search

controlplaneio / kubesec

Security risk analysis for Kubernetes resources
https://kubesec.io
Apache License 2.0
1.19k stars 100 forks source link

chore(deps): bump the gomod group with 8 updates #590

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 5 months ago

Bumps the gomod group with 8 updates:

Package From To
github.com/prometheus/client_golang 1.17.0 1.18.0
go.uber.org/zap 1.26.0 1.27.0
github.com/prometheus/client_model 0.5.0 0.6.0
github.com/prometheus/common 0.45.0 0.48.0
github.com/secure-systems-lab/go-securesystemslib 0.7.0 0.8.0
golang.org/x/crypto 0.16.0 0.17.0
golang.org/x/sys 0.15.0 0.16.0
google.golang.org/protobuf 1.31.0 1.32.0

Updates github.com/prometheus/client_golang from 1.17.0 to 1.18.0

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.18.0

What's Changed

  • [FEATURE] promlint: Allow creation of custom metric validations. #1311
  • [FEATURE] Go programs using client_golang can be built in wasip1 OS. #1350
  • [BUGFIX] histograms: Add timer to reset ASAP after bucket limiting has happened. #1367
  • [BUGFIX] testutil: Fix comparison of metrics with empty Help strings. #1378
  • [ENHANCEMENT] Improved performance of MetricVec.WithLabelValues(...). #1360

New Contributors

Full Changelog: https://github.com/prometheus/client_golang/compare/v1.17.0...v1.18.0

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.18.0 / 2023-12-22

  • [FEATURE] promlint: Allow creation of custom metric validations. #1311
  • [FEATURE] Go programs using client_golang can be built in wasip1 OS. #1350
  • [BUGFIX] histograms: Add timer to reset ASAP after bucket limiting has happened. #1367
  • [BUGFIX] testutil: Fix comparison of metrics with empty Help strings. #1378
  • [ENHANCEMENT] Improved performance of MetricVec.WithLabelValues(...). #1360
Commits
  • 53be91d Revert "change api http.client to interface"
  • 1a2d072 Add 1.18 changelog
  • 239b123 Merge pull request #1387 from tsipo/main
  • 3f8bd73 Merge pull request #1370 from prometheus/dependabot/go_modules/tutorial/whats...
  • 5e55b31 Bump google.golang.org/grpc from 1.53.0 to 1.56.3 in /tutorial/whatsup
  • e96fb18 Merge pull request #1401 from prometheus/dependabot/go_modules/golang.org/x/s...
  • 2a8fc90 Bump golang.org/x/sys from 0.13.0 to 0.15.0
  • 24d59e9 change client to interface, allow override by other implementations (e.g. git...
  • 80d3f0b Normalize empty help values in CollectAndCompare (#1378)
  • 3f80cd1 Add example of NewConstMetricWithCreatedTimestamp (#1375)
  • Additional commits viewable in compare view


Updates go.uber.org/zap from 1.26.0 to 1.27.0

Release notes

Sourced from go.uber.org/zap's releases.

v1.27.0

Enhancements:

  • #1378[]: Add WithLazy method for SugaredLogger.
  • #1399[]: zaptest: Add NewTestingWriter for customizing TestingWriter with more flexibility than NewLogger.
  • #1406[]: Add Log, Logw, Logln methods for SugaredLogger.
  • #1416[]: Add WithPanicHook option for testing panic logs.

Thanks to @​defval, @​dimmo, @​arxeiss, and @​MKrupauskas for their contributions to this release.

#1378: uber-go/zap#1378 #1399: uber-go/zap#1399 #1406: uber-go/zap#1406 #1416: uber-go/zap#1416

Changelog

Sourced from go.uber.org/zap's changelog.

1.27.0 (20 Feb 2024)

Enhancements:

  • #1378[]: Add WithLazy method for SugaredLogger.
  • #1399[]: zaptest: Add NewTestingWriter for customizing TestingWriter with more flexibility than NewLogger.
  • #1406[]: Add Log, Logw, Logln methods for SugaredLogger.
  • #1416[]: Add WithPanicHook option for testing panic logs.

Thanks to @​defval, @​dimmo, @​arxeiss, and @​MKrupauskas for their contributions to this release.

#1378: uber-go/zap#1378 #1399: uber-go/zap#1399 #1406: uber-go/zap#1406 #1416: uber-go/zap#1416

Commits


Updates github.com/prometheus/client_model from 0.5.0 to 0.6.0

Release notes

Sourced from github.com/prometheus/client_model's releases.

v0.6.0

What's Changed

New Contributors

Full Changelog: https://github.com/prometheus/client_model/compare/v0.5.0...v0.6.0

Commits
  • d56cd79 add exemplar to native histogram (#80)
  • f22bbab Merge pull request #79 from prometheus/repo_sync
  • 552c44f Update common Prometheus files
  • f68ef47 Merge pull request #78 from prometheus/dependabot/go_modules/google.golang.or...
  • 2aad054 Bump google.golang.org/protobuf from 1.31.0 to 1.32.0
  • 93dfe21 Merge pull request #77 from prometheus/repo_sync
  • d150866 Update common Prometheus files
  • 9b7b675 Merge pull request #76 from prometheus/repo_sync
  • 734da88 Update common Prometheus files
  • c26a8ee Merge pull request #75 from vesari/add-unit
  • Additional commits viewable in compare view


Updates github.com/prometheus/common from 0.45.0 to 0.48.0

Release notes

Sourced from github.com/prometheus/common's releases.

v0.48.0

This release will require changes of code that relies on direct access to content-type format strings. See the PR linked below for work-arounds. Please file an issue if your use case doesn't work anymore.

What's Changed

Full Changelog: https://github.com/prometheus/common/compare/v0.47.0...v0.48.0

v0.47.0

What's Changed

New Contributors

Full Changelog: https://github.com/prometheus/common/compare/v0.46.0...v0.47.0

v0.46.0

What's Changed

New Contributors

... (truncated)

Commits
  • bd41eb6 Merge pull request #576 from ywwg/owilliams/unexport
  • 05d7387 Unexport Format strings
  • 773d566 Merge pull request #570 from ywwg/owilliams/quoted-metric-name-02
  • 319c62c UTF-8 support in metric and label names
  • a3bdb9e Support empty OAuth2 inline secrets (#547)
  • bd0376d UTF-8 support in validation, and some parsers and formatters (#537)
  • 7e44242 Bump Go modules (#568)
  • 0e201e4 Merge pull request #567 from stapelberg/protodelim
  • 53f76e7 version: make GetTegs() public (#565)
  • 1143fec switch to protodelim package (which pbutil now calls)
  • Additional commits viewable in compare view


Updates github.com/secure-systems-lab/go-securesystemslib from 0.7.0 to 0.8.0

Commits
  • 7e48227 Merge pull request #66 from secure-systems-lab/dependabot/go_modules/golang.o...
  • e615bd3 chore(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0
  • c55c6a6 Merge pull request #65 from adityasaky/sigstore-support
  • a0c6afa Support sigstore fields in public key
  • 2eb6599 Merge pull request #64 from secure-systems-lab/dependabot/github_actions/acti...
  • 7e04bd5 chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0
  • a8e3b1f Merge pull request #63 from secure-systems-lab/dependabot/go_modules/golang.o...
  • 7539050 chore(deps): bump golang.org/x/crypto from 0.15.0 to 0.16.0
  • 8613a43 Merge pull request #59 from secure-systems-lab/dependabot/github_actions/acti...
  • 8402a9f Merge pull request #60 from neilnaveen/neil/signerverifier/utils
  • Additional commits viewable in compare view


Updates golang.org/x/crypto from 0.16.0 to 0.17.0

Commits
  • 9d2ee97 ssh: implement strict KEX protocol changes
  • 4e5a261 ssh: close net.Conn on all NewServerConn errors
  • 152cdb1 x509roots/fallback: update bundle
  • fdfe1f8 ssh: defer channel window adjustment
  • b8ffc16 blake2b: drop Go 1.6, Go 1.8 compatibility
  • 7e6fbd8 ssh: wrap errors from client handshake
  • bda2f3f argon2: avoid clobbering BP
  • See full diff in compare view


Updates golang.org/x/sys from 0.15.0 to 0.16.0

Commits
  • 0829ab1 windows: add SetFileValidData
  • 32cdffc unix: don't redefine constants already defined in glibc headers
  • f0c7190 unix: remove extra trailing newlines in zsyscall_openbsd_*.go
  • 5ff87d7 unix: add Netfilter and NFTables constants
  • See full diff in compare view


Updates google.golang.org/protobuf from 1.31.0 to 1.32.0

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
dependabot[bot] commented 4 months ago

Superseded by #592.