search

octo-sts / app

A GitHub App that acts like a Security Token Service (STS) for the Github API
Apache License 2.0
139 stars 15 forks source link

Bump the all group across 1 directory with 10 updates #612

Closed dependabot[bot] closed 6 days ago

dependabot[bot] commented 6 days ago

Bumps the all group with 7 updates in the / directory:

Package From To
chainguard.dev/go-grpc-kit 0.17.6 0.17.7
chainguard.dev/sdk 0.1.25 0.1.28
cloud.google.com/go/kms 1.20.0 1.20.1
cloud.google.com/go/secretmanager 1.14.1 1.14.2
github.com/chainguard-dev/terraform-infra-common 0.6.85 0.6.99
github.com/golang-jwt/jwt/v4 4.5.0 4.5.1
k8s.io/apimachinery 0.31.1 0.31.2

Updates chainguard.dev/go-grpc-kit from 0.17.6 to 0.17.7

Release notes

Sourced from chainguard.dev/go-grpc-kit's releases.

v0.17.7

What's Changed

Full Changelog: https://github.com/chainguard-dev/go-grpc-kit/compare/v0.17.6...v0.17.7

Commits
  • 29048d3 Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.22.0 to 2.23.0 in the g...
  • ff48b36 Bump actions/checkout from 4.2.1 to 4.2.2 (#322)
  • 16f9f29 Bump actions/setup-go from 5.0.2 to 5.1.0 (#323)
  • 4dc7d9f Bump actions/cache from 4.1.1 to 4.1.2 (#324)
  • 7c40fce Bump actions/setup-go from 5.0.1 to 5.0.2 (#289)
  • 1784358 Bump github.com/prometheus/client_golang in the prom group (#321)
  • da8ed9a Bump actions/cache from 4.1.0 to 4.1.1 (#319)
  • 7a8b4d9 Bump google.golang.org/protobuf from 1.34.2 to 1.35.1 (#318)
  • 541e424 Bump golang.org/x/net from 0.29.0 to 0.30.0 in the golang-org-x group (#316)
  • dcdfdf3 Bump reviewdog/action-actionlint from 1.55.0 to 1.57.0 (#312)
  • Additional commits viewable in compare view


Updates chainguard.dev/sdk from 0.1.25 to 0.1.28

Release notes

Sourced from chainguard.dev/sdk's releases.

v0.1.28

Full Changelog: https://github.com/chainguard-dev/sdk/compare/v0.1.27...v0.1.28

v0.1.27

No release notes provided.

v0.1.26

Full Changelog: https://github.com/chainguard-dev/sdk/compare/v0.1.25...v0.1.26

Commits
  • e0011f8 Merge pull request #64 from chainguard-dev/create-pull-request/patch
  • 2c60333 Export 39a6127b29109de6c2e0558a2be06c538d465770
  • 2252287 Export 3d6ec1e62933baa18cb4bcf59f67f07f3b095eb7
  • aecf219 Export a11256305cff2af2df5cda3c2f169cb0986a1ff6
  • f54ceef Merge pull request #63 from chainguard-dev/create-pull-request/patch
  • 1c0a6bc Export 5de4701d8e2d6aa1c30143821a2908e5dc992721
  • ee5c6fa Export 1dfe1b41b65fb7952e2a02f57fe3b47c005d7a83
  • b35d818 Export 247e164adccd096e837a72af6d1a6de1211e7e84
  • 826ee60 Export a495c26f7533f688f74a107613846117d7d2c33d
  • 3f51298 Export c0f75e6c4205b1360c63a441e3827b40956106bf
  • Additional commits viewable in compare view


Updates cloud.google.com/go/kms from 1.20.0 to 1.20.1

Changelog

Sourced from cloud.google.com/go/kms's changelog.

Changes

1.35.0 (2024-10-23)

Features

  • documentai: Add RESOURCE_EXHAUSTED to retryable status codes for ProcessDocument method (6e69d2e)
  • documentai: Added an url for issue reporting and api short name (6e69d2e)
  • documentai: Updated the exponential backoff settings for the Document AI ProcessDocument and BatchProcessDocuments methods (6e69d2e)

Bug Fixes

  • documentai: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • documentai: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see googleapis/google-cloud-go#11020. (8bb87d5)

1.34.0 (2024-09-12)

Features

  • documentai: Add API fields for the descriptions of entity type and property in the document schema (2d5a9f9)

Bug Fixes

  • documentai: Bump dependencies (2ddeb15)

1.33.0 (2024-08-20)

Features

  • documentai: Add support for Go 1.23 iterators (84461c0)

1.32.0 (2024-08-08)

Features

  • documentai: A new field gen_ai_model_info is added to message .google.cloud.documentai.v1.ProcessorVersion (649c075)
  • documentai: A new field imageless_mode is added to message .google.cloud.documentai.v1.ProcessRequest (649c075)

Bug Fixes

  • documentai: Update google.golang.org/api to v0.191.0 (5b32644)

... (truncated)

Commits


Updates cloud.google.com/go/secretmanager from 1.14.1 to 1.14.2

Release notes

Sourced from cloud.google.com/go/secretmanager's releases.

servicecontrol: v1.14.2

1.14.2 (2024-10-23)

Bug Fixes

  • servicecontrol: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • servicecontrol: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see googleapis/google-cloud-go#11020. (2b8ca4b)

secretmanager: v1.14.2

1.14.2 (2024-10-23)

Bug Fixes

  • secretmanager: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • secretmanager: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see googleapis/google-cloud-go#11020. (2b8ca4b)

oslogin: v1.14.2

1.14.2 (2024-10-23)

Bug Fixes

  • oslogin: Update google.golang.org/api to v0.203.0 (8bb87d5)
  • oslogin: WARNING: On approximately Dec 1, 2024, an update to Protobuf will change service registration function signatures to use an interface instead of a concrete type in generated .pb.go files. This change is expected to affect very few if any users of this client library. For more information, see googleapis/google-cloud-go#11020. (8bb87d5)
Commits


Updates github.com/chainguard-dev/terraform-infra-common from 0.6.85 to 0.6.99

Release notes

Sourced from github.com/chainguard-dev/terraform-infra-common's releases.

v0.6.99

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.98...v0.6.99

v0.6.98

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.97...v0.6.98

v0.6.97

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.96...v0.6.97

v0.6.96

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.95...v0.6.96

v0.6.95

What's Changed

Full Changelog: https://github.com/chainguard-dev/terraform-infra-common/compare/v0.6.94...v0.6.95

v0.6.94

What's Changed

... (truncated)

Commits
  • 88ddce4 github sdk: add helper functions to get github releases from a tag and file c...
  • efcc3b8 build(deps): bump the gomod group with 2 updates (#629)
  • f6ed5ab alerting: dont create metrics for squad alerts (#628)
  • 5d96ab7 build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 in the gom...
  • 7a988e7 add support for pubsub channel in alerting module (#626)
  • b2e995e make squad not required for core infra modules (#625)
  • 11acf08 require squad for cloud run services/jobs, and allow alerting based on squad ...
  • cd7e21d build(deps): bump chainguard.dev/go-grpc-kit from 0.17.6 to 0.17.7 in the gom...
  • 2c14aab build(deps): bump the gomod group across 1 directory with 12 updates (#621)
  • f97480f alerts: include documentation and links in alert (#622)
  • Additional commits viewable in compare view


Updates github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1

Release notes

Sourced from github.com/golang-jwt/jwt/v4's releases.

v4.5.1

Security

Unclear documentation of the error behavior in ParseWithClaims in <= 4.5.0 could lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by ParseWithClaims return both error codes. If users only check for the jwt.ErrTokenExpired using error.Is, they will ignore the embedded jwt.ErrTokenSignatureInvalid and thus potentially accept invalid tokens.

This issue was documented in https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r and fixed in this release.

Note: v5 was not affected by this issue. So upgrading to this release version is also recommended.

What's Changed

Full Changelog: https://github.com/golang-jwt/jwt/compare/v4.5.0...v4.5.1

Commits


Updates golang.org/x/oauth2 from 0.23.0 to 0.24.0

Commits


Updates google.golang.org/api from 0.199.0 to 0.206.0

Release notes

Sourced from google.golang.org/api's releases.

v0.206.0

0.206.0 (2024-11-14)

Features

v0.205.0

0.205.0 (2024-11-06)

Features

v0.204.0

0.204.0 (2024-10-31)

Features

Bug Fixes

  • transport/grpc: Pass through cert source to new auth lib (#2840) (c67e7c0)

Documentation

... (truncated)

Changelog

Sourced from google.golang.org/api's changelog.

0.206.0 (2024-11-14)

Features

0.205.0 (2024-11-06)

Features

0.204.0 (2024-10-31)

Features

Bug Fixes

  • transport/grpc: Pass through cert source to new auth lib (#2840) (c67e7c0)

Documentation

0.203.0 (2024-10-23)

... (truncated)

Commits


Updates google.golang.org/grpc from 1.67.0 to 1.68.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.68.0

Known Issues

  • The recently added grpc.NewClient function is incompatible with forward proxies, because it resolves the target hostname on the client instead of passing the hostname to the proxy. This bug has been present since the introduction of NewClient. A fix is expected to be a part of grpc-go v1.69. (#7556)

Behavior Changes

  • stats/opentelemetry/csm: Get mesh_id local label from "CSM_MESH_ID" environment variable, rather than parsing from bootstrap file (#7740)
  • orca (experimental): if using an ORCA listener, it must now be registered only on a READY SubConn, and the listener will automatically be stopped when the connection is lost. (#7663)
  • client: ClientConn.Close() now closes transports simultaneously and waits for transports to be closed before returning. (#7666)
  • credentials: TLS credentials created via NewTLS that use tls.Config.GetConfigForClient will now have CipherSuites, supported TLS versions and ALPN configured automatically. These were previously only set for configs not using the GetConfigForClient option. (#7709)

Bug Fixes

  • transport: prevent deadlock in client transport shutdown when writing the GOAWAY frame hangs. (#7662)
  • mem: reuse buffers more accurately by using slice capacity instead of length (#7702)
  • status: Fix regression caused by #6919 in status.Details() causing it to return a wrapped type when getting proto messages generated with protoc-gen-go < v1. (#7724)

Dependencies

  • Bump minimum supported Go version to go1.22.7. (#7624)

Release 1.67.1

Bug Fixes

  • transport: Fix a bug causing stream failures due to miscalculation of the flow control window in both clients and servers. (#7667)
  • xds/server: Fix xDS Server memory leak. (#7681)
Commits
  • acba4d3 Change version to 1.68.0 (#7743)
  • 5363dca credentials: Apply defaults to TLS configs provided through GetConfigForClien...
  • 056dc64 status: Fix status incompatibility introduced by #6919 and move non-regenerat...
  • b79fb61 mem: use slice capacity instead of length, to determine whether to pool buffe...
  • 54841ef stats/opentelemetry/csm: Get mesh_id local label from "CSM_MESH_ID" environme...
  • ad81c20 pickfirstleaf: minor simplification to reconcileSubConnsLocked method (#7731)
  • b850ea5 transport : wait for goroutines to exit before transport closes (#7666)
  • 00b9e14 pickfirst: New pick first policy for dualstack (#7498)
  • 18a4eac testutils: add couple of log statements to the restartable listener type (#7716)
  • fdc2ec2 xdsclient: deflake TestADS_ResourcesAreRequestedAfterStreamRestart (#7720)
  • Additional commits viewable in compare view


Updates k8s.io/apimachinery from 0.31.1 to 0.31.2

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
dependabot[bot] commented 6 days ago

Looks like these dependencies are updatable in another way, so this is no longer needed.