search

aquasecurity / trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
https://aquasecurity.github.io/trivy
Apache License 2.0
23.06k stars 2.28k forks source link

chore(deps): bump the common group across 1 directory with 22 updates #7019

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 3 months ago

Bumps the common group with 21 updates in the / directory:

Package From To
github.com/Azure/azure-sdk-for-go/sdk/azcore 1.11.1 1.12.0
github.com/Azure/azure-sdk-for-go/sdk/azidentity 1.6.0 1.7.0
github.com/antchfx/htmlquery 1.3.1 1.3.2
github.com/aws/aws-sdk-go-v2 1.27.2 1.30.0
github.com/aws/aws-sdk-go-v2/config 1.27.18 1.27.21
github.com/aws/aws-sdk-go-v2/service/ec2 1.163.1 1.166.0
github.com/aws/aws-sdk-go-v2/service/ecr 1.28.5 1.29.1
github.com/aws/aws-sdk-go-v2/service/s3 1.55.1 1.56.1
github.com/containerd/containerd 1.7.17 1.7.18
github.com/docker/docker 26.1.3+incompatible 27.0.1+incompatible
github.com/google/go-containerregistry 0.19.1 0.19.2
github.com/hashicorp/hcl/v2 2.20.1 2.21.0
github.com/moby/buildkit 0.13.2 0.14.1
github.com/spdx/tools-golang 0.5.4 0.5.5
github.com/spf13/cobra 1.8.0 1.8.1
github.com/tetratelabs/wazero 1.7.2 1.7.3
golang.org/x/mod 0.17.0 0.18.0
google.golang.org/protobuf 1.34.1 1.34.2
helm.sh/helm/v3 3.15.1 3.15.2
k8s.io/api 0.30.1 0.30.2
modernc.org/sqlite 1.30.0 1.30.1

Updates github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.11.1 to 1.12.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azcore's releases.

sdk/azcore/v1.12.0

1.12.0 (2024-06-06)

Features Added

  • Added field StatusCodes to runtime.FetcherForNextLinkOptions allowing for additional HTTP status codes indicating success.
  • Added func NewUUID to the runtime package for generating UUIDs.

Bugs Fixed

  • Fixed an issue that prevented pollers using the Operation-Location strategy from unmarshaling the final result in some cases.

Other Changes

  • Updated dependencies.
Commits


Updates github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.6.0 to 1.7.0

Release notes

Sourced from github.com/Azure/azure-sdk-for-go/sdk/azidentity's releases.

sdk/messaging/azservicebus/v1.7.0

1.7.0 (2024-04-02)

Features Added

  • Add in ability to handle emulator connection strings. (PR#22663)

sdk/internal/v1.7.0

1.7.0 (2024-05-01)

Features Added

  • Support for local repo override (via presence of eng/target_proxy_version.txt) of invoked test-proxy version.

  • RemoveRegisteredSanitizers selectively disables sanitizers the test proxy enables by default since version 1.0.0-dev.20240422.1

Breaking Changes

  • Deprecated the go-vcr based test recording API. Its methods now return errors or panic.
  • Changed value of recording.SanitizedValue from "sanitized" to "Sanitized" to match the test proxy

sdk/azidentity/v1.7.0

1.7.0 (2024-06-20)

Features Added

  • AzurePipelinesCredential authenticates an Azure Pipelines service connection with workload identity federation

Breaking Changes

These changes affect only code written against a beta version such as v1.7.0-beta.1

  • Removed the persistent token caching API. It will return in v1.8.0-beta.1

sdk/azidentity/v1.7.0-beta.1

1.7.0-beta.1 (2024-06-10)

Features Added

  • Restored AzurePipelinesCredential and persistent token caching API

Breaking Changes

These changes affect only code written against a beta version such as v1.6.0-beta.4

  • Values which NewAzurePipelinesCredential read from environment variables in prior versions are now parameters
  • Renamed AzurePipelinesServiceConnectionCredentialOptions to AzurePipelinesCredentialOptions

Bugs Fixed

  • Managed identity bug fixes
Commits


Updates github.com/antchfx/htmlquery from 1.3.1 to 1.3.2

Release notes

Sourced from github.com/antchfx/htmlquery's releases.

v1.3.2

update github.com/antchfx/xpath to v1.3.1 (https://github.com/antchfx/xpath/releases/tag/v1.3.1)

Commits
  • c5fcecb update package github.com/antchfx/xpath from v1.3.0 to v1.3.1
  • See full diff in compare view


Updates github.com/aws/aws-sdk-go-v2 from 1.27.2 to 1.30.0

Commits


Updates github.com/aws/aws-sdk-go-v2/config from 1.27.18 to 1.27.21

Commits


Updates github.com/aws/aws-sdk-go-v2/credentials from 1.17.18 to 1.17.21

Commits


Updates github.com/aws/aws-sdk-go-v2/service/ec2 from 1.163.1 to 1.166.0

Commits


Updates github.com/aws/aws-sdk-go-v2/service/ecr from 1.28.5 to 1.29.1

Commits


Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.55.1 to 1.56.1

Commits


Updates github.com/containerd/containerd from 1.7.17 to 1.7.18

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.18

Welcome to the v1.7.18 release of containerd!

The eighteenth patch release for containerd 1.7 contains various updates along with an updated version of Go. Go 1.22.4 and 1.21.11 include a fix for a symlink time of check to time of use race condition during directory removal.

Highlights

  • Update Go version to 1.21.11 (#10298)
  • Remove uses of platforms.Platform alias (#10277)
  • Migrate log imports to github.com/containerd/log (#10269)
  • Migrate errdefs package to github.com/containerd/errdefs (#10266)
  • Fix usage of "unknown" platform (#10261)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Sebastiaan van Stijn
  • Akhil Mohan
  • Austin Vazquez
  • Phil Estes

Changes

  • Prepare release notes for v1.7.18 (#10301)
    • 9426aab62 Prepare release notes for v1.7.18
  • Update Go version to 1.21.11 (#10298)
  • Remove uses of platforms.Platform alias (#10277)
    • 1e3c662d6 [release/1.7] remove uses of platforms.Platform alias
  • Migrate log imports to github.com/containerd/log (#10269)
    • 0af6825b1 migrate logs imports to github.com/containerd/log module
  • Migrate errdefs package to github.com/containerd/errdefs (#10266)
    • 308341a44 replace uses of github.com/containerd/containerd/errdefs
    • 47ff8cfce migrate errdefs package to github.com/containerd/errdefs module
  • Fix usage of "unknown" platform (#10261)
    • f4d11912a core/image: fix usage of "unknown" platform
  • Explicitly set release latest to true (#10265)
    • 5b0480009 Explicitly set release latest to true
    • d669b100d build(deps): bump softprops/action-gh-release from 1 to 2

Changes from containerd/errdefs

... (truncated)

Commits
  • ae71819 Merge pull request #10301 from dmcgowan/prepare-v1.7.18
  • 9426aab Prepare release notes for v1.7.18
  • 1d324db Merge pull request #10298 from dmcgowan/1.7-update-go
  • cdd3ea9 Update Go version to 1.21.11
  • 0a137f0 Merge pull request #10277 from thaJeztah/1.7_backport_remove_use_of_platform_...
  • 1e3c662 [release/1.7] remove uses of platforms.Platform alias
  • 300a6de Merge pull request #10269 from thaJeztah/1.7_migrate_containerd_log
  • 0af6825 migrate logs imports to github.com/containerd/log module
  • be820ac Merge pull request #10266 from thaJeztah/1.7_migrate_to_errdefs_module
  • 566c535 Merge pull request #10261 from k8s-infra-cherrypick-robot/cherry-pick-10257-t...
  • Additional commits viewable in compare view


Updates github.com/docker/docker from 26.1.3+incompatible to 27.0.1+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v27.0.1

27.0.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

New

  • containerd image store: Add --platform flag to docker image push and improve the default behavior when not all platforms of the multi-platform image are available locally. docker/cli#4984, moby/moby#47679
  • Add support to docker stack deploy for driver_opts in a service's networks. docker/cli#5125
  • Consider additional /usr/local/libexec and /usr/libexec paths when looking up the userland proxy binaries by a name with a docker- prefix. moby/moby#47804

Bug fixes and enhancements

  • *client.Client instances are now always safe for concurrent use by multiple goroutines. Previously, this could lead to data races when the WithAPIVersionNegotiation() option is used. moby/moby#47961
  • Fix a bug causing the Docker CLI to leak Unix sockets in $TMPDIR in some cases. docker/cli#5146
  • Don't ignore a custom seccomp profile when used in conjunction with --privileged. moby/moby#47500
  • rootless: overlay2: support native overlay diff when using rootless-mode with Linux kernel version 5.11 and later. moby/moby#47605
  • Fix the StartInterval default value of healthcheck to reflect the documented value of 5s. moby/moby#47799
  • Fix docker save and docker load not ending on the daemon side when the operation was cancelled by the user, for example with Ctrl+C. moby/moby#47629
  • The StartedAt property of containers is now recorded before container startup, guaranteeing that the StartedAt is always before FinishedAt. moby/moby#47003
  • The internal DNS resolver used by Windows containers on Windows now forwards requests to external DNS servers by default. This enables nslookup to resolve external hostnames. This behaviour can be disabled via daemon.json, using "features": { "windows-dns-proxy": false }. The configuration option will be removed in a future release. moby/moby#47826
  • Print a warning when the CLI does not have permissions to read the configuration file. docker/cli#5077
  • Fix a goroutine and file-descriptor leak on container attach. moby/moby#45052
  • Clear the networking state of all stopped or dead containers during daemon start-up. moby/moby#47984
  • Write volume options JSON atomically to avoid "invalid JSON" errors after system crash. moby/moby#48034
  • Allow multiple macvlan networks with the same parent. moby/moby#47318
  • Allow BuildKit to be used on Windows daemons that advertise it. docker/cli#5178

Networking

  • Allow sysctls to be set per-interface during container creation and network connection. moby/moby#47686
    • In a future release, this will be the only way to set per-interface sysctl options. For example, on the command line in a docker run command,--network mynet --sysctl net.ipv4.conf.eth0.log_martians=1 will be rejected. Instead, you must use --network name=mynet,driver-opt=com.docker.network.endpoint.sysctls=net.ipv4.conf.IFNAME.log_martians=1.

IPv6

  • ip6tables is no longer experimental. You may remove the experimental configuration option and continue to use IPv6, if it is not required by any other features.
  • ip6tables is now enabled for Linux bridge networks by default. moby/moby#47747
    • This makes IPv4 and IPv6 behaviors consistent with each other, and reduces the risk that IPv6-enabled containers are inadvertently exposed to the network.
    • There is no impact if you are running Docker Engine with ip6tables enabled (new default).
    • If you are using an IPv6-enabled bridge network without ip6tables, this is likely a breaking change. Only published container ports (-p or --publish) are accessible from outside the Docker bridge network, and outgoing connections masquerade as the host.
    • To restore the behavior of earlier releases, no ip6tables at all, set "ip6tables": false in daemon.json, or use the CLI option --ip6tables=false. Alternatively, leave ip6tables enabled, publish ports, and enable direct routing.
    • With ip6tables enabled, if ip6tables is not functional on your host, Docker Engine will start but it will not be possible to create an IPv6-enabled network.

... (truncated)

Commits
  • ff1e2c0 Merge pull request #48050 from thaJeztah/deprecate_graphdriver_plugins
  • 6da604a deprecate experimental Graphdriver plugins, and disable by default
  • 81b2027 Merge pull request #48049 from thaJeztah/fix_swagger_tmpfsopts
  • 97f6a9d Merge pull request #48045 from thaJeztah/bump_ttrpc_1.2.5
  • 3aace75 Merge pull request #48046 from thaJeztah/daemon_no_logrus
  • ce5571f api: swagger: fix definition of TmpFsOptions (API v1.46)
  • a9ab046 cmd/dockerd: initMiddlewares: use containerd/logs
  • 418eed6 Merge pull request #47804 from cpuguy83/more_paths_docker_proxy
  • e355e10 vendor: github.com/containerd/ttrpc v1.2.5
  • f8c088b Lookup docker-proxy in libexec paths
  • Additional commits viewable in compare view


Updates github.com/google/go-containerregistry from 0.19.1 to 0.19.2

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.19.2

What's Changed

New Contributors

Full Changelog: https://github.com/google/go-containerregistry/compare/v0.19.1...v0.19.2

Commits


Updates github.com/hashicorp/hcl/v2 from 2.20.1 to 2.21.0

Release notes

Sourced from github.com/hashicorp/hcl/v2's releases.

v2.21.0

Enhancements

  • Introduce ParseTraversalPartial, which allows traversals that include the splat ([*]) index operator. (#673)
  • ext/dynblock: Now accepts marked values in for_each, and will transfer those marks (as much as technically possible) to values in the generated blocks. (#679)

Bugs Fixed

  • Expression evaluation will no longer panic if the splat operator is applied to an unknown value that has cty marks. (#678)
Changelog

Sourced from github.com/hashicorp/hcl/v2's changelog.

v2.21.0 (June 19, 2024)

Enhancements

  • Introduce ParseTraversalPartial, which allows traversals that include the splat ([*]) index operator. (#673)
  • ext/dynblock: Now accepts marked values in for_each, and will transfer those marks (as much as technically possible) to values in the generated blocks. (#679)

Bugs Fixed

  • Expression evaluation will no longer panic if the splat operator is applied to an unknown value that has cty marks. (#678)
Commits
  • 360ae57 prepare for v2.21.0 release
  • f7e093a github: Pin action refs to latest trusted by TSCCR (#683)
  • 212a40e Update CHANGELOG.md
  • 318bbfe hcldec: Allow body-derived values to be marked
  • 9a64c17 dynblock: Preserve marks from for_each expression into result
  • bc75765 hclsyntax: Don't panic if splat operand is unknown and marked
  • bf54697 github: Set up Dependabot to manage HashiCorp-owned Actions versioning
  • 4521ae9 github: Pin action refs to latest trusted by TSCCR (#677)
  • 1c5ae8f Update CHANGELOG.md
  • f7cd61a Add additional function for parsing traversals with [*] keys (#673)
  • See full diff in compare view


Updates github.com/moby/buildkit from 0.13.2 to 0.14.1

Release notes

Sourced from github.com/moby/buildkit's releases.

v0.14.1

Welcome to the 0.14.1 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

  • Talon Bowler
  • Akihiro Suda
  • Tõnis Tiigi
  • Paweł Gronowski

Notable Changes

  • Builtin Dockerfile frontend has been updated to v1.8.1 changelog
  • Fix possible issue on pushing blobs with rewrite-timestamp=true option #5040
  • Fix possible concurrency issue on handling HTTPS to HTTP fallbacks for insecure registries #5044

Dependency Changes

This release has no dependency changes

Previous release can be found at v0.14.0

v0.14.0

Welcome to the 0.14.0 release of buildkit!

Please try out the release binaries and report any issues at https://github.com/moby/buildkit/issues.

Contributors

  • Tõnis Tiigi
  • CrazyMax
  • Talon James Bowler
  • Akihiro Suda
  • Jonathan A. Sternberg
  • Justin Chadwell
  • David Karlsson
  • Sebastiaan van Stijn
  • Anthony Nandaa
  • Erik Sipsma
  • Aleksa Sarai
  • Adam Perlin
  • Shaun Thompson

... (truncated)

Commits
  • eb864a8 Merge pull request #5053 from tonistiigi/v0.14.1-cherry-picks
  • dedaef0 shell: handle empty string for var replacements
  • b45ab30 Initialize build args from stage base
  • e34c21a Consolidate instruction casing lint rules
  • 050e3b6 Updates lint output to print detail instead of description
  • 2bf5cbf util/resolver: Make httpFallback concurrent safe
  • 49dd5f4 Adds 'WARNING' prefix to the rule check output and update lint
  • 05bd56b Merge pull request #5040 from AkihiroSuda/cherrypick-5008-0.14
  • 5a7352c Fix content not found with push=true,rewrite-timestamp=true
  • 4d9a4e5 Merge pull request #5017 from crazy-max/fix-history-exporters
  • Additional commits viewable in compare view


Updates github.com/spdx/tools-golang from 0.5.4 to 0.5.5

Release notes

Sourced from github.com/spdx/tools-golang's releases.

v0.5.5

What's Changed

New Contributors

Full Changelog: https://github.com/spdx/tools-golang/compare/v0.5.4...v0.5.5

Commits
  • 9db247b fix: provide a clearer error when using an invalid originator (#246)
  • 57d4b8e fix: panic if JSON relationship array contains null (#239)
  • 606f188 chore: update makefile to include bootstrap and go mod tidy (#243)
  • 282609e fix: properly normalize Windows paths (#242)
  • See full diff in compare view


Updates github.com/spf13/cobra from 1.8.0 to 1.8.1

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.8.1

✨ Features

🐛 Bug fixes

🔧 Maintenance

🧪 Testing & CI/CD

✏️ Documentation

... (truncated)

Commits


Updates github.com/tetratelabs/wazero from 1.7.2 to 1.7.3

Release notes

Sourced from github.com/tetratelabs/wazero's releases.

v1.7.3

Time to celebrate the new wazero release! This time has not only the important bugs fixes just like before, but more importantly comes with the drastic "compilation time" performance improvements!

Bug fixes

Compilation perf improvements

@​mathetake worked so hard to improve the compilation performance which some users had raised issue about since the release of the optimizing compiler in 1.7.0. The idea is that even though this is partly because it is "optimizing", there are still rooms for improvements in its codebase to use less CPU/memory.

The below is the compilation time benchmark on the various standard library tests for Zig, Go and TinyGo compared to the previous v1.7.2. You can see the huge results up to like 50% faster and ~50% less memory usage. Note that this doesn't affect any runtime performance -- that means your code runs just exactly like before while having faster compilation!😎

goos: darwin
goarch: arm64
pkg: github.com/tetratelabs/wazero/internal/integration_test/stdlibs
                                                   │   old.txt    │              new.txt               │
   ...

_Description has been truncated_
dependabot[bot] commented 3 months ago

Looks like these dependencies are updatable in another way, so this is no longer needed.