search

open-component-model / ocm

Open Component Model (Software Bill of Delivery) Toolset
https://ocm.software
Apache License 2.0
34 stars 23 forks source link

Bump the go group with 26 updates #691

Closed dependabot[bot] closed 7 months ago

dependabot[bot] commented 7 months ago

Bumps the go group with 26 updates:

Package From To
github.com/aws/aws-sdk-go-v2 1.25.2 1.25.3
github.com/aws/aws-sdk-go-v2/config 1.27.4 1.27.7
github.com/aws/aws-sdk-go-v2/credentials 1.17.4 1.17.7
github.com/aws/aws-sdk-go-v2/feature/s3/manager 1.16.6 1.16.9
github.com/aws/aws-sdk-go-v2/service/ecr 1.27.1 1.27.2
github.com/aws/aws-sdk-go-v2/service/s3 1.51.1 1.51.4
github.com/containers/image/v5 5.29.2 5.30.0
github.com/cyberphone/json-canonicalization 0.0.0-20231011164504-785e29786b46 0.0.0-20231217050601-ba74d44ecf5f
github.com/docker/cli 24.0.7+incompatible 25.0.3+incompatible
github.com/docker/docker 24.0.7+incompatible 25.0.3+incompatible
github.com/go-openapi/strfmt 0.22.1 0.22.2
github.com/go-openapi/swag 0.22.9 0.22.10
github.com/klauspost/compress 1.17.4 1.17.7
github.com/onsi/ginkgo/v2 2.15.0 2.16.0
github.com/opencontainers/image-spec 1.1.0-rc5 1.1.0
github.com/sigstore/rekor 1.3.4 1.3.5
github.com/sigstore/sigstore 1.8.1 1.8.2
golang.org/x/exp 0.0.0-20240103183307-be819d1f06fc 0.0.0-20240222234643-814bf88cf225
golang.org/x/net 0.20.0 0.22.0
golang.org/x/oauth2 0.16.0 0.18.0
k8s.io/api 0.29.0 0.29.2
k8s.io/apiextensions-apiserver 0.29.0 0.29.2
k8s.io/apimachinery 0.29.0 0.29.2
k8s.io/cli-runtime 0.29.0 0.29.2
k8s.io/client-go 0.29.0 0.29.2
sigs.k8s.io/controller-runtime 0.16.3 0.17.2

Updates github.com/aws/aws-sdk-go-v2 from 1.25.2 to 1.25.3

Commits


Updates github.com/aws/aws-sdk-go-v2/config from 1.27.4 to 1.27.7

Commits


Updates github.com/aws/aws-sdk-go-v2/credentials from 1.17.4 to 1.17.7

Changelog

Sourced from github.com/aws/aws-sdk-go-v2/credentials's changelog.

Release (2023-03-21)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/aws-sdk-go-v2/service/chimesdkmessaging: v1.13.0
    • Feature: Amazon Chime SDK messaging customers can now manage streaming configuration for messaging data for archival and analysis.
  • github.com/aws/aws-sdk-go-v2/service/cleanrooms: v1.1.0
    • Feature: GA Release of AWS Clean Rooms, Added Tagging Functionality
  • github.com/aws/aws-sdk-go-v2/service/ec2: v1.91.0
    • Feature: This release adds support for AWS Network Firewall, AWS PrivateLink, and Gateway Load Balancers to Amazon VPC Reachability Analyzer, and it makes the path destination optional as long as a destination address in the filter at source is provided.
  • github.com/aws/aws-sdk-go-v2/service/internal/s3shared: v1.14.0
    • Feature: port v1 sdk 100-continue http header customization for s3 PutObject/UploadPart request and enable user config
  • github.com/aws/aws-sdk-go-v2/service/iotsitewise: v1.28.0
    • Feature: Provide support for tagging of data streams and enabling tag based authorization for property alias
  • github.com/aws/aws-sdk-go-v2/service/mgn: v1.18.0
    • Feature: This release introduces the Import and export feature and expansion of the post-launch actions
  • github.com/aws/aws-sdk-go-v2/service/s3: v1.31.0
    • Feature: port v1 sdk 100-continue http header customization for s3 PutObject/UploadPart request and enable user config

Release (2023-03-20)

Module Highlights

  • github.com/aws/aws-sdk-go-v2/service/applicationautoscaling: v1.19.0
    • Feature: With this release customers can now tag their Application Auto Scaling registered targets with key-value pairs and manage IAM permissions for all the tagged resources centrally.
  • github.com/aws/aws-sdk-go-v2/service/neptune: v1.20.0
    • Feature: This release makes following few changes. db-cluster-identifier is now a required parameter of create-db-instance. describe-db-cluster will now return PendingModifiedValues and GlobalClusterIdentifier fields in the response.
  • github.com/aws/aws-sdk-go-v2/service/s3outposts: v1.16.0
    • Feature: S3 On Outposts added support for endpoint status, and a failed endpoint reason, if any
  • github.com/aws/aws-sdk-go-v2/service/workdocs: v1.14.0
    • Feature: This release adds a new API, SearchResources, which enable users to search through metadata and content of folders, documents, document versions and comments in a WorkDocs site.

Release (2023-03-17)

Module Highlights

  • github.com/aws/aws-sdk-go-v2/service/billingconductor: v1.6.0
    • Feature: This release adds a new filter to ListAccountAssociations API and a new filter to ListBillingGroups API.
  • github.com/aws/aws-sdk-go-v2/service/configservice: v1.30.0
    • Feature: This release adds resourceType enums for types released from October 2022 through February 2023.
  • github.com/aws/aws-sdk-go-v2/service/databasemigrationservice: v1.25.0
    • Feature: S3 setting to create AWS Glue Data Catalog. Oracle setting to control conversion of timestamp column. Support for Kafka SASL Plain authentication. Setting to map boolean from PostgreSQL to Redshift. SQL Server settings to force lob lookup on inline LOBs and to control access of database logs.

Release (2023-03-16)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/aws-sdk-go-v2/config: v1.18.18

... (truncated)

Commits
  • 390cf19 Release 2023-03-21
  • c37c72a Regenerated Clients
  • d1e5193 Update endpoints model
  • 2506101 Update API model
  • c93b5cc Merge pull request #2051 from aws/add100ContinueCustomization
  • c01aac6 Keep one changelog for PR
  • 3780faa Keep one changelog for PR
  • b94b5b7 Merge remote-tracking branch 'origin/add100ContinueCustomization' into add100...
  • 6174ff2 Change some variable name and use operation shape id to represent operation s...
  • 83491fc add changelog to last commit
  • Additional commits viewable in compare view


Updates github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.16.6 to 1.16.9

Changelog

Sourced from github.com/aws/aws-sdk-go-v2/feature/s3/manager's changelog.

Release (2022-08-08)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/aws-sdk-go-v2: v1.16.9
    • Bug Fix: aws/signer/v4: Fixes a panic in SDK's handling of endpoint URLs with ports by correcting how URL path is parsed from opaque URLs. Fixes #1294.
  • github.com/aws/aws-sdk-go-v2/service/glue: v1.29.0
    • Feature: Add an option to run non-urgent or non-time sensitive Glue Jobs on spare capacity
  • github.com/aws/aws-sdk-go-v2/service/identitystore: v1.14.10
    • Documentation: Documentation updates to reflect service rename - AWS IAM Identity Center (successor to AWS Single Sign-On)
  • github.com/aws/aws-sdk-go-v2/service/iotwireless: v1.21.0
    • Feature: AWS IoT Wireless release support for sidewalk data reliability.
  • github.com/aws/aws-sdk-go-v2/service/pinpoint: v1.17.0
    • Feature: Adds support for Advance Quiet Time in Journeys. Adds RefreshOnSegmentUpdate and WaitForQuietTime to JourneyResponse.
  • github.com/aws/aws-sdk-go-v2/service/quicksight: v1.23.2
    • Documentation: A series of documentation updates to the QuickSight API reference.
  • github.com/aws/aws-sdk-go-v2/service/sso: v1.11.14
    • Documentation: Documentation updates to reflect service rename - AWS IAM Identity Center (successor to AWS Single Sign-On)
  • github.com/aws/aws-sdk-go-v2/service/ssoadmin: v1.15.2
    • Documentation: Documentation updates to reflect service rename - AWS IAM Identity Center (successor to AWS Single Sign-On)
  • github.com/aws/aws-sdk-go-v2/service/ssooidc: v1.12.12
    • Documentation: Documentation updates to reflect service rename - AWS IAM Identity Center (successor to AWS Single Sign-On)

Release (2022-08-04)

Module Highlights

  • github.com/aws/aws-sdk-go-v2/service/chimesdkmeetings: v1.13.0
    • Feature: Adds support for Tags on Amazon Chime SDK WebRTC sessions
  • github.com/aws/aws-sdk-go-v2/service/configservice: v1.24.0
    • Feature: Add resourceType enums for Athena, GlobalAccelerator, Detective and EC2 types
  • github.com/aws/aws-sdk-go-v2/service/databasemigrationservice: v1.21.3
    • Documentation: Documentation updates for Database Migration Service (DMS).
  • github.com/aws/aws-sdk-go-v2/service/iot: v1.28.0
    • Feature: The release is to support attach a provisioning template to CACert for JITP function, Customer now doesn't have to hardcode a roleArn and templateBody during register a CACert to enable JITP.

Release (2022-08-03)

Module Highlights

  • github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider: v1.18.0
    • Feature: Add a new exception type, ForbiddenException, that is returned when request is not allowed
  • github.com/aws/aws-sdk-go-v2/service/wafv2: v1.22.0
    • Feature: You can now associate an AWS WAF web ACL with an Amazon Cognito user pool.

Release (2022-08-02)

Module Highlights

  • github.com/aws/aws-sdk-go-v2/service/licensemanagerusersubscriptions: v1.0.0
    • Release: New AWS service client module

... (truncated)

Commits


Updates github.com/aws/aws-sdk-go-v2/service/ecr from 1.27.1 to 1.27.2

Commits


Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.1 to 1.51.4

Commits


Updates github.com/containers/image/v5 from 5.29.2 to 5.30.0

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.30.0

What's Changed

A fair number of improvements when working with zstd and zstd:chunked-compressed images.

Note that make install now installs policy.json and registries.d/default.yaml.

New Contributors

Full Changelog: https://github.com/containers/image/compare/v5.29.2...v5.30.0

Commits
  • b29bde5 Bump to v5.30.0
  • 3cc0bb4 Merge pull request #2328 from containers/renovate/github.com-containers-stora...
  • 169d6f5 fix(deps): update module github.com/containers/storage to v1.53.0
  • ed96328 Merge pull request #2330 from containers/renovate/golang.org-x-oauth2-0.x
  • d097f7f fix(deps): update module golang.org/x/oauth2 to v0.18.0
  • 5dbfa1c Merge pull request #2329 from containers/renovate/golang.org-x-crypto-0.x
  • 99369af fix(deps): update module golang.org/x/crypto to v0.21.0
  • b457769 Merge pull request #2326 from containers/renovate/go-openapi
  • 23e4c1d fix(deps): update go-openapi packages
  • faa4f4f Merge pull request #2325 from containers/renovate/github.com-stretchr-testify...
  • Additional commits viewable in compare view


Updates github.com/cyberphone/json-canonicalization from 0.0.0-20231011164504-785e29786b46 to 0.0.0-20231217050601-ba74d44ecf5f

Commits


Updates github.com/docker/cli from 24.0.7+incompatible to 25.0.3+incompatible

Commits
  • 4debf41 Merge pull request #4857 from thaJeztah/25.0_backport_codecov-action-4
  • 5e6ce1b Merge pull request #4856 from thaJeztah/25.0_backport_plugin-socket-tests
  • 5428301 build(deps): Bump codecov/codecov-action from 3 to 4
  • 1cbc218 tests: add plugin-socket-compatibility tests
  • 2f6b5ad scripts: don't hardcode architecture in e2e script
  • d8e07c9 tests: add tests for cli-plugins/socket
  • 5f1b610 Merge pull request #4841 from thaJeztah/25.0_vendor_docker_25.0.2
  • c105cd3 Merge pull request #4837 from dvdksn/25.0_docs_backport_linode_volume_plugin
  • 62b2963 vendor: github.com/docker/docker v25.0.2
  • 71f2b0d vendor: github.com/docker/docker v25.0.1
  • Additional commits viewable in compare view


Updates github.com/docker/docker from 24.0.7+incompatible to 25.0.3+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v25.0.3

25.0.3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

What's Changed

  • [25.0 backport] pkg/ioutils: Make subsequent Close attempts noop moby/moby#47222
  • [25.0 backport] Fix HasResource inverted boolean error - vendor swarmkit v2.0.0-20240125134710-dcda100a8261 moby/moby#47225
  • [25.0 backport] gha: update actions to account for node 16 deprecation moby/moby#47291
  • [25.0 backport] docs: remove dead links from api verison history moby/moby#47296
  • [25.0 backport] Assert temp output directory is not an empty string moby/moby#47298
  • [25.0 backport] api: Document version in /build moby/moby#47295
  • [25.0 backport] De-flake TestSwarmClusterRotateUnlockKey moby/moby#47201
  • [25.0 backport] Add internal n/w bridge to firewalld docker zone moby/moby#47303
  • [25.0 backport] Only restore a configured MAC addr on restart. moby/moby#47304
  • [25.0 backport] Revert "daemon: automatically set network EnableIPv6 if needed" moby/moby#47310
  • [25.0 backport] libnet: bridge: ignore EINVAL when configuring bridge MTU moby/moby#47311
  • [25.0 backport] logger/journald: fix tailing logs with systemd 255 moby/moby#47243
  • [25.0 backport] add more //go:build directives to prevent downgrading to go1.16 language moby/moby#47220
  • [25.0 backport] libcontainerd/supervisor: fix data race moby/moby#47313
  • [25.0 backport] plugins: Fix panic when fetching by digest moby/moby#47323
  • [25.0 backport] Dockerfile: update docker-cli to v25.0.2, docker compose v2.24.5 moby/moby#47316
  • [25.0 backport] image/save: Fix untagged images not present in index.json moby/moby#47294
  • [25.0 backport] Dockerfile: update RootlessKit to v2.0.1 moby/moby#47334
  • [25.0 backport] image/cache: Ignore Build and Revision on Windows moby/moby#47337
  • [25.0 backport] profiles/seccomp: add syscalls for kernel v5.17 - v6.6, match containerd's profile moby/moby#47344
  • [25.0 backport] c8d: Use the same logic to get the present images moby/moby#47348

Full Changelog: https://github.com/moby/moby/compare/v25.0.2...v25.0.3

v25.0.2

25.0.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains security fixes for the following CVEs affecting Docker Engine and its components.

CVE Component Fix version Severity

... (truncated)

Commits
  • f417435 Merge pull request #47348 from rumpl/25.0_backport-history-config
  • acd023d c8d: Use the same logic to get the present images
  • 7a075ca Merge pull request #47344 from thaJeztah/25.0_backport_seccomp_updates
  • aff7177 Merge pull request #47337 from vvoland/cache-fix-older-windows-25
  • ed7c263 seccomp: add futex_wake syscall (kernel v6.7, libseccomp v2.5.5)
  • 74e3b4f seccomp: add futex_wait syscall (kernel v6.7, libseccomp v2.5.5)
  • 4cc0416 seccomp: add futex_requeue syscall (kernel v6.7, libseccomp v2.5.5)
  • f9f9e7f seccomp: add map_shadow_stack syscall (kernel v6.6, libseccomp v2.5.5)
  • 5fb4eb9 seccomp: add fchmodat2 syscall (kernel v6.6, libseccomp v2.5.5)
  • 67e9aa6 seccomp: add cachestat syscall (kernel v6.5, libseccomp v2.5.5)
  • Additional commits viewable in compare view


Updates github.com/go-openapi/strfmt from 0.22.1 to 0.22.2

Commits
  • be4ecdf updated dependencies
  • e949e33 fix(ci): remove dependency-type from dependabot groups
  • 5238521 Bump github.com/stretchr/testify from 1.8.4 to 1.9.0
  • See full diff in compare view


Updates github.com/go-openapi/swag from 0.22.9 to 0.22.10

Commits
  • 5e655d8 fix(ci): remove dependency-type from dependabot groups
  • 54f3f80 chore(lint): relinted
  • 4896833 Bump github.com/stretchr/testify from 1.8.4 to 1.9.0
  • 6b32215 Bump the development-dependencies group with 1 update
  • db91acc ci: remove paths-ignores
  • fec0b4e Bump the development-dependencies group with 1 update
  • 14fcae4 chore(ci): prevents duplicate workflow runs
  • d33767c Bump the development-dependencies group with 1 update
  • c877230 ci(dependencies): automate dependencies updates
  • See full diff in compare view


Updates github.com/klauspost/compress from 1.17.4 to 1.17.7

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.17.7

What's Changed

Full Changelog: https://github.com/klauspost/compress/compare/v1.17.6...v1.17.7

v1.17.6

What's Changed

Full Changelog: https://github.com/klauspost/compress/compare/v1.17.5...v1.17.6

v1.17.5

What's Changed

New Contributors

Full Changelog: https://github.com/klauspost/compress/compare/v1.17.4...v1.17.5

Commits


Updates github.com/onsi/ginkgo/v2 from 2.15.0 to 2.16.0

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.16.0

2.16.0

Features

  • add SpecContext to reporting nodes

Fixes

  • merge coverages instead of combining them (#1329) (#1340) [23f0cc5]
  • core_dsl: disable Getwd() with environment variable (#1357) [cd418b7]

Maintenance

  • docs/index.md: Typo [2cebe8d]
  • fix docs [06de431]
  • chore: test with Go 1.22 (#1352) [898cba9]
  • Bump golang.org/x/tools from 0.16.1 to 0.17.0 (#1336) [17ae120]
  • Bump golang.org/x/sys from 0.15.0 to 0.16.0 (#1327) [5a179ed]
  • Bump github.com/go-logr/logr from 1.3.0 to 1.4.1 (#1321) [a1e6b69]
  • Bump github-pages and jekyll-feed in /docs (#1351) [d52951d]
  • Fix docs for handling failures in goroutines (#1339) [4471b2e]
Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.16.0

Features

  • add SpecContext to reporting nodes

Fixes

  • merge coverages instead of combining them (#1329) (#1340) [23f0cc5]
  • core_dsl: disable Getwd() with environment variable (#1357) [cd418b7]

Maintenance

  • docs/index.md: Typo [2cebe8d]
  • fix docs [06de431]
  • chore: test with Go 1.22 (#1352) [898cba9]
  • Bump golang.org/x/tools from 0.16.1 to 0.17.0 (#1336) [17ae120]
  • Bump golang.org/x/sys from 0.15.0 to 0.16.0 (#1327) [5a179ed]
  • Bump github.com/go-logr/logr from 1.3.0 to 1.4.1 (#1321) [a1e6b69]
  • Bump github-pages and jekyll-feed in /docs (#1351) [d52951d]
  • Fix docs for handling failures in goroutines (#1339) [4471b2e]
Commits
  • a181ee2 v2.16.0
  • 2cebe8d docs/index.md: Typo
  • 881efde update documentation to reflect changes to reporting nodes
  • c4e219f add SpecContext to other reporting nodes and update tests
  • 06de431 fix docs
  • 372d26a update docs
  • fd929c6 update test description
  • fed9402 update documentation.
  • 5ff9d7f Add SpecContext to ReportAfterSuite callback body.
  • 9c771cd Add SpecContext to ReportAfterSuite callback body.
  • Additional commits viewable in compare view


Updates github.com/opencontainers/image-spec from 1.1.0-rc5 to 1.1.0

Release notes

Sourced from github.com/opencontainers/image-spec's releases.

v1.1.0

Vote Passed [+7-0] - https://groups.google.com/a/opencontainers.org/g/dev/c/Cnk6H9C4aag Release PR : opencontainers/image-spec#1161 Full Changelog: https://github.com/opencontainers/image-spec/compare/v1.0.2...v1.1.0

Associated Distribution Specification Release - https://github.com/opencontainers/distribution-spec/releases/tag/v1.1.0

v1.1.0-rc6

Vote passed [+6 -0] - https://groups.google.com/a/opencontainers.org/g/dev/c/HOxZlfhr9-o

For changeset and diff please see - opencontainers/image-spec#1157

Commits
  • e7f7c0c version: release v1.1.0
  • 365fa41 Merge pull request #1160 from sudo-bmitch/pr-subject-dag-association
  • d0f90e6 Clarify that subject references a separate DAG
  • 9703222 Merge pull request #1157 from sudo-bmitch/pr-v1.1.0-rc6
  • 8b1e951 version: bump back to +dev
  • 6c2b5fa version: release v1.1.0-rc6
  • 56fb783 Merge pull request #1107 from sudo-bmitch/pr-release-notice
  • a6d741a Merge pull request #1148 from dejanu/update_oci_implementations
  • 53d9855 new section for projects no longer maintained
  • ceeb2eb Merge pull request #1114 from sudo-bmitch/pr-go-1.21
  • Additional commits viewable in compare view


Updates github.com/sigstore/rekor from 1.3.4 to 1.3.5

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.3.5

Changelog

github-actions[bot] commented 7 months ago

Mend Scan Summary: :x:

Repository: open-component-model/ocm

VIOLATION DESCRIPTION NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES 0
MAJOR UPDATES AVAILABLE 0
LICENSE REQUIRES REVIEW 2
HIGH RISK LICENSES 9
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY 0

Detailed Logs: mend-scan-> Generate Report Mend UI

ocmbot[bot] commented 7 months ago

Integration Tests for 07d268a81935d93c580ec4022bb6112ca25a666f run with result: Success ✅!

dependabot[bot] commented 7 months ago

Looks like these dependencies are updatable in another way, so this is no longer needed.