search

mozilla-services / foxsec-pipeline

Log analysis pipeline utilizing Apache Beam
Mozilla Public License 2.0
25 stars 9 forks source link

Bump go.mozilla.org/sops/v3 from 3.5.0 to 3.7.1 in /contrib/cloudtrail-streamer #544

Closed dependabot[bot] closed 3 years ago

dependabot[bot] commented 3 years ago

Bumps go.mozilla.org/sops/v3 from 3.5.0 to 3.7.1.

Release notes

Sourced from go.mozilla.org/sops/v3's releases.

v3.7.1

Commits

  • [9cc95d4]: Add release workflow (AJ Bahnken) #843
  • [dfc7af2]: swap to fork of action-automatic-releases (AJ Bahnken) #843
  • [fdf4517]: Trim space from age keys (Johan Fleury) #846
  • [1504dbc]: Run CI tests against master as well (AJ Bahnken) #848
  • [8a2fbc0]: Initial patch for advisory (AJ Bahnken) #852
  • [e5bf171]: go.sum fix (AJ Bahnken) #852
  • [706d0c7]: Merge pull request from GHSA-x5c7-x7m2-rhmf (AJ Bahnken) #852
  • [8838db6]: v3.7.1 prep (AJ Bahnken) #852
  • [68e2a82]: fix release workflow (AJ Bahnken)

v3.7.0

3.7.0

Features:

  • Add support for age (#688)
  • Add filename to exec-file (#761)

Changes:

  • On failed decryption with GPG, return the error returned by GPG to the sops user (#762)
  • Use yaml.v3 instead of modified yaml.v2 for handling YAML files (#791)
  • Update aws-sdk-go to version v1.37.18 (#823)

Project Changes:

  • Switch from TravisCI to Github Actions (#792)

v3.6.1

Features:

  • Add support for --unencrypted-regex (#715)

Changes:

  • Use keys.openpgp.org instead of gpg.mozilla.org (#732)
  • Upgrade AWS SDK version (#714)
  • Support --input-type for exec-file (#699)

Bug fixes:

  • Fixes broken Vault tests (#731)
  • Revert "Add standard newline/quoting behavior to dotenv store" (#706)

v3.6.0

Features:

  • Support for encrypting data through the use of Hashicorp Vault (#655)
  • sops publish now supports --recursive flag for publishing all files in a directory (#602)
  • sops publish now supports --omit-extensions flag for omitting the extension in the destination path (#602)
  • sops now supports JSON arrays of arrays (#642)

... (truncated)

Changelog

Sourced from go.mozilla.org/sops/v3's changelog.

3.7.1

Changes:

* Security fix
* Add release workflow ([#843](https://github.com/mozilla/sops/issues/843))
* Fix issue where CI wouldn't run against master ([#848](https://github.com/mozilla/sops/issues/848))
* Trim extra whitespace around age keys ([#846](https://github.com/mozilla/sops/issues/846))

3.7.0

Features:

* Add support for age ([#688](https://github.com/mozilla/sops/issues/688))
* Add filename to exec-file ([#761](https://github.com/mozilla/sops/issues/761))

Changes:

* On failed decryption with GPG, return the error returned by GPG to the sops user ([#762](https://github.com/mozilla/sops/issues/762))
* Use yaml.v3 instead of modified yaml.v2 for handling YAML files ([#791](https://github.com/mozilla/sops/issues/791))
* Update aws-sdk-go to version v1.37.18 ([#823](https://github.com/mozilla/sops/issues/823))

Project Changes:

* Switch from TravisCI to Github Actions ([#792](https://github.com/mozilla/sops/issues/792))

3.6.1

Features:

* Add support for --unencrypted-regex ([#715](https://github.com/mozilla/sops/issues/715))

Changes:

* Use keys.openpgp.org instead of gpg.mozilla.org ([#732](https://github.com/mozilla/sops/issues/732))
* Upgrade AWS SDK version ([#714](https://github.com/mozilla/sops/issues/714))
* Support --input-type for exec-file ([#699](https://github.com/mozilla/sops/issues/699))

Bug fixes:

* Fixes broken Vault tests ([#731](https://github.com/mozilla/sops/issues/731))
* Revert "Add standard newline/quoting behavior to dotenv store" ([#706](https://github.com/mozilla/sops/issues/706))

3.6.0

Features:

* Support for encrypting data through the use of Hashicorp Vault ([#655](https://github.com/mozilla/sops/issues/655))
* `sops publish` now supports `--recursive` flag for publishing all files in a directory ([#602](https://github.com/mozilla/sops/issues/602))

... (truncated)

Commits
  • 68e2a82 fix release workflow
  • adfe49c Merge pull request #852 from mozilla/develop
  • 8838db6 v3.7.1 prep
  • 706d0c7 Merge pull request from GHSA-x5c7-x7m2-rhmf
  • e5bf171 go.sum fix
  • 1931931 Merge pull request #846 from johanfleury/fix/trim-age-keys
  • 450e30e Merge pull request #848 from mozilla/ajvb/run-ci-against-master-as-well
  • 8a2fbc0 Initial patch for advisory
  • 1504dbc Run CI tests against master as well
  • 1acf4dd Merge pull request #843 from mozilla/ajvb/release-support
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mozilla-services/foxsec-pipeline/network/alerts).
dependabot[bot] commented 3 years ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.