search

octo-sts / app

A GitHub App that acts like a Security Token Service (STS) for the Github API
Apache License 2.0
139 stars 15 forks source link

Bump the all group across 1 directory with 8 updates #584

Closed dependabot[bot] closed 2 weeks ago

dependabot[bot] commented 2 weeks ago

Bumps the all group with 6 updates in the / directory:

Package From To
chainguard.dev/sdk 0.1.25 0.1.28
cloud.google.com/go/kms 1.20.0 1.20.1
cloud.google.com/go/secretmanager 1.14.1 1.14.2
github.com/chainguard-dev/terraform-infra-common 0.6.85 0.6.94
github.com/golang-jwt/jwt/v4 4.5.0 4.5.1
k8s.io/apimachinery 0.31.1 0.31.2

Updates chainguard.dev/sdk from 0.1.25 to 0.1.28

Release notes

Sourced from chainguard.dev/sdk's releases.

v0.1.28

Full Changelog: https://github.com/chainguard-dev/sdk/compare/v0.1.27...v0.1.28

v0.1.27

No release notes provided.

v0.1.26

Full Changelog: https://github.com/chainguard-dev/sdk/compare/v0.1.25...v0.1.26

Commits
  • e0011f8 Merge pull request #64 from chainguard-dev/create-pull-request/patch
  • 2c60333 Export 39a6127b29109de6c2e0558a2be06c538d465770
  • 2252287 Export 3d6ec1e62933baa18cb4bcf59f67f07f3b095eb7
  • aecf219 Export a11256305cff2af2df5cda3c2f169cb0986a1ff6
  • f54ceef Merge pull request #63 from chainguard-dev/create-pull-request/patch
  • 1c0a6bc Export 5de4701d8e2d6aa1c30143821a2908e5dc992721
  • ee5c6fa Export 1dfe1b41b65fb7952e2a02f57fe3b47c005d7a83
  • b35d818 Export 247e164adccd096e837a72af6d1a6de1211e7e84
  • 826ee60 Export a495c26f7533f688f74a107613846117d7d2c33d
  • 3f51298 Export c0f75e6c4205b1360c63a441e3827b40956106bf
  • Additional commits viewable in compare view


Updates cloud.google.com/go/kms from 1.20.0 to 1.20.1

Changelog

Sourced from cloud.google.com/go/kms's changelog.

Changes

1.35.0 (2024-10-23)

Features

  • documentai: Add RESOURCE_EXHAUSTED to retryable status codes for ProcessDocument method (6e69d2e)
  • documentai: Added an url for issue reporting and api short name (6e69d2e)
  • documentai: Updated the exponential backoff settings for the Document AI ProcessDocument and BatchProcessDocuments methods (6e69d2e)

Bug Fixes

  • documentai: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • documentai: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see googleapis/google-cloud-go#11020. (8bb87d5)

1.34.0 (2024-09-12)

Features

  • documentai: Add API fields for the descriptions of entity type and property in the document schema (2d5a9f9)

Bug Fixes

  • documentai: Bump dependencies (2ddeb15)

1.33.0 (2024-08-20)

Features

  • documentai: Add support for Go 1.23 iterators (84461c0)

1.32.0 (2024-08-08)

Features

  • documentai: A new field gen_ai_model_info is added to message .google.cloud.documentai.v1.ProcessorVersion (649c075)
  • documentai: A new field imageless_mode is added to message .google.cloud.documentai.v1.ProcessRequest (649c075)

Bug Fixes

  • documentai: Update google.golang.org/api to v0.191.0 (5b32644)

... (truncated)

Commits
  • 47bb902 chore: release main (#10988)
  • 2b8ca4b chore: add Protobuf warning to release notes (#11025)
  • 8bb87d5 chore: update google.golang.org/api to v0.203.0 (#11022)
  • d40fbff fix(storage): Skip only specific transport tests. (#11016)
  • ff06fc2 fix: Fix default service account tests on GCE. (#11021)
  • 6071167 feat(alloydb): add new PSC instance configuration setting and output the PSC ...
  • 15eacb9 chore: update SA used for tests (#11018)
  • e78389d chore: fix doc publish creds (#11019)
  • 1d7ee9f chore(main): release auth 0.9.9 (#11003)
  • 6e69d2e feat(texttospeech): add brand voice lite, which lets you clone a voice with j...
  • Additional commits viewable in compare view


Updates cloud.google.com/go/secretmanager from 1.14.1 to 1.14.2

Release notes

Sourced from cloud.google.com/go/secretmanager's releases.

servicecontrol: v1.14.2

1.14.2 (2024-10-23)

Bug Fixes

  • servicecontrol: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • servicecontrol: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see googleapis/google-cloud-go#11020. (2b8ca4b)

secretmanager: v1.14.2

1.14.2 (2024-10-23)

Bug Fixes

  • secretmanager: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • secretmanager: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see googleapis/google-cloud-go#11020. (2b8ca4b)

oslogin: v1.14.2

1.14.2 (2024-10-23)

Bug Fixes

  • oslogin: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • oslogin: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see googleapis/google-cloud-go#11020. (8bb87d5)

osconfig: v1.14.2

1.14.2 (2024-10-23)

Bug Fixes

  • osconfig: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • osconfig: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see googleapis/google-cloud-go#11020. (8bb87d5)
Commits


Updates github.com/chainguard-dev/terraform-infra-common from 0.6.85 to 0.6.94

Release notes

Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

v0.6.94

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.93...v0.6.94

v0.6.93

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.92...v0.6.93

v0.6.92

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.91...v0.6.92

v0.6.91

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.90...v0.6.91

v0.6.90

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.89...v0.6.90

... (truncated)

Commits
  • 0a18f93 remove spam logs (#615)
  • 7c75d58 change bad rollout to non-paging (#613)
  • 93011e1 Add disk usage metric to resource section (#614)
  • 97b27ad Add a scraper to scrape disk usage metrics (#612)
  • 2450811 build(deps): bump cloud.google.com/go/pubsub from 1.45.0 to 1.45.1 in the gom...
  • 9e87499 build(deps): bump actions/setup-go from 5.0.2 to 5.1.0 in the actions group (...
  • 8e8e388 fix dashboard, causing missing required displayName error (#609)
  • 1a622a9 default launch stage now that vpc access is GA (#608)
  • 96af9cc Add new dashboard module that removes defaulted values that generates no-op d...
  • 060b154 build(deps): bump the gomod group across 1 directory with 2 updates (#605)
  • Additional commits viewable in compare view


Updates github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.1

Security

Unclear documentation of the error behavior in ParseWithClaims in <= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by ParseWithClaims return both error codes. If users only check for the jwt.ErrTokenExpired using error.Is, they will ignore the embedded jwt.ErrTokenSignatureInvalid and thus potentially accept invalid tokens.

This issue was documented in https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r and fixed in this release.

Note: v5 was not affected by this issue. So upgrading to this release version is also recommended.

What's Changed

Full Changelog: https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1

Commits


Updates google.golang.org/api from 0.199.0 to 0.203.0

Release notes

Sourced from google.golang.org/api's releases.

v0.203.0

0.203.0 (2024-10-23)

Features

v0.202.0

0.202.0 (2024-10-22)

Features

v0.201.0

0.201.0 (2024-10-15)

Features

v0.200.0

0.200.0 (2024-10-09)

Features

Changelog

Sourced from google.golang.org/api's changelog.

0.203.0 (2024-10-23)

Features

0.202.0 (2024-10-22)

Features

0.201.0 (2024-10-15)

Features

0.200.0 (2024-10-09)

Features

Commits


Updates google.golang.org/grpc from 1.67.0 to 1.67.1

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.67.1

Bug Fixes

  • transport: Fix a bug causing stream failures due to miscalculation of the flow control window in both clients and servers. (#7667)
  • xds/server: Fix xDS Server memory leak. (#7681)
Commits


Updates k8s.io/apimachinery from 0.31.1 to 0.31.2

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
cpanato commented 2 weeks ago

@dependabot rebase

dependabot[bot] commented 2 weeks ago

Superseded by #593.