cert-manager / release

Releasing tooling for the cert-manager project
Apache License 2.0
5 stars 12 forks source link

Bump the all group with 7 updates #162

Closed dependabot[bot] closed 8 months ago

dependabot[bot] commented 9 months ago

Bumps the all group with 7 updates:

Package From To
cloud.google.com/go/storage 1.37.0 1.39.0
github.com/stretchr/testify 1.8.4 1.9.0
golang.org/x/crypto 0.18.0 0.19.0
golang.org/x/oauth2 0.16.0 0.17.0
google.golang.org/api 0.157.0 0.166.0
helm.sh/helm/v3 3.14.0 3.14.2
k8s.io/apimachinery 0.29.0 0.29.2

Updates cloud.google.com/go/storage from 1.37.0 to 1.39.0

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage: v1.39.0

1.39.0 (2024-02-29)

Features

  • storage: Make it possible to disable Content-Type sniffing (#9431) (0676670)

storage: v1.38.0

1.38.0 (2024-02-12)

Features

  • storage: Support auto-detection of access ID for external_account creds (#9208) (b958d44)
  • storage: Support custom hostname for VirtualHostedStyle SignedURLs (#9348) (7eec40e)
  • storage: Support universe domains (#9344) (29a7498)

Bug Fixes

  • storage: Fix v4 url signing for hosts that specify ports (#9347) (f127b46)

Documentation

  • storage: Indicate that gRPC is incompatible with universe domains (#9386) (e8bd85b)
Commits
  • 2b87538 chore(main): release spanner 1.39.0 (#6622)
  • a1ce541 fix(spanner): destroy session when client is closing (#6700)
  • 37d209c chore(storage): multi-transport BucketCreateDelete test (#6670)
  • 3d26091 feat(bigquery): add reference file schema option for federated formats (#6693)
  • 17cceeb chore(storage): parse out project number if available (#6671)
  • feb7d7d feat(bigquery/analyticshub): start generating apiv1 (#6707)
  • 402eb24 chore: update how we handle mod replacements (#6704)
  • f1ef6d8 chore: release main (#6696)
  • 4aa2f48 chore: fix v2 beta edge case (#6698)
  • 1b56cd0 feat(spanner): retry spanner transactions and mutations when RST_STREAM error...
  • Additional commits viewable in compare view


Updates github.com/stretchr/testify from 1.8.4 to 1.9.0

Release notes

Sourced from github.com/stretchr/testify's releases.

v1.9.0

What's Changed

... (truncated)

Commits
  • bb548d0 Merge pull request #1552 from stretchr/dependabot/go_modules/github.com/stret...
  • 814075f build(deps): bump github.com/stretchr/objx from 0.5.1 to 0.5.2
  • e045612 Merge pull request #1339 from bogdandrutu/uintptr
  • 5b6926d Merge pull request #1385 from hslatman/not-implements
  • 9f97d67 Merge pull request #1550 from stretchr/release-notes
  • bcb0d3f Include the auto-release notes in releases
  • fb770f8 Merge pull request #1247 from ccoVeille/typos
  • 85d8bb6 fix typos in comments, tests and github templates
  • e2741fa Merge pull request #1548 from arjunmahishi/msgAndArgs
  • 6e59f20 http_assertions: assert that the msgAndArgs actually works in tests
  • Additional commits viewable in compare view


Updates golang.org/x/crypto from 0.18.0 to 0.19.0

Commits


Updates golang.org/x/oauth2 from 0.16.0 to 0.17.0

Commits
  • ebe81ad go.mod: update golang.org/x dependencies
  • adffd94 google/internal/externalaccount: update serviceAccountImpersonationRE to supp...
  • deefa7e google/downscope: add DownscopingConfig.UniverseDomain to support TPC
  • See full diff in compare view


Updates google.golang.org/api from 0.157.0 to 0.166.0

Release notes

Sourced from google.golang.org/api's releases.

v0.166.0

0.166.0 (2024-02-21)

Features

v0.165.0

0.165.0 (2024-02-14)

Features

v0.164.0

0.164.0 (2024-02-12)

Features

Bug Fixes

  • transport: Disable universe domain check if token source (#2413) (edbe996)

v0.163.0

0.163.0 (2024-02-08)

Features

v0.162.0

... (truncated)

Changelog

Sourced from google.golang.org/api's changelog.

0.166.0 (2024-02-21)

Features

0.165.0 (2024-02-14)

Features

0.164.0 (2024-02-12)

Features

Bug Fixes

  • transport: Disable universe domain check if token source (#2413) (edbe996)

0.163.0 (2024-02-08)

Features

0.162.0 (2024-02-05)

Features

... (truncated)

Commits


Updates helm.sh/helm/v3 from 3.14.0 to 3.14.2

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.14.2 is a security (patch) release. Users are strongly recommended to update to this release.

A Helm contributor discovered uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content.

Jakub Ciolek with AlphaSense discovered the vulnerability.

Installation and Upgrading

Download Helm v3.14.2. The common platform binaries are here:

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.14.3 will contain only bug fixes and be released on March 13, 2024.
  • 3.15.0 is the next feature release and will be on May 08, 2024.

Helm v3.14.1 is a security (patch) release. Users are strongly recommended to update to this release.

A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time.

Dominykas Blyžė with Nearform Ltd. discovered the vulnerability.

Installation and Upgrading

Download Helm v3.14.1. The common platform binaries are here:

... (truncated)

Commits


Updates k8s.io/apimachinery from 0.29.0 to 0.29.2

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
jetstack-bot commented 9 months ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please assign maelvls for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/cert-manager/release/blob/master/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
jetstack-bot commented 9 months ago

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
dependabot[bot] commented 8 months ago

Looks like these dependencies are updatable in another way, so this is no longer needed.