chore(deps): Bump the production-dependencies group across 1 directory with 5 updates

[dependabot[bot]]

Bumps the production-dependencies group with 4 updates in the / directory: dario.cat/mergo, github.com/Microsoft/hcsshim, github.com/sylabs/sif/v2 and kubevirt.io/containerized-data-importer-api.

Updates dario.cat/mergo from 1.0.0 to 1.0.1

Release notes

Sourced from dario.cat/mergo's releases.

v1.0.1

What's Changed

• fixes issue #187 by @​vsemichev in darccio/mergo#253
• fix: WithoutDereference should respect non-nil struct pointers by @​joshkaplinsky in darccio/mergo#251

New Contributors

• @​vsemichev made their first contribution in darccio/mergo#253
• @​joshkaplinsky made their first contribution in darccio/mergo#251

Full Changelog: https://github.com/darccio/mergo/compare/v1.0.0...v1.0.1

Commits

• 59ea6a9 Merge pull request #251 from joshkaplinsky/joshkaplinsky/without-dereference-...
• 96f24af Merge pull request #253 from vsemichev/master
• 2f1a615 fixes issue #187. adds test to verify the fix.
• 4da170b fixes issue #187. attempt #3
• a13a117 fixes issue #187. attempt #2
• 6b830ff fixes issue #187
• f33862a WithoutDereference should respect structs
• cde9f0e Merge pull request #246 from darccio/darccio/v1-frozen
• f1e2fe5 chore: frozen v1
• 7f7b4af Update FUNDING.yml
• Additional commits viewable in compare view

Updates github.com/Microsoft/hcsshim from 0.12.5 to 0.12.6

Release notes

Sourced from github.com/Microsoft/hcsshim's releases.

v0.12.6

What's Changed

• [release/0.12] Backport commits from hcsshim/main to update module versions by @​kiashok in microsoft/hcsshim#2237

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.5...v0.12.6

Commits

• f922f2a Omnibus dependency updates (#2051)
• 7d25ce2 Update module versions
• 85a5a57 drop usage of deprecated package/methods
• d4b1cc0 Bump opa/containerd to latest versions
• 6a5ebd3 Upgrade deps to resolve CVEs (#2225)
• 4f46058 Omnibus dependency update (#2166)
• See full diff in compare view

Updates github.com/sylabs/sif/v2 from 2.18.0 to 2.19.0

Release notes

Sourced from github.com/sylabs/sif/v2's releases.

v2.19.0

This release drops support for Go 1.21.

What's Changed

• build(deps): bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1 by @​dependabot in sylabs/sif#378
• build(deps): bump github.com/sebdah/goldie/v2 from 2.5.3 to 2.5.5 by @​dependabot in sylabs/sif#379
• build(deps): bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2 by @​dependabot in sylabs/sif#380
• chore: bump module to Go 1.22 by @​tri-adam in sylabs/sif#382
• build(deps): bump github.com/sigstore/sigstore from 1.8.4 to 1.8.8 by @​dependabot in sylabs/sif#381

Full Changelog: https://github.com/sylabs/sif/compare/v2.18.0...v2.19.0

Commits

• 518b3a3 build(deps): bump github.com/sigstore/sigstore from 1.8.4 to 1.8.8 (#381)
• afa5a4e Merge pull request #382 from tri-adam/go-1.23
• 9a07943 chore: bump module to Go 1.22
• dae7b25 build(deps): bump github.com/google/go-containerregistry (#380)
• 99e2ac5 build(deps): bump github.com/sebdah/goldie/v2 from 2.5.3 to 2.5.5 (#379)
• 7204492 build(deps): bump github.com/google/go-containerregistry (#378)
• See full diff in compare view

Updates google.golang.org/genproto/googleapis/rpc from 0.0.0-20240528184218-531527333157 to 0.0.0-20240701130421-f6361c86f094

Commits

• See full diff in compare view

Updates kubevirt.io/containerized-data-importer-api from 1.59.0 to 1.60.1

Release notes

Sourced from kubevirt.io/containerized-data-importer-api's releases.

v1.60.1

This release follows v1.59.0 and consists of 120 changes, contributed by 28 people, leading to 3579 files changed, 609903 insertions(+), 176669 deletions(-).

The source code and selected binaries are available for download at: https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.60.1.

Pre-built CDI containers are published on Quay.io and can be viewed at: https://quay.io/repository/kubevirt/cdi-controller/ https://quay.io/repository/kubevirt/cdi-importer/ https://quay.io/repository/kubevirt/cdi-cloner/ https://quay.io/repository/kubevirt/cdi-uploadproxy/ https://quay.io/repository/kubevirt/cdi-apiserver/ https://quay.io/repository/kubevirt/cdi-uploadserver/ https://quay.io/repository/kubevirt/cdi-operator/

Notable changes

Enhancement: Suppress alerts to reduce noise of dependent ones Enhancement: Remove API dependency on openshift/api Enhancement: Reject volumes with storage smaller than 1MiB Enhancement: Mesh annotations now copied from the DV/PVCs to worker pods Enhancement: Add a DataVolume Running condition, with Reason field of "ImagePullFailed" Enhancement: Introduce a controller to handle forklift's volume populators (ovirt, openstack) Enhancement: Provide RPM support for s390x platform Enhancement: Onboard Infinibox CSI driver Enhancement: Make upload client/server certs configurable and rotate uploadserver pods Enhancement: Improve error reporting in upload-proxy Enhancement: Set LVM based provisioners clone strategy to host assisted by default Enhancement: Add storagecapabilities to vSphere provisioner Enhancement: Delete and recreate pending DataImportCron PVCs on default storage class update Enhancement: Expose the upload-proxy's certificate in the CDI config status Enhancement: Added KubeSAN CSI plugin storage capabilities so the CDI StorageProfile is automatically populated Enhancement: Remove datavolume clone source validation from webhook Enhancement: VDDK datasource: Increase number of nbdkit lines logged Enhancement: Inject cdi-uploadproxy CA cert into user created routes Enhancement: Adding storagecapabilities to the longhorn provisioner Enhancement: Default instance type labels are now added from registry imported PVCs/cloned VolumeSnapshots to DataVolumes Enhancement: add s390x support for builder image Enhancement: Properly handle DataVolume preallocation setting for all host assisted (copy) clones Enhancement: Copy labels from the source of a DataSource (DV/PVC/VolumeSnapshot)

BugFix: Fix resources configuration missing from the configuration of the cdi-containerimage-server initcontainer BugFix: Clone from snapshot - fix volume/access mode inferring for temp host assisted source PVC BugFix: Support IPv6 for controller metrics URL BugFix: Stop handling error phase as "unknown" in clone-populator BugFix: Improve metrics reporting behavior for upstream rook-ceph deployments, identifying RGW bucket provisioners BugFix: Use scratch space (and thus qemu-img convert flow) when importing non-archived images to avoid losing sparseness of images

... (truncated)

Commits

• c186264 fix post submit issue in order to release properly
• b375def v1.60.0 release notes
• d68f59e remove gradle dep when running gen-swagger-docs.sh (#3390)
• 6269010 apidocs: remove gradle dep (#3389)
• 79e6b97 Retry pulling builder image (#3387)
• 2d9c82e Setup ginkgo cli build properly to avoid double dep (#3378)
• f357368 feat: Copy labels from source to DataSource (#3377)
• c15ad1d nbdkit: Use password=+filename to send passwords securely (#3363)
• 56c4b2f Properly handle DataVolume preallocation setting for all host assisted (copy)...
• e1a553a feat(DataVolume): Add default instance type labels from VolumeSnapshots and f...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[kubevirt-bot]

Hi @dependabot[bot]. Thanks for your PR.

PRs from untrusted users cannot be marked as trusted with /ok-to-test in this repo meaning untrusted PR authors can never trigger tests themselves. Collaborators can still trigger tests on the PR using /test all.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

[0xFelix]

/test all /approve /lgtm

[kubevirt-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: 0xFelix

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubevirt/containerdisks/blob/main/OWNERS)~~ [0xFelix] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[kubevirt-bot]

@dependabot[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-containerdisks-pipeline-cirros	d13ef685706d8df722e4f19feb3472cca917b649	link	true	/test pull-containerdisks-pipeline-cirros
pull-containerdisks-test	d13ef685706d8df722e4f19feb3472cca917b649	link	true	/test pull-containerdisks-test
pull-containerdisks-build	d13ef685706d8df722e4f19feb3472cca917b649	link	true	/test pull-containerdisks-build

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).

[0xFelix]

@dependabot ignore github.com/sylabs/sif/v2

[dependabot[bot]]

OK, I won't notify you about github.com/sylabs/sif/v2 again, unless you unignore it.

[dependabot[bot]]

Looks like these dependencies are updatable in another way, so this is no longer needed.

[0xFelix]

@dependabot unignore github.com/sylabs/sif/v2

[dependabot[bot]]

OK, I will stop ignoring the github.com/sylabs/sif/v2 dependency.

[dependabot[bot]]

Looks like this PR is closed. If you re-open it I'll rebase it as long as no-one else has edited it (you can use @dependabot reopen if the branch has been deleted).