Bump the go group with 11 updates

[dependabot[bot]]

Bumps the go group with 11 updates:

Package	From	To
github.com/aws/aws-sdk-go-v2/config	1.27.15	1.27.16
github.com/aws/aws-sdk-go-v2/credentials	1.17.15	1.17.16
github.com/aws/aws-sdk-go-v2/feature/s3/manager	1.16.20	1.16.21
github.com/aws/aws-sdk-go-v2/service/ecr	1.28.2	1.28.3
github.com/aws/aws-sdk-go-v2/service/s3	1.54.2	1.54.3
github.com/containers/image/v5	5.30.1	5.31.0
github.com/go-logr/logr	1.4.1	1.4.2
github.com/onsi/ginkgo/v2	2.17.3	2.19.0
golang.org/x/exp	0.0.0-20240222234643-814bf88cf225	0.0.0-20240506185415-9bf2ced13842
helm.sh/helm/v3	3.15.0	3.15.1
sigs.k8s.io/controller-runtime	0.18.2	0.18.3

Updates github.com/aws/aws-sdk-go-v2/config from 1.27.15 to 1.27.16

Commits

• 8abec4c Release 2024-05-23
• 70e7095 Regenerated Clients
• 0b2a340 Update partitions file
• c1eb2d9 Update endpoints model
• 4c990d1 Update API model
• c6c1626 s3: handle unrecognized values for Expires in responses (#2653)
• 8209abb Release 2024-05-22
• 81ad168 Regenerated Clients
• 5c92ae7 Update endpoints model
• 6eeecd9 Update API model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.17.15 to 1.17.16

Commits

• 8abec4c Release 2024-05-23
• 70e7095 Regenerated Clients
• 0b2a340 Update partitions file
• c1eb2d9 Update endpoints model
• 4c990d1 Update API model
• c6c1626 s3: handle unrecognized values for Expires in responses (#2653)
• 8209abb Release 2024-05-22
• 81ad168 Regenerated Clients
• 5c92ae7 Update endpoints model
• 6eeecd9 Update API model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.16.20 to 1.16.21

Commits

• b08ae84 Release 2022-10-03
• 3176b00 Regenerated Clients
• 4e7fe92 Update endpoints model
• 8485699 Update API model
• 9fa3861 Release 2022-09-30
• 411f0f4 Regenerated Clients
• 9279164 Update endpoints model
• 000f6ac Update API model
• e4f0cba Release 2022-09-29
• bcf7080 Regenerated Clients
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ecr from 1.28.2 to 1.28.3

Commits

• See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.54.2 to 1.54.3

Commits

• 8abec4c Release 2024-05-23
• 70e7095 Regenerated Clients
• 0b2a340 Update partitions file
• c1eb2d9 Update endpoints model
• 4c990d1 Update API model
• c6c1626 s3: handle unrecognized values for Expires in responses (#2653)
• 8209abb Release 2024-05-22
• 81ad168 Regenerated Clients
• 5c92ae7 Update endpoints model
• 6eeecd9 Update API model
• Additional commits viewable in compare view

Updates github.com/containers/image/v5 from 5.30.1 to 5.31.0

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.31.0

What's Changed

• Bump c/storage to v1.53.0, c/image to v5.30.0, and then to v5.30.1-dev by @​TomSweeneyRedHat in containers/image#2327
• fix(deps): update module github.com/sylabs/sif/v2 to v2.15.2 by @​renovate in containers/image#2333
• fix(deps): update module github.com/docker/cli to v25.0.4+incompatible by @​renovate in containers/image#2334
• Move to a tagged version of docker/docker by @​mtrmac in containers/image#2336
• fix(deps): update go-openapi packages to v0.23.0 by @​renovate in containers/image#2337
• Update to Go 1.20 by @​mtrmac in containers/image#2340
• chore(deps): update module github.com/go-jose/go-jose/v3 to v3.0.3 [security] by @​renovate in containers/image#2338
• chore(deps): update module gopkg.in/go-jose/go-jose.v2 to v2.6.3 [security] by @​renovate in containers/image#2339
• fix(deps): update module github.com/containers/ocicrypt to v1.1.10 by @​renovate in containers/image#2341
• chore(deps): update module google.golang.org/protobuf to v1.33.0 [security] by @​renovate in containers/image#2344
• Add support for Docker HealthConfig.StartInterval (v25.0.0+) by @​migesok in containers/image#2345
• Fix an unintentionally-added dependency on Go 1.21 by @​mtrmac in containers/image#2343
• fix(deps): update module github.com/docker/docker to v25.0.5+incompatible by @​renovate in containers/image#2348
• fix(deps): update module github.com/docker/cli to v25.0.5+incompatible by @​renovate in containers/image#2347
• [CI:DOCS] Update dependency golangci/golangci-lint to v1.57.0 by @​renovate in containers/image#2349
• [CI:DOCS] Update dependency golangci/golangci-lint to v1.57.1 by @​renovate in containers/image#2351
• chore: fix function names by @​availhang in containers/image#2357
• chore(deps): update dependency containers/automation_images to v20240320 by @​renovate in containers/image#2354
• fix(deps): update module github.com/distribution/reference to v0.6.0 by @​renovate in containers/image#2358
• [CI:DOCS] Update dependency golangci/golangci-lint to v1.57.2 by @​renovate in containers/image#2359
• fix(deps): update module github.com/sigstore/sigstore to v1.8.3 by @​renovate in containers/image#2360
• Filter BlobInfoCache candidates before prioritization, not in transports by @​mtrmac in containers/image#2346
• fix(deps): update module golang.org/x/oauth2 to v0.19.0 by @​renovate in containers/image#2367
• fix(deps): update golang.org/x/exp digest to c0f41cb by @​renovate in containers/image#2361
• Add a helper for formatting multiple errors by @​mtrmac in containers/image#2365
• fix(deps): update module github.com/ulikunitz/xz to v0.5.12 by @​renovate in containers/image#2366
• Drop some minimally-used dependencies by @​mtrmac in containers/image#2364
• Fix a http.response.Body leak on a permission error by @​mtrmac in containers/image#2363
• fix(deps): update module github.com/klauspost/compress to v1.17.8 by @​renovate in containers/image#2372
• fix(deps): update module github.com/vbauerster/mpb/v8 to v8.7.3 by @​renovate in containers/image#2373
• use containers/storage/pkg/fileutils/(Exists,Lexists) by @​giuseppe in containers/image#2375
• Refactor blobCacheDestination.saveStream by @​mtrmac in containers/image#2380
• Update to Go1.21 by @​mtrmac in containers/image#2377
• Avoid a redundant function call by @​mtrmac in containers/image#2379
• CI VMs: bump to new versions with tmpfs /tmp by @​edsantiago in containers/image#2384
• Update module github.com/docker/docker to v26.0.2+incompatible [SECURITY] by @​renovate in containers/image#2381
• Update module github.com/docker/cli to v26.1.0+incompatible by @​renovate in containers/image#2383
• Update module github.com/docker/docker to v26.1.0+incompatible by @​renovate in containers/image#2386
• Fix GoDoc link at the top of the README file by @​ananthb in containers/image#2387
• Update module github.com/docker/cli to v26.1.1+incompatible by @​renovate in containers/image#2388
• Update module github.com/docker/docker to v26.1.1+incompatible by @​renovate in containers/image#2389
• Update module golang.org/x/exp to v0.0.0-20240416160154-fe59bbe5cc7f by @​renovate in containers/image#2392
• [CI:DOCS] Update dependency golangci/golangci-lint to v1.58.0 by @​renovate in containers/image#2393
• Update module golang.org/x/oauth2 to v0.20.0 by @​renovate in containers/image#2395
• Update module golang.org/x/term to v0.20.0 by @​renovate in containers/image#2396
• Update module go.etcd.io/bbolt to v1.3.10 by @​renovate in containers/image#2397
• Update module golang.org/x/crypto to v0.23.0 by @​renovate in containers/image#2398
• Update module golang.org/x/exp to v0.0.0-20240506185415-9bf2ced13842 by @​renovate in containers/image#2399

... (truncated)

Commits

• b5a7587 Bump c/image to v5.31.0
• 21ac79b Merge pull request #2428 from mtrmac/als-toc-fixes
• 45f4f23 Don't completely ignore already-computed image size if we see an ALS layer
• 27516f3 Don't modify a storage.Layer returned by c/storage
• c2327e4 Don't unnecessarily trust the ALS FUSE server about the TOC digest
• db02dee Merge pull request #2426 from containers/renovate/github.com-containers-stora...
• 6db27e1 fix(deps): update module github.com/containers/storage to v1.54.0
• cf26b3c Merge pull request #2416 from ktock/store-tocdigest-id
• 52101a0 getSize: allow unknown uncompressed size
• ebbd025 Enable to pass TOCDigest to Additional Layer Store
• Additional commits viewable in compare view

Updates github.com/go-logr/logr from 1.4.1 to 1.4.2

Release notes

Sourced from github.com/go-logr/logr's releases.

v1.4.2

What's Changed

• Fix lint: named but unused params by @​thockin in go-logr/logr#268
• Add a Go report card, fix lint by @​thockin in go-logr/logr#271
• funcr: Handle nested empty groups properly by @​thockin in go-logr/logr#274

Dependencies:

• build(deps): bump github/codeql-action from 3.22.11 to 3.22.12 by @​dependabot in go-logr/logr#254
• build(deps): bump github/codeql-action from 3.22.12 to 3.23.0 by @​dependabot in go-logr/logr#256
• build(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 by @​dependabot in go-logr/logr#257
• build(deps): bump github/codeql-action from 3.23.0 to 3.23.1 by @​dependabot in go-logr/logr#259
• build(deps): bump actions/upload-artifact from 4.1.0 to 4.2.0 by @​dependabot in go-logr/logr#260
• build(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 by @​dependabot in go-logr/logr#263
• build(deps): bump github/codeql-action from 3.23.1 to 3.23.2 by @​dependabot in go-logr/logr#262
• build(deps): bump github/codeql-action from 3.23.2 to 3.24.0 by @​dependabot in go-logr/logr#264
• build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 by @​dependabot in go-logr/logr#266
• build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by @​dependabot in go-logr/logr#267
• build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 by @​dependabot in go-logr/logr#270
• build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 by @​dependabot in go-logr/logr#272
• build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 by @​dependabot in go-logr/logr#275
• build(deps): bump actions/checkout from 4.1.1 to 4.1.2 by @​dependabot in go-logr/logr#276
• build(deps): bump github/codeql-action from 3.24.6 to 3.24.7 by @​dependabot in go-logr/logr#277
• build(deps): bump github/codeql-action from 3.24.7 to 3.24.9 by @​dependabot in go-logr/logr#278
• build(deps): bump github/codeql-action from 3.24.9 to 3.24.10 by @​dependabot in go-logr/logr#279
• build(deps): bump actions/upload-artifact from 4.3.1 to 4.3.2 by @​dependabot in go-logr/logr#280
• build(deps): bump actions/checkout from 4.1.2 to 4.1.3 by @​dependabot in go-logr/logr#281
• build(deps): bump github/codeql-action from 3.24.10 to 3.25.1 by @​dependabot in go-logr/logr#282
• build(deps): bump github/codeql-action from 3.25.1 to 3.25.3 by @​dependabot in go-logr/logr#283
• build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @​dependabot in go-logr/logr#284
• build(deps): bump actions/checkout from 4.1.3 to 4.1.4 by @​dependabot in go-logr/logr#285
• build(deps): bump actions/upload-artifact from 4.3.2 to 4.3.3 by @​dependabot in go-logr/logr#286
• build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 by @​dependabot in go-logr/logr#288
• build(deps): bump golangci/golangci-lint-action from 5.0.0 to 5.3.0 by @​dependabot in go-logr/logr#289
• build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 by @​dependabot in go-logr/logr#293
• build(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by @​dependabot in go-logr/logr#292
• build(deps): bump actions/checkout from 4.1.4 to 4.1.5 by @​dependabot in go-logr/logr#291
• build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @​dependabot in go-logr/logr#290
• build(deps): bump github/codeql-action from 3.25.4 to 3.25.5 by @​dependabot in go-logr/logr#294
• build(deps): bump actions/checkout from 4.1.5 to 4.1.6 by @​dependabot in go-logr/logr#295

Full Changelog: https://github.com/go-logr/logr/compare/v1.4.1...v1.4.2

Commits

• 1205f42 Merge pull request #295 from go-logr/dependabot/github_actions/actions/checko...
• ccedcbd Merge pull request #294 from go-logr/dependabot/github_actions/github/codeql-...
• bead577 build(deps): bump actions/checkout from 4.1.5 to 4.1.6
• a492d95 build(deps): bump github/codeql-action from 3.25.4 to 3.25.5
• 19ad07c build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3
• 1c97a21 build(deps): bump actions/checkout from 4.1.4 to 4.1.5
• f70c5b5 build(deps): bump github/codeql-action from 3.25.3 to 3.25.4
• 4ade8d3 build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1
• 88d98bd Merge pull request #289 from go-logr/dependabot/github_actions/golangci/golan...
• 432cd86 Merge pull request #288 from go-logr/dependabot/github_actions/actions/setup-...
• Additional commits viewable in compare view

Updates github.com/onsi/ginkgo/v2 from 2.17.3 to 2.19.0

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.19.0

2.19.0

Features

Label Sets allow for more expressive and flexible label filtering.

v2.18.0

2.18.0

Features

• Add --slience-skips and --force-newlines [f010b65]
• fail when no tests were run and --fail-on-empty was set [d80eebe]

Fixes

• Fix table entry context edge case [42013d6]

Maintenance

• Bump golang.org/x/tools from 0.20.0 to 0.21.0 (#1406) [fcf1fd7]
• Bump github.com/onsi/gomega from 1.33.0 to 1.33.1 (#1399) [8bb14fd]
• Bump golang.org/x/net from 0.24.0 to 0.25.0 (#1407) [04bfad7]

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.19.0

Features

Label Sets allow for more expressive and flexible label filtering.

2.18.0

Features

• Add --slience-skips and --force-newlines [f010b65]
• fail when no tests were run and --fail-on-empty was set [d80eebe]

Fixes

• Fix table entry context edge case [42013d6]

Maintenance

• Bump golang.org/x/tools from 0.20.0 to 0.21.0 (#1406) [fcf1fd7]
• Bump github.com/onsi/gomega from 1.33.0 to 1.33.1 (#1399) [8bb14fd]
• Bump golang.org/x/net from 0.24.0 to 0.25.0 (#1407) [04bfad7]

Commits

• 28fb5d6 v2.19.0
• e31f03a fix another typo
• 966a28c Fix typos in label sets docs
• cd231fd Label sets allow for more expressive label filtering
• eb27ca8 v2.18.0
• f010b65 Add --slience-skips and --force-newlines
• 42013d6 Fix table entry context edge case
• 9e234ea always rebuild and run ginkgo in makefile
• 5ce8355 add --fail-on-empty to recommended CI flags in docs
• 3ffbf8b add makefile
• Additional commits viewable in compare view

Updates golang.org/x/exp from 0.0.0-20240222234643-814bf88cf225 to 0.0.0-20240506185415-9bf2ced13842

Commits

• See full diff in compare view

Updates helm.sh/helm/v3 from 3.15.0 to 3.15.1

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.15.1 is a patch release. The Helm application source is the same as 3.15.0. The 3.15.0 builds stated the wrong version when running helm version. Instead of the release number it had the release candidate version which pointed to the same revision of the source.

The community keeps growing, and we'd love to see you there!

• Join the discussion in Kubernetes Slack:
  • for questions and just to hang out
  • for discussing PRs, code, and bugs
• Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
• Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.15.1. The common platform binaries are here:

• MacOS amd64 (checksum / 5fdc60e090d183113f9fa0ae9dd9d12f0c1462b9ded286370f84e340f84bd676)
• MacOS arm64 (checksum / 4b04ede5ab9bb226c9b198c94ce12818f0b0e302193defd66970b45fc341f6e7)
• Linux amd64 (checksum / 7b20e7791c04ea71e7fe0cbe11f1a8be4a55a692898b57d9db28f3b0c1d52f11)
• Linux arm (checksum / fa7a8b472c8f311ac618a231218511efeafad306781d11ad68976e0461074b0e)
• Linux arm64 (checksum / b4c5519b18f01dd2441f5e09497913dc1da1a1eec209033ae792a8d45b9e0e86)
• Linux i386 (checksum / 4f8cb966bac96a186f0790a7c4528dd0278664f82fba3643aa4b37f98cf9e76b)
• Linux ppc64le (checksum / 0bfe2ff8b29c1f26b0484261c0fe0d041188b2e1aa5da8e461e44083bbf655a3)
• Linux s390x (checksum / 4a5314689787332d010ae782a6c00804fb83a53238f7ff7c9837c3f797ff1473)
• Linux riscv64 (checksum / 1c49f1213c68649842c81e1806c518661aa2e466aa1c6bf1d0ac3710f554a563)
• Windows amd64 (checksum / 8ebe6d353f0fbc7e51861a676ba1c14af9efb3443ae2c78eb91946a756b93a9a)

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

• 3.15.2 is the next patch release and will be on June 12, 2024.
• 3.16.0 is the next feature release and will be on September 11, 2024.

Changelog

• Fixing build issue where wrong version is used e211f2aa62992bd72586b395de50979e31231829 (Matt Farina)

Commits

• e211f2a Fixing build issue where wrong version is used
• See full diff in compare view

Updates sigs.k8s.io/controller-runtime from 0.18.2 to 0.18.3

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.18.3

What's Changed

• ✨ setup-envtest: download binaries from controller-tools releases by @​sbueringer in kubernetes-sigs/controller-runtime#2837
• 🌱 Bump k8s.io/* to v0.30.1 by @​sbueringer in kubernetes-sigs/controller-runtime#2840

Full Changelog: https://github.com/kubernetes-sigs/controller-runtime/compare/v0.18.2...v0.18.3

Commits

• be2f383 Merge pull request #2840 from sbueringer/pr-bump-k8s
• 4720d17 Bump k8s.io/* to v0.30.1
• aa9ed14 Merge pull request #2837 from sbueringer/pr-setup-envtest-ct-rel-0.18
• 35d7bbd default --use-deprecated-gcs to true
• ce4e4f5 some more deprecations
• 56dcc14 setup-envtest: allow downloading envtest binaries from controller-tools
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[github-actions[bot]]

Mend Scan Summary: :x:

Repository: open-component-model/ocm

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	0
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	4
HIGH RISK LICENSES	9
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY	0

Detailed Logs: mend-scan-> Generate Report Mend UI

[ocmbot[bot]]

Integration Tests for edaf5ea83b12bc43788a766fdb0294dec66f3b9d run with result: Success ✅!

[ocmbot[bot]]

Integration Tests for 84b9231805d321cdb805cc5b5ade82af3b72a47a run with result: Success ✅!

[ocmbot[bot]]

Integration Tests for 0c499cf271c21bca7fe2c7a1c1982d2038e07edb run with result: Success ✅!