search

cert-manager / release

Releasing tooling for the cert-manager project
Apache License 2.0
5 stars 12 forks source link

Bump the all group with 6 updates #161

Closed dependabot[bot] closed 9 months ago

dependabot[bot] commented 9 months ago

Bumps the all group with 6 updates:

Package From To
cloud.google.com/go/storage 1.37.0 1.38.0
golang.org/x/crypto 0.18.0 0.19.0
golang.org/x/oauth2 0.16.0 0.17.0
google.golang.org/api 0.157.0 0.162.0
helm.sh/helm/v3 3.14.0 3.14.2
k8s.io/apimachinery 0.29.0 0.29.2

Updates cloud.google.com/go/storage from 1.37.0 to 1.38.0

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage: v1.38.0

1.38.0 (2024-02-12)

Features

  • storage: Support auto-detection of access ID for external_account creds (#9208) (b958d44)
  • storage: Support custom hostname for VirtualHostedStyle SignedURLs (#9348) (7eec40e)
  • storage: Support universe domains (#9344) (29a7498)

Bug Fixes

  • storage: Fix v4 url signing for hosts that specify ports (#9347) (f127b46)

Documentation

  • storage: Indicate that gRPC is incompatible with universe domains (#9386) (e8bd85b)
Commits
  • ef12dbd chore(main): release spanner 1.38.0 (#6606)
  • ccd3614 feat(spanner/spannertest): add support for adding and dropping Foreign Keys (...
  • bff16a7 feat(spanner/spansql): add support for coalesce expressions (#6461)
  • e9a94c2 feat(bigquery): improve error when reading null values (#6566)
  • 6b0ac0c feat(bigquery/storage/managedwriter): augment reconnection logic (#6609)
  • 9f3c334 chore(logging): added extra variables on environment test runs (#6511)
  • f8a307c chore(internal/gapicgen): fix print to not panic (#6583)
  • a6004e7 feat(iam): start generating apiv2 (#6605)
  • 59d162b fix(spanner): pass userAgent to cloud spanner requests (#6598)
  • eedc632 feat(bigquery): add trace instrumentation support for individual rpcs (#6493)
  • Additional commits viewable in compare view


Updates golang.org/x/crypto from 0.18.0 to 0.19.0

Commits


Updates golang.org/x/oauth2 from 0.16.0 to 0.17.0

Commits
  • ebe81ad go.mod: update golang.org/x dependencies
  • adffd94 google/internal/externalaccount: update serviceAccountImpersonationRE to supp...
  • deefa7e google/downscope: add DownscopingConfig.UniverseDomain to support TPC
  • See full diff in compare view


Updates google.golang.org/api from 0.157.0 to 0.162.0

Release notes

Sourced from google.golang.org/api's releases.

v0.162.0

0.162.0 (2024-02-05)

Features

Bug Fixes

  • transport: Enforce 1s timeout on requests to MDS universe_domain (#2393) (6862015)

v0.161.0

0.161.0 (2024-01-30)

Features

Bug Fixes

  • gen: Reject repeated object query params (#2383) (f29f327), refs #2379
  • transport: Skip s2a for now if service has direct path enabled (#2385) (54c764a)

v0.160.0

0.160.0 (2024-01-29)

Features

v0.159.0

0.159.0 (2024-01-26)

Features

... (truncated)

Changelog

Sourced from google.golang.org/api's changelog.

0.162.0 (2024-02-05)

Features

Bug Fixes

  • transport: Enforce 1s timeout on requests to MDS universe_domain (#2393) (6862015)

0.161.0 (2024-01-30)

Features

Bug Fixes

  • gen: Reject repeated object query params (#2383) (f29f327), refs #2379
  • transport: Skip s2a for now if service has direct path enabled (#2385) (54c764a)

0.160.0 (2024-01-29)

Features

0.159.0 (2024-01-26)

Features

Bug Fixes

... (truncated)

Commits
  • 26a1117 chore(main): release 0.162.0 (#2389)
  • 6862015 fix(transport): enforce 1s timeout on requests to MDS universe_domain (#2393)
  • a6d137b chore(all): update all (#2396)
  • 5437df8 chore(all): update module github.com/google/go-github/v52 to v58 (#2397)
  • eddfeb9 feat(all): auto-regenerate discovery clients (#2398)
  • 169ead6 feat(all): auto-regenerate discovery clients (#2395)
  • 140fb54 feat(all): auto-regenerate discovery clients (#2394)
  • e5a7a15 feat(all): auto-regenerate discovery clients (#2392)
  • c8e77f6 feat(all): auto-regenerate discovery clients (#2391)
  • f2f2d22 feat(all): auto-regenerate discovery clients (#2388)
  • Additional commits viewable in compare view


Updates helm.sh/helm/v3 from 3.14.0 to 3.14.2

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.14.2 is a security (patch) release. Users are strongly recommended to update to this release.

A Helm contributor discovered uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content.

Jakub Ciolek with AlphaSense discovered the vulnerability.

Installation and Upgrading

Download Helm v3.14.2. The common platform binaries are here:

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.14.3 will contain only bug fixes and be released on March 13, 2024.
  • 3.15.0 is the next feature release and will be on May 08, 2024.

Helm v3.14.1 is a security (patch) release. Users are strongly recommended to update to this release.

A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time.

Dominykas Blyžė with Nearform Ltd. discovered the vulnerability.

Installation and Upgrading

Download Helm v3.14.1. The common platform binaries are here:

... (truncated)

Commits


Updates k8s.io/apimachinery from 0.29.0 to 0.29.2

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
jetstack-bot commented 9 months ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please assign sgtcodfish for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/cert-manager/release/blob/master/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
jetstack-bot commented 9 months ago

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
dependabot[bot] commented 9 months ago

Looks like these dependencies are updatable in another way, so this is no longer needed.