChangelogOfFirstRelease(t *testing.T) {
 	}
 	testlib.GitTag(t, "v0.0.1")
 	ctx := testctx.New(testctx.WithCurrentTag("v0.0.1"), withFirstCommit(t))
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.NoError(t, Pipe{}.Run(ctx))
 	require.Contains(t, ctx.ReleaseNotes, "## Changelog")
 	for _, msg := range msgs {
@@ -361,6 +407,7 @@ func TestChangelogFilterInvalidRegex(t *testing.T) {
 			},
 		},
 	}, testctx.WithCurrentTag("v0.0.4"), testctx.WithPreviousTag("v0.0.3"))
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.EqualError(t, Pipe{}.Run(ctx), "error parsing regexp: invalid or unsupported Perl syntax: `(?ia`")
 }
 
@@ -380,6 +427,7 @@ func TestChangelogFilterIncludeInvalidRegex(t *testing.T) {
 			},
 		},
 	}, testctx.WithCurrentTag("v0.0.4"), testctx.WithPreviousTag("v0.0.3"))
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.EqualError(t, Pipe{}.Run(ctx), "error parsing regexp: invalid or unsupported Perl syntax: `(?ia`")
 }
 
@@ -391,6 +439,7 @@ func TestChangelogNoTags(t *testing.T) {
 		testlib.GitCommit(t, msg)
 	}
 	ctx := testctx.New()
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.NoError(t, Pipe{}.Run(ctx))
 	require.NotEmpty(t, ctx.ReleaseNotes)
 	require.Contains(t, ctx.ReleaseNotes, "## Changelog")
@@ -414,6 +463,7 @@ func TestChangelogOnBranchWithSameNameAsTag(t *testing.T) {
 	testlib.GitTag(t, "v0.0.1")
 	testlib.GitCheckoutBranch(t, "v0.0.1")
 	ctx := testctx.New(testctx.WithCurrentTag("v0.0.1"), withFirstCommit(t))
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.NoError(t, Pipe{}.Run(ctx))
 	require.Contains(t, ctx.ReleaseNotes, "## Changelog")
 	for _, msg := range msgs {
@@ -440,6 +490,7 @@ func TestChangeLogWithReleaseHeader(t *testing.T) {
 	testlib.GitCheckoutBranch(t, "v0.0.1")
 	ctx := testctx.New(testctx.WithCurrentTag("v0.0.1"), withFirstCommit(t))
 	ctx.ReleaseHeaderFile = "testdata/release-header.md"
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.NoError(t, Pipe{}.Run(ctx))
 	require.Contains(t, ctx.ReleaseNotes, "## Changelog")
 	require.Contains(t, ctx.ReleaseNotes, "test header")
@@ -464,6 +515,7 @@ func TestChangeLogWithTemplatedReleaseHeader(t *testing.T) {
 	testlib.GitCheckoutBranch(t, "v0.0.1")
 	ctx := testctx.New(testctx.WithCurrentTag("v0.0.1"), withFirstCommit(t))
 	ctx.ReleaseHeaderTmpl = "testdata/release-header-templated.md"
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.NoError(t, Pipe{}.Run(ctx))
 	require.Contains(t, ctx.ReleaseNotes, "## Changelog")
 	require.Contains(t, ctx.ReleaseNotes, "test header with tag v0.0.1")
@@ -488,6 +540,7 @@ func TestChangeLogWithReleaseFooter(t *testing.T) {
 	testlib.GitCheckoutBranch(t, "v0.0.1")
 	ctx := testctx.New(testctx.WithCurrentTag("v0.0.1"), withFirstCommit(t))
 	ctx.ReleaseFooterFile = "testdata/release-footer.md"
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.NoError(t, Pipe{}.Run(ctx))
 	require.Contains(t, ctx.ReleaseNotes, "## Changelog")
 	require.Contains(t, ctx.ReleaseNotes, "test footer")
@@ -513,6 +566,7 @@ func TestChangeLogWithTemplatedReleaseFooter(t *testing.T) {
 	testlib.GitCheckoutBranch(t, "v0.0.1")
 	ctx := testctx.New(testctx.WithCurrentTag("v0.0.1"), withFirstCommit(t))
 	ctx.ReleaseFooterTmpl = "testdata/release-footer-templated.md"
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.NoError(t, Pipe{}.Run(ctx))
 	require.Contains(t, ctx.ReleaseNotes, "## Changelog")
 	require.Contains(t, ctx.ReleaseNotes, "test footer with tag v0.0.1")
@@ -537,43 +591,12 @@ func TestChangeLogWithoutReleaseFooter(t *testing.T) {
 	testlib.GitTag(t, "v0.0.1")
 	testlib.GitCheckoutBranch(t, "v0.0.1")
 	ctx := testctx.New(testctx.WithCurrentTag("v0.0.1"), withFirstCommit(t))
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.NoError(t, Pipe{}.Run(ctx))
 	require.Contains(t, ctx.ReleaseNotes, "## Changelog")
 	require.Equal(t, '\n', rune(ctx.ReleaseNotes[len(ctx.ReleaseNotes)-1]))
 }
 
-func TestGetChangelogGitHub(t *testing.T) {
-	ctx := testctx.NewWithCfg(config.Project{
-		Changelog: config.Changelog{
-			Use: useGitHub,
-		},
-	}, testctx.WithCurrentTag("v0.180.2"), testctx.WithPreviousTag("v0.180.1"))
-	require.NoError(t, Pipe{}.Default(ctx))
-
-	expected := "c90f1085f255d0af0b055160bfff5ee40f47af79: fix: do not skip any defaults (#2521) (@caarlos0)"
-	mock := client.NewMock()
-	mock.Changes = []client.ChangelogItem{
-		{
-			SHA:            "c90f1085f255d0af0b055160bfff5ee40f47af79",
-			Message:        "fix: do not skip any defaults (#2521)",
-			AuthorName:     "Carlos",
-			AuthorEmail:    "nope@nope.com",
-			AuthorUsername: "caarlos0",
-		},
-	}
-	l := scmChangeloger{
-		client: mock,
-		repo: client.Repo{
-			Owner: "goreleaser",
-			Name:  "goreleaser",
-		},
-	}
-
-	log, err := l.Log(ctx)
-	require.NoError(t, err)
-	require.Equal(t, expected, log)
-}
-
 func TestGetChangelogGitHubNative(t *testing.T) {
 	ctx := testctx.NewWithCfg(config.Project{
 		Changelog: config.Changelog{
@@ -675,7 +698,7 @@ func TestGetChangeloger(t *testing.T) {
 				Use: useGitHubNative,
 			},
 		}, testctx.GitHubTokenType, testctx.WithPreviousTag("v1.2.3"))
-		c, err := getChangeloger(ctx)
+		c, err := newGithubChangeloger(ctx)
 		require.NoError(t, err)
 		require.IsType(t, &githubNativeChangeloger{}, c)
 	})
@@ -689,7 +712,7 @@ func TestGetChangeloger(t *testing.T) {
 				Use: useGitHubNative,
 			},
 		}, testctx.GitHubTokenType)
-		c, err := getChangeloger(ctx)
+		c, err := newGithubChangeloger(ctx)
 		require.EqualError(t, err, "unsupported repository URL: https://gist.github.com/")
 		require.Nil(t, c)
 	})
@@ -857,6 +880,7 @@ func TestGroup(t *testing.T) {
 			},
 		},
 	}, testctx.WithCurrentTag("v0.0.2"), withFirstCommit(t))
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.NoError(t, Pipe{}.Run(ctx))
 	require.Regexp(t, `## Changelog
 ### Features
@@ -894,22 +918,28 @@ func TestGroupBadRegex(t *testing.T) {
 			},
 		},
 	}, testctx.WithCurrentTag("v0.0.2"), withFirstCommit(t))
+	require.NoError(t, Pipe{}.Default(ctx))
 	require.EqualError(t, Pipe{}.Run(ctx), "failed to group into \"Something\": error parsing regexp: missing closing ]: `[a-z`")
 }
 
 func TestChangelogFormat(t *testing.T) {
 	t.Run("without groups", func(t *testing.T) {
 		makeConf := func(u string) config.Project {
-			return config.Project{Changelog: config.Changelog{Use: u}}
+			return config.Project{
+				Changelog: config.Changelog{
+					Use:    u,
+					Format: "{{.SHA}} {{.Message}}",
+				},
+			}
 		}
 
 		for _, use := range []string{useGit, useGitHub, useGitLab, useGitea} {
 			t.Run(use, func(t *testing.T) {
 				out, err := formatChangelog(
 					testctx.NewWithCfg(makeConf(use)),
-					[]string{
-						"aea123 foo",
-						"aef653 bar",
+					[]Item{
+						{SHA: "aea123", Message: "foo"},
+						{SHA: "aef653", Message: "bar"},
 					},
 				)
 				require.NoError(t, err)
@@ -918,28 +948,14 @@ func TestChangelogFormat(t *testing.T) {
 * aef653 bar`, out)
 			})
 		}
-
-		t.Run(useGitHubNative, func(t *testing.T) {
-			out, err := formatChangelog(
-				testctx.NewWithCfg(makeConf(useGitHubNative)),
-				[]string{
-					"# What's changed",
-					"* aea123 foo",
-					"* aef653 bar",
-				},
-			)
-			require.NoError(t, err)
-			require.Equal(t, `# What's changed
-* aea123 foo
-* aef653 bar`, out)
-		})
 	})
 
 	t.Run("with groups", func(t *testing.T) {
 		makeConf := func(u string) config.Project {
 			return config.Project{
 				Changelog: config.Changelog{
-					Use: u,
+					Use:    u,
+					Format: "{{.SHA}} {{.Message}}",
 					Groups: []config.ChangelogGroup{
 						{Title: "catch-all"},
 					},
@@ -947,27 +963,13 @@ func TestChangelogFormat(t *testing.T) {
 			}
 		}
 
-		t.Run(useGitHubNative, func(t *testing.T) {
-			out, err := formatChangelog(
-				testctx.NewWithCfg(makeConf(useGitHubNative)),
-				[]string{
-					"# What's changed",
-					"* aea123 foo",
-					"* aef653 bar",
-				},
-			)
-			require.NoError(t, err)
-			require.Equal(t, `# What's changed
-* aea123 foo
-* aef653 bar`, out)
-		})
 		for _, use := range []string{useGit, useGitHub, useGitLab, useGitea} {
 			t.Run(use, func(t *testing.T) {
 				out, err := formatChangelog(
 					testctx.NewWithCfg(makeConf(use)),
-					[]string{
-						"aea123 foo",
-						"aef653 bar",
+					[]Item{
+						{SHA: "aea123", Message: "foo"},
+						{SHA: "aef653", Message: "bar"},
 					},
 				)
 				require.NoError(t, err)
@@ -1003,6 +1005,7 @@ func TestAbbrev(t *testing.T) {
 			Changelog: config.Changelog{},
 		}, testctx.WithCurrentTag("v0.0.2"), withFirstCommit(t))
 
+		require.NoError(t, Pipe{}.Default(ctx))
 		require.NoError(t, Pipe{}.Run(ctx))
 		ensureCommitHashLen(t, ctx.ReleaseNotes, 40)
 	})
@@ -1014,6 +1017,7 @@ func TestAbbrev(t *testing.T) {
 				Abbrev: -1,
 			},
 		}, testctx.WithCurrentTag("v0.0.2"), withFirstCommit(t))
+		require.NoError(t, Pipe{}.Default(ctx))
 		require.NoError(t, Pipe{}.Run(ctx))
 	})
 
@@ -1024,6 +1028,7 @@ func TestAbbrev(t *testing.T) {
 				Abbrev: 3,
 			},
 		}, testctx.WithCurrentTag("v0.0.2"), withFirstCommit(t))
+		require.NoError(t, Pipe{}.Default(ctx))
 		require.NoError(t, Pipe{}.Run(ctx))
 		ensureCommitHashLen(t, ctx.ReleaseNotes, 3)
 	})
@@ -1035,6 +1040,7 @@ func TestAbbrev(t *testing.T) {
 				Abbrev: 7,
 			},
 		}, testctx.WithCurrentTag("v0.0.2"), withFirstCommit(t))
+		require.NoError(t, Pipe{}.Default(ctx))
 		require.NoError(t, Pipe{}.Run(ctx))
 		ensureCommitHashLen(t, ctx.ReleaseNotes, 7)
 	})
@@ -1046,11 +1052,94 @@ func TestAbbrev(t *testing.T) {
 				Abbrev: 50,
 			},
 		}, testctx.WithCurrentTag("v0.0.2"), withFirstCommit(t))
+		require.NoError(t, Pipe{}.Default(ctx))
 		require.NoError(t, Pipe{}.Run(ctx))
 		ensureCommitHashLen(t, ctx.ReleaseNotes, 40)
 	})
 }
 
+func TestIssue5595(t *testing.T) {
+	for name, format := range map[string]string{
+		"abbrev-sha": "[{{.SHA}}]: {{.Message}} (@{{.AuthorName}})",
+		"no-sha":     "{{.Message}} (@{{.AuthorName}})",
+	} {
+		t.Run(name, func(t *testing.T) {
+			ctx := testctx.NewWithCfg(config.Project{
+				Changelog: config.Changelog{
+					Use:    useGitHub,
+					Format: format,
+					Groups: []config.ChangelogGroup{
+						{
+							Title:  "Features",
+							Regexp: `^.*?feat(\([[:word:]]+\))??!?:.+$`,
+							Order:  0,
+						},
+						{
+							Title:  "Fixes",
+							Regexp: `^.*?fix(\([[:word:]]+\))??!?:.+$`,
+							Order:  1,
+						},
+						{
+							Title: "Others",
+							Order: 999,
+						},
+					},
+					Filters: config.Filters{
+						Exclude: []string{
+							"^docs:",
+							"typo",
+							"(?i)foo",
+						},
+						Include: []string{
+							"^feat:",
+							"^fix:",
+						},
+					},
+				},
+			}, testctx.WithCurrentTag("v0.0.2"), withFirstCommit(t))
+			require.NoError(t, Pipe{}.Default(ctx))
+
+			mock := client.NewMock()
+
+			for i := 0; i < 20; i++ {
+				kind := "fix"
+				if i%2 == 0 {
+					kind = "feat"
+				}
+				if i%5 == 0 {
+					kind = "chore"
+				}
+				if i%7 == 0 {
+					kind = "docs"
+				}
+				msg := fmt.Sprintf("%s: commit #%d", kind, i)
+				mock.Changes = append(mock.Changes, Item{
+					SHA:            "cafebabe",
+					Message:        msg,
+					AuthorName:     "Carlos",
+					AuthorEmail:    "nope@nope.com",
+					AuthorUsername: "caarlos0",
+				})
+			}
+
+			cl := wrappingChangeloger{
+				changeloger: &scmChangeloger{
+					client: mock,
+					abbrev: 3,
+					repo: client.Repo{
+						Owner: "test",
+						Name:  "test",
+					},
+				},
+			}
+
+			log, err := cl.Log(ctx)
+			require.NoError(t, err)
+			golden.RequireEqualExt(t, []byte(log), ".md")
+		})
+	}
+}
+
 func ensureCommitHashLen(tb testing.TB, log string, l int) {
 	tb.Helper()
 	for _, line := range strings.Split(log, "\n") {
@@ -1059,6 +1148,7 @@ func ensureCommitHashLen(tb testing.TB, log string, l int) {
 		}
 		parts := strings.SplitN(line, " ", 3)
 		commit := strings.TrimPrefix(parts[1], "* ")
+		commit = strings.TrimSuffix(commit, ":")
 		require.Len(tb, commit, l)
 	}
 }
diff --git a/internal/pipe/changelog/testdata/TestIssue5595/abbrev-sha.md.golden b/internal/pipe/changelog/testdata/TestIssue5595/abbrev-sha.md.golden
new file mode 100644
index 00000000000..f32d392d472
--- /dev/null
+++ b/internal/pipe/changelog/testdata/TestIssue5595/abbrev-sha.md.golden
@@ -0,0 +1,17 @@
+## Changelog
+### Features
+* [cafebabe]: feat: commit #2 (@Carlos)
+* [cafebabe]: feat: commit #4 (@Carlos)
+* [cafebabe]: feat: commit #6 (@Carlos)
+* [cafebabe]: feat: commit #8 (@Carlos)
+* [cafebabe]: feat: commit #12 (@Carlos)
+* [cafebabe]: feat: commit #16 (@Carlos)
+* [cafebabe]: feat: commit #18 (@Carlos)
+### Fixes
+* [cafebabe]: fix: commit #1 (@Carlos)
+* [cafebabe]: fix: commit #3 (@Carlos)
+* [cafebabe]: fix: commit #9 (@Carlos)
+* [cafebabe]: fix: commit #11 (@Carlos)
+* [cafebabe]: fix: commit #13 (@Carlos)
+* [cafebabe]: fix: commit #17 (@Carlos)
+* [cafebabe]: fix: commit #19 (@Carlos)
\ No newline at end of file
diff --git a/internal/pipe/changelog/testdata/TestIssue5595/no-sha.md.golden b/internal/pipe/changelog/testdata/TestIssue5595/no-sha.md.golden
new file mode 100644
index 00000000000..2c93a96e19a
--- /dev/null
+++ b/internal/pipe/changelog/testdata/TestIssue5595/no-sha.md.golden
@@ -0,0 +1,17 @@
+## Changelog
+### Features
+* feat: commit #2 (@Carlos)
+* feat: commit #4 (@Carlos)
+* feat: commit #6 (@Carlos)
+* feat: commit #8 (@Carlos)
+* feat: commit #12 (@Carlos)
+* feat: commit #16 (@Carlos)
+* feat: commit #18 (@Carlos)
+### Fixes
+* fix: commit #1 (@Carlos)
+* fix: commit #3 (@Carlos)
+* fix: commit #9 (@Carlos)
+* fix: commit #11 (@Carlos)
+* fix: commit #13 (@Carlos)
+* fix: commit #17 (@Carlos)
+* fix: commit #19 (@Carlos)
\ No newline at end of file
diff --git a/pkg/config/config.go b/pkg/config/config.go
index 9ff269200b4..08ef99cc054 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -1222,7 +1222,7 @@ type Changelog struct {
 
 // ChangelogGroup holds the grouping criteria for the changelog.
 type ChangelogGroup struct {
-	Title  string `yaml:"title,omitempty" json:"title,omitempty"`
+	Title  string `yaml:"title" json:"title"`
 	Regexp string `yaml:"regexp,omitempty" json:"regexp,omitempty"`
 	Order  int    `yaml:"order,omitempty" json:"order,omitempty"`
 }
diff --git a/www/docs/customization/changelog.md b/www/docs/customization/changelog.md
index 87ecdfd7b73..de8890d1c3e 100644
--- a/www/docs/customization/changelog.md
+++ b/www/docs/customization/changelog.md
@@ -21,22 +21,34 @@ changelog:
   # - `github`: uses the compare GitHub API, appending the author username to the changelog.
   # - `gitlab`: uses the compare GitLab API, appending the author name and email to the changelog (requires a personal access token).
   # - `gitea`: uses the compare Gitea API, appending the author username to the changelog.
-  # - `github-native`: uses the GitHub release notes generation API, disables the groups feature.
+  # - `github-native`: uses the GitHub release notes generation API, disables groups, sort, and any further formatting features.
   #
   # Default: 'git'.
   use: github
 
   # Format to use for commit formatting.
-  # Only available when use is one of `github`, `gitea`, or `gitlab`.
   #
-  # Default: '{{ .SHA }}: {{ .Message }} ({{ with .AuthorUsername }}@{{ . }}{{ else }}{{ .AuthorName }} <{{ .AuthorEmail }}>{{ end }})'.
-  # Extra template fields: `SHA`, `Message`, `AuthorName`, `AuthorEmail`, and
-  # `AuthorUsername`.
+  # Templates: allowed.
+  #
+  # Default:
+  #    if 'git': '{{ .SHA }} {{ .Message }}'
+  #   otherwise: '{{ .SHA }}: {{ .Message }} ({{ with .AuthorUsername }}@{{ . }}{{ else }}{{ .AuthorName }} <{{ .AuthorEmail }}>{{ end }})'.
+  #
+  # Extra template fields:
+  # - `SHA`: the commit SHA1
+  # - `Message`: the first line of the commit message, otherwise known as commit subject
+  # - `AuthorName`: the author full name (considers mailmap if 'git')
+  # - `AuthorEmail`: the author email (considers mailmap if 'git')
+  # - `AuthorUsername`: github/gitlab/gitea username - not available if 'git'
+  #
+  # Usage with 'git': <!-- md:inline_version v2.8-unreleased -->.
   format: "{{.SHA}}: {{.Message}} (@{{.AuthorUsername}})"
 
   # Sorts the changelog by the commit's messages.
   # Could either be asc, desc or empty
   # Empty means 'no sorting', it'll use the output of `git log` as is.
+  #
+  # Disabled when using 'github-native'.
   sort: asc
 
   # Max commit hash length to use in the changelog.
@@ -44,6 +56,8 @@ changelog:
   # 0: use whatever the changelog implementation gives you
   # -1: remove the commit hash from the changelog
   # any other number: max length.
+  #
+  # Disabled when using 'github-native'.
   abbrev: -1
 
   # Paths to filter the commits for.
@@ -51,6 +65,8 @@ changelog:
   #
   # This feature is only available in GoReleaser Pro.
   # Default: monorepo.dir value, or empty if no monorepo.
+  #
+  # Disabled when using 'github-native'.
   paths:
     - foo/
     - bar/
@@ -68,8 +84,9 @@ changelog:
   # Matches are performed against the first line of the commit message only,
   # prefixed with the commit SHA1, usually in the form of
   # `<abbrev-commit>[:] <title-commit>`.
-  # Groups are disabled when using github-native, as it already groups things by itself.
   # Regex use RE2 syntax as defined here: https://github.com/google/re2/wiki/Syntax.
+  #
+  # Disabled when using 'github-native'.
   groups:
     - title: Features
       regexp: '^.*?feat(\([[:word:]]+\))??!?:.+$'
@@ -105,13 +122,14 @@ changelog:
   # This feature is only available in GoReleaser Pro.
   divider: "---"
 
+  # Further filter changelog entries.
+  #
+  # Disabled when using 'github-native'.
   filters:
     # Commit messages matching the regexp listed here will be removed from
     # the changelog
     #
-    # Matches are performed against the first line of the commit message only,
-    # prefixed with the commit SHA1, usually in the form of
-    # `<abbrev-commit>[:] <title-commit>`.
+    # Matches are performed against the first line of the commit message only.
     exclude:
       - "^docs:"
       - typo
@@ -122,9 +140,7 @@ changelog:
     #
     # If include is not-empty, exclude will be ignored.
     #
-    # Matches are performed against the first line of the commit message only,
-    # prefixed with the commit SHA1, usually in the form of
-    # `<abbrev-commit>[:] <title-commit>`.
+    # Matches are performed against the first line of the commit message only.
     include:
       - "^feat:"
 ```
@@ -133,7 +149,7 @@ changelog:
 
     Some things to keep an eye on:
 
-    * The `github-native` changelog does not support `sort` and `filter`.
+    * The `github-native` changelog does not support `groups`, `sort`, and `filter`.
     * When releasing a [nightly][], `use` will fallback to `git`.
     * The `github` changelog will only work if both tags exist in GitHub.
 

From 935e9a6c3fcfd56e1bfa61f5c1abf117bc89c1cd Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sat, 8 Mar 2025 11:16:33 -0300
Subject: [PATCH 103/119] fix: abbrev test

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 internal/pipe/changelog/changelog.go          |  7 +----
 internal/pipe/changelog/changelog_test.go     |  2 +-
 .../TestIssue5595/abbrev-sha.md.golden        | 28 +++++++++----------
 3 files changed, 16 insertions(+), 21 deletions(-)

diff --git a/internal/pipe/changelog/changelog.go b/internal/pipe/changelog/changelog.go
index 6bbf3269a38..d233dc48f06 100644
--- a/internal/pipe/changelog/changelog.go
+++ b/internal/pipe/changelog/changelog.go
@@ -25,12 +25,8 @@ type Item = client.ChangelogItem
 // ErrInvalidSortDirection happens when the sort order is invalid.
 var ErrInvalidSortDirection = errors.New("invalid sort direction")
 
-// ErrInvalidSortDirection happens when a group has no title.
-var ErrEmptyGroupTitle = errors.New("group title cannot be empty")
-
-const li = "* "
-
 const (
+	li              = "* "
 	useGit          = "git"
 	useGitHub       = "github"
 	useGitea        = "gitea"
@@ -475,7 +471,6 @@ func (g gitChangeloger) Log(ctx *context.Context) ([]Item, error) {
 type scmChangeloger struct {
 	client client.Client
 	repo   client.Repo
-	abbrev int
 }
 
 func (c *scmChangeloger) Log(ctx *context.Context) ([]Item, error) {
diff --git a/internal/pipe/changelog/changelog_test.go b/internal/pipe/changelog/changelog_test.go
index 78b63adb837..6d591dd76a6 100644
--- a/internal/pipe/changelog/changelog_test.go
+++ b/internal/pipe/changelog/changelog_test.go
@@ -1068,6 +1068,7 @@ func TestIssue5595(t *testing.T) {
 				Changelog: config.Changelog{
 					Use:    useGitHub,
 					Format: format,
+					Abbrev: 3,
 					Groups: []config.ChangelogGroup{
 						{
 							Title:  "Features",
@@ -1125,7 +1126,6 @@ func TestIssue5595(t *testing.T) {
 			cl := wrappingChangeloger{
 				changeloger: &scmChangeloger{
 					client: mock,
-					abbrev: 3,
 					repo: client.Repo{
 						Owner: "test",
 						Name:  "test",
diff --git a/internal/pipe/changelog/testdata/TestIssue5595/abbrev-sha.md.golden b/internal/pipe/changelog/testdata/TestIssue5595/abbrev-sha.md.golden
index f32d392d472..76ff1dd409c 100644
--- a/internal/pipe/changelog/testdata/TestIssue5595/abbrev-sha.md.golden
+++ b/internal/pipe/changelog/testdata/TestIssue5595/abbrev-sha.md.golden
@@ -1,17 +1,17 @@
 ## Changelog
 ### Features
-* [cafebabe]: feat: commit #2 (@Carlos)
-* [cafebabe]: feat: commit #4 (@Carlos)
-* [cafebabe]: feat: commit #6 (@Carlos)
-* [cafebabe]: feat: commit #8 (@Carlos)
-* [cafebabe]: feat: commit #12 (@Carlos)
-* [cafebabe]: feat: commit #16 (@Carlos)
-* [cafebabe]: feat: commit #18 (@Carlos)
+* [caf]: feat: commit #2 (@Carlos)
+* [caf]: feat: commit #4 (@Carlos)
+* [caf]: feat: commit #6 (@Carlos)
+* [caf]: feat: commit #8 (@Carlos)
+* [caf]: feat: commit #12 (@Carlos)
+* [caf]: feat: commit #16 (@Carlos)
+* [caf]: feat: commit #18 (@Carlos)
 ### Fixes
-* [cafebabe]: fix: commit #1 (@Carlos)
-* [cafebabe]: fix: commit #3 (@Carlos)
-* [cafebabe]: fix: commit #9 (@Carlos)
-* [cafebabe]: fix: commit #11 (@Carlos)
-* [cafebabe]: fix: commit #13 (@Carlos)
-* [cafebabe]: fix: commit #17 (@Carlos)
-* [cafebabe]: fix: commit #19 (@Carlos)
\ No newline at end of file
+* [caf]: fix: commit #1 (@Carlos)
+* [caf]: fix: commit #3 (@Carlos)
+* [caf]: fix: commit #9 (@Carlos)
+* [caf]: fix: commit #11 (@Carlos)
+* [caf]: fix: commit #13 (@Carlos)
+* [caf]: fix: commit #17 (@Carlos)
+* [caf]: fix: commit #19 (@Carlos)
\ No newline at end of file

From f2a901e636ffd9bc908332f862d672a83d0331d1 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sun, 9 Mar 2025 21:01:06 -0300
Subject: [PATCH 104/119] chore: update

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 www/docs/static/schema-pro.json | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/www/docs/static/schema-pro.json b/www/docs/static/schema-pro.json
index 84fd073e39b..e3bcbe72965 100644
--- a/www/docs/static/schema-pro.json
+++ b/www/docs/static/schema-pro.json
@@ -982,7 +982,10 @@
 					}
 				},
 				"additionalProperties": false,
-				"type": "object"
+				"type": "object",
+				"required": [
+					"title"
+				]
 			},
 			"ChangelogSubgroup": {
 				"properties": {

From 966909f68701713baa91b6e96a9a964cbc9c7caf Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sun, 9 Mar 2025 21:01:59 -0300
Subject: [PATCH 105/119] fix: improve git no tags error

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 internal/pipe/git/errors.go   | 2 +-
 internal/pipe/git/git_test.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/internal/pipe/git/errors.go b/internal/pipe/git/errors.go
index 331508ec6c6..a48c8320e2a 100644
--- a/internal/pipe/git/errors.go
+++ b/internal/pipe/git/errors.go
@@ -25,7 +25,7 @@ func (e ErrWrongRef) Error() string {
 
 // ErrNoTag happens if the underlying git repository doesn't contain any tags
 // but no snapshot-release was requested.
-var ErrNoTag = errors.New("git doesn't contain any tags. Either add a tag or use --snapshot")
+var ErrNoTag = errors.New("git doesn't contain any tags - either add a tag or use --snapshot")
 
 // ErrNotRepository happens if you try to run goreleaser against a folder
 // which is not a git repository.
diff --git a/internal/pipe/git/git_test.go b/internal/pipe/git/git_test.go
index d79506e5af3..b6d0607f051 100644
--- a/internal/pipe/git/git_test.go
+++ b/internal/pipe/git/git_test.go
@@ -93,7 +93,7 @@ func TestNoTagsNoSnapshot(t *testing.T) {
 	testlib.GitCommit(t, "first")
 	ctx := testctx.New()
 	ctx.Snapshot = false
-	require.EqualError(t, Pipe{}.Run(ctx), `git doesn't contain any tags. Either add a tag or use --snapshot`)
+	require.ErrorIs(t, Pipe{}.Run(ctx), ErrNoTag)
 }
 
 func TestDirty(t *testing.T) {

From 8f73522b0964e09032ce10697a4c24fbc7cc60f1 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sun, 9 Mar 2025 21:05:00 -0300
Subject: [PATCH 106/119] docs: update

---
 www/docs/post-checkout.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/www/docs/post-checkout.md b/www/docs/post-checkout.md
index d098ac09d0b..830b1b89473 100644
--- a/www/docs/post-checkout.md
+++ b/www/docs/post-checkout.md
@@ -2,6 +2,8 @@
 
 A few notes on how to get started:
 
+- [x] GoReleaser Pro is distributed as a different binary than the free version.
+      Make sure you have it installed by checking `goreleaser -v`.
 - [x] if you use GitHub Actions, make sure to set the `distribution` option to
       `pro`. Don't forget to add the `GORELEASER_KEY` environment variable as
       well.[^actions]
@@ -26,4 +28,4 @@ Thank you!
 
 [^schema]: More about our JSONSchemas [here](customization/index.md).
 
-[^links]: All our contact, forums and media links are available [here](links.md).
+[^links]: All our contact, forums, and media links are available [here](links.md).

From 2bf38ef3133c688ff2c0ba7cc1b6f3dac6bf5043 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sun, 9 Mar 2025 22:14:34 -0300
Subject: [PATCH 107/119] docs: update

---
 www/docs/pro.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/www/docs/pro.md b/www/docs/pro.md
index ef1eb93adeb..6959cfec70f 100644
--- a/www/docs/pro.md
+++ b/www/docs/pro.md
@@ -59,6 +59,14 @@ additional features:
 
 <a class="gumroad-button" href="https://gumroad.com/l/CadfZ" target="_blank">Get GoReleaser Pro</a>
 
+## Using GoReleaser Pro
+
+GoReleaser Pro is a different binary, see the [install options](./install.md#pro).
+Once you have it, you can use the serial key with either `--key` or by setting
+`GORELEASER_KEY`.
+
+See [this page](./post-checkout.md) for more information.
+
 ## Road map
 
 We don't have a properly organized public road map (_yet_), but these are some

From 2bb578a0812b4329dfdf09f229744d18982d93d7 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sun, 9 Mar 2025 22:15:50 -0300
Subject: [PATCH 108/119] fix(archive): make sure binaries are executable
 (#5631)

On windows, files have no executable bits.

We read the file permissions on disk to decide its permissions inside
the archives - this means that, on windows, the binaries will not have
the executable bit when unextracted.

This sets the build file info mode to 0o755 by default, which should
resolve this issue.

This was also fixed at some point in time in the past, but apparently
regressed. Now that we test on windows as well, this shouldn't happen
again.

closes #5632

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 internal/pipe/archive/archive.go      |  1 +
 internal/pipe/archive/archive_test.go | 29 ++++++++++++++++++++++++++-
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/internal/pipe/archive/archive.go b/internal/pipe/archive/archive.go
index 93e0cfaf637..6265d1d41b5 100644
--- a/internal/pipe/archive/archive.go
+++ b/internal/pipe/archive/archive.go
@@ -96,6 +96,7 @@ func (Pipe) Default(ctx *context.Context) error {
 				archive.NameTemplate = defaultBinaryNameTemplate
 			}
 		}
+		archive.BuildsInfo.Mode = 0o755
 		ids.Inc(archive.ID)
 	}
 	return ids.Validate()
diff --git a/internal/pipe/archive/archive_test.go b/internal/pipe/archive/archive_test.go
index e3c1455ded0..cb20129440d 100644
--- a/internal/pipe/archive/archive_test.go
+++ b/internal/pipe/archive/archive_test.go
@@ -2,6 +2,7 @@ package archive
 
 import (
 	"archive/tar"
+	"archive/zip"
 	"compress/gzip"
 	"fmt"
 	"io"
@@ -208,6 +209,7 @@ func TestRunPipe(t *testing.T) {
 			ctx.Artifacts.Add(freebsdAmd64Build)
 			ctx.Version = "0.0.1"
 			ctx.Git.CurrentTag = "v0.0.1"
+			require.NoError(t, Pipe{}.Default(ctx))
 			require.NoError(t, Pipe{}.Run(ctx))
 
 			require.Empty(t, ctx.Artifacts.Filter(
@@ -260,7 +262,10 @@ func TestRunPipe(t *testing.T) {
 				header := tarInfo(t, filepath.Join(dist, name), expectBin)
 				require.Equal(t, "root", header.Uname)
 				require.Equal(t, "root", header.Gname)
+				require.EqualValues(t, 0o755, header.Mode)
 			}
+
+			name := "foobar_0.0.1_windows_amd64.zip"
 			require.Equal(
 				t,
 				[]string{
@@ -268,8 +273,10 @@ func TestRunPipe(t *testing.T) {
 					"foo/bar/foobar/blah.txt",
 					expectBin + ".exe",
 				},
-				testlib.LsArchive(t, filepath.Join(dist, "foobar_0.0.1_windows_amd64.zip"), "zip"),
+				testlib.LsArchive(t, filepath.Join(dist, name), "zip"),
 			)
+			info := zipInfo(t, filepath.Join(dist, name), expectBin+".exe")
+			require.Equal(t, fs.FileMode(0o755), info.Mode())
 		})
 	}
 }
@@ -370,6 +377,24 @@ func TestRunPipeNoBinaries(t *testing.T) {
 	require.NoError(t, Pipe{}.Run(ctx))
 }
 
+func zipInfo(t *testing.T, path, name string) fs.FileInfo {
+	t.Helper()
+	f, err := os.Open(path)
+	require.NoError(t, err)
+	defer f.Close()
+	info, err := f.Stat()
+	require.NoError(t, err)
+	r, err := zip.NewReader(f, info.Size())
+	require.NoError(t, err)
+	for _, next := range r.File {
+		if next.Name == name {
+			return next.FileInfo()
+		}
+	}
+	t.Fatalf("could not find %q in %q", name, path)
+	return nil
+}
+
 func tarInfo(t *testing.T, path, name string) *tar.Header {
 	t.Helper()
 	f, err := os.Open(path)
@@ -388,6 +413,7 @@ func tarInfo(t *testing.T, path, name string) *tar.Header {
 			return next
 		}
 	}
+	t.Fatalf("could not find %q in %q", name, path)
 	return nil
 }
 
@@ -779,6 +805,7 @@ func TestDefault(t *testing.T) {
 	require.NotEmpty(t, ctx.Config.Archives[0].NameTemplate)
 	require.Equal(t, "tar.gz", ctx.Config.Archives[0].Formats[0])
 	require.NotEmpty(t, ctx.Config.Archives[0].Files)
+	require.Equal(t, fs.FileMode(0o755), ctx.Config.Archives[0].BuildsInfo.Mode)
 }
 
 func TestDefaultSet(t *testing.T) {

From ccdfd276fbf9b256c28e263ff80f765183ad935b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 Mar 2025 08:57:51 +0000
Subject: [PATCH 109/119] chore(deps): bump github/codeql-action from 3.28.10
 to 3.28.11 (#5634)

Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.28.10 to 3.28.11.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.28.11</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.28.11 - 07 Mar 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2793">#2793</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.28.11/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.28.11 - 07 Mar 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.6. <a
href="https://redirect.github.com/github/codeql-action/pull/2793">#2793</a></li>
</ul>
<h2>3.28.10 - 21 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.5. <a
href="https://redirect.github.com/github/codeql-action/pull/2772">#2772</a></li>
<li>Address an issue where the CodeQL Bundle would occasionally fail to
decompress on macOS. <a
href="https://redirect.github.com/github/codeql-action/pull/2768">#2768</a></li>
</ul>
<h2>3.28.9 - 07 Feb 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.4. <a
href="https://redirect.github.com/github/codeql-action/pull/2753">#2753</a></li>
</ul>
<h2>3.28.8 - 29 Jan 2025</h2>
<ul>
<li>Enable support for Kotlin 2.1.10 when running with CodeQL CLI
v2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2744">#2744</a></li>
</ul>
<h2>3.28.7 - 29 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.6 - 27 Jan 2025</h2>
<ul>
<li>Re-enable debug artifact upload for CLI versions 2.20.3 or greater.
<a
href="https://redirect.github.com/github/codeql-action/pull/2726">#2726</a></li>
</ul>
<h2>3.28.5 - 24 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.3. <a
href="https://redirect.github.com/github/codeql-action/pull/2717">#2717</a></li>
</ul>
<h2>3.28.4 - 23 Jan 2025</h2>
<p>No user facing changes.</p>
<h2>3.28.3 - 22 Jan 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.20.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2707">#2707</a></li>
<li>Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise
Server instance which occurred when the CodeQL Bundle had been synced to
the instance using the <a
href="https://github.com/github/codeql-action-sync-tool">CodeQL Action
sync tool</a> and the Actions runner did not have Zstandard installed.
<a
href="https://redirect.github.com/github/codeql-action/pull/2710">#2710</a></li>
<li>Uploading debug artifacts for CodeQL analysis is temporarily
disabled. <a
href="https://redirect.github.com/github/codeql-action/pull/2712">#2712</a></li>
</ul>
<h2>3.28.2 - 21 Jan 2025</h2>
<p>No user facing changes.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/6bb031afdd8eb862ea3fc1848194185e076637e5"><code>6bb031a</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2798">#2798</a>
from github/update-v3.28.11-56b25d5d5</li>
<li><a
href="https://github.com/github/codeql-action/commit/6bca7dd940f38115b5e3696bd79bbb020563bb1f"><code>6bca7dd</code></a>
Update changelog for v3.28.11</li>
<li><a
href="https://github.com/github/codeql-action/commit/56b25d5d5251df651f82070735778784aa383094"><code>56b25d5</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2793">#2793</a>
from github/update-bundle/codeql-bundle-v2.20.6</li>
<li><a
href="https://github.com/github/codeql-action/commit/256aa1658211f7bf42a0ee5b18a106fe81baa524"><code>256aa16</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.20.6</li>
<li><a
href="https://github.com/github/codeql-action/commit/911d845ab60270de25813c5a148ec9501e857340"><code>911d845</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2796">#2796</a>
from github/nickfyson/adjust-rate-error-string</li>
<li><a
href="https://github.com/github/codeql-action/commit/7b7ed635033f63c6f84ab377f726dc0b933bd593"><code>7b7ed63</code></a>
adjust string for handling rate limit error</li>
<li><a
href="https://github.com/github/codeql-action/commit/608ccd6cd915d2c43d3059c3da518f36f07a56b0"><code>608ccd6</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/2794">#2794</a>
from github/update-supported-enterprise-server-versions</li>
<li><a
href="https://github.com/github/codeql-action/commit/35d04d3627f40144b1b19daa99f2449297367ec9"><code>35d04d3</code></a>
Update supported GitHub Enterprise Server versions</li>
<li><a
href="https://github.com/github/codeql-action/commit/ec3b22164b6b09c9b3d63ff4e9d41084895602b0"><code>ec3b221</code></a>
Update supported GitHub Enterprise Server versions</li>
<li><a
href="https://github.com/github/codeql-action/commit/8dc01f6342a3f934d1a339917531a4d8beda41bc"><code>8dc01f6</code></a>
Add changelog note</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d...6bb031afdd8eb862ea3fc1848194185e076637e5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.28.10&new-version=3.28.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/codeql.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 34348eec250..5b267ec4249 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -25,6 +25,6 @@ jobs:
       - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v4
         with:
           go-version: stable
-      - uses: github/codeql-action/init@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3
-      - uses: github/codeql-action/autobuild@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3
-      - uses: github/codeql-action/analyze@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3
+      - uses: github/codeql-action/init@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3
+      - uses: github/codeql-action/autobuild@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3
+      - uses: github/codeql-action/analyze@6bb031afdd8eb862ea3fc1848194185e076637e5 # v3

From 7e50e851d6c6cb0457a402f7f0055042bf189478 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Mon, 10 Mar 2025 13:18:38 -0300
Subject: [PATCH 110/119] fix(log): custom git log format and parsing (#5635)

JSON formatting was brittle, as quotes et al were note escaped. Thought
about doing it with xml.Unmarshal, but it would have the same issue, but
this time with unmatched `<>`.

This uses a custom XML-based format, but does not use `encoding/xml` to
parse it.

thanks @raphamorim for reporting this (in Discord)
---
 internal/client/client.go                 | 10 ++---
 internal/pipe/changelog/changelog.go      | 49 ++++++++++++++++++-----
 internal/pipe/changelog/changelog_test.go |  6 +++
 3 files changed, 51 insertions(+), 14 deletions(-)

diff --git a/internal/client/client.go b/internal/client/client.go
index 9c295cc6f8b..358a9197224 100644
--- a/internal/client/client.go
+++ b/internal/client/client.go
@@ -64,11 +64,11 @@ type Client interface {
 
 // ChangelogItem represents a changelog item, basically, a commit and its author.
 type ChangelogItem struct {
-	SHA            string `json:"sha"`
-	Message        string `json:"message"`
-	AuthorName     string `json:"name"`
-	AuthorEmail    string `json:"email"`
-	AuthorUsername string `json:"-"`
+	SHA            string
+	Message        string
+	AuthorName     string
+	AuthorEmail    string
+	AuthorUsername string
 }
 
 // ReleaseURLTemplater provides the release URL as a template, containing the
diff --git a/internal/pipe/changelog/changelog.go b/internal/pipe/changelog/changelog.go
index d233dc48f06..9bde072a5f4 100644
--- a/internal/pipe/changelog/changelog.go
+++ b/internal/pipe/changelog/changelog.go
@@ -3,7 +3,6 @@ package changelog
 
 import (
 	"cmp"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"os"
@@ -440,7 +439,7 @@ func (g gitChangeloger) Log(ctx *context.Context) ([]Item, error) {
 		"log",
 		"--no-decorate",
 		"--no-color",
-		`--pretty=format:{"sha":"%H","message":"%s","author":"%an","email":"%aE"}`,
+		"--pretty=format:" + gitLogFormat,
 	}
 	// if prev is empty, it means we don't have a previous tag, so we don't
 	// pass any more args, which should everything.
@@ -455,15 +454,11 @@ func (g gitChangeloger) Log(ctx *context.Context) ([]Item, error) {
 		return nil, err
 	}
 	var entries []Item
-	for _, s := range strings.Split(out, "\n") {
-		if strings.TrimSpace(s) == "" {
+	for _, line := range strings.Split(out, "\n") {
+		if strings.TrimSpace(line) == "" {
 			continue
 		}
-		var entry Item
-		if err := json.Unmarshal([]byte(s), &entry); err != nil {
-			return nil, fmt.Errorf("changelog: invalid json: %s: %s", s, err)
-		}
-		entries = append(entries, entry)
+		entries = append(entries, decode(line))
 	}
 	return entries, nil
 }
@@ -502,3 +497,39 @@ func (w wrappingChangeloger) Log(ctx *context.Context) (string, error) {
 	}
 	return formatChangelog(ctx, sortEntries(ctx, entries))
 }
+
+const (
+	shaOpen      = "<goreleaser_sha>"
+	shaClose     = "</goreleaser_sha>"
+	messageOpen  = "<goreleaser_message>"
+	messageClose = "</goreleaser_message>"
+	authorOpen   = "<goreleaser_author>"
+	authorClose  = "</goreleaser_author>"
+	emailOpen    = "<goreleaser_email>"
+	emailClose   = "</goreleaser_email>"
+
+	gitLogFormat = shaOpen + "%H" + shaClose +
+		messageOpen + "%s" + messageClose +
+		authorOpen + "%an" + authorClose +
+		emailOpen + "%aE" + emailClose
+)
+
+func decode(line string) Item {
+	var (
+		shaOpenIdx      = strings.Index(line, shaOpen) + len(shaOpen)
+		shaCloseIdx     = strings.Index(line, shaClose)
+		messageOpenIdx  = strings.Index(line, messageOpen) + len(messageOpen)
+		messageCloseIdx = strings.Index(line, messageClose)
+		authorOpenIdx   = strings.Index(line, authorOpen) + len(authorOpen)
+		authorCloseIdx  = strings.Index(line, authorClose)
+		emailOpenIdx    = strings.Index(line, emailOpen) + len(emailOpen)
+		emailCloseIdx   = strings.Index(line, emailClose)
+	)
+
+	return Item{
+		SHA:         line[shaOpenIdx:shaCloseIdx],
+		Message:     line[messageOpenIdx:messageCloseIdx],
+		AuthorName:  line[authorOpenIdx:authorCloseIdx],
+		AuthorEmail: line[emailOpenIdx:emailCloseIdx],
+	}
+}
diff --git a/internal/pipe/changelog/changelog_test.go b/internal/pipe/changelog/changelog_test.go
index 6d591dd76a6..47161395cbb 100644
--- a/internal/pipe/changelog/changelog_test.go
+++ b/internal/pipe/changelog/changelog_test.go
@@ -130,6 +130,9 @@ func TestChangelog(t *testing.T) {
 	testlib.GitCommit(t, "feat: added that thing")
 	testlib.GitCommit(t, "Merge pull request #999 from goreleaser/some-branch")
 	testlib.GitCommit(t, "this is not a Merge pull request")
+	testlib.GitCommit(t, `a commit message "with quotes inside it'`)
+	testlib.GitCommit(t, `a " quote ' fiesta`)
+	testlib.GitCommit(t, `an unclosed <tag somewhere`)
 	testlib.GitTag(t, "v0.0.2")
 	ctx := testctx.NewWithCfg(config.Project{
 		Dist: folder,
@@ -151,6 +154,9 @@ func TestChangelog(t *testing.T) {
 	require.NotContains(t, ctx.ReleaseNotes, "first")
 	require.Contains(t, ctx.ReleaseNotes, "added feature 1")
 	require.Contains(t, ctx.ReleaseNotes, "fixed bug 2")
+	require.Contains(t, ctx.ReleaseNotes, `a commit message "with quotes inside it'`)
+	require.Contains(t, ctx.ReleaseNotes, `a " quote ' fiesta`)
+	require.Contains(t, ctx.ReleaseNotes, "an unclosed <tag somewhere")
 	require.NotContains(t, ctx.ReleaseNotes, "docs")
 	require.NotContains(t, ctx.ReleaseNotes, "ignored")
 	require.NotContains(t, ctx.ReleaseNotes, "cArs")

From be3b65ca472932c04b8c0d58d3dcdff8d72d6d32 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Mar 2025 08:42:34 +0000
Subject: [PATCH 111/119] chore(deps): bump cachix/install-nix-action from 30
 to 31 (#5637)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[cachix/install-nix-action](https://github.com/cachix/install-nix-action)
from 30 to 31.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cachix/install-nix-action/releases">cachix/install-nix-action's
releases</a>.</em></p>
<blockquote>
<h2>v31</h2>
<h2>What's Changed</h2>
<ul>
<li>nix: 2.24.9 -&gt; 2.25.2 by <a
href="https://github.com/Mic92"><code>@​Mic92</code></a> in <a
href="https://redirect.github.com/cachix/install-nix-action/pull/218">cachix/install-nix-action#218</a></li>
<li>ci: fix latest installer tests by <a
href="https://github.com/sandydoo"><code>@​sandydoo</code></a> in <a
href="https://redirect.github.com/cachix/install-nix-action/pull/220">cachix/install-nix-action#220</a></li>
<li>ci: add ubuntu-24.04-arm to matrix by <a
href="https://github.com/msgilligan"><code>@​msgilligan</code></a> in <a
href="https://redirect.github.com/cachix/install-nix-action/pull/221">cachix/install-nix-action#221</a></li>
<li>nix: 2.25.2 -&gt; 2.26.2 by <a
href="https://github.com/Mic92"><code>@​Mic92</code></a> in <a
href="https://redirect.github.com/cachix/install-nix-action/pull/226">cachix/install-nix-action#226</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/msgilligan"><code>@​msgilligan</code></a> made
their first contribution in <a
href="https://redirect.github.com/cachix/install-nix-action/pull/221">cachix/install-nix-action#221</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/cachix/install-nix-action/compare/v30...v31">https://github.com/cachix/install-nix-action/compare/v30...v31</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cachix/install-nix-action/commit/91a071959513ca103b54280ac0bef5b825791d4d"><code>91a0719</code></a>
Merge pull request <a
href="https://redirect.github.com/cachix/install-nix-action/issues/226">#226</a>
from Mic92/nix-update</li>
<li><a
href="https://github.com/cachix/install-nix-action/commit/d81eadf041318952daecfb82fe8d7b4538067642"><code>d81eadf</code></a>
nix: 2.25.2 -&gt; 2.26.2</li>
<li><a
href="https://github.com/cachix/install-nix-action/commit/3d69a1d4d262a7fb63731d2bc0d081544705e3d5"><code>3d69a1d</code></a>
Merge pull request <a
href="https://redirect.github.com/cachix/install-nix-action/issues/221">#221</a>
from msgilligan/msgilligan/github-test-aarch64-linux</li>
<li><a
href="https://github.com/cachix/install-nix-action/commit/265a04a520d4a95357365b3a9c2e73135a8e9830"><code>265a04a</code></a>
GitHub test.yml: add ubuntu-24.04-arm to matrix</li>
<li><a
href="https://github.com/cachix/install-nix-action/commit/89fd1e98db16430dad3d6595e0f6d30718059e4e"><code>89fd1e9</code></a>
Merge pull request <a
href="https://redirect.github.com/cachix/install-nix-action/issues/220">#220</a>
from cachix/fix-master-tests</li>
<li><a
href="https://github.com/cachix/install-nix-action/commit/a76df16350261308addb51d2386f28f5f0975987"><code>a76df16</code></a>
ci: bump nixpkgs channel</li>
<li><a
href="https://github.com/cachix/install-nix-action/commit/a49b703498f43e1426a1b820f27cf12cad57143f"><code>a49b703</code></a>
ci: fix act test</li>
<li><a
href="https://github.com/cachix/install-nix-action/commit/f3f544c44bee9e88b5ab7976e42c675083a4f60b"><code>f3f544c</code></a>
ci: fix latest installer tests</li>
<li><a
href="https://github.com/cachix/install-nix-action/commit/14344b39ca74ae462b171571696461d555318cc3"><code>14344b3</code></a>
Merge pull request <a
href="https://redirect.github.com/cachix/install-nix-action/issues/218">#218</a>
from Mic92/nix-upgrade</li>
<li><a
href="https://github.com/cachix/install-nix-action/commit/b1deb06f62baf2f4c1604bc301787f127e990349"><code>b1deb06</code></a>
nix: 2.24.9 -&gt; 2.25.2</li>
<li>See full diff in <a
href="https://github.com/cachix/install-nix-action/compare/v30...v31">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cachix/install-nix-action&package-manager=github_actions&previous-version=30&new-version=31)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/build.yml       | 2 +-
 .github/workflows/docs.yml        | 2 +-
 .github/workflows/generate.yml    | 2 +-
 .github/workflows/nightly-oss.yml | 2 +-
 .github/workflows/release.yml     | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index aa4ea5dff9c..e86e4a6934f 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -54,7 +54,7 @@ jobs:
       - uses: crazy-max/ghaction-upx@v3
         with:
           install-only: true
-      - uses: cachix/install-nix-action@v30
+      - uses: cachix/install-nix-action@v31
         if: matrix.os == 'ubuntu-latest'
         with:
           github_access_token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index e21e9d749fc..5fb147a2e89 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
-      - uses: cachix/install-nix-action@v30
+      - uses: cachix/install-nix-action@v31
         with:
           nix_path: nixpkgs=channel:nixos-unstable
           github_access_token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/generate.yml b/.github/workflows/generate.yml
index cd4e87d6162..75dbdf92bfb 100644
--- a/.github/workflows/generate.yml
+++ b/.github/workflows/generate.yml
@@ -28,7 +28,7 @@ jobs:
       - run: task docs:releases
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - uses: cachix/install-nix-action@v30
+      - uses: cachix/install-nix-action@v31
         with:
           github_access_token: ${{ secrets.GITHUB_TOKEN }}
       - run: task docs:generate
diff --git a/.github/workflows/nightly-oss.yml b/.github/workflows/nightly-oss.yml
index 24ea8e9aede..0e290810770 100644
--- a/.github/workflows/nightly-oss.yml
+++ b/.github/workflows/nightly-oss.yml
@@ -61,7 +61,7 @@ jobs:
       - uses: crazy-max/ghaction-upx@v3
         with:
           install-only: true
-      - uses: cachix/install-nix-action@v30
+      - uses: cachix/install-nix-action@v31
         with:
           github_access_token: ${{ secrets.GITHUB_TOKEN }}
       - name: dockerhub-login
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 1e2f447bb99..db4d8b8edce 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -115,7 +115,7 @@ jobs:
       - uses: crazy-max/ghaction-upx@v3
         with:
           install-only: true
-      - uses: cachix/install-nix-action@v30
+      - uses: cachix/install-nix-action@v31
         with:
           github_access_token: ${{ secrets.GITHUB_TOKEN }}
       - name: dockerhub-login

From 6600509044d901d119da13d46f81350dffdd333a Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Tue, 11 Mar 2025 21:50:33 -0300
Subject: [PATCH 112/119] docs: update

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 www/docs/cmd/goreleaser_release.md    |   2 +-
 www/docs/customization/app_bundles.md |   4 +-
 www/docs/customization/msi.md         |   2 +-
 www/docs/customization/nfpm.md        |   2 +-
 www/docs/customization/notarize.md    |   2 +-
 www/docs/customization/npm.md         | 163 ++++++++++++++++++++++++++
 www/docs/customization/release.md     |   2 +-
 www/docs/pro.md                       |   1 +
 www/docs/static/schema-pro.json       |  91 ++++++++++++++
 www/mkdocs.yml                        |   1 +
 10 files changed, 263 insertions(+), 7 deletions(-)
 create mode 100644 www/docs/customization/npm.md

diff --git a/www/docs/cmd/goreleaser_release.md b/www/docs/cmd/goreleaser_release.md
index 41eed828840..7b5110e2832 100644
--- a/www/docs/cmd/goreleaser_release.md
+++ b/www/docs/cmd/goreleaser_release.md
@@ -27,7 +27,7 @@ goreleaser release [flags]
       --release-notes string         Load custom release notes from a markdown file (will skip GoReleaser changelog generation)
       --release-notes-tmpl string    Load custom release notes from a templated markdown file (overrides --release-notes)
       --single-target                Builds only for current GOOS and GOARCH, regardless of what's set in the configuration file (implies --skip=publish) (Pro only)
-      --skip strings                 Skip the given options (valid options are: after, announce, archive, aur, aur-source, before, before-publish, chocolatey, cloudsmith, dmg, docker, dockerhub, fury, homebrew, ko, msi, nfpm, nix, notarize, publish, report-sizes, sbom, scoop, sign, snapcraft, validate, winget)
+      --skip strings                 Skip the given options (valid options are: after, announce, archive, aur, aur-source, before, before-publish, chocolatey, cloudsmith, dmg, docker, dockerhub, fury, homebrew, ko, msi, nfpm, nix, notarize, npm, publish, report-sizes, sbom, scoop, sign, snapcraft, validate, winget)
       --snapshot                     Generate an unversioned snapshot release, skipping all validations and without publishing any artifacts (implies --skip=announce,publish,validate)
       --split                        Split the build so it can be merged and published later (implies --prepare) (Pro only)
       --timeout duration             Timeout to the entire release process (default 30m0s)
diff --git a/www/docs/customization/app_bundles.md b/www/docs/customization/app_bundles.md
index 74dff1bc2fd..aabe35b0ea6 100644
--- a/www/docs/customization/app_bundles.md
+++ b/www/docs/customization/app_bundles.md
@@ -55,7 +55,7 @@ app_bundles:
     # You can use this to override the default generated 'Contents/Info.plist'
     # and/or to add more files.
     #
-    # Since: v2.6.
+    # <!-- md:inline_version v2.6 -->.
     # Templates: allowed.
     extra_files:
       - src: ./release/Info.plist
@@ -77,7 +77,7 @@ app_bundles:
     # and its results will be added to the archive.
     # and/or to add more files.
     #
-    # Since: v2.6.
+    # <!-- md:inline_version v2.6 -->.
     # Templates: allowed.
     # Extra template fields: `AppName`, `BinaryName`, and `Bundle`.
     templated_extra_files:
diff --git a/www/docs/customization/msi.md b/www/docs/customization/msi.md
index 27d4235152b..70e713c00ea 100644
--- a/www/docs/customization/msi.md
+++ b/www/docs/customization/msi.md
@@ -48,7 +48,7 @@ msi:
     # See: https://wixtoolset.org/docs/v3/howtos/general/extension_usage_introduction/
     #
     # Templates: allowed.
-    # Since: v2.6.
+    # <!-- md:inline_version v2.6 -->.
     extensions:
       - '{{ if eq .Runtime.Goos "windows" }}WixUIExtension{{ end }}'
       - "WixUtilExtension"
diff --git a/www/docs/customization/nfpm.md b/www/docs/customization/nfpm.md
index fe046c0d14c..0a601358c4d 100644
--- a/www/docs/customization/nfpm.md
+++ b/www/docs/customization/nfpm.md
@@ -344,7 +344,7 @@ nfpms:
     # Date to be used as mtime for the package itself, and its internal files.
     # You may also want to set the mtime on its contents.
     #
-    # Since: v2.6.
+    # <!-- md:inline_version v2.6 -->.
     # Templates: allowed.
     mtime: "{{ .CommitDate }}"
 
diff --git a/www/docs/customization/notarize.md b/www/docs/customization/notarize.md
index 44cbe007a5d..fdff366747b 100644
--- a/www/docs/customization/notarize.md
+++ b/www/docs/customization/notarize.md
@@ -92,7 +92,7 @@ notarize:
         # Allows to set the signature entitlements XML file.
         #
         # Templates: allowed.
-        # Since: v2.6.
+        # <!-- md:inline_version v2.6 -->.
         entitlements: ./path/to/entitlements.xml
 
       # Then, we notarize the binaries.
diff --git a/www/docs/customization/npm.md b/www/docs/customization/npm.md
new file mode 100644
index 00000000000..ac935713fe5
--- /dev/null
+++ b/www/docs/customization/npm.md
@@ -0,0 +1,163 @@
+# NPM
+
+<!-- md:version v2.8-unreleased -->
+
+<!-- md:alpha -->
+
+<!-- md:pro -->
+
+The `npm` section configures how GoReleaser publishes your packages to NPM
+registries.
+
+## How it works
+
+You can declare multiple NPM instances.
+All binaries generated by your `builds` section will be available for use in
+your NPM packages.
+
+For each NPM configuration, GoReleaser will:
+
+1. Generate a `package.json` file and other required scripts based on your
+   configuration;
+1. When the user `npm i -g` or `npx` your package, a `postinstall` script will
+   download the archive, and extract/copy the binaries into the `./bin` folder;
+1. Publish the package to a NPM registry (`npmjs.com` by default, customize with
+   `npm config`).
+
+## Options
+
+```yaml
+# .goreleaser.yaml
+npm:
+  - # ID of the resulting image.
+    #
+    # Default: the project name.
+    id: foo
+
+    # IDs of the archives to use.
+    # Empty means all IDs.
+    ids:
+      - foo
+      - bar
+
+    # Package name.
+    #
+    # Required
+    name: "@me/mypackage"
+
+    # Your app's description.
+    #
+    # Templates: allowed.
+    # Default: inferred from global metadata.
+    description: My awesome npm package
+
+    # Your app's homepage.
+    #
+    # Default: inferred from global metadata.
+    homepage: https://example.org
+
+    # Keywords for the package.
+    keywords:
+      - cli
+      - golang
+      - example
+
+    # License name.
+    #
+    # Templates: allowed.
+    # Required
+    # Default: inferred from global metadata.
+    license: MIT
+
+    # Author of the package.
+    #
+    # Templates: allowed.
+    # Default: inferred from global metadata.
+    author: Your Name <your.email@example.com>
+
+    # Repository URL.
+    #
+    # Templates: allowed.
+    repository: https://github.com/foo/bar
+
+    # URL to report bugs.
+    #
+    # Templates: allowed.
+    bugs: https://github.com/foo/bar/issues
+
+    # Additional files/globs you want to add to the package.
+    #
+    # Default: ["README*", "LICENSE*"]
+    # Templates: allowed.
+    extra_files:
+      - glob: ./path/to/file.txt
+        name_template: "file.txt"
+
+    # Additional templated files to add to the app bundle.
+    # Those files will have their contents pass through the template engine,
+    # and its results will be added to the archive.
+    # and/or to add more files.
+    #
+    # Templates: allowed.
+    templated_extra_files:
+      # src can also be a glob, as long as dst is a directory.
+      - src: "LICENSE.md.tpl"
+        dst: LICENSE.md
+
+    # Access level: public or restricted.
+    access: public
+
+    # Package format: tar, tgz, tar.gz, zip, or binary.
+    #
+    # Required: if more than one archive format is being used.
+    format: tgz
+
+    # Allows to further filter the artifacts.
+    #
+    # Artifacts that do not match this expression will be ignored.
+    #
+    # Templates: allowed.
+    if: '{{ eq .Os "linux" }}'
+
+    # Disables the configuration.
+    # Any value different of 'true' will be considered 'false'.
+    #
+    # Templates: allowed.
+    disable: "{{ gt .Patch 0 }}"
+```
+
+!!! warning "Caveat"
+
+    This will not work if the user installs with `--ignore-scripts`.
+
+<!-- md:templates -->
+
+## Supported platforms and formats
+
+Initially, we are supporting the following platforms:
+
+- `linux`: `amd64` and `arm64`
+- `darwin`: `amd64` and `arm64`
+- `windows`: `amd64` and `arm64`
+
+And these archive formats:
+
+- `tgz`, `tar.gz`
+- `tar`
+- `zip`
+- `binary`
+
+More formats and platforms might be added in the future.
+
+## Why NPM?
+
+Basically, to increase the distribution of your app.
+
+Many people have `npm` and `npx` installed, and are used to
+`npm i -g <package>`.
+
+Its technically a hack, but works in most cases.
+
+Its worth noting its still in an alpha state.
+Feel free to provide feedback if you find issues or know ways in which it could
+be improved.
diff --git a/www/docs/customization/release.md b/www/docs/customization/release.md
index d7e8b4a1bd4..27c92604ad3 100644
--- a/www/docs/customization/release.md
+++ b/www/docs/customization/release.md
@@ -39,7 +39,7 @@ release:
   # Whether to use an existing draft release as the target release.
   #
   # Available only for GitHub.
-  # Since: v2.5.
+  # <!-- md:inline_version v2.5 -->.
   use_existing_draft: true
 
   # Whether to remove an artifact that already exists.
diff --git a/www/docs/pro.md b/www/docs/pro.md
index 6959cfec70f..965eba14c4a 100644
--- a/www/docs/pro.md
+++ b/www/docs/pro.md
@@ -3,6 +3,7 @@
 GoReleaser Pro is a paid, closed-source GoReleaser distribution with some
 additional features:
 
+- [x] Publish to [NPM registries](customization/npm.md);
 - [x] Native macOS App Bundles signing and DMG
       [notarization](customization/notarize.md#native);
 - [x] Use [AI](customization/changelog.md#enhance-with-ai) to improve/format
diff --git a/www/docs/static/schema-pro.json b/www/docs/static/schema-pro.json
index e3bcbe72965..23e689ff1b0 100644
--- a/www/docs/static/schema-pro.json
+++ b/www/docs/static/schema-pro.json
@@ -3213,6 +3213,91 @@
 				"additionalProperties": false,
 				"type": "object"
 			},
+			"NPM": {
+				"properties": {
+					"id": {
+						"type": "string"
+					},
+					"ids": {
+						"items": {
+							"type": "string"
+						},
+						"type": "array"
+					},
+					"name": {
+						"type": "string"
+					},
+					"description": {
+						"type": "string"
+					},
+					"homepage": {
+						"type": "string"
+					},
+					"keywords": {
+						"items": {
+							"type": "string"
+						},
+						"type": "array"
+					},
+					"license": {
+						"type": "string"
+					},
+					"author": {
+						"type": "string"
+					},
+					"repository": {
+						"type": "string"
+					},
+					"bugs": {
+						"type": "string"
+					},
+					"files": {
+						"items": {
+							"$ref": "#/$defs/ExtraFile"
+						},
+						"type": "array"
+					},
+					"templated_files": {
+						"items": {
+							"$ref": "#/$defs/TemplatedExtraFile"
+						},
+						"type": "array"
+					},
+					"access": {
+						"type": "string",
+						"enum": [
+							"",
+							"public",
+							"restricted"
+						]
+					},
+					"format": {
+						"type": "string",
+						"enum": [
+							"tar",
+							"tgz",
+							"tar.gz",
+							"zip",
+							"binary"
+						]
+					},
+					"if": {
+						"type": "string"
+					},
+					"disable": {
+						"oneOf": [
+							{
+								"type": "string"
+							},
+							{
+								"type": "boolean"
+							}
+						]
+					}
+				},
+				"additionalProperties": false,
+				"type": "object"
+			},
 			"Nightly": {
 				"properties": {
 					"version_template": {
@@ -3431,6 +3516,12 @@
 						},
 						"type": "array"
 					},
+					"npms": {
+						"items": {
+							"$ref": "#/$defs/NPM"
+						},
+						"type": "array"
+					},
 					"nix": {
 						"items": {
 							"$ref": "#/$defs/Nix"
diff --git a/www/mkdocs.yml b/www/mkdocs.yml
index 1044866cd25..9c7916779f1 100644
--- a/www/mkdocs.yml
+++ b/www/mkdocs.yml
@@ -170,6 +170,7 @@ nav:
           - customization/winget.md
           - NUR: customization/nix.md
           - AUR: customization/aur.md
+          - customization/npm.md
           - AUR (Sources): customization/aursources.md
           - Krew: customization/krew.md
           - Scoop: customization/scoop.md

From 6c82c029438f416fddc298478ec18e03da808a29 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Tue, 11 Mar 2025 22:58:14 -0300
Subject: [PATCH 113/119] ci: cleanup changelog a bit

---
 .goreleaser.yaml | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 16df0d30835..16052666ad2 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -79,15 +79,23 @@ changelog:
     exclude:
       - "^test:"
       - "^test\\("
+      - "^chore: update$"
+      - "^chore: docs$"
+      - "^docs: update$"
+      - "^chore: schema$"
+      - "^chore: typo$"
+      - "^chore: auto-update generated files$"
+      - "^chore: update schema$"
+      - "^chore: schema update$"
+      - "^chore\\(deps\\): "
+      - "^(build|ci): "
+      - "merge conflict"
       - "merge conflict"
       - Merge pull request
       - Merge remote-tracking branch
       - Merge branch
       - go mod tidy
   groups:
-    - title: Dependency updates
-      regexp: '^.*?(.+)\(deps\)!?:.+$'
-      order: 300
     - title: "New Features"
       regexp: '^.*?feat(\(.+\))??!?:.+$'
       order: 100
@@ -100,9 +108,6 @@ changelog:
     - title: "Documentation updates"
       regexp: ^.*?docs?(\(.+\))??!?:.+$
       order: 400
-    - title: "Build process updates"
-      regexp: ^.*?(build|ci)(\(.+\))??!?:.+$
-      order: 400
     - title: Other work
       order: 9999
 

From 8f7f4474911d2e1310b54ae32c2390e29956d2fe Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Wed, 12 Mar 2025 00:31:06 -0300
Subject: [PATCH 114/119] docs: update

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 www/docs/customization/templates.md    | 133 ++++++++++++++-----------
 www/docs/overrides/hooks/shortcodes.py |   9 ++
 2 files changed, 83 insertions(+), 59 deletions(-)

diff --git a/www/docs/customization/templates.md b/www/docs/customization/templates.md
index c7a3664ca61..84fc0adb31b 100644
--- a/www/docs/customization/templates.md
+++ b/www/docs/customization/templates.md
@@ -37,8 +37,6 @@ In fields that support templates, these fields are always available:
 | `.IsDraft`             | `true` if `release.draft` is set in the configuration, `false` otherwise                                   |
 | `.IsSnapshot`          | `true` if `--snapshot` is set, `false` otherwise                                                           |
 | `.IsNightly`           | `true` if `--nightly` is set, `false` otherwise                                                            |
-| `.IsRelease`           | `true` if regular release (not a nightly nor a snapshot) (since v2.8)[^pro]                                |
-| `.IsMerging`           | `true` if you are running with `--merge` (since v2.8)[^pro]                                                |
 | `.IsSingleTarget`      | `true` if `--single-target` is set, `false` otherwise (since v2.3)                                         |
 | `.Env`                 | a map with system's environment variables                                                                  |
 | `.Date`                | current UTC date in RFC 3339 format                                                                        |
@@ -53,30 +51,16 @@ In fields that support templates, these fields are always available:
 | `.TagBody`             | the annotated tag message's body, or the message's body of the commit it points out[^git-tag-body]         |
 | `.Runtime.Goos`        | equivalent to `runtime.GOOS`                                                                               |
 | `.Runtime.Goarch`      | equivalent to `runtime.GOARCH`                                                                             |
-| `.Artifacts`           | the current artifact list. See table below for fields[^pro]                                                |
 
-[^pro]: This feature is only available in [GoReleaser Pro](/pro).
-
-[^version-prefix]:
-    The `v` prefix is stripped, and it might be changed in
-    `snapshot` and `nightly` builds.
-
-[^tag-is-semver]: Assuming `Tag` is a valid a SemVer, otherwise empty/zeroed.
-
-[^scm-release-url]:
-    Composed of the current SCM's download URL and current tag.
-    For instance, on GitHub, it'll be
-    `https://github.com/{owner}/{repo}/releases/tag/{tag}`.
-
-[^git-summary]:
-    It is generated by `git describe --dirty --always --tags`, the
-    format will be `{Tag}-$N-{CommitSHA}`
-    If using Pro with a `monorepo.tag_prefix`, it will be passed to `describe`
-    as `--match={prefix}*`.
+## Common Fields (Pro)
 
-[^git-tag-subject]: As reported by `git tag -l --format='%(contents:subject)'`
+<!-- md:tmpl_pro -->
 
-[^git-tag-body]: As reported by `git tag -l --format='%(contents)'`
+| Key          | Description                                                           |
+| ------------ | --------------------------------------------------------------------- |
+| `.IsRelease` | `true` if regular release (not a nightly nor a snapshot) (since v2.8) |
+| `.IsMerging` | `true` if you are running with `--merge` (since v2.8)                 |
+| `.Artifacts` | [the current artifacts list](#artifacts)                              |
 
 ## Artifacts
 
@@ -139,12 +123,6 @@ In the nFPM name template field, you can use those extra fields:
 | `.ConventionalExtension` | conventional package extension as provided by nFPM              |
 | `.Format`                | package format                                                  |
 
-[^arm-names]:
-    Please beware: some OSs might have the same names for different
-    ARM versions, for example, for Debian both ARMv6 and ARMv7 are called `armhf`.
-    Make sure that's not your case otherwise you might end up with colliding
-    names. It also does not handle multiple GOAMD64 versions.
-
 ## Release body extra fields
 
 In the `release.body` field, you can use these extra fields:
@@ -157,36 +135,42 @@ In the `release.body` field, you can use these extra fields:
 
 On all fields, you have these available functions:
 
-| Usage                             | Description                                                                                                                |
-| --------------------------------- | -------------------------------------------------------------------------------------------------------------------------- |
-| `replace "v1.2" "v" ""`           | replaces all matches. See [ReplaceAll](https://pkg.go.dev/strings#ReplaceAll).                                             |
-| `split "1.2" "."`                 | split string at separator. See [Split](https://pkg.go.dev/strings#Split)                                                   |
-| `time "01/02/2006"`               | current UTC time in the specified format (this is not deterministic, a new time for every call).                           |
-| `contains "foobar" "foo"`         | checks whether the first string contains the second. See [Contains](https://pkg.go.dev/strings#Contains)                   |
-| `tolower "V1.2"`                  | makes input string lowercase. See [ToLower](https://pkg.go.dev/strings#ToLower).                                           |
-| `toupper "v1.2"`                  | makes input string uppercase. See [ToUpper](https://pkg.go.dev/strings#ToUpper).                                           |
-| `trim " v1.2  "`                  | removes all leading and trailing white space. See [TrimSpace](https://pkg.go.dev/strings#TrimSpace).                       |
-| `trimprefix "v1.2" "v"`           | removes provided leading prefix string, if present. See [TrimPrefix](https://pkg.go.dev/strings#TrimPrefix).               |
-| `trimsuffix "1.2v" "v"`           | removes provided trailing suffix string, if present. See [TrimSuffix](https://pkg.go.dev/strings#TrimSuffix).              |
-| `dir .Path`                       | returns all but the last element of path, typically the path's directory. See [Dir](https://pkg.go.dev/path/filepath#Dir). |
-| `base .Path`                      | returns the last element of path. See [Base](https://pkg.go.dev/path/filepath#Base)                                        |
-| `abs .ArtifactPath`               | returns an absolute representation of path. See [Abs](https://pkg.go.dev/path/filepath#Abs).                               |
-| `filter "text" "regex"`           | keeps only the lines matching the given regex, analogous to `grep -E`                                                      |
-| `reverseFilter "text" "regex"`    | keeps only the lines **not** matching the given regex, analogous to `grep -vE`                                             |
-| `title "foo"`                     | "titlenize" the string using english as language. See [Title](https://pkg.go.dev/golang.org/x/text/cases#Title)            |
-| `mdv2escape "foo"`                | escape characters according to MarkdownV2, especially useful in the Telegram integration                                   |
-| `envOrDefault "NAME" "value"`     | either gets the value of the given environment variable, or the given default                                              |
-| `isEnvSet "NAME"`                 | returns true if the env is set and not empty, false otherwise                                                              |
-| `$m := map "KEY" "VALUE"`         | creates a map from a list of key and value pairs. Both keys and values must be of type `string`                            |
-| `indexOrDefault $m "KEY" "value"` | either gets the value of the given key or the given default value from the given map                                       |
-| `incpatch "v1.2.4"`               | increments the patch of the given version[^panic-if-not-semver]                                                            |
-| `incminor "v1.2.4"`               | increments the minor of the given version[^panic-if-not-semver]                                                            |
-| `incmajor "v1.2.4"`               | increments the major of the given version[^panic-if-not-semver]                                                            |
-| `list "a" "b" "c"`                | makes a list of strings[^pro]                                                                                              |
-| `in (list "a" "b" "c") "b"`       | checks if a slice contains a value[^pro]                                                                                   |
-| `urlPathEscape "foo/bar"`         | escapes URL paths. See [PathEscape](https://pkg.go.dev/net/url#PathEscape) (since v2.5)                                    |
-
-[^panic-if-not-semver]: Will panic if not a semantic version.
+| Usage                             | Description                                                                                                               |
+| --------------------------------- | ------------------------------------------------------------------------------------------------------------------------- |
+| `replace "v1.2" "v" ""`           | replaces all matches. See [ReplaceAll](https://pkg.go.dev/strings#ReplaceAll)                                             |
+| `split "1.2" "."`                 | split string at separator. See [Split](https://pkg.go.dev/strings#Split)                                                  |
+| `time "01/02/2006"`               | current UTC time in the specified format (this is not deterministic, a new time for every call)                           |
+| `contains "foobar" "foo"`         | checks whether the first string contains the second. See [Contains](https://pkg.go.dev/strings#Contains)                  |
+| `tolower "V1.2"`                  | makes input string lowercase. See [ToLower](https://pkg.go.dev/strings#ToLower)                                           |
+| `toupper "v1.2"`                  | makes input string uppercase. See [ToUpper](https://pkg.go.dev/strings#ToUpper)                                           |
+| `trim " v1.2  "`                  | removes all leading and trailing white space. See [TrimSpace](https://pkg.go.dev/strings#TrimSpace)                       |
+| `trimprefix "v1.2" "v"`           | removes provided leading prefix string, if present. See [TrimPrefix](https://pkg.go.dev/strings#TrimPrefix)               |
+| `trimsuffix "1.2v" "v"`           | removes provided trailing suffix string, if present. See [TrimSuffix](https://pkg.go.dev/strings#TrimSuffix)              |
+| `dir .Path`                       | returns all but the last element of path, typically the path's directory. See [Dir](https://pkg.go.dev/path/filepath#Dir) |
+| `base .Path`                      | returns the last element of path. See [Base](https://pkg.go.dev/path/filepath#Base)                                       |
+| `abs .ArtifactPath`               | returns an absolute representation of path. See [Abs](https://pkg.go.dev/path/filepath#Abs)                               |
+| `filter "text" "regex"`           | keeps only the lines matching the given regex, analogous to `grep -E`                                                     |
+| `reverseFilter "text" "regex"`    | keeps only the lines **not** matching the given regex, analogous to `grep -vE`                                            |
+| `title "foo"`                     | "titlenize" the string using english as language. See [Title](https://pkg.go.dev/golang.org/x/text/cases#Title)           |
+| `mdv2escape "foo"`                | escape characters according to MarkdownV2, especially useful in the Telegram integration                                  |
+| `envOrDefault "NAME" "value"`     | either gets the value of the given environment variable, or the given default                                             |
+| `isEnvSet "NAME"`                 | returns true if the env is set and not empty, false otherwise                                                             |
+| `$m := map "KEY" "VALUE"`         | creates a map from a list of key and value pairs. Both keys and values must be of type `string`                           |
+| `indexOrDefault $m "KEY" "value"` | either gets the value of the given key or the given default value from the given map                                      |
+| `incpatch "v1.2.4"`               | increments the patch of the given version[^panic-if-not-semver]                                                           |
+| `incminor "v1.2.4"`               | increments the minor of the given version[^panic-if-not-semver]                                                           |
+| `incmajor "v1.2.4"`               | increments the major of the given version[^panic-if-not-semver]                                                           |
+| `urlPathEscape "foo/bar"`         | escapes URL paths. See [PathEscape](https://pkg.go.dev/net/url#PathEscape) (since v2.5)                                   |
+
+## Functions (Pro)
+
+<!-- md:tmpl_pro -->
+
+| Usage                                | Description                                                                                                                                                                                                             |
+| ------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `list "a" "b" "c"`                   | makes a list of strings                                                                                                                                                                                                 |
+| `in (list "a" "b" "c") "b"`          | checks if a slice contains a value                                                                                                                                                                                      |
+| `reReplaceAll "(.*)" "foo" "bar-$1"` | compiles the first argument with [`regexp.Compile`](https://pkg.go.dev/regexp#Compile), then uses [`ReplaceAllString`](https://pkg.go.dev/regexp#Regexp.ReplaceAllStringFunc) with the following arguments (since v2.8) |
 
 With all those fields, you may be able to compose the name of your artifacts
 pretty much the way you want:
@@ -230,3 +214,34 @@ variables:
 ```
 
 And then you can use those fields as `{{ .Var.description }}`, for example.
+
+[^pro]: This feature is only available in [GoReleaser Pro](/pro).
+
+[^version-prefix]:
+    The `v` prefix is stripped, and it might be changed in
+    `snapshot` and `nightly` builds.
+
+[^tag-is-semver]: Assuming `Tag` is a valid a SemVer, otherwise empty/zeroed.
+
+[^scm-release-url]:
+    Composed of the current SCM's download URL and current tag.
+    For instance, on GitHub, it'll be
+    `https://github.com/{owner}/{repo}/releases/tag/{tag}`.
+
+[^git-summary]:
+    It is generated by `git describe --dirty --always --tags`, the
+    format will be `{Tag}-$N-{CommitSHA}`
+    If using Pro with a `monorepo.tag_prefix`, it will be passed to `describe`
+    as `--match={prefix}*`.
+
+[^git-tag-subject]: As reported by `git tag -l --format='%(contents:subject)'`
+
+[^git-tag-body]: As reported by `git tag -l --format='%(contents)'`
+
+[^arm-names]:
+    Please beware: some OSs might have the same names for different
+    ARM versions, for example, for Debian both ARMv6 and ARMv7 are called `armhf`.
+    Make sure that's not your case otherwise you might end up with colliding
+    names. It also does not handle multiple GOAMD64 versions.
+
+[^panic-if-not-semver]: Will panic if not a semantic version.
diff --git a/www/docs/overrides/hooks/shortcodes.py b/www/docs/overrides/hooks/shortcodes.py
index acea846c6ea..8f98e84565a 100644
--- a/www/docs/overrides/hooks/shortcodes.py
+++ b/www/docs/overrides/hooks/shortcodes.py
@@ -18,6 +18,7 @@ def replace(match: Match):
         if type == "version":     return _version_block(args)
         if type == "inline_version":     return _inline_version_block(args)
         elif type == "pro":       return _pro_ad()
+        elif type == "tmpl_pro":       return _tmpl_pro_ad()
         elif type == "inline_pro":       return _inline_pro_ad()
         elif type == "featpro":       return _pro_feat_ad()
         elif type == "templates": return _templates_ad()
@@ -32,6 +33,14 @@ def replace(match: Match):
         replace, markdown, flags = re.I | re.M
     )
 
+def _tmpl_pro_ad():
+    return "".join([
+        f"<details class=\"admonition example\">",
+        f"<summary>GoReleaser Pro</summary>",
+        f"<p>These template properties are exclusively available with <a href=\"/pro/\">GoReleaser Pro</a>.</p>",
+        f"</details>"
+    ])
+
 def _pro_feat_ad():
     return "".join([
         f"<div class=\"admonition example\">",

From c368fdbb5f4a8c58b5ac30f2e969334beec0674f Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Wed, 12 Mar 2025 00:37:46 -0300
Subject: [PATCH 115/119] docs: fixed typo

---
 www/docs/blog/posts/2024-12-15-v2.5.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/www/docs/blog/posts/2024-12-15-v2.5.md b/www/docs/blog/posts/2024-12-15-v2.5.md
index 70afb77b075..6e22be7f1d4 100644
--- a/www/docs/blog/posts/2024-12-15-v2.5.md
+++ b/www/docs/blog/posts/2024-12-15-v2.5.md
@@ -5,7 +5,7 @@ categories: [announcements]
 authors: [caarlos0]
 ---
 
-# Announcing GoReleaser v2.5 - multi languages, 9th anniversary edition
+# Announcing GoReleaser v2.5 - multi languages, 8th anniversary edition
 
 Merry Christmas - the last release of 2024 is here!
 
@@ -105,7 +105,7 @@ already fixed some.
 It was pretty painful to do this using VMs, so, if you use Windows and want to
 help, please feel very welcome to! :)
 
-## 9 years old!
+## 8 years old!
 
 December 21th marks the day of the [very first GoReleaser commit][first-commit].
 The [first release][first-rel] came a couple of days later, on the 29th.

From 848b66a9238bbcf8e67cece6abc97028881d2a13 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Wed, 12 Mar 2025 00:53:12 -0300
Subject: [PATCH 116/119] build: task release check branch and git status

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 Taskfile.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Taskfile.yml b/Taskfile.yml
index 2469ec2421c..10fabbcf2e9 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -177,6 +177,11 @@ tasks:
       NEXT:
         sh: svu n
     prompt: "This will release {{.NEXT}}. Continue?"
+    preconditions:
+      - sh: '[ $(git symbolic-ref --short HEAD) = "main" ]'
+        msg: Not on main branch
+      - sh: "[ $(git status --porcelain=2 | wc -l) = 0 ]"
+        msg: "Git is dirty"
     cmds:
       - git tag -d nightly
       - git tag {{.NEXT}}

From a596ae51292a9159f9baccf9b0d01c7712582fcd Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Wed, 12 Mar 2025 00:56:05 -0300
Subject: [PATCH 117/119] docs: update

---
 www/docs/customization/templates.md | 92 ++++++++++++++---------------
 1 file changed, 46 insertions(+), 46 deletions(-)

diff --git a/www/docs/customization/templates.md b/www/docs/customization/templates.md
index 84fc0adb31b..ca2c953ad35 100644
--- a/www/docs/customization/templates.md
+++ b/www/docs/customization/templates.md
@@ -10,57 +10,57 @@ support templating.
 
 In fields that support templates, these fields are always available:
 
-| Key                    | Description                                                                                                |
-| ---------------------- | ---------------------------------------------------------------------------------------------------------- |
-| `.ProjectName`         | the project name                                                                                           |
-| `.Version`             | the version being released[^version-prefix]                                                                |
-| `.Branch`              | the current git branch                                                                                     |
-| `.PrefixedTag`         | the current git tag prefixed with the monorepo config tag prefix (if any)                                  |
-| `.Tag`                 | the current git tag                                                                                        |
-| `.PrefixedPreviousTag` | the previous git tag prefixed with the monorepo config tag prefix (if any)                                 |
-| `.PreviousTag`         | the previous git tag, or empty if no previous tags                                                         |
-| `.ShortCommit`         | the git commit short hash                                                                                  |
-| `.FullCommit`          | the git commit full hash                                                                                   |
-| `.Commit`              | the git commit hash (deprecated)                                                                           |
-| `.CommitDate`          | the UTC commit date in RFC 3339 format                                                                     |
-| `.CommitTimestamp`     | the UTC commit date in Unix format                                                                         |
-| `.GitURL`              | the git remote url                                                                                         |
-| `.GitTreeState`        | either 'clean' or 'dirty'                                                                                  |
-| `.IsGitClean`          | whether or not current git state is clean                                                                  |
-| `.IsGitDirty`          | whether or not current git state is dirty                                                                  |
-| `.Major`               | the major part of the version[^tag-is-semver]                                                              |
-| `.Minor`               | the minor part of the version[^tag-is-semver]                                                              |
-| `.Patch`               | the patch part of the version[^tag-is-semver]                                                              |
-| `.Prerelease`          | the prerelease part of the version, e.g. `beta`[^tag-is-semver]                                            |
-| `.RawVersion`          | composed of `{Major}.{Minor}.{Patch}` [^tag-is-semver]                                                     |
-| `.ReleaseNotes`        | the generated release notes, available after the changelog step has been executed                          |
-| `.IsDraft`             | `true` if `release.draft` is set in the configuration, `false` otherwise                                   |
-| `.IsSnapshot`          | `true` if `--snapshot` is set, `false` otherwise                                                           |
-| `.IsNightly`           | `true` if `--nightly` is set, `false` otherwise                                                            |
-| `.IsSingleTarget`      | `true` if `--single-target` is set, `false` otherwise (since v2.3)                                         |
-| `.Env`                 | a map with system's environment variables                                                                  |
-| `.Date`                | current UTC date in RFC 3339 format                                                                        |
-| `.Now`                 | current UTC date as `time.Time` struct, allows all `time.Time` functions (e.g. `{{ .Now.Format "2006" }}`) |
-| `.Timestamp`           | current UTC time in Unix format                                                                            |
-| `.ModulePath`          | the go module path, as reported by `go list -m`                                                            |
-| `.ReleaseURL`          | the current release download url[^scm-release-url]                                                         |
-| `.Summary`             | the git summary, e.g. `v1.0.0-10-g34f56g3`[^git-summary]                                                   |
-| `.PrefixedSummary`     | the git summary prefixed with the monorepo config tag prefix (if any)                                      |
-| `.TagSubject`          | the annotated tag message subject, or the message subject of the commit it points out[^git-tag-subject]    |
-| `.TagContents`         | the annotated tag message, or the message of the commit it points out[^git-tag-body]                       |
-| `.TagBody`             | the annotated tag message's body, or the message's body of the commit it points out[^git-tag-body]         |
-| `.Runtime.Goos`        | equivalent to `runtime.GOOS`                                                                               |
-| `.Runtime.Goarch`      | equivalent to `runtime.GOARCH`                                                                             |
+| Key                | Description                                                                                                |
+| ------------------ | ---------------------------------------------------------------------------------------------------------- |
+| `.ProjectName`     | the project name                                                                                           |
+| `.Version`         | the version being released[^version-prefix]                                                                |
+| `.Branch`          | the current git branch                                                                                     |
+| `.Tag`             | the current git tag                                                                                        |
+| `.PreviousTag`     | the previous git tag, or empty if no previous tags                                                         |
+| `.ShortCommit`     | the git commit short hash                                                                                  |
+| `.FullCommit`      | the git commit full hash                                                                                   |
+| `.Commit`          | the git commit hash (deprecated)                                                                           |
+| `.CommitDate`      | the UTC commit date in RFC 3339 format                                                                     |
+| `.CommitTimestamp` | the UTC commit date in Unix format                                                                         |
+| `.GitURL`          | the git remote url                                                                                         |
+| `.GitTreeState`    | either 'clean' or 'dirty'                                                                                  |
+| `.IsGitClean`      | whether or not current git state is clean                                                                  |
+| `.IsGitDirty`      | whether or not current git state is dirty                                                                  |
+| `.Major`           | the major part of the version[^tag-is-semver]                                                              |
+| `.Minor`           | the minor part of the version[^tag-is-semver]                                                              |
+| `.Patch`           | the patch part of the version[^tag-is-semver]                                                              |
+| `.Prerelease`      | the prerelease part of the version, e.g. `beta`[^tag-is-semver]                                            |
+| `.RawVersion`      | composed of `{Major}.{Minor}.{Patch}` [^tag-is-semver]                                                     |
+| `.ReleaseNotes`    | the generated release notes, available after the changelog step has been executed                          |
+| `.IsDraft`         | `true` if `release.draft` is set in the configuration, `false` otherwise                                   |
+| `.IsSnapshot`      | `true` if `--snapshot` is set, `false` otherwise                                                           |
+| `.IsNightly`       | `true` if `--nightly` is set, `false` otherwise                                                            |
+| `.IsSingleTarget`  | `true` if `--single-target` is set, `false` otherwise (since v2.3)                                         |
+| `.Env`             | a map with system's environment variables                                                                  |
+| `.Date`            | current UTC date in RFC 3339 format                                                                        |
+| `.Now`             | current UTC date as `time.Time` struct, allows all `time.Time` functions (e.g. `{{ .Now.Format "2006" }}`) |
+| `.Timestamp`       | current UTC time in Unix format                                                                            |
+| `.ModulePath`      | the go module path, as reported by `go list -m`                                                            |
+| `.ReleaseURL`      | the current release download url[^scm-release-url]                                                         |
+| `.Summary`         | the git summary, e.g. `v1.0.0-10-g34f56g3`[^git-summary]                                                   |
+| `.TagSubject`      | the annotated tag message subject, or the message subject of the commit it points out[^git-tag-subject]    |
+| `.TagContents`     | the annotated tag message, or the message of the commit it points out[^git-tag-body]                       |
+| `.TagBody`         | the annotated tag message's body, or the message's body of the commit it points out[^git-tag-body]         |
+| `.Runtime.Goos`    | equivalent to `runtime.GOOS`                                                                               |
+| `.Runtime.Goarch`  | equivalent to `runtime.GOARCH`                                                                             |
 
 ## Common Fields (Pro)
 
 <!-- md:tmpl_pro -->
 
-| Key          | Description                                                           |
-| ------------ | --------------------------------------------------------------------- |
-| `.IsRelease` | `true` if regular release (not a nightly nor a snapshot) (since v2.8) |
-| `.IsMerging` | `true` if you are running with `--merge` (since v2.8)                 |
-| `.Artifacts` | [the current artifacts list](#artifacts)                              |
+| Key                    | Description                                                                |
+| ---------------------- | -------------------------------------------------------------------------- |
+| `.PrefixedTag`         | the current git tag prefixed with the monorepo config tag prefix (if any)  |
+| `.PrefixedPreviousTag` | the previous git tag prefixed with the monorepo config tag prefix (if any) |
+| `.PrefixedSummary`     | the git summary prefixed with the monorepo config tag prefix (if any)      |
+| `.IsRelease`           | `true` if regular release (not a nightly nor a snapshot) (since v2.8)      |
+| `.IsMerging`           | `true` if you are running with `--merge` (since v2.8)                      |
+| `.Artifacts`           | [the current artifacts list](#artifacts)                                   |
 
 ## Artifacts
 

From 3624e6308463389847c77ed096dd15179a714cdf Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Wed, 12 Mar 2025 22:41:54 -0300
Subject: [PATCH 118/119] docs: prepare for v2.8

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 www/docs/customization/archive.md    | 2 +-
 www/docs/customization/aur.md        | 4 ++--
 www/docs/customization/aursources.md | 4 ++--
 www/docs/customization/changelog.md  | 2 +-
 www/docs/customization/cloudsmith.md | 2 +-
 www/docs/customization/ko.md         | 2 +-
 www/docs/customization/nfpm.md       | 2 +-
 www/docs/customization/notarize.md   | 2 +-
 www/docs/customization/npm.md        | 2 +-
 www/docs/customization/snapcraft.md  | 2 +-
 10 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/www/docs/customization/archive.md b/www/docs/customization/archive.md
index a13ca1ca7d8..d720978f7d3 100644
--- a/www/docs/customization/archive.md
+++ b/www/docs/customization/archive.md
@@ -16,7 +16,7 @@ archives:
 
     # IDs of the builds which should be archived in this archive.
     #
-    # <!-- md:inline_version v2.8-unreleased --> (use 'builds' in previous versions).
+    # <!-- md:inline_version v2.8 --> (use 'builds' in previous versions).
     # Default: empty (include all).
     ids:
       - default
diff --git a/www/docs/customization/aur.md b/www/docs/customization/aur.md
index 338624afc02..b79fe222e50 100644
--- a/www/docs/customization/aur.md
+++ b/www/docs/customization/aur.md
@@ -130,7 +130,7 @@ aurs:
     # In this file, you may define functions like `pre_install`, `post_install`,
     # and so on.
     #
-    # <!-- md:inline_version v2.8-unreleased -->.
+    # <!-- md:inline_version v2.8 -->.
     install: ./scripts/install.sh
 
     # Git author used to commit to the repository.
@@ -175,7 +175,7 @@ aurs:
     # Whether to disable this particular AUR configuration.
     #
     # Templates: allowed.
-    # <!-- md:inline_version v2.8-unreleased -->.
+    # <!-- md:inline_version v2.8 -->.
     disable: "{{ .IsSnapshot }}"
 ```
 
diff --git a/www/docs/customization/aursources.md b/www/docs/customization/aursources.md
index 244b51f0cc0..cc60671e16c 100644
--- a/www/docs/customization/aursources.md
+++ b/www/docs/customization/aursources.md
@@ -133,7 +133,7 @@ aur_sources:
     # In this file, you may define functions like `pre_install`, `post_install`,
     # and so on.
     #
-    # <!-- md:inline_version v2.8-unreleased -->.
+    # <!-- md:inline_version v2.8 -->.
     install: ./scripts/install.sh
 
     # Git author used to commit to the repository.
@@ -178,7 +178,7 @@ aur_sources:
     # Whether to disable this particular AUR configuration.
     #
     # Templates: allowed.
-    # <!-- md:inline_version v2.8-unreleased -->.
+    # <!-- md:inline_version v2.8 -->.
     disable: "{{ .IsSnapshot }}"
 ```
 
diff --git a/www/docs/customization/changelog.md b/www/docs/customization/changelog.md
index de8890d1c3e..9f74bbc137c 100644
--- a/www/docs/customization/changelog.md
+++ b/www/docs/customization/changelog.md
@@ -41,7 +41,7 @@ changelog:
   # - `AuthorEmail`: the author email (considers mailmap if 'git')
   # - `AuthorUsername`: github/gitlab/gitea username - not available if 'git'
   #
-  # Usage with 'git': <!-- md:inline_version v2.8-unreleased -->.
+  # Usage with 'git': <!-- md:inline_version v2.8 -->.
   format: "{{.SHA}}: {{.Message}} (@{{.AuthorUsername}})"
 
   # Sorts the changelog by the commit's messages.
diff --git a/www/docs/customization/cloudsmith.md b/www/docs/customization/cloudsmith.md
index 4cf96bfa722..adbbbc89a7b 100644
--- a/www/docs/customization/cloudsmith.md
+++ b/www/docs/customization/cloudsmith.md
@@ -77,7 +77,7 @@ cloudsmiths:
       alpine: "alpine/v3.8"
       # You can also set multiple distributions for a format.
       #
-      # <!-- md:inline_version v2.8-unreleased -->
+      # <!-- md:inline_version v2.8 -->
       deb:
       - "ubuntu/xenial"
       - "ubuntu/focal"
diff --git a/www/docs/customization/ko.md b/www/docs/customization/ko.md
index a917267759f..4576ad5f65b 100644
--- a/www/docs/customization/ko.md
+++ b/www/docs/customization/ko.md
@@ -127,7 +127,7 @@ kos:
     # Whether to disable this particular Ko configuration.
     #
     # Templates: allowed.
-    # <!-- md:inline_version v2.8-unreleased -->.
+    # <!-- md:inline_version v2.8 -->.
     disable: "{{ .IsSnapshot }}"
 
     # Bare uses a tag on the $KO_DOCKER_REPO without anything additional.
diff --git a/www/docs/customization/nfpm.md b/www/docs/customization/nfpm.md
index 0a601358c4d..55444f971da 100644
--- a/www/docs/customization/nfpm.md
+++ b/www/docs/customization/nfpm.md
@@ -28,7 +28,7 @@ nfpms:
 
     # IDs of the builds which should be archived in this package.
     #
-    # <!-- md:inline_version v2.8-unreleased --> (use 'builds' in previous versions).
+    # <!-- md:inline_version v2.8 --> (use 'builds' in previous versions).
     # Default: empty (include all).
     ids:
       - foo
diff --git a/www/docs/customization/notarize.md b/www/docs/customization/notarize.md
index fdff366747b..030ce648a98 100644
--- a/www/docs/customization/notarize.md
+++ b/www/docs/customization/notarize.md
@@ -178,7 +178,7 @@ jobs:
 
 ## Native
 
-<!-- md:version v2.8-unreleased -->
+<!-- md:version v2.8 -->
 <!-- md:pro -->
 
 This method can sign and notarize [App Bundles][appbundles], but it depends on
diff --git a/www/docs/customization/npm.md b/www/docs/customization/npm.md
index ac935713fe5..9a0b576d56a 100644
--- a/www/docs/customization/npm.md
+++ b/www/docs/customization/npm.md
@@ -1,6 +1,6 @@
 # NPM
 
-<!-- md:version v2.8-unreleased -->
+<!-- md:version v2.8 -->
 
 <!-- md:alpha -->
 
diff --git a/www/docs/customization/snapcraft.md b/www/docs/customization/snapcraft.md
index bca3cae4dc3..fb6f9b798f1 100644
--- a/www/docs/customization/snapcraft.md
+++ b/www/docs/customization/snapcraft.md
@@ -25,7 +25,7 @@ snapcrafts:
 
     # IDs of the builds which should be archived in this package.
     #
-    # <!-- md:inline_version v2.8-unreleased --> (use 'builds' in previous versions).
+    # <!-- md:inline_version v2.8 --> (use 'builds' in previous versions).
     # Default: empty (include all).
     ids:
       - foo

From 734cf912c45da0e5a8442459bb2746c2a946268e Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Wed, 12 Mar 2025 22:56:44 -0300
Subject: [PATCH 119/119] ci: fix nightly changelog

---
 .goreleaser.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 16052666ad2..e1f9ed20cd7 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -75,6 +75,7 @@ checksum:
 changelog:
   sort: asc
   use: github
+  format: "{{ .SHA }}: {{ .Message }}{{ with .AuthorUsername }} (@{{ . }}){{ end }}"
   filters:
     exclude:
       - "^test:"