fix(deps): update all

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
actions/cache	action	minor	v3.3.1 → v3.5.0
alpine	final	minor	3.18.0 → 3.23.3
codecov/codecov-action	action	patch	v3.1.4 → v3.1.6
docker/build-push-action	action	minor	v4.0.0 → v4.2.1
github.com/tailscale/depaware	require	digest	720c4b4 → 9c2ad25
go.uber.org/goleak	require	minor	v1.2.1 → v1.3.0
go.uber.org/zap	require	minor	v1.24.0 → v1.27.1
golang	stage	minor	1.20-alpine → 1.26-alpine
goreleaser/goreleaser-action	action	minor	v4.2.0 → v4.6.0
markdownlint-cli	dependencies	minor	0.31.1 → 0.48.0

---

Release Notes

actions/cache (actions/cache)

v3.5.0

Compare Source

• Bump actions/cache to v4.1.0

Full Changelog: actions/cache@v3...v3.5.0

v3.4.3

Compare Source

What's Changed

• Bump @​actions/cache to v4.0.2 by @​robherley

Full Changelog: actions/cache@v3.4.2...v3.4.3

v3.4.2

Compare Source

What's Changed

[!IMPORTANT]
As a reminder, there were important backend changes to release v3.4.0, see those release notes and the announcement for more details.

• Bump @​actions/cache to v4.0.1 by @​robherley in #​1554

Full Changelog: actions/cache@v3.4.0...v3.4.2

v3.4.1

Compare Source

[!WARNING]
This version was incorrectly released using a SHA pointing to a newer version for immutable actions only. Please use v3.4.2 (or v3) instead.

v3.4.0

Compare Source

⚠️ Important Changes

The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

Read more about the change & access the migration guide: reference to the announcement.

Minor changes

Minor and patch version updates for these dependencies:

• @​actions/core: 1.11.1
• @​actions/io: 1.1.3
• @​vercel/ncc: 0.38.3

Full Changelog: actions/cache@v3.3.3...v3.4.0

v3.3.3

Compare Source

What's Changed

• Cache v3.3.3 by @​robherley in #​1302

New Contributors

• @​robherley made their first contribution in #​1302

Full Changelog: actions/cache@v3...v3.3.3

v3.3.2

Compare Source

What's Changed

• Fixed readme with new segment timeout values by @​kotewar in #​1133
• Readme fixes by @​kotewar in #​1134
• Updated description of the lookup-only input for main action by @​kotewar in #​1130
• Change two new actions mention as quoted text by @​bishal-pdMSFT in #​1131
• Update Cross-OS Caching tips by @​pdotl in #​1122
• Bazel example (Take #​2️⃣) by @​vorburger in #​1132
• Remove actions to add new PRs and issues to a project board by @​jorendorff in #​1187
• Consume latest toolkit and fix dangling promise bug by @​chkimes in #​1217
• Bump action version to 3.3.2 by @​bethanyj28 in #​1236

New Contributors

• @​vorburger made their first contribution in #​1132
• @​jorendorff made their first contribution in #​1187
• @​chkimes made their first contribution in #​1217
• @​bethanyj28 made their first contribution in #​1236

Full Changelog: actions/cache@v3...v3.3.2

codecov/codecov-action (codecov/codecov-action)

v3.1.6

Compare Source

#Full Changelog: codecov/codecov-action@v3.1.5...v3.1.6

v3.1.5

Compare Source

What's Changed

• action.yml: Update to Node.js 20 by @​hallabro in #​1228

docker/build-push-action (docker/build-push-action)

v4.2.1

Compare Source

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

• warn if docker config can't be parsed by @​crazy-max in #​957

Full Changelog: docker/build-push-action@v4.2.0...v4.2.1

v4.2.0

Compare Source

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

• display proxy configuration by @​crazy-max in #​872
• chore(deps): Bump @​docker/actions-toolkit from 0.6.0 to 0.8.0 in #​930
• chore(deps): Bump word-wrap from 1.2.3 to 1.2.5 in #​925
• chore(deps): Bump semver from 6.3.0 to 6.3.1 in #​902

Full Changelog: docker/build-push-action@v4.1.1...v4.2.0

v4.1.1

Compare Source

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

• Bump @​docker/actions-toolkit from 0.3.0 to 0.5.0 by @​crazy-max in #​880

Full Changelog: docker/build-push-action@v4.1.0...v4.1.1

v4.1.0

Compare Source

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

• Switch to actions-toolkit implementation by @​crazy-max in #​811 #​838 #​855 #​860 #​875
• e2e: quay.io by @​crazy-max in #​799 #​805
• e2e: local harbor and nexus by @​crazy-max in #​800
• e2e: add artifactory container registry to test against by @​jedevc in #​804
• e2e: add distribution tests by @​jedevc in #​814 #​815

Full Changelog: docker/build-push-action@v4.0.0...v4.1.0

uber-go/goleak (go.uber.org/goleak)

v1.3.0

Compare Source

Fixed

• Built-in ignores now match function names more accurately.
  They will no longer ignore stacks because of file names
  that look similar to function names. (#​112)

Added

• Add an IgnoreAnyFunction option to ignore stack traces
  that have the provided function anywhere in the stack. (#​113)
• Ignore testing.runFuzzing and testing.runFuzzTests alongside
  other already-ignored test functions (testing.RunTests, etc). (#​105)

Changed

• Miscellaneous CI-related fixes. (#​103, #​108, #​114)

uber-go/zap (go.uber.org/zap)

v1.27.1

Compare Source

Enhancements:

• #​1501: prevent Object from panicking on nils
• #​1511: Fix a race condition in WithLazy.

Thanks to @​rabbbit, @​alshopov, @​jquirke, @​arukiidou for their contributions to this release.

v1.27.0

Compare Source

Enhancements:

• #​1378: Add WithLazy method for SugaredLogger.
• #​1399: zaptest: Add NewTestingWriter for customizing TestingWriter with more flexibility than NewLogger.
• #​1406: Add Log, Logw, Logln methods for SugaredLogger.
• #​1416: Add WithPanicHook option for testing panic logs.

Thanks to @​defval, @​dimmo, @​arxeiss, and @​MKrupauskas for their contributions to this release.

v1.26.0

Compare Source

Enhancements:

• #​1297: Add Dict as a Field.
• #​1319: Add WithLazy method to Logger which lazily evaluates the structured
  context.
• #​1350: String encoding is much (~50%) faster now.

Thanks to @​hhk7734, @​jquirke, @​cdvr1993 for their contributions to this release.

v1.25.0

Compare Source

This release contains several improvements including performance, API additions,
and two new experimental packages whose APIs are unstable and may change in the
future.

Enhancements:

• #​1246: Add zap/exp/zapslog package for integration with slog.
• #​1273: Add Name to Logger which returns the Logger's name if one is set.
• #​1281: Add zap/exp/expfield package which contains helper methods
  Str and Strs for constructing String-like zap.Fields.
• #​1310: Reduce stack size on Any.

Thanks to @​knight42, @​dzakaammar, @​bcspragu, and @​rexywork for their contributions
to this release.

goreleaser/goreleaser-action (goreleaser/goreleaser-action)

v4.6.0

Compare Source

Reverts the change to node20 runtime.

Full Changelog: goreleaser/goreleaser-action@v4.5.0...v4.6.0

v4.5.0

Compare Source

What's Changed

• chore(deps): bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in #​427
• feat: bump to use node20 runtime, actions/checkout to v4 by @​kbdharun in #​430

New Contributors

• @​kbdharun made their first contribution in #​430

Full Changelog: goreleaser/goreleaser-action@v4.4.0...v4.5.0

v4.4.0

Compare Source

What's Changed

• chore(deps): bump semver from 7.5.0 to 7.5.1 by @​dependabot in #​417
• feat: support oss nightlies by @​caarlos0 in #​424

Full Changelog: goreleaser/goreleaser-action@v4.3.0...v4.4.0

v4.3.0

Compare Source

What's Changed

• Update in command examples by @​arnaduga in #​393
• chore(deps): bump yargs from 17.6.2 to 17.7.0 by @​dependabot in #​395
• Improve documentation for use of GITHUB_TOKEN by @​jamietanna in #​399
• chore(deps): bump actions/setup-go from 3 to 4 by @​dependabot in #​403
• chore(deps): bump docker/bake-action from 2 to 3 by @​dependabot in #​408
• chore(deps): bump semver from 7.3.8 to 7.5.0 by @​dependabot in #​407
• Bump setup-go action version to v4 in README by @​kishaningithub in #​411
• ci: split test and validate workflow by @​crazy-max in #​413
• chore: update yarn to 3.5.1 by @​crazy-max in #​412
• chore(deps): bump yargs from 17.7.1 to 17.7.2 by @​dependabot in #​410
• feat: support nightly by @​caarlos0 in #​419

New Contributors

• @​arnaduga made their first contribution in #​393
• @​jamietanna made their first contribution in #​399
• @​kishaningithub made their first contribution in #​411

Full Changelog: goreleaser/goreleaser-action@v4.2.0...v4.3.0

igorshubovych/markdownlint-cli (markdownlint-cli)

v0.48.0

Compare Source

• Update all dependencies via Dependabot

v0.47.0

Compare Source

• Add output and exit code support for warnings
• Update markdownlint dependency to 0.40.0
  • Improve MD011/MD013/MD051/MD060
• Update all dependencies via Dependabot

v0.46.0

Compare Source

• Replace glob dependency with tinyglobby (smaller and fewer dependencies)
• Update markdownlint dependency to 0.39.0
  • Add MD060/table-column-style
  • Improve MD001/MD007/MD009/MD010/MD029/MD033/MD037/MD059
• Update all dependencies via Dependabot

v0.45.0

Compare Source

• Update markdownlint dependency to 0.38.0
  • Add MD059/descriptive-link-text
  • Improve MD025/MD027/MD036/MD038/MD041/MD043/MD045/MD051/MD052
  • Remove support for end-of-life Node version 18
• Update all dependencies via Dependabot

v0.44.0

Compare Source

• Update markdownlint dependency to 0.37.4
  • Convert module to ECMAScript (breaking change)
  • Stop using require, convert to import
  • Improve MD032
• Update all dependencies via Dependabot

v0.43.0

Compare Source

• Update markdownlint dependency to 0.36.1
  • Improve MD051
  • Make micromark parser available to custom rules
  • Improve performance
• Update all dependencies via Dependabot

v0.42.0

Compare Source

• Update markdownlint dependency to 0.35.0
  • Add MD058/blanks-around-tables
  • Use micromark in MD001/MD003/MD009/MD010/MD013/MD014/MD019/MD021/MD023/MD024/MD025/MD039/MD042/MD043
  • Improve MD018/MD020/MD031/MD034/MD044
  • markdown-it parser no longer invoked by default
  • Improve performance
• Update all dependencies via Dependabot

v0.41.0: 0.41.0

Compare Source

• Change TOML parser to smol-toml which supports v1.0.0 of the specification
• Update all dependencies via Dependabot

v0.40.0: 0.40.0

Compare Source

• Update markdownlint dependency to 0.34.0
  • Use micromark in MD027/MD028/MD036/MD040/MD041/MD046/MD048
  • Improve MD013/MD034/MD049/MD050/MD051
• Add support for TOML configuration files via --config
• Add --configPointer argument for nested configuration
• Update --ignore for directories to ignore all files within
• Update all dependencies via Dependabot

v0.39.0: 0.39.0

Compare Source

• Update markdownlint dependency to 0.33.0
  • Add MD055/table-pipe-style, MD056/table-column-count
  • Improve MD005/MD007/MD024/MD026/MD038
  • Incorporate micromark-extension-directive
  • Improve JSON schema, document validation
• Handle trailing commas in JSONC configuration
• Update all dependencies via Dependabot

v0.38.0: 0.38.0

Compare Source

• Update markdownlint dependency to 0.32.1
  • Remove deprecated MD002/MD006
  • Remove rule aliases for "header"
  • Add MD054/link-image-style
  • Use micromark in MD005/MD007/MD030
  • Improve MD022/MD026/MD034/MD037/MD038/MD045/MD051
• Remove support for end-of-life Node version 16
• Update all dependencies via Dependabot

v0.37.0: 0.37.0

Compare Source

• Update markdownlint dependency to 0.31.1
  • Improve MD032/MD034/MD037/MD043/MD044/MD051/MD052
  • Improve performance
• Update all dependencies via Dependabot

v0.36.0: 0.36.0

Compare Source

• Update markdownlint dependency to 0.30.0
  • Use micromark in MD022/MD026/MD032/MD037/MD045/MD051
  • Incorporate micromark-extension-math for math syntax
  • Allow custom rules to override information URL
• Update all dependencies via Dependabot

v0.35.0: 0.35.0

Compare Source

• Update markdownlint dependency to 0.29.0
  • Update micromark parser dependencies for better performance
  • Use micromark in MD049/MD050
  • Improve MD034/MD037/MD044/MD049/MD050
• Update all dependencies via Dependabot

v0.34.0: 0.34.0

Compare Source

• Update markdownlint dependency to 0.28.2
  • Introduce micromark parser for better positional data (internal only)
  • Use micromark in MD013/MD033/MD034/MD035/MD038/MD044/MD052/MD053
• Update all dependencies via Dependabot

v0.33.0: 0.33.0

Compare Source

• Update markdownlint dependency to 0.27.0
  • Improve MD011/MD013/MD022/MD031/MD032/MD033/MD034/MD040/MD043/MD051/MD053
  • Generate/separate documentation
  • Improve documentation
• Publish Docker container images for both linux/amd64 and linux/arm64
• Support JSONC and YAML inside markdownlint-configure-file comments
• Update all dependencies via Dependabot

v0.32.2: 0.32.2

Compare Source

• Update markdownlint dependency to 0.26.2
  • Improve MD037/MD051/MD053
• Update all dependencies via Dependabot

v0.32.1: 0.32.1

Compare Source

• Update markdownlint dependency to 0.26.1
  • Improve MD051
• Update all dependencies via Dependabot

v0.32.0: 0.32.0

Compare Source

• Update markdownlint dependency to 0.26.0
  • Add MD051/link-fragments: Link fragments should be valid
  • Add MD052/reference-links-images: Reference links and images should use a label that is defined
  • Add MD053/link-image-reference-definitions: Link and image reference definitions should be needed (auto-fixable)
  • Improve MD010/MD031/MD035/MD039/MD042/MD044/MD049/MD050
  • Add markdownlint-disable-line inline comment
  • Support ~ paths in configuration files
  • Improve performance
• Add .markdownlint.jsonc to list of supported configuration files
• Remove support for end-of-life Node version 12
• Update all dependencies via Dependabot

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 21.27%. Comparing base (7440812) to head (57ab69f).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #289   +/-   ##
=======================================
  Coverage   21.27%   21.27%           
=======================================
  Files           1        1           
  Lines          47       47           
=======================================
  Hits           10       10           
  Misses         37       37           

Flag	Coverage Δ
unittests	21.27% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/markdownlint-cli@0.48.0 → npm/entities@4.5.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@4.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm markdown-it is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/markdownlint-cli@0.48.0 → npm/markdown-it@14.1.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/markdown-it@14.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​markdownlint-cli@​0.31.1 ⏵ 0.48.0	+1		+1	+4
	golang/​go.uber.org/​zap@​v1.24.0 ⏵ v1.27.1	+1
	golang/​github.com/​tailscale/​depaware@​v0.0.0-20210622194025-720c4b409502 ⏵ v0.0.0-20251001183927-9c2ad255ef3f	+1
	golang/​go.uber.org/​goleak@​v1.2.1 ⏵ v1.3.0

View full report