search

buildpacks / lifecycle

Reference implementation of the Cloud Native Buildpacks lifecycle
https://buildpacks.io
Apache License 2.0
186 stars 105 forks source link

Bump the go-dependencies group across 1 directory with 4 updates #1344

Closed dependabot[bot] closed 5 months ago

dependabot[bot] commented 5 months ago

Bumps the go-dependencies group with 4 updates in the / directory: github.com/GoogleContainerTools/kaniko, github.com/containerd/containerd, github.com/docker/docker and golang.org/x/sys.

Updates github.com/GoogleContainerTools/kaniko from 1.21.1 to 1.22.0

Release notes

Sourced from github.com/GoogleContainerTools/kaniko's releases.

v1.22.0 Release 2024-03-26

The executor images in this release are:

gcr.io/kaniko-project/executor:v1.22.0
gcr.io/kaniko-project/executor:latest

The debug images are available at:

gcr.io/kaniko-project/executor:debug
gcr.io/kaniko-project/executor:v1.22.0-debug

The slim executor images which don't contain any authentication binaries are available at:

gcr.io/kaniko-project/executor:slim
gcr.io/kaniko-project/executor:v1.22.0-slim

  • feat: Kaniko/add path regmaps [possible in registry maps and/or mirror] #3051

  • fix: add AWS ECR error message for tag Immutability #3045

  • fix: fix COPY fails when multiple files are copied to path specified in ENV #3034

  • fix: Remove query parameters in ADD command when the destinatio… #3053

  • chore: update google.golang.org/protobuff to resolve CVE-2024-24786 #3068

  • chore(deps): bump cloud.google.com/go/storage from 1.39.0 to 1.39.1 #3075

  • chore(deps): bump docker/build-push-action from 5.1.0 to 5.2.0 #3061

  • chore(deps): bump docker/build-push-action from 5.2.0 to 5.3.0 #3070

  • chore(deps): bump docker/setup-buildx-action from 3.1.0 to 3.2.0 #3071

  • chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.25.2 to 1.25.3 #3057

  • chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.25.3 to 1.26.0 #3083

  • chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.16.6 to 1.16.9 #3058

  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.1 to 1.51.4 #3059

  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.4 to 1.52.1 #3076

  • chore(deps): bump github.com/containerd/containerd from 1.7.13 to 1.7.14 #3084

  • chore(deps): bump github.com/docker/docker from 25.0.3+incompatible to 25.0.4+incompatible #3060

  • chore(deps): bump github.com/docker/docker from 25.0.4+incompatible to 26.0.0+incompatible #3085

  • chore(deps): bump github.com/google/go-containerregistry from 0.19.0 to 0.19.1 #3073

  • chore(deps): bump github.com/moby/buildkit from 0.12.5 to 0.13.0 #3072

  • chore(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 #3056

  • chore(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 #3074

  • chore(deps): bump google.golang.org/api from 0.167.0 to 0.171.0 #3082

Huge thank you for this release towards our contributors:

  • Aaron Prindle
  • Alessandro Bitocchi
  • dependabot[bot]
  • Jérémie Augustin
  • Prima Adi Pradana
Changelog

Sourced from github.com/GoogleContainerTools/kaniko's changelog.

v1.22.0 Release 2024-03-26

The executor images in this release are:

gcr.io/kaniko-project/executor:v1.22.0
gcr.io/kaniko-project/executor:latest

The debug images are available at:

gcr.io/kaniko-project/executor:debug
gcr.io/kaniko-project/executor:v1.22.0-debug

The slim executor images which don't contain any authentication binaries are available at:

gcr.io/kaniko-project/executor:slim
gcr.io/kaniko-project/executor:v1.22.0-slim
  • chore(deps): bump github.com/docker/docker from 25.0.4+incompatible to 26.0.0+incompatible #3085
  • chore(deps): bump google.golang.org/api from 0.167.0 to 0.171.0 #3082
  • chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.25.3 to 1.26.0 #3083
  • chore(deps): bump github.com/containerd/containerd from 1.7.13 to 1.7.14 #3084
  • chore(deps): bump docker/build-push-action from 5.2.0 to 5.3.0 #3070
  • Fix #3032: Remove query parameters in ADD command when the destinatio… #3053
  • Kaniko/add path regmaps [possible in registry maps and/or mirror] #3051
  • chore(deps): bump docker/setup-buildx-action from 3.1.0 to 3.2.0 #3071
  • chore(deps): bump github.com/moby/buildkit from 0.12.5 to 0.13.0 #3072
  • chore(deps): bump github.com/google/go-containerregistry from 0.19.0 to 0.19.1 #3073
  • chore(deps): bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 #3074
  • chore(deps): bump cloud.google.com/go/storage from 1.39.0 to 1.39.1 #3075
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.4 to 1.52.1 #3076
  • Fix COPY fails when multiple files are copied to path specified in ENV #3034
  • Add AWS ECR error message for tag Immutability #3045
  • chore: update google.golang.org/protobuff to resolve CVE-2024-24786 #3068
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.16.6 to 1.16.9 #3058
  • chore(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 #3056
  • chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.25.2 to 1.25.3 #3057
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.1 to 1.51.4 #3059
  • chore(deps): bump github.com/docker/docker from 25.0.3+incompatible to 25.0.4+incompatible #3060
  • chore(deps): bump docker/build-push-action from 5.1.0 to 5.2.0 #3061

Huge thank you for this release towards our contributors:

  • Aaron Prindle
  • Alessandro Bitocchi
  • dependabot[bot]
  • Jérémie Augustin
  • Prima Adi Pradana
Commits
  • 02860ef chore(release): release v1.22.0 (#3086)
  • a798fc9 chore(deps): bump github.com/docker/docker from 25.0.4+incompatible to 26.0.0...
  • 279053e chore(deps): bump google.golang.org/api from 0.167.0 to 0.171.0 (#3082)
  • 1619608 chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.25.3 to 1.26.0 (#3083)
  • a952b1b chore(deps): bump github.com/containerd/containerd from 1.7.13 to 1.7.14 (#3084)
  • 4ef48fe chore(deps): bump docker/build-push-action from 5.2.0 to 5.3.0 (#3070)
  • 02f488a Fix #3032: Remove query parameters in ADD command when the destinatio… (#3053)
  • 9095b45 Kaniko/add path regmaps [possible in registry maps and/or mirror] (#3051)
  • cca3742 chore(deps): bump docker/setup-buildx-action from 3.1.0 to 3.2.0 (#3071)
  • fcc800f chore(deps): bump github.com/moby/buildkit from 0.12.5 to 0.13.0 (#3072)
  • Additional commits viewable in compare view


Updates github.com/containerd/containerd from 1.7.14 to 1.7.15

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.15

Welcome to the v1.7.15 release of containerd!

The fifteenth patch release for containerd 1.7 contains various fixes; one for a regression introduced in v1.7.14 in the way process exits were handled.

Highlights

  • Adds mediatype to OCI index record on export (#9990)

Runtime

  • Fix runc shim to only defer init process exits (#10037)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Phil Estes
  • Austin Vazquez
  • Laura Brehm
  • Sebastiaan van Stijn
  • Talon

Changes

  • Prepare for v1.7.15 release (#10039)
  • Fix runc shim to only defer init process exits (#10037)
    • 21df46766 runc-shim: only defer init process exits
  • Fix compile from version control system (source) use case (#10012)
    • 2a054213e Fix compile from version control system (source) use case
  • Adds mediatype to OCI index record on export (#9990)
    • 6605c47a4 adds mediatype to oci index record
  • vendor: google.golang.org/protobuf 1.33.0, github.com/golang/protobuf v1.5.4 (#9975)
    • e6d91d843 vendor: github.com/golang/protobuf v1.5.4
    • 2d136c5f5 build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
    • a1a7af7a3 build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0

Dependency Changes

  • github.com/golang/protobuf v1.5.3 -> v1.5.4
  • google.golang.org/protobuf v1.31.0 -> v1.33.0

... (truncated)

Commits
  • 926c958 Merge pull request #10039 from estesp/prep-1.7.15
  • 4d4759b Prep v1.7.15 release
  • 52fc8ab Merge pull request #10037 from laurazard/backport-1.7-exec-fix
  • 21df467 runc-shim: only defer init process exits
  • 0dcf21c Merge pull request #10012 from austinvazquez/release-1.7-fix-offline-compilation
  • 2a05421 Fix compile from version control system (source) use case
  • ec5222f Merge pull request #9990 from daghack/oci-add-mediatype-1.7
  • 6605c47 adds mediatype to oci index record
  • be5ec97 Merge pull request #9975 from thaJeztah/1.7_bump_protobuf
  • e6d91d8 vendor: github.com/golang/protobuf v1.5.4
  • Additional commits viewable in compare view


Updates github.com/docker/docker from 26.0.1+incompatible to 26.0.2+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v26.0.2

26.0.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains a security fix for CVE-2024-32473, an unexpected configuration of IPv6 on IPv4-only interfaces.

Bug fixes and enhancements

Commits
  • 7cef0d9 Merge pull request from GHSA-x84c-p2g9-rqv9
  • 841c4c8 Disable IPv6 for endpoints in '--ipv6=false' networks.
  • See full diff in compare view


Updates golang.org/x/sys from 0.18.0 to 0.19.0

Commits
  • cabba82 windows: use uint32 for serial comm flags for consistency
  • 1a50d97 windows: add serial comm functions
  • 95f07ec x/sys/windows: add func windows.DisconnectNamedPipe(handle Handle) (err error)
  • 4be02d3 unix: expose mmap calls on z/OS
  • See full diff in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
dependabot[bot] commented 5 months ago

Superseded by #1345.