search

open-component-model / ocm

Open Component Model (Software Bill of Delivery Toolset)
https://ocm.software
Apache License 2.0
31 stars 19 forks source link

Bump the go group with 3 updates #751

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 3 months ago

Bumps the go group with 3 updates: github.com/containerd/containerd, github.com/fluxcd/pkg/ssa and github.com/onsi/ginkgo/v2.

Updates github.com/containerd/containerd from 1.7.15 to 1.7.16

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.16

Welcome to the v1.7.16 release of containerd!

The sixteenth patch release for containerd 1.7 contains various fixes and updates.

Highlights

  • Update AppArmor template to allow confined runc to kill containers (#10129)
  • Fix config import relative path glob (#9834)
  • Update AppArmor template to better support rootlesskit (#10116)
  • Update HTTP fallback to better account for TLS timeout and previous attempts (#10112)
  • Add support for HPC port forwarding (#10008)
  • Prevent GC from schedule itself with 0 period. (#10102)
  • Fix issue with using invalid token to retry fetching layer (#10065)
  • Automatically decompress archives for transfer service import (#9989)
  • Fix HTTPFallback fails when pushing manifest (#10044)
  • Add support for configuring otel from env and config deprecation notice (#9992)
  • Fix deadlock during NRI plugin registration (containerd/nri#79)

Build and Release Toolchain

  • Update Go to 1.21.9 and 1.22.2 with net/http security fix (#10115)

Container Runtime Interface (CRI)

  • Fix CRI snapshotter root path when not under containerd root (#10096)
  • Fix network creation failure from CreatedAt time as 269 years ago (#10122)
  • Include userns info in PodSandboxStatus (#9865)
  • Fix default working directory Windows HostProcess containers (#10071)
  • Fix ListPodSandboxStats to skip sandboxes with missing tasks (#10042)

Deprecations

  • Add support for configuring otel from env and config deprecation notice (#9992)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Samuel Karp
  • Wei Fu
  • Danny Canter
  • Kazuyoshi Kato
  • Kirtana Ashok
  • Maksym Pavlenko
  • Phil Estes
  • Sebastiaan van Stijn
  • Brian Goff

... (truncated)

Commits
  • 8303183 Merge pull request #10124 from kiashok/new-1.7.16-tag
  • fb2d43a Merge pull request #10129 from k8s-infra-cherrypick-robot/cherry-pick-10123-t...
  • 1c62308 Add release notes for v1.7.16
  • 18a2c36 apparmor: Allow confined runc to kill containers
  • ae97657 Merge pull request #9834 from neoaggelos/fix/config-relative
  • c4a8642 Merge pull request #10096 from Kern--/cri-remote-snapshotter-stats
  • 733d456 Merge pull request #10122 from AkihiroSuda/cherrypick-9673-1.7
  • 293f515 pod: CreatedAt time will be 269 years ago while creating cri network failed.
  • e412ca7 Merge pull request #10116 from AkihiroSuda/cherrypick-10111-1.7
  • d8acdaf Merge pull request #10115 from thaJeztah/1.7_backport_go1.21.9
  • Additional commits viewable in compare view


Updates github.com/fluxcd/pkg/ssa from 0.38.0 to 0.39.0

Commits
  • e32ccc2 Merge pull request #763 from fluxcd/kubernetes-1.30
  • 2b974af Update sigs.k8s.io/controller-tools to v0.15.0
  • 52c1fc5 Update sigs.k8s.io/controller-runtime to v0.18.0
  • c906252 Update dependencies to Kubernetes 1.30
  • 92c1348 Merge pull request #764 from fluxcd/dependabot/github_actions/ci-e44cfae560
  • ccb916a build(deps): bump the ci group with 3 updates
  • 6081556 Merge pull request #761 from fluxcd/kustomize-name-prefix-suffix
  • abf5675 kustomize: Add support for namePrefix and nameSuffix
  • 98d2522 Merge pull request #760 from fluxcd/dependabot/github_actions/ci-8f082d4f6d
  • efcd824 build(deps): bump docker/setup-buildx-action in the ci group
  • Additional commits viewable in compare view


Updates github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.17.2

2.17.2

Fixes

  • fix: close files [32259c8]
  • fix github output log level for skipped specs [780e7a3]

Maintenance

  • Bump github.com/google/pprof [d91fe4e]
  • Bump github.com/go-task/slim-sprig to v3 [8cb662e]
  • Bump golang.org/x/net in /integration/_fixtures/version_mismatch_fixture (#1391) [3134422]
  • Bump github-pages from 230 to 231 in /docs (#1384) [eca81b4]
  • Bump golang.org/x/tools from 0.19.0 to 0.20.0 (#1383) [760def8]
  • Bump golang.org/x/net from 0.23.0 to 0.24.0 (#1381) [4ce33f4]
  • Fix test for gomega version bump [f2fcd97]
  • Bump github.com/onsi/gomega from 1.30.0 to 1.33.0 (#1390) [fd622d2]
  • Bump golang.org/x/tools from 0.17.0 to 0.19.0 (#1368) [5474a26]
  • Bump github-pages from 229 to 230 in /docs (#1359) [e6d1170]
  • Bump google.golang.org/protobuf from 1.28.0 to 1.33.0 (#1374) [7f447b2]
  • Bump golang.org/x/net from 0.20.0 to 0.23.0 (#1380) [f15239a]
Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.17.2

Fixes

  • fix: close files [32259c8]
  • fix github output log level for skipped specs [780e7a3]

Maintenance

  • Bump github.com/google/pprof [d91fe4e]
  • Bump github.com/go-task/slim-sprig to v3 [8cb662e]
  • Bump golang.org/x/net in /integration/_fixtures/version_mismatch_fixture (#1391) [3134422]
  • Bump github-pages from 230 to 231 in /docs (#1384) [eca81b4]
  • Bump golang.org/x/tools from 0.19.0 to 0.20.0 (#1383) [760def8]
  • Bump golang.org/x/net from 0.23.0 to 0.24.0 (#1381) [4ce33f4]
  • Fix test for gomega version bump [f2fcd97]
  • Bump github.com/onsi/gomega from 1.30.0 to 1.33.0 (#1390) [fd622d2]
  • Bump golang.org/x/tools from 0.17.0 to 0.19.0 (#1368) [5474a26]
  • Bump github-pages from 229 to 230 in /docs (#1359) [e6d1170]
  • Bump google.golang.org/protobuf from 1.28.0 to 1.33.0 (#1374) [7f447b2]
  • Bump golang.org/x/net from 0.20.0 to 0.23.0 (#1380) [f15239a]
Commits
  • 7836496 v2.17.2
  • d91fe4e Bump github.com/google/pprof
  • 8cb662e Bump github.com/go-task/slim-sprig to v3
  • 32259c8 fix: close files
  • 3134422 Bump golang.org/x/net in /integration/_fixtures/version_mismatch_fixture (#1391)
  • eca81b4 Bump github-pages from 230 to 231 in /docs (#1384)
  • 760def8 Bump golang.org/x/tools from 0.19.0 to 0.20.0 (#1383)
  • 4ce33f4 Bump golang.org/x/net from 0.23.0 to 0.24.0 (#1381)
  • f2fcd97 Fix test for gomega version bump
  • fd622d2 Bump github.com/onsi/gomega from 1.30.0 to 1.33.0 (#1390)
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
github-actions[bot] commented 3 months ago

Mend Scan Summary: :x:

Repository: open-component-model/ocm

VIOLATION DESCRIPTION NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES 1
MAJOR UPDATES AVAILABLE 0
LICENSE REQUIRES REVIEW 4
HIGH RISK LICENSES 9
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY 0

Detailed Logs: mend-scan-> Generate Report Mend UI

ocmbot[bot] commented 3 months ago

Integration Tests for dc3d80ce55d6aef30462ab189f0903b6d9a35720 run with result: Success ✅!

ocmbot[bot] commented 3 months ago

Integration Tests for 2f5b0e1311cdb0f0ff4b4fceafad9f9d104d0b3d run with result: Success ✅!