Bump the go group with 12 updates

[dependabot[bot]]

Bumps the go group with 12 updates:

Package	From	To
github.com/aws/aws-sdk-go-v2/config	1.27.11	1.27.13
github.com/aws/aws-sdk-go-v2/credentials	1.17.11	1.17.13
github.com/aws/aws-sdk-go-v2/feature/s3/manager	1.16.15	1.16.17
github.com/aws/aws-sdk-go-v2/service/ecr	1.27.4	1.28.0
github.com/aws/aws-sdk-go-v2/service/s3	1.53.1	1.53.2
github.com/containers/image/v5	5.30.0	5.30.1
github.com/docker/cli	26.1.1+incompatible	26.1.2+incompatible
github.com/docker/docker	26.1.1+incompatible	26.1.2+incompatible
github.com/mikefarah/yq/v4	4.43.1	4.44.1
github.com/onsi/ginkgo/v2	2.17.2	2.17.3
golang.org/x/net	0.24.0	0.25.0
sigs.k8s.io/controller-runtime	0.18.1	0.18.2

Updates github.com/aws/aws-sdk-go-v2/config from 1.27.11 to 1.27.13

Commits

• 0805b74 Release 2024-05-10
• 8ba0718 Regenerated Clients
• 566a901 Update endpoints model
• 765a6d2 Update API model
• 0ac88f6 do NOT serialize empty lists in ec2query (#2630)
• 0457ec5 Merge pull request #2638 from aws/feat-remove-honeycode
• a8dc075 add changelog
• 9a47278 remove honeycode from v2
• 343ec35 drop x/net runtime dependency which was only used for testing (#2637)
• 1c71d2f Release 2024-05-09
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.17.11 to 1.17.13

Commits

• 0805b74 Release 2024-05-10
• 8ba0718 Regenerated Clients
• 566a901 Update endpoints model
• 765a6d2 Update API model
• 0ac88f6 do NOT serialize empty lists in ec2query (#2630)
• 0457ec5 Merge pull request #2638 from aws/feat-remove-honeycode
• a8dc075 add changelog
• 9a47278 remove honeycode from v2
• 343ec35 drop x/net runtime dependency which was only used for testing (#2637)
• 1c71d2f Release 2024-05-09
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.16.15 to 1.16.17

Commits

• 8f3045a Update SDK's smithy-go dependency to v1.13.0
• 462d046 Update endpoints model
• 7aba71b Update API model
• 1609fe8 credentials/ssocreds: Add SSOTokenProvider for Bearer Token auth (#1818)
• 8e755b4 Release 2022-08-26
• d33e0c0 Regenerated Clients
• 1292708 Update API model
• 7d6d53e add GitHub code owner for auto assigned reviewers (#1817)
• 028a075 Release 2022-08-25
• 02464c0 Regenerated Clients
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ecr from 1.27.4 to 1.28.0

Changelog

Sourced from github.com/aws/aws-sdk-go-v2/service/ecr's changelog.

Release (2022-10-19)

General Highlights

• Dependency Update: Updated to the latest SDK module versions

Module Highlights

• github.com/aws/aws-sdk-go-v2/service/chimesdkmessaging: v1.11.6
  • Documentation: Documentation updates for Chime Messaging SDK
• github.com/aws/aws-sdk-go-v2/service/cloudtrail: v1.19.0
  • Feature: This release includes support for exporting CloudTrail Lake query results to an Amazon S3 bucket.
• github.com/aws/aws-sdk-go-v2/service/configservice: v1.27.0
  • Feature: This release adds resourceType enums for AppConfig, AppSync, DataSync, EC2, EKS, Glue, GuardDuty, SageMaker, ServiceDiscovery, SES, Route53 types.
• github.com/aws/aws-sdk-go-v2/service/connect: v1.33.0
  • Feature: This release adds API support for managing phone numbers that can be used across multiple AWS regions through telephony traffic distribution.
• github.com/aws/aws-sdk-go-v2/service/managedblockchain: v1.13.0
  • Feature: Adding new Accessor APIs for Amazon Managed Blockchain
• github.com/aws/aws-sdk-go-v2/service/s3: v1.28.0
  • Feature: Updates internal logic for constructing API endpoints. We have added rule-based endpoints and internal model parameters.
• github.com/aws/aws-sdk-go-v2/service/supportapp: v1.1.0
  • Feature: This release adds the RegisterSlackWorkspaceForOrganization API. You can use the API to register a Slack workspace for an AWS account that is part of an organization.
• github.com/aws/aws-sdk-go-v2/service/workspacesweb: v1.7.0
  • Feature: WorkSpaces Web now supports user access logging for recording session start, stop, and URL navigation.

Release (2022-10-18)

Module Highlights

• github.com/aws/aws-sdk-go-v2/service/frauddetector: v1.20.10
  • Documentation: Documentation Updates for Amazon Fraud Detector
• github.com/aws/aws-sdk-go-v2/service/sagemaker: v1.48.0
  • Feature: This change allows customers to enable data capturing while running a batch transform job, and configure monitoring schedule to monitoring the captured data.
• github.com/aws/aws-sdk-go-v2/service/servicediscovery: v1.18.0
  • Feature: Updated the ListNamespaces API to support the NAME and HTTP_NAME filters, and the BEGINS_WITH filter condition.
• github.com/aws/aws-sdk-go-v2/service/sesv2: v1.14.0
  • Feature: This release allows subscribers to enable Dedicated IPs (managed) to send email via a fully managed dedicated IP experience. It also adds identities' VerificationStatus in the response of GetEmailIdentity and ListEmailIdentities APIs, and ImportJobs counts in the response of ListImportJobs API.

Release (2022-10-17)

Module Highlights

• github.com/aws/aws-sdk-go-v2/service/greengrass: v1.14.0
  • Feature: This change allows customers to specify FunctionRuntimeOverride in FunctionDefinitionVersion. This configuration can be used if the runtime on the device is different from the AWS Lambda runtime specified for that function.
• github.com/aws/aws-sdk-go-v2/service/sagemaker: v1.47.0
  • Feature: This release adds support for C7g, C6g, C6gd, C6gn, M6g, M6gd, R6g, and R6gn Graviton instance types in Amazon SageMaker Inference.

Release (2022-10-14)

Module Highlights

• github.com/aws/aws-sdk-go-v2/service/mediaconvert: v1.26.0
  • Feature: MediaConvert now supports specifying the minimum percentage of the HRD buffer available at the end of each encoded video segment.

Release (2022-10-13)

... (truncated)

Commits

• 17455fe Release 2022-10-19
• 7cbfe8f Regenerated Clients
• c06105c Update endpoints model
• 2c1a13c Update API model
• 32d9151 Release 2022-10-18
• 0bf72ee Regenerated Clients
• 5a95f77 Update endpoints model
• f630721 Update API model
• b45d0b6 Release 2022-10-17
• c604be9 Regenerated Clients
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.53.1 to 1.53.2

Commits

• e7dfd72 Release 2024-05-08
• 316c7cd Regenerated Clients
• ba18a1e Update API model
• 31c2861 fix: improve Go doc formatter (#2636)
• 7a87a62 add missing changelog (#2635)
• 8cc2bc3 Release 2024-05-07
• 36b4e92 Regenerated Clients
• 9e70bfa Update API model
• 7a654f5 dep: bump x/net to 0.23.0 (#2631)
• eff2620 Release 2024-05-06
• Additional commits viewable in compare view

Updates github.com/containers/image/v5 from 5.30.0 to 5.30.1

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.30.1

This fixes CVE-2024-3727 .

Digest values used throughout this library were not always validated. That allowed attackers to trigger, when pulling untrusted images, unexpected authenticated registry accesses on behalf of a victim user.

In less common uses of this library (using other transports or not using the containers/image/v5/copy.Image API), an attacker could also trigger local path traversals or crashes.

Commits

• 56e750a Release 5.30.1
• 132678b Merge pull request #2404 from mtrmac/digest-unmarshal-5.30
• b724ee7 Validate the tags returned by a registry
• a9225e4 Call .Validate() before digest.Digest.String() if necessary
• 4a3785d Refactor the error handling further
• a802d65 Refactor the error handling path of saveStream
• 39e7c91 Call .Validate() before digest.Hex() / digest.Encoded()
• 2bcb834 Validate digests before using them
• See full diff in compare view

Updates github.com/docker/cli from 26.1.1+incompatible to 26.1.2+incompatible

Commits

• 211e74b Merge pull request #5066 from vvoland/vendor-docker
• 8beff78 Merge pull request #5065 from vvoland/v26.1-5064
• e64914c vendor: github.com/docker/docker v26.1.2-dev (ef1912d8b6ae)
• c1d70d1 update to go1.21.10
• 53a3f0b Merge pull request #5062 from laurazard/cherry-pick-run-hang
• 4add46d Add e2e tests for run w/ bad entrypoint
• ccea7d8 Fix hang when container fails to start
• See full diff in compare view

Updates github.com/docker/docker from 26.1.1+incompatible to 26.1.2+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v26.1.2

26.1.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 26.1.2 milestone
• moby/moby, 26.1.2 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Bug fixes and enhancements

• Fix issue where the CLI process would sometimes hang when a container failed to start. docker/cli#5062

Packaging updates

• Update Go runtime to 1.21.10. moby/moby#47806

Commits

• ef1912d Merge pull request #47806 from vvoland/v26.1-47805
• 10739af update to go1.21.10
• See full diff in compare view

Updates github.com/mikefarah/yq/v4 from 4.43.1 to 4.44.1

Release notes

Sourced from github.com/mikefarah/yq/v4's releases.

v4.44.1 - min/max/pivot!

• Added min/max operators (#1992) Thanks @​mbenson
• Added pivot oeprator (#1993) Thanks @​mbenson
• Fix: shell-completion (#2006) Thanks @​codekow
• Handle escaped backslashes (#1997) Thanks @​mbenson
• Fix npe when given filename ending with "." (#1994)
• Fix: linux (w/ selinux) build (#2004) Thanks @​codekow
• Bumped dependencies

Changelog

Sourced from github.com/mikefarah/yq/v4's changelog.

4.44.1:

• Added min/max operators (#1992) Thanks @​mbenson
• Added pivot oeprator (#1993) Thanks @​mbenson
• Fix: shell-completion (#2006) Thanks @​codekow
• Handle escaped backslashes (#1997) Thanks @​mbenson
• Fix npe when given filename ending with "." (#1994)
• Fix: linux (w/ selinux) build (#2004) Thanks @​codekow
• Bumped dependencies

Commits

• 557dcb8 Bumping version
• 2daa39e Updating release notes
• 0c15cf3 Added properties convert to numbers example #2023
• d9adcdb Update instructions for Alpine Linux (#2034)
• 9010809 Bump github.com/pelletier/go-toml/v2 from 2.2.1 to 2.2.2 (#2024)
• 8250f0c Bump golang.org/x/text from 0.14.0 to 0.15.0 (#2036)
• 8ac9f60 Bump golang from 1.22.2 to 1.22.3 (#2037)
• 1748171 Bump github.com/pelletier/go-toml/v2 from 2.2.0 to 2.2.1 (#2014)
• 21ba506 Fix: shell-completion (#2006)
• b54d7eb handle escaped backslashes (#1997)
• Additional commits viewable in compare view

Updates github.com/onsi/ginkgo/v2 from 2.17.2 to 2.17.3

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.17.3

2.17.3

Fixes

ginkgo watch now ignores hidden files [bde6e00]

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.17.3

Fixes

ginkgo watch now ignores hidden files [bde6e00]

Commits

• d8a5ef9 v2.17.3
• bde6e00 ignore hidden files
• See full diff in compare view

Updates golang.org/x/net from 0.24.0 to 0.25.0

Commits

• d27919b go.mod: update golang.org/x dependencies
• e0324fc http2: use net.ErrClosed
• b20cd59 quic: initiate key rotation earlier in connections
• f95a3b3 html: fix typo in package doc
• 0a24555 http/httpguts: speed up ValidHeaderFieldName
• ec05fdc http2: don't retry the first request on a connection on GOAWAY error
• b67a0f0 http2: send correct LastStreamID in stream-caused GOAWAY
• a130fcc quic: don't consider goroutines running when tests start as leaked
• See full diff in compare view

Updates sigs.k8s.io/controller-runtime from 0.18.1 to 0.18.2

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.18.2

What's Changed

• 🐛 Reintroduce AddMetricsServerExtraHandler on manager by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2817

Full Changelog: https://github.com/kubernetes-sigs/controller-runtime/compare/v0.18.1...v0.18.2

Commits

• 834905b Merge pull request #2817 from k8s-infra-cherrypick-robot/cherry-pick-2813-to-...
• 6396a49 Reintroduce AddMetricsExtraHandler on manager
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[github-actions[bot]]

Mend Scan Summary: :x:

Repository: open-component-model/ocm

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	1
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	4
HIGH RISK LICENSES	9
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY	0

Detailed Logs: mend-scan-> Generate Report Mend UI

[ocmbot[bot]]

Integration Tests for 850b7850b15b78031d4d3b24d658db4e8b1408f8 run with result: Success ✅!