Bump the go group across 1 directory with 3 updates

[dependabot[bot]]

Bumps the go group with 3 updates in the / directory: github.com/klauspost/compress, github.com/onsi/gomega and sigs.k8s.io/controller-runtime.

Updates github.com/klauspost/compress from 1.17.7 to 1.17.8

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.17.8

What's Changed

• zstd: Reject blocks where reserved values are not 0 by @​klauspost in klauspost/compress#885
• zstd: Add RLE detection+encoding by @​klauspost in klauspost/compress#938

New Contributors

• @​ankon made their first contribution in klauspost/compress#932
• @​kindhuge made their first contribution in klauspost/compress#946

Full Changelog: https://github.com/klauspost/compress/compare/v1.17.7...v1.17.8

Commits

• c0ff47e Update README.md
• 657dc16 chore: remove repetitive words (#946)
• 3f77d8c build(deps): bump the github-actions group with 1 update (#944)
• de4073a zstd: Add RLE detection+encoding (#938)
• 165be36 zstd: Reject blocks where reserved values are not 0 (#885)
• 4f3f95b ci: Add testing replacement (#935)
• 3976394 build(deps): bump the github-actions group with 1 update (#934)
• 4d78e54 Remove sed for internal/fuzz/helpers.go (#933)
• 46c00ca doc: Remove an excess word in a documentation comment (#932)
• See full diff in compare view

Updates github.com/onsi/gomega from 1.32.0 to 1.33.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.33.0

1.33.0

Features

Receive not accepts Receive(<POINTER>, MATCHER>), allowing you to pick out a specific value on the channel that satisfies the provided matcher and is stored in the provided pointer.

Maintenance

• Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745) [9999deb]
• Bump github-pages from 229 to 230 in /docs (#735) [cb5ff21]
• Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746) [bac6596]

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.33.0

Features

Receive not accepts Receive(<POINTER>, MATCHER>), allowing you to pick out a specific value on the channel that satisfies the provided matcher and is stored in the provided pointer.

Maintenance

• Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745) [9999deb]
• Bump github-pages from 229 to 230 in /docs (#735) [cb5ff21]
• Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746) [bac6596]

Commits

• f2e65fc v1.33.0
• 02e8706 docs: Receive(POINTER, MATCHER)
• ec1f186 feat: receiver matcher accepting (POINTER, MATCHER), includes unit tests
• 9999deb Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745)
• cb5ff21 Bump github-pages from 229 to 230 in /docs (#735)
• bac6596 Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746)
• See full diff in compare view

Updates sigs.k8s.io/controller-runtime from 0.17.2 to 0.18.0

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.18.0

:warning: Breaking Changes

• Bump to k8s.io/* v1.30 (#2693 #2754 #2765 #2776 #2786)
• Remove deprecated v1alpha1.ControllerManagerConfiguration (#2648)
• admission.Decoder is now an interface (#2736)
• Source, Event, Predicate, Handler: Add generics support (#2783 #2796)
• client: Fix SubResourceCreateOptions signature in subresource client (#2766)

:sparkles: New Features

• cache: Add TransformStripManagedFields transform func (#2791)
• client: Add client.WithFieldOwner to configure client-wide FieldManager (#2771 #2777)
• controller: Add NewQueue option (#2767)
• manager: Export HTTP server runnable implementation (#2473)
• metrics/server: Add ListenConfig option (#2519)

:bug: Bug Fixes

• builder/webhook: Return error if For() is used multiple times (#2740)
• cache: Keep selectors when byObject.Namespaces is defaulted (#2747)
• cache: Prevent race when informers are started more than once (#2758)
• fake client: Allow fakeclient to patch CR with no resourceVersion (#2725)
• fake client: Do not consider an apply patch to be a strategic merge patch (#2679)
• manager: Prevent leader election when shutting down a non-elected manager (#2724)
• manager: Runnable group should check if stopped before enqueueing (#2757)
• restmapper: Clean restmapper cache if a version is notFound (#2663)
• restmapper: Fix cache invalidation (#2687)

:seedling: Others

• ci: Add OSSF scorecard action (#2714)
• ci: Improve github actions dependencies versions and permissions (#2715)
• ci: Pin checkout action in golangci-lint action, bump checkout action, use consistent tag format (#2729)
• ci: Update golangci-lint to v1.57.2 (#2708 #2751)
• ci: Update scorecard github action (#2728)
• ci: Use go-install for versioned dependencies (#2710)
• envtest: WaitForDefaultNamespace while starting up envtest (#2668)
• owners: Cleanup owners files (#2730)
• owners: Remove outdated testing framework approvers (#2709)
• predicate: Compare labels and annotations using maps.Equal (#2705)
• typos: Fix typo of CacheReader comment (#2773)
• typos: Fix typo in channel option (#2792)
• typos: Minor typo fixes in docstrings (#2727)

:book: Additionally, there have been 3 contributions to our documentation and book. (#2712, #2770, #2789)

Dependencies

... (truncated)

Commits

• ed81fa6 Merge pull request #2796 from alvaroaleman/mark
• b35cd6b :book: Mark Typed Handlers as experimental
• b74908f Merge pull request #2793 from kubernetes-sigs/dependabot/github_actions/actio...
• a9db208 Merge pull request #2794 from kubernetes-sigs/dependabot/github_actions/actio...
• 757ae66 :seedling: Bump actions/upload-artifact from 4.3.1 to 4.3.3
• 18ae9e0 :seedling: Bump actions/checkout from 4.1.2 to 4.1.3
• 4f00207 Merge pull request #2792 from sbueringer/pr-fix-typo
• 9fb4913 Fix typo in channel option
• 5823d1b Merge pull request #2791 from alvaroaleman/add-default-transform
• ae0f6ab Merge pull request #2783 from alvaroaleman/compatible-generics
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[github-actions[bot]]

Mend Scan Summary: :x:

Repository: open-component-model/ocm

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	1
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	4
HIGH RISK LICENSES	9
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY	0

Detailed Logs: mend-scan-> Generate Report Mend UI

[ocmbot[bot]]

Integration Tests for 2ff7417264c5a5fe5c88c033129d3fa63b50f77b run with result: Success ✅!