Use custom token to trigger reruns

Merge pull request #618 from vbrandl/dependabot/cargo/tokio-1.28.1
Bump tokio from 1.28.0 to 1.28.1
2023-05-17 15:15:49 +02:00 · 2023-05-11 13:35:05 +02:00 · 2023-05-11 11:21:01 +00:00 · 2023-05-11 11:20:47 +00:00 · 2023-05-11 13:20:07 +02:00 · 2023-05-11 11:06:57 +00:00
6 changed files with 62 additions and 15 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -10,3 +10,15 @@ updates:
      - vbrandl
    labels:
      - dependencies
+      - dependabot
+
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    schedule:
+      interval: 'daily'
+    open-pull-requests-limit: 10
+    assignees:
+      - vbrandl
+    labels:
+      - dependabot
+      - dependencies
--- a/.github/workflows/dependabot-changelog.yml
+++ b/.github/workflows/dependabot-changelog.yml
@ -0,0 +1,26 @@
+name: 'Dependabot Changelog'
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+      - labeled
+      - unlabeled
+
+jobs:
+  changelog:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.ACTION_TOKEN }}
+      - uses: dangoslen/dependabot-changelog-helper@v3
+        with:
+          activationLabel: 'dependabot'
+      - uses: stefanzweifel/git-auto-commit-action@v4
+        with:
+          commit_message: "Update Changelog"
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -42,7 +42,7 @@ jobs:
          override: true

      - name: Cache cargo registry, index and build directory
-        uses: actions/cache@v2
+        uses: actions/cache@v3
        with:
          path: |
            ~/.cargo/registry
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,6 +4,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

 ## [Unreleased]
+### Dependencies
+- Bump `serde` from 1.0.160 to 1.0.163 (#613, #617)
+- Bump `actions/cache` from 2 to 3 (#616)
+- Bump `tokio` from 1.28.0 to 1.28.1 (#618)
+
+
+## [0.35.0] 2023-05-04

 * Updated [`h2`](https://github.com/hyperium/h2) from 0.3.16 to 0.3.17, fixes [SEC#11] ([#599])
 * Updated [`git2`](https://github.com/rust-lang/git2-rs) from 0.16.1 to 0.17.0 ([#602])
@ -14,6 +21,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * Updated [`vergen`](https://github.com/rustyhorde/vergen) from 8.1.1 to 8.1.3 ([#608])
 * Downgrade yanked [`tracing`](https://github.com/tokio-rs/tracing) 0.1.38 to 0.1.37 ([#611])
 * Updated [`reqwest`](https://github.com/seanmonstar/reqwest) from 0.11.16 to 0.11.17 ([#609])
+* Updated [`anyhow`](https://github.com/dtolnay/anyhow) from 1.0.70 to 1.0.71 ([#610])

 [#599]: https://github.com/vbrandl/hoc/pull/599
 [#602]: https://github.com/vbrandl/hoc/pull/602
@ -24,6 +32,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [#608]: https://github.com/vbrandl/hoc/pull/608
 [#611]: https://github.com/vbrandl/hoc/pull/611
 [#609]: https://github.com/vbrandl/hoc/pull/609
+[#610]: https://github.com/vbrandl/hoc/pull/610

 [SEC#11]: https://github.com/vbrandl/hoc/security/dependabot/11

@ -222,4 +231,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [#502]: https://github.com/vbrandl/hoc/pull/502
 [#503]: https://github.com/vbrandl/hoc/pull/503
 [#504]: https://github.com/vbrandl/hoc/pull/504
-[#508]: https://github.com/vbrandl/hoc/pull/508
+[#508]: https://github.com/vbrandl/hoc/pull/508
--- a/Cargo.lock
+++ b/Cargo.lock
@ -272,9 +272,9 @@ dependencies = [

 [[package]]
 name = "anyhow"
-version = "1.0.70"
+version = "1.0.71"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7de8ce5e0f9f8d88245311066a578d72b7af3e7088f32783804676302df237e4"
+checksum = "9c7d0618f0e0b7e8ff11427422b64564d5fb0be1940354bfe2e0529b18a9d9b8"

 [[package]]
 name = "arc-swap"
@ -1420,7 +1420,7 @@ checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"

 [[package]]
 name = "hoc"
-version = "0.34.0"
+version = "0.35.0"
 dependencies = [
 "actix-rt",
 "actix-web",
@ -2357,18 +2357,18 @@ checksum = "bebd363326d05ec3e2f532ab7660680f3b02130d780c299bca73469d521bc0ed"

 [[package]]
 name = "serde"
-version = "1.0.160"
+version = "1.0.163"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bb2f3770c8bce3bcda7e149193a069a0f4365bda1fa5cd88e03bca26afc1216c"
+checksum = "2113ab51b87a539ae008b5c6c02dc020ffa39afd2d83cffcb3f4eb2722cebec2"
 dependencies = [
 "serde_derive",
 ]

 [[package]]
 name = "serde_derive"
-version = "1.0.160"
+version = "1.0.163"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "291a097c63d8497e00160b166a967a4a79c64f3facdd01cbd7502231688d77df"
+checksum = "8c805777e3930c8883389c602315a24224bcc738b63905ef87cd1420353ea93e"
 dependencies = [
 "proc-macro2",
 "quote",
@ -2596,9 +2596,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"

 [[package]]
 name = "tokio"
-version = "1.28.0"
+version = "1.28.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c3c786bf8134e5a3a166db9b29ab8f48134739014a3eca7bc6bfa95d673b136f"
+checksum = "0aa32867d44e6f2ce3385e89dceb990188b8bb0fb25b0cf576647a6f98ac5105"
 dependencies = [
 "autocfg",
 "bytes",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "hoc"
-version = "0.34.0"
+version = "0.35.0"
 authors = ["Valentin Brandl <vbrandl@riseup.net>"]
 edition = "2021"
 build = "src/build.rs"
@ -26,7 +26,7 @@ mime = "0.3"
 number_prefix = "0.4.0"
 openssl-probe = "0.1.5"
 reqwest = "0.11.17"
-serde = "1.0.158"
+serde = "1.0.163"
 serde_derive = "1.0.137"
 serde_json = "1.0.94"
 tracing = "0.1.37"
@ -37,7 +37,7 @@ tracing-log = "0.1.3"
 tracing-subscriber = { version = "0.3.17", features = ["registry", "env-filter"] }

 [build-dependencies]
-anyhow = "1.0.70"
+anyhow = "1.0.71"
 ructe = { version = "0.16.1", features = ["mime03"] }
 vergen = { version = "8.1.3", default-features = false, features = ["git", "gitoxide"] }

@ -45,4 +45,4 @@ vergen = { version = "8.1.3", default-features = false, features = ["git", "gito
 awc = "3.1.1"
 ructe = "0.16.1"
 tempfile = "3.5.0"
-tokio = "1.28.0"
+tokio = "1.28.1"
Author	SHA1	Message	Date
Valentin Brandl	78078132ce	Use custom token to trigger reruns All checks were successful continuous-integration/drone/push Build is passing Details	2023-05-17 15:15:49 +02:00
Valentin Brandl	6aa253d44e	Merge pull request #618 from vbrandl/dependabot/cargo/tokio-1.28.1 Some checks failed Security audit / security_audit (push) Failing after 15s Details / Rustfmt (push) Successful in 44s Details / Test Suite (ubuntu-latest) (push) Failing after 44s Details / Clippy (push) Failing after 30s Details continuous-integration/drone/push Build is passing Details Bump tokio from 1.28.0 to 1.28.1	2023-05-11 13:35:05 +02:00
dependabot[bot]	d461a8f6a1	Update Changelog	2023-05-11 11:21:01 +00:00
dependabot[bot]	4847cc4f1f	Bump tokio from 1.28.0 to 1.28.1 Bumps [tokio](https://github.com/tokio-rs/tokio) from 1.28.0 to 1.28.1. - [Release notes](https://github.com/tokio-rs/tokio/releases) - [Commits](https://github.com/tokio-rs/tokio/compare/tokio-1.28.0...tokio-1.28.1) --- updated-dependencies: - dependency-name: tokio dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-05-11 11:20:47 +00:00
Valentin Brandl	bef518d594	Merge pull request #617 from vbrandl/dependabot/cargo/serde-1.0.163 Bump serde from 1.0.162 to 1.0.163	2023-05-11 13:20:07 +02:00
dependabot[bot]	c22cc59924	Update Changelog	2023-05-11 11:06:57 +00:00
dependabot[bot]	a4e28984ef	Bump serde from 1.0.162 to 1.0.163 Bumps [serde](https://github.com/serde-rs/serde) from 1.0.162 to 1.0.163. - [Release notes](https://github.com/serde-rs/serde/releases) - [Commits](https://github.com/serde-rs/serde/compare/v1.0.162...v1.0.163) --- updated-dependencies: - dependency-name: serde dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-05-11 11:06:41 +00:00
Valentin Brandl	f4372c3248	Merge pull request #616 from vbrandl/dependabot/github_actions/actions/cache-3 Some checks failed Security audit / security_audit (push) Failing after 14s Details / Rustfmt (push) Successful in 45s Details / Clippy (push) Failing after 39s Details / Test Suite (ubuntu-latest) (push) Failing after 40s Details continuous-integration/drone/push Build is passing Details Bump actions/cache from 2 to 3	2023-05-06 01:47:27 +02:00
dependabot[bot]	e9554a20a7	Update Changelog	2023-05-05 23:36:33 +00:00
dependabot[bot]	7862446e16	Bump actions/cache from 2 to 3 Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2023-05-05 23:36:18 +00:00
Valentin Brandl	b4a7444442	Merge pull request #615 from vbrandl/feature/dependabot-auto-changelog Some checks failed Security audit / security_audit (push) Failing after 15s Details / Clippy (push) Failing after 42s Details / Test Suite (ubuntu-latest) (push) Failing after 43s Details / Rustfmt (push) Successful in 45s Details continuous-integration/drone/push Build is passing Details Update github actions using dependabot	2023-05-06 01:35:56 +02:00
Valentin Brandl	66861cb4d3	Merge branch 'master' into feature/dependabot-auto-changelog	2023-05-06 01:32:13 +02:00
Valentin Brandl	e6b1dfece8	Update github actions using dependabot All checks were successful continuous-integration/drone/push Build is passing Details	2023-05-06 01:27:13 +02:00
Valentin Brandl	6837660a79	Merge pull request #613 from vbrandl/dependabot/cargo/serde-1.0.162 Some checks failed Security audit / security_audit (push) Failing after 17s Details / Rustfmt (push) Successful in 55s Details / Clippy (push) Failing after 50s Details / Test Suite (ubuntu-latest) (push) Failing after 41s Details continuous-integration/drone/push Build is passing Details chore(deps): Bump serde from 1.0.160 to 1.0.162	2023-05-06 01:18:14 +02:00
dependabot[bot]	109886ad9a	Update Changelog	2023-05-05 23:12:00 +00:00
dependabot[bot]	dcadae98b6	chore(deps): Bump serde from 1.0.160 to 1.0.162 Bumps [serde](https://github.com/serde-rs/serde) from 1.0.160 to 1.0.162. - [Release notes](https://github.com/serde-rs/serde/releases) - [Commits](https://github.com/serde-rs/serde/compare/v1.0.160...1.0.162) --- updated-dependencies: - dependency-name: serde dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-05-05 23:11:48 +00:00
Valentin Brandl	4845826023	Merge pull request #614 from vbrandl/feature/dependabot-auto-changelog Autogenerate changelog entry for dependabot PRs	2023-05-06 01:10:58 +02:00
Valentin Brandl	ce9db6b4a7	Autogenerate changelog entry for dependabot PRs	2023-05-06 01:06:41 +02:00
Valentin Brandl	24f2d43550	Add `dependabot` label to dependabot PRs	2023-05-06 01:06:32 +02:00
Valentin Brandl	43bbf4d377	Merge pull request #612 from vbrandl/release/v0.35.0 Some checks failed Security audit / security_audit (push) Failing after 13s Details / Rustfmt (push) Successful in 44s Details / Clippy (push) Failing after 43s Details / Test Suite (ubuntu-latest) (push) Failing after 43s Details continuous-integration/drone/push Build is passing Details Release v0.35.0	2023-05-04 13:00:54 +02:00
Valentin Brandl	23d346d899	Bump version Some checks failed continuous-integration/drone/push Build is passing Details Release / tests (push) Failing after 1m4s Details Release / Publishing for ${{ matrix.os }} (linux, , ubuntu-latest, stable, x86_64-unknown-linux-gnu) (push) Has been skipped Details Release / Publishing for ${{ matrix.os }} (macos, , macos-latest, stable, x86_64-apple-darwin) (push) Has been skipped Details Release / Publishing for ${{ matrix.os }} (windows, .exe, windows-latest, stable, x86_64-pc-windows-msvc) (push) Has been skipped Details Release / Update Changelog (push) Has been skipped Details continuous-integration/drone/tag Build is passing Details	2023-05-04 12:38:13 +02:00
Valentin Brandl	9186de3b53	Merge pull request #610 from vbrandl/dependabot/cargo/anyhow-1.0.71 Some checks failed / Rustfmt (push) Successful in 1m30s Details / Test Suite (ubuntu-latest) (push) Failing after 42s Details / Clippy (push) Failing after 57s Details Security audit / security_audit (push) Failing after 17s Details continuous-integration/drone/push Build is passing Details chore(deps): Bump anyhow from 1.0.70 to 1.0.71	2023-05-03 09:51:05 +02:00
Valentin Brandl	59b1ff41fc	Update changelog All checks were successful continuous-integration/drone/push Build is passing Details	2023-05-03 09:37:57 +02:00
dependabot[bot]	17016c39bf	chore(deps): Bump anyhow from 1.0.70 to 1.0.71 Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.70 to 1.0.71. - [Release notes](https://github.com/dtolnay/anyhow/releases) - [Commits](https://github.com/dtolnay/anyhow/compare/1.0.70...1.0.71) --- updated-dependencies: - dependency-name: anyhow dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2023-05-03 07:24:27 +00:00
Valentin Brandl	6041c5367b	Merge pull request #609 from vbrandl/dependabot/cargo/reqwest-0.11.17 chore(deps): Bump reqwest from 0.11.16 to 0.11.17	2023-05-03 09:23:45 +02:00