chore(deps): bump the github-actions group with 3 updates

[dependabot]

Bumps the github-actions group with 3 updates: goreleaser/goreleaser-action, vladopajic/go-test-coverage and dependabot/fetch-metadata.

Updates goreleaser/goreleaser-action from 7.0.0 to 7.2.1

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v7.2.1

This fully removes the usage of the old nightly moving tag.

Full Changelog: goreleaser/goreleaser-action@v7.2.0...v7.2.1

v7.2.0

What's Changed

• test: cover install across release eras by @​caarlos0 in goreleaser/goreleaser-action#555
• feat: add version-file input by @​caarlos0 in goreleaser/goreleaser-action#556
• feat: resolve nightly to latest vX.Y.Z--nightly release by @​caarlos0 in goreleaser/goreleaser-action#558

Full Changelog: goreleaser/goreleaser-action@v7...v7.2.0

v7.1.0

What's Changed

• feat: verify release checksum and cosign signature by @​caarlos0 in goreleaser/goreleaser-action#550
• docs: document cosign verification in README by @​caarlos0 in goreleaser/goreleaser-action#553
• docs: Upgrade import GPG action version by @​flecno in goreleaser/goreleaser-action#547
• ci: drop docker-bake in favor of plain npm by @​caarlos0 in goreleaser/goreleaser-action#551
• ci: add release-major-tag workflow by @​caarlos0 in goreleaser/goreleaser-action#552
• ci: drop pre-cosign-v3 goreleaser versions from tests by @​caarlos0 in goreleaser/goreleaser-action#554
• ci(deps): bump the actions group with 2 updates by @​dependabot[bot] in goreleaser/goreleaser-action#543
• ci(deps): bump the actions group with 5 updates by @​dependabot[bot] in goreleaser/goreleaser-action#546
• chore(deps): bump undici from 6.23.0 to 6.24.1 by @​dependabot[bot] in goreleaser/goreleaser-action#545

New Contributors

• @​flecno made their first contribution in goreleaser/goreleaser-action#547

Full Changelog: goreleaser/goreleaser-action@v7...v7.1.0

Commits

• 1a80836 ci(nightly): pass GITHUB_TOKEN to nightly integration job
• a71152e refactor: drop legacy 'nightly' tag fallback
• 4c6ab56 feat: resolve nightly to latest vX.Y.Z-<sha>-nightly release (#558)
• 4f96abf feat: add version-file input (#556)
• 15fa2a9 test: cover install across release eras (#555)
• e24998b ci: drop pre-cosign-v3 goreleaser versions from tests (#554)
• be2e8a3 docs: document cosign verification in README (#553)
• 5e53f8e ci: add release-major-tag workflow (#552)
• 4068afa build: drop docker-bake in favor of plain npm (#551)
• 213ec80 docs: add CONTRIBUTING with pre-commit workflow
• Additional commits viewable in compare view

Updates vladopajic/go-test-coverage from 2.18.4 to 2.18.7

Release notes

Sourced from vladopajic/go-test-coverage's releases.

v2.18.7

What's Changed

• fix(coverage): file search should be preceded by / by @​vladopajic in vladopajic/go-test-coverage#308
• chore(deps): bump github.com/rs/zerolog from 1.35.0 to 1.35.1 by @​dependabot[bot] in vladopajic/go-test-coverage#307

Full Changelog: vladopajic/go-test-coverage@v2.18.6...v2.18.7

v2.18.6

What's Changed

• fix(docker): add certs by @​vladopajic in vladopajic/go-test-coverage#306

Full Changelog: vladopajic/go-test-coverage@v2.18.5...v2.18.6

v2.18.5

What's Changed

• chore: remove deprecated field by @​vladopajic in vladopajic/go-test-coverage#286
• chore(deps): bump dawidd6/action-download-artifact from 16 to 18 by @​dependabot[bot] in vladopajic/go-test-coverage#287
• chore: cosmetics by @​vladopajic in vladopajic/go-test-coverage#288
• chore(deps): bump dawidd6/action-download-artifact from 18 to 19 by @​dependabot[bot] in vladopajic/go-test-coverage#289
• chore(deps): bump github.com/rs/zerolog from 1.34.0 to 1.35.0 by @​dependabot[bot] in vladopajic/go-test-coverage#290
• chore(deps): bump golang.org/x/image from 0.18.0 to 0.38.0 by @​dependabot[bot] in vladopajic/go-test-coverage#291
• chore: remove magic values from args by @​vladopajic in vladopajic/go-test-coverage#203
• chore: update .github/.testcoverage.yml by @​vladopajic in vladopajic/go-test-coverage#293
• chore: update docker-entrypoint.sh by @​vladopajic in vladopajic/go-test-coverage#294
• chore(ci): reuse action test steps by @​vladopajic in vladopajic/go-test-coverage#295
• ci: trigger via pull request by @​vladopajic in vladopajic/go-test-coverage#296
• test(action): add more test cases by @​vladopajic in vladopajic/go-test-coverage#297
• chore(deps): bump dawidd6/action-download-artifact from 19 to 20 by @​dependabot[bot] in vladopajic/go-test-coverage#299
• chore(deps): bump golang from 1.26.1 to 1.26.2 by @​dependabot[bot] in vladopajic/go-test-coverage#301
• fix(coverage): fix comment annotation column bound case by @​vladopajic in vladopajic/go-test-coverage#302
• chore(coverage): ruse file ast by @​vladopajic in vladopajic/go-test-coverage#304
• chore: improvements by @​vladopajic in vladopajic/go-test-coverage#303

TLD

• this release includes security hardening and various improvements.
• smaller performance gains in #304

Full Changelog: vladopajic/go-test-coverage@v2.18.4...2.18.5

Commits

• 8cfd056 chore(version): bump to v2.18.7
• 4203ba5 chore(deps): bump github.com/rs/zerolog from 1.35.0 to 1.35.1 (#307)
• c43ff5b fix(coverage): file search should be preceded by / (#308)
• b7a53f8 chore(version): bump to v2.18.6
• bb6f9c6 fix(docker): add certs (#306)
• 5b86b55 chore(version): bump to v2.18.5
• 54057b8 chore: improvements (#303)
• a1eb8f2 chore(coverage): ruse file ast (#304)
• e212d64 fix(coverage): fix comment annotation column bound case (#302)
• f91bdba chore(deps): bump golang from 1.26.1 to 1.26.2 (#301)
• Additional commits viewable in compare view

Updates dependabot/fetch-metadata from 3.0.0 to 3.1.0

Release notes

Sourced from dependabot/fetch-metadata's releases.

v3.1.0

What's Changed

• Add permissions to all workflows by @​truggeri in dependabot/fetch-metadata#687
• build(deps-dev): bump globals from 16.0.0 to 17.4.0 by @​dependabot[bot] in dependabot/fetch-metadata#690
• build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by @​dependabot[bot] in dependabot/fetch-metadata#693
• build(deps-dev): bump @​hono/node-server from 1.19.10 to 1.19.13 by @​dependabot[bot] in dependabot/fetch-metadata#694
• build(deps-dev): bump hono from 4.12.7 to 4.12.12 by @​dependabot[bot] in dependabot/fetch-metadata#695
• Dynamically update the tracking tag in action by @​truggeri in dependabot/fetch-metadata#696
• fix: handle duplicate dependency names in parseMetadataLinks by @​devantler in dependabot/fetch-metadata#700
• fix: remove $ anchor from updateFragment regex to handle pip directory suffixes by @​devantler in dependabot/fetch-metadata#698
• Updates to README for permissions clarification by @​truggeri in dependabot/fetch-metadata#697
• fix: resolve update-type null for Python, Composer, and Terraform PRs by @​vitorsdcs in dependabot/fetch-metadata#704
• build(deps-dev): bump globals from 17.4.0 to 17.5.0 by @​dependabot[bot] in dependabot/fetch-metadata#703
• build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by @​dependabot[bot] in dependabot/fetch-metadata#701
• build(deps): bump @​actions/github from 9.0.0 to 9.1.0 in the dependencies group across 1 directory by @​dependabot[bot] in dependabot/fetch-metadata#702
• build(deps-dev): bump hono from 4.12.12 to 4.12.14 by @​dependabot[bot] in dependabot/fetch-metadata#705
• v3.1.0 by @​fetch-metadata-action-automation[bot] in dependabot/fetch-metadata#692

New Contributors

• @​devantler made their first contribution in dependabot/fetch-metadata#700
• @​vitorsdcs made their first contribution in dependabot/fetch-metadata#704

Full Changelog: dependabot/fetch-metadata@v3...v3.1.0

Commits

• 25dd0e3 v3.1.0 (#692)
• e073f50 Merge pull request #705 from dependabot/dependabot/npm_and_yarn/hono-4.12.14
• 0670e16 build(deps-dev): bump hono from 4.12.12 to 4.12.14
• 7a7fe10 Merge pull request #702 from dependabot/dependabot/npm_and_yarn/dependencies-...
• 5168191 Updating dist build
• 23882e1 build(deps): bump @​actions/github in the dependencies group
• 1072469 Merge pull request #701 from dependabot/dependabot/github_actions/actions/cre...
• 43f8a00 build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1
• b4d904a Merge pull request #703 from dependabot/dependabot/npm_and_yarn/globals-17.5.0
• c8046bb build(deps-dev): bump globals from 17.4.0 to 17.5.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions