build(deps): Bump actions/stale from 6 to 7 #1

dependabot · 2022-12-22T21:25:18Z

Release notes

Sourced from actions/stale's releases.

v7.0.0

⚠️ This version contains breaking changes ⚠️

What's Changed

Allow daysBeforeStale options to be float by @irega in actions/stale#841

Use cache in check-dist.yml by @jongwooo in actions/stale#876

fix print outputs step in existing workflows by @irega in actions/stale#859

Update issue and PR templates, add/delete workflow files by @IvanZosimov in actions/stale#880

Update how stale handles exempt items by @johnsudol in actions/stale#874

Breaking Changes

In this release we prevent this action from managing the stale label on items included in exempt-issue-labels and exempt-pr-labels

We decided that this is outside of the scope of this action, and to be left up to the maintainer

New Contributors

@irega made their first contribution in actions/stale#841

@jongwooo made their first contribution in actions/stale#876

@IvanZosimov made their first contribution in actions/stale#880

@johnsudol made their first contribution in actions/stale#874

Full Changelog: actions/stale@v6...v7.0.0

v6.0.1

Update @actions/core to 1.10.0 #839

Full Changelog: actions/stale@v6.0.0...v6.0.1

Changelog

Sourced from actions/stale's changelog.

Changelog

[7.0.0]

⚠️ Breaking change ⚠️

Allow daysBeforeStale options to be float by @irega in actions/stale#841

Use cache in check-dist.yml by @jongwooo in actions/stale#876

fix print outputs step in existing workflows by @irega in actions/stale#859

Update issue and PR templates, add/delete workflow files by @IvanZosimov in actions/stale#880

Update how stale handles exempt items by @johnsudol in actions/stale#874

[6.0.1]

Up 8000 date @actions/core to v1.10.0 (#839)

[6.0.0]

⚠️ Breaking change ⚠️

Issues/PRs default close-issue-reason is now not_planned(#789)

[5.1.0]

Don't process stale issues right after they're marked stale [Add close-issue-reason option]#764 #772 Various dependabot/dependency updates

4.1.0 (2021-07-14)

Features

Ability to exempt draft PRs

4.0.0 (2021-07-14)

Features

options: simplify config by removing skip stale message options (#457) (6ec637d), closes #405 #455

output: print output parameters (#458) (3e6d35b)

Bug Fixes

dry-run: forbid mutations in dry-run (#500) (f1017f3), closes #499

logs: coloured logs (#465) (5fbbfba)

operations: fail fast the current batch to respect the operations limit (#474) (5f6f311), closes #466

label comparison: make label comparison case insensitive #517, closes #516

filtering comments by actor could have strange behavior: "stale" comments are now detected based on if the message is the stale message not who made the comment(#519), fixes #441, #509, #518

Breaking Changes

... (truncated)

Commits

6f05e42 draft release for v7.0.0 (#888)
eed91cb Update how stale handles exempt items (#874)
10dc265 Merge pull request #880 from akv-platform/update-stale-repo
9c1eb3f Update .md files and allign build-test.yml with the current test.yml
bc357bd Update .github/workflows/release-new-action-version.yml
690ede5 Update .github/ISSUE_TEMPLATE/bug_report.md
afbcabf Merge branch 'main' into update-stale-repo
e364411 Update name of codeql.yml file
627cef3 fix print outputs step (#859)
975308f Merge pull request #876 from jongwooo/chore/use-cache-in-check-dist
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/stale](https://github.com/actions/stale) from 6 to 7. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v6...v7) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2022-12-22T21:25:19Z

The following labels could not be found: T:dependencies, S:automerge.

Changes from tendermint d6b4bc2

…-check feat: app hash error channel

due to sec vuln Vulnerability #1: GO-2025-3420 Sensitive headers incorrectly sent after cross-domain redirect in net/http More info: https://pkg.go.dev/vuln/GO-2025-3420 Standard library Found in: net/http@go1.23.1 Fixed in: net/http@go1.23.5 Example traces found: Error: #1: rpc/jsonrpc/client/http_json_client.go:231:34: client.Client.Call calls http.Client.Do Error: #2: libs/cli/setup.go:89:26: cli.Executor.Execute calls cobra.Command.Execute, which eventually calls http.Client.Get Error: #3: cmd/cometbft/commands/debug/util.go:70:23: debug.dumpProfile calls http.Get Vulnerability #2: GO-2025-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2025-3373 Standard library Found in: crypto/x509@go1.23.1 Fixed in: crypto/x509@go1.23.5 Example traces found: Error: #1: abci/tutorials/abci-v2-forum-app/model/db.go:143:20: model.DB.Close calls badger.DB.Close, which eventually calls x509.CertPool.AppendCertsFromPEM Error: #2: internal/autofile/group.go:468:30: autofile.GroupReader.Read calls bufio.Reader.Read, which eventually calls x509.Certificate.Verify Error: #3: rpc/jsonrpc/client/ws_client.go:290:29: client.WSClient.dial calls websocket.Dialer.Dial, which eventually calls x509.Certificate.VerifyHostname Error: #4: light/errors.go:483:84: light.errBadWitness.Error calls x509.HostnameError.Error Error: #5: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseCertificate Error: #6: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseECPrivateKey Error: #7: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS1PrivateKey Error: #8: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS8PrivateKey

due to sec vuln Vulnerability #1: GO-2025-3420 Sensitive headers incorrectly sent after cross-domain redirect in net/http More info: https://pkg.go.dev/vuln/GO-2025-3420 Standard library Found in: net/http@go1.23.1 Fixed in: net/http@go1.23.5 Example traces found: Error: #1: rpc/jsonrpc/client/http_json_client.go:231:34: client.Client.Call calls http.Client.Do Error: #2: libs/cli/setup.go:89:26: cli.Executor.Execute calls cobra.Command.Execute, which eventually calls http.Client.Get Error: #3: cmd/cometbft/commands/debug/util.go:70:23: debug.dumpProfile calls http.Get Vulnerability #2: GO-2025-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2025-3373 Standard library Found in: crypto/x509@go1.23.1 Fixed in: crypto/x509@go1.23.5 Example traces found: Error: #1: abci/tutorials/abci-v2-forum-app/model/db.go:143:20: model.DB.Close calls badger.DB.Close, which eventually calls x509.CertPool.AppendCertsFromPEM Error: #2: internal/autofile/group.go:468:30: autofile.GroupReader.Read calls bufio.Reader.Read, which eventually calls x509.Certificate.Verify Error: #3: rpc/jsonrpc/client/ws_client.go:290:29: client.WSClient.dial calls websocket.Dialer.Dial, which eventually calls x509.Certificate.VerifyHostname Error: #4: light/errors.go:483:84: light.errBadWitness.Error calls x509.HostnameError.Error Error: #5: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseCertificate Error: #6: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseECPrivateKey Error: #7: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS1PrivateKey Error: #8: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS8PrivateKey (cherry picked from commit e4cbca8) # Conflicts: # .golangci.yml

due to sec vuln Vulnerability #1: GO-2025-3420 Sensitive headers incorrectly sent after cross-domain redirect in net/http More info: https://pkg.go.dev/vuln/GO-2025-3420 Standard library Found in: net/http@go1.23.1 Fixed in: net/http@go1.23.5 Example traces found: Error: #1: rpc/jsonrpc/client/http_json_client.go:231:34: client.Client.Call calls http.Client.Do Error: #2: libs/cli/setup.go:89:26: cli.Executor.Execute calls cobra.Command.Execute, which eventually calls http.Client.Get Error: #3: cmd/cometbft/commands/debug/util.go:70:23: debug.dumpProfile calls http.Get Vulnerability #2: GO-2025-3373 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 More info: https://pkg.go.dev/vuln/GO-2025-3373 Standard library Found in: crypto/x509@go1.23.1 Fixed in: crypto/x509@go1.23.5 Example traces found: Error: #1: abci/tutorials/abci-v2-forum-app/model/db.go:143:20: model.DB.Close calls badger.DB.Close, which eventually calls x509.CertPool.AppendCertsFromPEM Error: #2: internal/autofile/group.go:468:30: autofile.GroupReader.Read calls bufio.Reader.Read, which eventually calls x509.Certificate.Verify Error: #3: rpc/jsonrpc/client/ws_client.go:290:29: client.WSClient.dial calls websocket.Dialer.Dial, which eventually calls x509.Certificate.VerifyHostname Error: #4: light/errors.go:483:84: light.errBadWitness.Error calls x509.HostnameError.Error Error: #5: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseCertificate Error: #6: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParseECPrivateKey Error: #7: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS1PrivateKey Error: #8: rpc/jsonrpc/server/http_server.go:166:19: server.ServeTLSWithShutdown calls http.Server.ServeTLS, which eventually calls x509.ParsePKCS8PrivateKey <hr>This is an automatic backport of pull request #4888 done by [Mergify](https://mergify.com). --------- Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>

dependabot bot requested a review from ebuchman as a code owner December 22, 2022 21:25

thanethomson approved these changes Dec 22, 2022

View reviewed changes

thanethomson merged commit 298c3d0 into main Dec 22, 2022

dependabot bot deleted the dependabot/github_actions/main/actions/stale-7 branch December 22, 2022 22:08

melekes mentioned this pull request Nov 12, 2023

About some block time in config.toml will affect the selection of block producer? #1586

Closed

windycrypto referenced this pull request in DeBankDeFi/cometbft Dec 5, 2023

fix: avoid storing gendoc to db (#1)

277b085

Changes from tendermint d6b4bc2

cometcrafter pushed a commit to graphprotocol/cometbft that referenced this pull request Jan 17, 2024

Merge pull request cometbft#1 from osmosis-labs/adam/v0.37.2-app-hash…

28d7d17

…-check feat: app hash error channel

faddat mentioned this pull request Jan 26, 2024

feat: break out testbyzantineprevoteequivocation #2146

Closed

4 tasks

aajimal mentioned this pull request Feb 9, 2024

Docker images aren't multiplatform #1920

Open

faddat mentioned this pull request Mar 5, 2024

docs(config): Configuration reference manual #2352

Merged

13 tasks

ValarDragon mentioned this pull request May 28, 2024

Don't re-use the internal message queue in block proposal #3130

Open

ValarDragon mentioned this pull request Jun 6, 2024

Make reactor.onReceive not block unmarshalling more packets from peer #3199

Open

sergio-mena mentioned this pull request Jun 10, 2024

fix(e2e): reproduction an fixing of missing evidence in e2e nightlies #3234

Merged

2 tasks

melekes mentioned this pull request Jan 28, 2025

chore(deps): bump Go version to 1.23.5 #4888

Merged

mergify bot mentioned this pull request Jan 30, 2025

chore(deps): bump Go version to 1.23.5 (backport #4888) #4890

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): Bump actions/stale from 6 to 7 #1

build(deps): Bump actions/stale from 6 to 7 #1

Uh oh!

Uh oh!

Uh oh!

Uh oh!

build(deps): Bump actions/stale from 6 to 7 #1

build(deps): Bump actions/stale from 6 to 7 #1

Uh oh!

Conversation

v7.0.0

What's Changed

Breaking Changes

New Contributors

v6.0.1

Changelog

[7.0.0]

[6.0.1]

[6.0.0]

[5.1.0]

4.1.0 (2021-07-14)

Features

4.0.0 (2021-07-14)

Features

Bug Fixes

Breaking Changes

Uh oh!

Uh oh!

Uh oh!