search

enterprise-contract / ec-cli

Enterprise Contract command line interface
https://enterprisecontract.dev/docs/ec-cli/main/index.html
Apache License 2.0
26 stars 25 forks source link

build(deps): bump the all group across 1 directory with 4 updates #1616

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 2 months ago

Bumps the all group with 4 updates in the /acceptance directory: github.com/enterprise-contract/enterprise-contract-controller/api, github.com/tektoncd/cli, github.com/testcontainers/testcontainers-go and sigs.k8s.io/kind.

Updates github.com/enterprise-contract/enterprise-contract-controller/api from 0.1.43 to 0.1.46

Release notes

Sourced from github.com/enterprise-contract/enterprise-contract-controller/api's releases.

API Release api/v0.1.46

What's Changed

Full Changelog: https://github.com/enterprise-contract/enterprise-contract-controller/compare/api/v0.1.45...api/v0.1.46

API Release api/v0.1.45

What's Changed

Full Changelog: https://github.com/enterprise-contract/enterprise-contract-controller/compare/api/v0.1.44...api/v0.1.45

API Release api/v0.1.44

What's Changed

Full Changelog: https://github.com/enterprise-contract/enterprise-contract-controller/compare/api/v0.1.43...api/v0.1.44

Commits
  • 6f09ed5 Bump github/codeql-action from 3.25.3 to 3.25.5
  • 4e21d55 Bump actions/checkout from 4.1.4 to 4.1.5
  • dacc49a Merge pull request #333 from enterprise-contract/dependabot/github_actions/so...
  • 856b9fc Merge pull request #331 from enterprise-contract/dependabot/github_actions/os...
  • 552cb27 Bump softprops/action-gh-release from 2.0.4 to 2.0.5
  • b00b170 Bump ossf/scorecard-action from 2.3.1 to 2.3.3
  • 40ecac2 Merge pull request #327 from enterprise-contract/dependabot/go_modules/api/si...
  • 6c2cd6f Run go mod tidy
  • 2ddfb79 Bump step-security/harden-runner from 2.7.0 to 2.7.1
  • ba736bc Merge pull request #323 from enterprise-contract/dependabot/go_modules/sigs.k...
  • Additional commits viewable in compare view


Updates github.com/tektoncd/cli from 0.36.0 to 0.37.0

Release notes

Sourced from github.com/tektoncd/cli's releases.

v0.37.0 Release 🎉

This release comes with support for Pipelines LTS v0.59.0, Triggers v0.27.0, Chains v0.20.0 and Hub v1.17.0 CLI. This release contains a feature to have exit code 0 or 1 or 2 based on PipelineRun status in pipeline start and pipelinerun logs command by providing -E flag and a couple of dependency bumps

ChangeLog 📋

Features :sparkles:

Misc 🔨

... (truncated)

Changelog

Sourced from github.com/tektoncd/cli's changelog.

Tekton CLI Releases

Release Frequency

Tekton CLI follows the Tekton community [release policy][release-policy] as follows:

  • Versions are numbered according to semantic versioning: vX.Y.Z
  • A new release is produced on a monthly basis
  • Four releases a year are chosen for long term support (LTS). All remaining releases are supported for approximately 1 month (until the next release is produced)
    • LTS releases take place in January, April, July and October every year
    • The first Tekton CLI LTS release will be v0.30.0 in January 2023
    • Releases happen towards the middle of the month, but the exact date may vary, depending on week-ends and readiness

Tekton CLI produces nightly builds, publicly available on gcr.io/tekton-nightly.

Transition Process

Before release v0.28 Tekton CLI has worked on the basis of an undocumented support period of four months, which will be maintained for the releases between v0.26 and v0.27.

Release Process

Read about releasing the Tekton CLI in the [release process documentation] [tekton-release-process].

Further documentation available:

  • [Tekton resources][tekton-releases-docs]
  • Standard for [release notes][release-notes-standards]

Releases

v0.37

  • Latest Release: [v0.37.0][v0-37-0] (2024-05-13) ([docs][v0-37-0-docs])
  • Initial Release: [v0.37.0][v0-37-0] (2024-05-13) ([docs][v0-37-0-docs])
  • End of Life: 2025-05-12

v0.36

  • Latest Release: [v0.36.0][v0-36-0] (2024-03-21) ([docs][v0-36-0-docs])
  • Initial Release: [v0.36.0][v0-36-0] (2024-03-21) ([docs][v0-36-0-docs])
  • End of Life: 2025-03-20

... (truncated)

Commits
  • f8b6dc0 New version v0.37.0
  • 8189441 Bump github.com/tektoncd/triggers from 0.26.2 to 0.27.0
  • aa6aad1 Bump the go-docker-dependencies group with 2 updates
  • 3e19d4e Bump github.com/golangci/golangci-lint from 1.58.0 to 1.58.1 in /tools
  • e8fcfa9 Bump github.com/tektoncd/hub from 1.16.0 to 1.17.0
  • ca51d2c Bump goreleaser for latest v1.25.1
  • 67ac3ab Bump go version to 1.22
  • f5e7201 Group all k8s dep together
  • 15e4437 Bump k8s.io/apimachinery to v0.28.9
  • c38d010 Bump k8s.io/cli-runtime from 0.28.5 to 0.28.9
  • Additional commits viewable in compare view


Updates github.com/testcontainers/testcontainers-go from 0.30.0 to 0.31.0

Release notes

Sourced from github.com/testcontainers/testcontainers-go's releases.

v0.31.0

What's Changed

⚠️ Breaking Changes

Are you hosting your own Testcontainers for Go module?

If you are hosting your own module, please update all the custom options you created for the module, updating them to return an error in the case it occurs. This breaking change is needed to provide a more robust and consistent API for creating modules, allowing module authors to create custom code to customise the container avoiding panics.

🔒 Security

  • chore(deps): bump github.com/containerd/containerd from 1.7.12 to 1.7.15 (#2517) @​mdelapenya

🚀 Features

🐛 Bug Fixes

📖 Documentation

🧹 Housekeeping

📦 Dependency updates

... (truncated)

Commits
  • 896f379 chore: use new version (v0.31.0) in modules and examples
  • 788097d feat(mongodb): add replica set support via opts (#2469)
  • de893e1 fix(modules.kafka): Use broker container IP instead of host IP for advertised...
  • 5fa6548 feat: expose JSON representation of a container with Inspect (#2534)
  • b181e3e chore(deps): bump test-summary action to v2.3 (#2535)
  • b5541e6 chore(deps): bump jinja2 from 3.1.3 to 3.1.4 (#2533)
  • 5c5ff44 Update devcontainer image (#2531)
  • 4effa16 chore(influxdb): include more characters in wait for log regex (#2532)
  • 5e97046 fix(compose): avoid race conditions when caching services (#2528)
  • da2d5c5 chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 5.1.0 (#2525)
  • Additional commits viewable in compare view


Updates sigs.k8s.io/kind from 0.22.0 to 0.23.0

Release notes

Sourced from sigs.k8s.io/kind's releases.

v0.23.0

This release introduces initial limited support for nerdctl and kube-proxy nftables mode.

  • The default node image is now Kubernetes 1.30.0: kindest/node:v1.30.0@sha256:047357ac0cfea04663786a612ba1eaba9702bef25227a794b52890dd8bcd692e
  • ipFamily config field is now validated
    • While technically a breaking change, if the value you set here is now caught as invalid it was being silently ignored and creating an ipv4 cluster previously and you should correct your config
  • Go 1.17+ is required for go install sigs.k8s.io/kind / building the kind binary
    • Prebuilt binaries are available as an alternative to go install
    • For local development make will automatically setup the correct go version
    • Note that the go team only supports 1.21+ and major linux distros have 1.19+
    • Future releases may increase this to a more current Go release
    • Future release may adopt toolchain in go.mod to make this seamless if you have go 1.21+ installed even without our makefile. We highly recommend installing go 1.21+

Images pre-built for this release:

  • v1.30.0: kindest/node:v1.30.0@sha256:047357ac0cfea04663786a612ba1eaba9702bef25227a794b52890dd8bcd692e
  • v1.29.4: kindest/node:v1.29.4@sha256:3abb816a5b1061fb15c6e9e60856ec40d56b7b52bcea5f5f1350bc6e2320b6f8
  • v1.28.9: kindest/node:v1.28.9@sha256:dca54bc6a6079dd34699d53d7d4ffa2e853e46a20cd12d619a09207e35300bd0
  • v1.27.13: kindest/node:v1.27.13@sha256:17439fa5b32290e3ead39ead1250dca1d822d94a10d26f1981756cd51b24b9d8
  • v1.26.15: kindest/node:v1.26.15@sha256:84333e26cae1d70361bb7339efb568df1871419f2019c80f9a12b7e2d485fe19
  • v1.25.16: kindest/node:v1.25.16@sha256:5da57dfc290ac3599e775e63b8b6c49c0c85d3fec771cd7d55b45fae14b38d3b

NOTE: You must use the @sha256 digest to guarantee an image built for this release, until such a time as we switch to a different tagging scheme. Even then we will highly encourage digest pinning for security and reproducibility reasons.

See also:

NOTE: These node images support amd64 and arm64, both of our supported platforms. You must use the same platform as your host, for more context see kubernetes-sigs/kind#2718

  • Correctly case kubeProxyMode: "none"

... (truncated)

Commits
  • 0296c52 version v0.23.0
  • 4a36b22 Merge pull request #3608 from BenTheElder/bump-kindnetd-mod
  • 96a3352 bump node image to 1.30.0
  • 1c8c510 bump base image
  • 7e41de9 bump local-path-provisioner image
  • 54682a2 bump kindnetd image
  • cd2ac64 bump kindnetd to k8s 0.29 (not 0.30 as we'd need go 1.22+, see runc issue 4233)
  • b9bba13 Merge pull request #3607 from BenTheElder/bump-go
  • 274e9d4 upgrade to go1.21.10
  • 6967c95 Merge pull request #3605 from kubernetes-sigs/dependabot/github_actions/actio...
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
zregvart commented 2 months ago

@dependabot ignore github.com/tektoncd/cli minor version

dependabot[bot] commented 2 months ago

OK, I won't notify you about version 0.37.x of github.com/tektoncd/cli again, unless you unignore it.

zregvart commented 2 months ago

Tekton CLI requires golang 1.22 now (https://github.com/tektoncd/cli/pull/2315) see https://issues.redhat.com/browse/EC-598

dependabot[bot] commented 2 months ago

Looks like these dependencies are updatable in another way, so this is no longer needed.