search

anchore / grype

A vulnerability scanner for container images and filesystems
Apache License 2.0
8.7k stars 569 forks source link

chore(deps): bump github.com/adrg/xdg from 0.5.1 to 0.5.2 #2220

Closed dependabot[bot] closed 2 days ago

dependabot[bot] commented 2 days ago

Bumps github.com/adrg/xdg from 0.5.1 to 0.5.2.

Release notes

Sourced from github.com/adrg/xdg's releases.

v0.5.2

Changelog

  • Updated logic of xdg.RuntimeFile: due to the special nature of the runtime directory, the function no longer attempts to create it if it does not exist. If that's the case, the function uses the operating system's temporary directory as a fallback. The function still creates subdirectories relative to the base runtime directory or its fallback.

    Justification: the creation of the runtime directory is not in the scope of this package as it has special requirements defined by the XDG Base Directory Specification. Relevant excerpt:

    The lifetime of the directory MUST be bound to the user being logged in. It MUST be created when the user first logs in and if the user fully logs out the directory MUST be removed. If the user logs in more than once they should get pointed to the same directory, and it is mandatory that the directory continues to exist from their first login to their last logout on the system, and not removed in between. Files in the directory MUST not survive reboot or a full logout/login cycle.

    Also, on Linux, the parent directories of the default user runtime directory are owned by the root user so they cannot be created by a regular user. pam_systemd is usually responsible for creating the runtime directory (/run/user/$UID).

Commits
  • 2335a68 Merge pull request #99 from adrg/improve-runtime-file
  • 221e506 Minor non-existent runtime directory test case fix on macOS
  • 9bbb602 Minor error format improvement in pathutil.Create and pathutil.Search
  • 987b3ce Minor README.md update
  • 3c39d55 Add non-existent runtime directory test case
  • 40d3792 Update xdg.RuntimeFile to only use the base runtime directory if it exists
  • See full diff in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)