search

open-component-model / MPAS

Repository for the Core of MPAS.
Apache License 2.0
1 stars 1 forks source link

build(deps): bump the go group across 1 directory with 30 updates #222

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 4 months ago

Bumps the go group with 12 updates in the / directory:

Package From To
github.com/containers/image/v5 5.23.0 5.31.0
github.com/fluxcd/flux2/v2 2.0.0-rc.3 2.3.0
github.com/gabriel-vasile/mimetype 1.4.3 1.4.4
github.com/mandelsoft/vfs 0.0.0-20230713123140-269aa4fb1338 0.4.3
github.com/open-component-model/git-controller 0.9.0 0.12.1
github.com/open-component-model/mpas-project-controller 0.4.0 0.6.1
github.com/open-component-model/ocm-e2e-framework 0.7.0 0.9.1
github.com/open-component-model/replication-controller 0.11.0 0.13.1
github.com/oras-project/oras-credentials-go 0.2.0 0.4.0
github.com/spf13/cobra 1.8.0 1.8.1
sigs.k8s.io/cli-utils 0.35.0 0.36.0
sigs.k8s.io/e2e-framework 0.2.0 0.4.0

Updates github.com/containers/image/v5 from 5.23.0 to 5.31.0

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.31.0

What's Changed

... (truncated)

Commits
  • b5a7587 Bump c/image to v5.31.0
  • 21ac79b Merge pull request #2428 from mtrmac/als-toc-fixes
  • 45f4f23 Don't completely ignore already-computed image size if we see an ALS layer
  • 27516f3 Don't modify a storage.Layer returned by c/storage
  • c2327e4 Don't unnecessarily trust the ALS FUSE server about the TOC digest
  • db02dee Merge pull request #2426 from containers/renovate/github.com-containers-stora...
  • 6db27e1 fix(deps): update module github.com/containers/storage to v1.54.0
  • cf26b3c Merge pull request #2416 from ktock/store-tocdigest-id
  • 52101a0 getSize: allow unknown uncompressed size
  • ebbd025 Enable to pass TOCDigest to Additional Layer Store
  • Additional commits viewable in compare view


Updates github.com/cyphar/filepath-securejoin from 0.2.4 to 0.2.5

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.2.5

This release makes some minor improvements to SecureJoin:

  • Some changes were made to how lexical components are handled during resolution. There is no change in behaviour, and both implementations are safe, however the newer implementation is much easier to reason about.

  • The error returned when a symlink loop has been detected will now reference the correct path. #10

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

Commits
  • d861a11 VERSION: release v0.2.5
  • 87bc53a join: fix ELOOP error path
  • e9be397 join: don't allow .. and . in working path during resolution
  • 75cdbea gha: update Go versions
  • b69b737 VERSION: back to development
  • See full diff in compare view


Updates github.com/fatih/color from 1.15.0 to 1.16.0

Release notes

Sourced from github.com/fatih/color's releases.

v1.16.0

What's Changed

Dependency updates

New Contributors

Full Changelog: https://github.com/fatih/color/compare/v1.15.0...v1.16.0

Commits
  • 0f9779e Merge pull request #213 from fatih/dependabot/go_modules/golang.org/x/sys-0.14.0
  • 0c78604 Bump golang.org/x/sys from 0.13.0 to 0.14.0
  • 96e0f73 Merge pull request #208 from fatih/dependabot/github_actions/actions/checkout-4
  • 4c66e32 Bump actions/checkout from 3 to 4
  • 2fb03d6 Merge pull request #202 from fatih/dependabot/github_actions/actions/setup-go-4
  • 8ba7bbd Bump actions/setup-go from 3 to 4
  • e3f97f3 Merge pull request #209 from fatih/dependabot/go_modules/golang.org/x/sys-0.13.0
  • e146575 Bump golang.org/x/sys from 0.10.0 to 0.13.0
  • d2d7a5e Merge pull request #212 from fatih/dependabot/go_modules/github.com/mattn/go-...
  • f3e45da Merge branch 'main' into dependabot/go_modules/github.com/mattn/go-isatty-0.0.20
  • Additional commits viewable in compare view


Updates github.com/fluxcd/flux2/v2 from 2.0.0-rc.3 to 2.3.0

Release notes

Sourced from github.com/fluxcd/flux2/v2's releases.

v2.3.0

Highlights

Flux v2.3.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a compressive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.3 GA blog post.

This release marks the General Availability (GA) of Flux Helm features and APIs, including helm-controller, the HelmRelease, HelmChart, and HelmRepository APIs.

The HelmRepository v2 API comes with new features, such as the ability to reference Helm charts from OCIRepository sources, reuse existing HelmChart resources, and verify the integrity of Helm chart artifacts signed with Notary Notation.

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

Kubernetes version Minimum required
v1.28 >= 1.28.0
v1.29 >= 1.29.0
v1.30 >= 1.30.0

[!NOTE] Note that the Flux project offers support only for the latest three minor versions of Kubernetes. Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as ControlPlane that provide enterprise support for Flux.

API changes

HelmRelease v2

The HelmRelease kind was promoted from v2beta2 to v2 (GA).

The v2 API is backwards compatible with v2beta2, with the exception of the deprecated fields which have been removed.

Removed fields:

  • .spec.chart.spec.valuesFile replaced by .spec.chart.spec.valuesFiles.
  • .spec.postRenderers.kustomize.patchesJson6902 replaced by .spec.postRenderers.kustomize.patches.
  • .spec.postRenderers.kustomize.patchesStrategicMerge replaced by .spec.postRenderers.kustomize.patches.
  • .status.lastAppliedRevision replaced by .status.history.chartVersion.

New fields:

  • .spec.chartRef allows referencing chart artifacts from OCIRepository and HelmChart objects.
  • .spec.chart.spec.ignoreMissingValuesFiles allows ignoring missing values files instead of failing to reconcile.

HelmChart v1

... (truncated)

Commits
  • 896e0fa Merge pull request #4785 from fluxcd/dependabot/github_actions/ci-f6abfb4cf0
  • 8d75df8 build(deps): bump the ci group with 3 updates
  • dd7ef7d Merge pull request #4766 from fluxcd/reconcile-hr-with-chartref
  • 5feee5c Add support for creating HR with .spec.ChartRef
  • 0d0285a Enable reconciling HelmReleases with ChartRef
  • 86b3581 Merge pull request #4783 from fluxcd/conformance-tests
  • 32804f6 ci: Consolidate conformance tests
  • 070fa0f Merge pull request #4781 from fluxcd/drop-kubernetes-eol
  • 9ef9464 Update kubectl to 1.30.0 in flux-cli image
  • d8e6199 Set Kubernetes 1.28 as min required version
  • Additional commits viewable in compare view


Updates github.com/fluxcd/go-git-providers from 0.18.1-0.20230706132206-211750e8915d to 0.20.1

Release notes

Sourced from github.com/fluxcd/go-git-providers's releases.

v0.20.1

CHANGELOG

  • PR #271 Update go-github to v61

v0.20.0

CHANGELOG

  • PR #270 Update dependencies to Go 1.22
  • PR #266 build(deps): bump the ci group with 2 updates
  • PR #265 Update Soule BA Affiliation
  • PR #263 Change Max's affiliation to Associmates
  • PR #262 Change Stefan Prodan's affiliation to ControlPlane

v0.19.3

CHANGELOG

  • PR #261 Adapt workflows
  • PR #260 build(deps): bump the ci group with 2 updates
  • PR #259 Updating dependencies and fix go-git CVE
  • PR #257 changing Soule info
  • PR #256 github: fix defer in for loop

v0.19.2

CHANGELOG

  • PR #254 Updating dependencies
  • PR #253 build(deps): bump the ci group with 1 update

v0.19.1

CHANGELOG

  • PR #252 build(deps): bump golang.org/x/net from 0.16.0 to 0.17.0

v0.19.0

CHANGELOG

  • PR #250 Validate user ref when creating user repository
  • PR #249 updating go and dependencies versions
  • PR #248 build(deps): bump the ci group with 1 update
  • PR #247 build(deps): bump the ci group with 2 updates
  • PR #246 build(deps): bump the ci group with 1 update
  • PR #244 build(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3
  • PR #243 build(deps): bump the ci group with 1 update
  • PR #242 ci: Group dependabot updates
  • PR #241 build(deps): bump actions/checkout from 3.5.3 to 3.6.0
  • PR #240 build(deps): bump actions/setup-go from 4.0.1 to 4.1.0
  • PR #238 Pin GitLab version in e2e tests
  • PR #237 fix panic when gitea commit object contains nil pointers
Commits


Updates github.com/fluxcd/kustomize-controller/api from 1.1.0 to 1.3.0

Release notes

Sourced from github.com/fluxcd/kustomize-controller/api's releases.

v1.3.0

Changelog

v1.3.0 changelog

Container images

  • docker.io/fluxcd/kustomize-controller:v1.3.0
  • ghcr.io/fluxcd/kustomize-controller:v1.3.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.2

Changelog

v1.2.2 changelog

Container images

  • docker.io/fluxcd/kustomize-controller:v1.2.2
  • ghcr.io/fluxcd/kustomize-controller:v1.2.2

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.1

Changelog

v1.2.1 changelog

Container images

  • docker.io/fluxcd/kustomize-controller:v1.2.1
  • ghcr.io/fluxcd/kustomize-controller:v1.2.1

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.0

Changelog

... (truncated)

Changelog

Sourced from github.com/fluxcd/kustomize-controller/api's changelog.

1.3.0

Release date: 2024-05-06

This minor release comes with new features, improvements and bug fixes.

The controller has been updated to Kustomize v5.4, please see the kubernetes-sigs/kustomize changelog for more details.

The Flux Kustomization API gains two optional fields .spec.namePrefix and .spec.nameSuffix that can be used to specify a prefix and suffix to be added to the names of all managed resources.

The controller now supports the --feature-gates=StrictPostBuildSubstitutions=true flag, when enabled the post-build substitutions will fail if a variable without a default value is declared in files but is missing from the input vars.

When using variable substitution with values that are numbers or booleans, it is now possible to covert the values to strings, for more details see the post-build documentation.

In addition, the controller dependencies have been updated to Kubernetes v1.30 and controller-runtime v0.18. Various other dependencies have also been updated to their latest version to patch upstream CVEs.

Lastly, the controller is now built with Go 1.22.

Improvements:

  • Implement name prefix/suffix transformers #1134
  • Add StrictPostBuildSubstitutions feature flag #1130
  • Document how to use numbers and booleans in post build substitutions #1129
  • Remove deprecated aad pod identity from API docs #1152
  • api: Refer condition type constants from fluxcd/pkg/apis #1144
  • Update dependencies to Kustomize v5.4.0 #1128
  • Various dependency updates #1155 #1121 #1139 #1122

Fixes:

  • Fix requeue warning introduced by controller-runtime

... (truncated)

Commits
  • 83fbfee Merge pull request #1157 from fluxcd/release-v1.3.0
  • 458d7e2 Release v1.3.0
  • 4a02b3f Add changelog entry for v1.3.0
  • 882f6a7 Merge pull request #1154 from fluxcd/dependabot/github_actions/ci-b23e0286c6
  • dfcd4ed Merge pull request #1155 from fluxcd/source-controller-1.3.0
  • e81120a build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 in the ci group
  • 780954f Update source-controller API to v1.3.0
  • 99792de Merge pull request #1152 from dipti-pai/remove-deprecated-aad-podidentity-ref
  • fc663de Remove references aad pod identity
  • f0f9b03 Merge pull request #1149 from fluxcd/dependabot/github_actions/ci-cfa2b75493
  • Additional commits viewable in compare view


Updates github.com/fluxcd/pkg/apis/meta from 1.1.2 to 1.5.0

Commits
  • e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
  • 2b974af Update sigs.k8s.io/controller-tools to v0.15.0
  • 52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
  • c906252 Update dependencies to Kubernetes 1.30
  • 92c1348 Merge pull request #764 from fluxcd/dependabot/github_actions/ci-e44cfae560
  • ccb916a build(deps): bump the ci group with 3 updates
  • 6081556 Merge pull request #761 from fluxcd/kustomize-name-prefix-suffix
  • abf5675 kustomize: Add support for namePrefix and nameSuffix
  • 98d2522 Merge pull request #760 from fluxcd/dependabot/github_actions/ci-8f082d4f6d
  • efcd824 build(deps): bump docker/setup-buildx-action in the ci group
  • Additional commits viewable in compare view


Updates github.com/fluxcd/pkg/git from 0.11.0 to 0.19.0

Commits
  • e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
  • 2b974af Update sigs.k8s.io/controller-tools to v0.15.0
  • 52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
  • c906252 Update dependencies to Kubernetes 1.30
  • 92c1348 Merge pull request #764 from fluxcd/dependabot/github_actions/ci-e44cfae560
  • ccb916a build(deps): bump the ci group with 3 updates
  • 6081556 Merge pull request #761 from fluxcd/kustomize-name-prefix-suffix
  • abf5675 kustomize: Add support for namePrefix and nameSuffix
  • 98d2522 Merge pull request #760 from fluxcd/dependabot/github_actions/ci-8f082d4f6d
  • efcd824 build(deps): bump docker/setup-buildx-action in the ci group
  • Additional commits viewable in compare view


Updates github.com/fluxcd/pkg/git/gogit from 0.8.1 to 0.19.0

Commits
  • e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
  • 2b974af Update sigs.k8s.io/controller-tools to v0.15.0
  • 52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
  • c906252 Update dependencies to Kubernetes 1.30
  • 92c1348 Merge pull request #764 from fluxcd/dependabot/github_actions/ci-e44cfae560
  • ccb916a build(deps): bump the ci group with 3 updates
  • 6081556 Merge pull request #761 from fluxcd/kustomize-name-prefix-suffix
  • abf5675 kustomize: Add support for namePrefix and nameSuffix
  • 98d2522 Merge pull request #760 from fluxcd/dependabot/github_actions/ci-8f082d4f6d
  • efcd824 build(deps): bump docker/setup-buildx-action in the ci group
  • Additional commits viewable in compare view


Updates github.com/fluxcd/pkg/kustomize from 1.3.4 to 1.11.0

Commits
  • 3790516 Merge pull request #767 from fluxcd/up-internal-deps
  • 37ea30c Update internal dependencies
  • e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
  • 2b974af Update sigs.k8s.io/controller-tools to v0.15.0
  • 52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
  • c906252 Update dependencies to Kubernetes 1.30
  • 92c1348 Merge pull request #764 from fluxcd/dependabot/github_actions/ci-e44cfae560
  • ccb916a build(deps): bump the ci group with 3 updates
  • 6081556 Merge pull request #761 from fluxcd/kustomize-name-prefix-suffix
  • abf5675 kustomize: Add support for namePrefix and nameSuffix
  • Additional commits viewable in compare view


Updates github.com/fluxcd/pkg/ssa from 0.28.2 to 0.39.1

Commits
  • adcfcbe Merge pull request #769 from fluxcd/controller-runtime-v0.18.1
  • 0e74a82 Update runtime pkg docs
  • b329d92 Update dependencies to controller-runtime v0.18.1
  • d0bf8ed Merge pull request #768 from fluxcd/dependabot/github_actions/ci-b93eff89fb
  • 14f05d7 build(deps): bump actions/checkout from 4.1.3 to 4.1.4 in the ci group
  • 3790516 Merge pull request #767 from fluxcd/up-internal-deps
  • 37ea30c Update internal dependencies
  • e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
  • 2b974af Update sigs.k8s.io/controller-tools to v0.15.0
  • 52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
  • Additional commits viewable in compare view


Updates github.com/fluxcd/source-controller/api from 1.1.0 to 1.3.0

Release notes

Sourced from github.com/fluxcd/source-controller/api's releases.

v1.3.0

Changelog

v1.3.0 changelog

Container images

  • docker.io/fluxcd/source-controller:v1.3.0
  • ghcr.io/fluxcd/source-controller:v1.3.0

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.5

Changelog

v1.2.5 changelog

Container images

  • docker.io/fluxcd/source-controller:v1.2.5
  • ghcr.io/fluxcd/source-controller:v1.2.5

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.4

Changelog

v1.2.4 changelog

Container images

  • docker.io/fluxcd/source-controller:v1.2.4
  • ghcr.io/fluxcd/source-controller:v1.2.4

Supported architectures: linux/amd64, linux/arm64 and linux/arm/v7.

The container images are built on GitHub hosted runners and are signed with cosign and GitHub OIDC. To verify the images and their provenance (SLSA level 3), please see the security documentation.

v1.2.3

Changelog

... (truncated)

Changelog

Sourced from github.com/fluxcd/source-controller/api's changelog.

1.3.0

Release date: 2024-05-03

This minor release promotes the Helm APIs to GA, and comes with new features, improvements and bug fixes.

HelmRepository

The HelmRepository API has been promoted from v1beta2 to v1 (GA). The v1 API is backwards compatible with v1beta2.

For HelmRepository of type oci, the .spec.insecure field allows connecting over HTTP to an insecure non-TLS container registry.

To upgrade from v1beta2, after deploying the new CRD and controller, set apiVersion: source.toolkit.fluxcd.io/v1 in the YAML files that contain HelmRepository definitions. Bumping the API version in manifests can be done gradually. It is advised not to delay this procedure as the beta versions will be removed after 6 months.

HelmChart

The HelmChart API have been promoted from v1beta2 to v1 (GA). The v1 API is backwards compatible with v1beta2, with the exception of the removal of the deprecated field .spec.valuesFile which was replaced with spec.valuesFiles.

The HelmChart API was extended with support for Notation signature verification of Helm OCI charts.

A new optional field .spec.ignoreMissingValuesFiles has been added, which allows the controller to ignore missing values files rather than failing to reconcile the HelmChart.

OCIRepository

The OCIRepository API was extended with support for Notation signature verification of OCI artifacts.

A new optional field .spec.ref.semverFilter has been added, which allows the controller to filter the tags based on regular expressions before applying the semver range. This allows picking the latest release candidate instead of the latest stable release.

In addition, the controller has been updated to Kubernetes v1.30.0, Helm v3.14.4, and various other dependencies to their latest version to patch upstream CVEs.

... (truncated)

Commits
  • a80a99b Merge pull request #1472 from fluxcd/release-v1.3.0
  • 70901f8 Release v1.3.0
  • 05ab8b1 Add changelog entry for v1.3.0
  • c9bf167 Merge pull request #1298 from fluxcd/phony-build
  • cc3d495 ci: Print controller logs after e2e run
  • 0bd5b95 Rename make target build to manager
  • edccfe9 Merge pull request #1470 from fluxcd/dependabot/github_actions/ci-b23e0286c6
  • 9ce2d61 build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 in the ci group
  • 16eeeef Merge pull request #1469 from fluxcd/dependabot/go_modules/go-deps-4411c5bc33
  • 8598b8d build(deps): bump google.golang.org/api
  • Additional commits viewable in compare view


Updates github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.4

Release notes

Sourced from github.com/gabriel-vasile/mimetype's releases.

v1.4.4

What's Changed

Security fixes:

Update golang.org/x/net to latest. Fixes: CVE-2023-45288

Performance improvements:

Benchmarks:

before:
BenchmarkText/application/x-ndjson-8              663314              2027 ns/op            4306 B/op          6 allocs/op
BenchmarkSliceRand-8                              688160              1690 ns/op             728 B/op         75 allocs/op
BenchmarkSrt-8                                    946042              1089 ns/op            4240 B/op          5 allocs/op
after:
BenchmarkText/application/x-ndjson-8             1930292               678.6 ns/op           160 B/op          4 allocs/op
BenchmarkSliceRand-8                             1232066              1173 ns/op             160 B/op          4 allocs/op
BenchmarkSrt-8                                   3235448               368.8 ns/op            64 B/op          2 allocs/op

New Contributors

Full Changelog: https://github.com/gabriel-vasile/mimetype/compare/v1.4.3...v1.4.4

Commits
  • 43192c8 Bump the github-actions group across 1 directory with 3 updates (#534)
  • 07821d3 Using io.ReadAll instead of ioutil.ReadAll (#525)
  • 9bd6023 github actions & readme: remove codecov badge (#533)
  • ff4d3d0 improve performance for text detection (#532)
  • bc511b8 add defaultLimit and use it when resetting back (#531)
  • 341c422 Improve x-subrip detection performance (#524)
  • 043efb9 fix benchmark files order (#518)
  • fd7639e ftyp: exit asap to prevent mem allocs (#517)
  • 889166d Merge pull request #505 from gabri... _Description has been truncated_
github-actions[bot] commented 4 months ago

Mend Scan Summary: :x:

Repository: open-component-model/MPAS

VIOLATION DESCRIPTION NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES 3
MAJOR UPDATES AVAILABLE 0
LICENSE REQUIRES REVIEW 0
LICENSE RISK HIGH 7
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY 0

Detailed Logs: mend-scan-> Generate Report Mend UI

dependabot[bot] commented 4 months ago

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml