Bump the go group with 14 updates

[dependabot[bot]]

Bumps the go group with 14 updates:

Package	From	To
github.com/aws/aws-sdk-go-v2	1.27.0	1.27.2
github.com/aws/aws-sdk-go-v2/config	1.27.16	1.27.18
github.com/aws/aws-sdk-go-v2/credentials	1.17.16	1.17.18
github.com/aws/aws-sdk-go-v2/feature/s3/manager	1.16.21	1.16.24
github.com/aws/aws-sdk-go-v2/service/ecr	1.28.3	1.28.5
github.com/aws/aws-sdk-go-v2/service/s3	1.54.3	1.55.1
github.com/containerd/containerd	1.7.17	1.7.18
github.com/docker/cli	26.1.3+incompatible	26.1.4+incompatible
github.com/docker/docker	26.1.3+incompatible	26.1.4+incompatible
golang.org/x/mod	0.17.0	0.18.0
golang.org/x/net	0.25.0	0.26.0
golang.org/x/oauth2	0.20.0	0.21.0
golang.org/x/text	0.15.0	0.16.0
sigs.k8s.io/controller-runtime	0.18.3	0.18.4

Updates github.com/aws/aws-sdk-go-v2 from 1.27.0 to 1.27.2

Commits

• d872461 Release 2024-06-07
• dd82156 Regenerated Clients
• 85ebac0 Update endpoints model
• 490e6cb Update API model
• 4892b05 Merge pull request #2668 from aws/feature-clock-skew
• 8bdbe6a Merge branch 'main' into feature-clock-skew
• c4f8ba3 run goimports
• 2474a05 update snapshot tests
• 9fa716b regen clients
• 6d365fb address feedback from pr, mostly moving things around
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.27.16 to 1.27.18

Commits

• d872461 Release 2024-06-07
• dd82156 Regenerated Clients
• 85ebac0 Update endpoints model
• 490e6cb Update API model
• 4892b05 Merge pull request #2668 from aws/feature-clock-skew
• 8bdbe6a Merge branch 'main' into feature-clock-skew
• c4f8ba3 run goimports
• 2474a05 update snapshot tests
• 9fa716b regen clients
• 6d365fb address feedback from pr, mostly moving things around
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.17.16 to 1.17.18

Commits

• d872461 Release 2024-06-07
• dd82156 Regenerated Clients
• 85ebac0 Update endpoints model
• 490e6cb Update API model
• 4892b05 Merge pull request #2668 from aws/feature-clock-skew
• 8bdbe6a Merge branch 'main' into feature-clock-skew
• c4f8ba3 run goimports
• 2474a05 update snapshot tests
• 9fa716b regen clients
• 6d365fb address feedback from pr, mostly moving things around
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.16.21 to 1.16.24

Commits

• 9d38978 Release 2022-10-25
• 5213913 Regenerated Clients
• 04792a3 Update endpoints model
• cd44360 Update API model
• 08f1f0b Release 2022-10-24
• 0e1e20e Regenerated Clients
• 281c268 Update SDK's smithy-go dependency to v1.13.4
• db7c0a3 Update endpoints model
• 1eae80d Update API model
• 17628c4 EC2 IMDS client logging fixes (#1891)
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ecr from 1.28.3 to 1.28.5

Commits

• 89a5b69 Release 2023-02-22
• c863429 Regenerated Clients
• aa8a947 Update API model
• e845552 Merge pull request #2037 from aws/fix-struct-errorcode
• cbeebab cl
• 5c057fd fix: prevent nil pointer deref on struct ErrorCode method
• 0f8b6e7 Release 2023-02-21
• e5cb2ee Regenerated Clients
• 6120ee6 Update endpoints model
• 42acd6a Update API model
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.54.3 to 1.55.1

Commits

• d872461 Release 2024-06-07
• dd82156 Regenerated Clients
• 85ebac0 Update endpoints model
• 490e6cb Update API model
• 4892b05 Merge pull request #2668 from aws/feature-clock-skew
• 8bdbe6a Merge branch 'main' into feature-clock-skew
• c4f8ba3 run goimports
• 2474a05 update snapshot tests
• 9fa716b regen clients
• 6d365fb address feedback from pr, mostly moving things around
• Additional commits viewable in compare view

Updates github.com/containerd/containerd from 1.7.17 to 1.7.18

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.18

Welcome to the v1.7.18 release of containerd!

The eighteenth patch release for containerd 1.7 contains various updates along with an updated version of Go. Go 1.22.4 and 1.21.11 include a fix for a symlink time of check to time of use race condition during directory removal.

Highlights

• Update Go version to 1.21.11 (#10298)
• Remove uses of platforms.Platform alias (#10277)
• Migrate log imports to github.com/containerd/log (#10269)
• Migrate errdefs package to github.com/containerd/errdefs (#10266)
• Fix usage of "unknown" platform (#10261)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

• Derek McGowan
• Sebastiaan van Stijn
• Akhil Mohan
• Austin Vazquez
• Phil Estes

Changes

• Prepare release notes for v1.7.18 (#10301)
  • 9426aab62 Prepare release notes for v1.7.18
• Update Go version to 1.21.11 (#10298)
  • cdd3ea913 Update Go version to 1.21.11
• Remove uses of platforms.Platform alias (#10277)
  • 1e3c662d6 [release/1.7] remove uses of platforms.Platform alias
• Migrate log imports to github.com/containerd/log (#10269)
  • 0af6825b1 migrate logs imports to github.com/containerd/log module
• Migrate errdefs package to github.com/containerd/errdefs (#10266)
  • 308341a44 replace uses of github.com/containerd/containerd/errdefs
  • 47ff8cfce migrate errdefs package to github.com/containerd/errdefs module
• Fix usage of "unknown" platform (#10261)
  • f4d11912a core/image: fix usage of "unknown" platform
• Explicitly set release latest to true (#10265)
  • 5b0480009 Explicitly set release latest to true
  • d669b100d build(deps): bump softprops/action-gh-release from 1 to 2

Changes from containerd/errdefs

... (truncated)

Commits

• ae71819 Merge pull request #10301 from dmcgowan/prepare-v1.7.18
• 9426aab Prepare release notes for v1.7.18
• 1d324db Merge pull request #10298 from dmcgowan/1.7-update-go
• cdd3ea9 Update Go version to 1.21.11
• 0a137f0 Merge pull request #10277 from thaJeztah/1.7_backport_remove_use_of_platform_...
• 1e3c662 [release/1.7] remove uses of platforms.Platform alias
• 300a6de Merge pull request #10269 from thaJeztah/1.7_migrate_containerd_log
• 0af6825 migrate logs imports to github.com/containerd/log module
• be820ac Merge pull request #10266 from thaJeztah/1.7_migrate_to_errdefs_module
• 566c535 Merge pull request #10261 from k8s-infra-cherrypick-robot/cherry-pick-10257-t...
• Additional commits viewable in compare view

Updates github.com/docker/cli from 26.1.3+incompatible to 26.1.4+incompatible

Commits

• 5650f9b Merge pull request #5116 from thaJeztah/26.1_update_engine
• e8bc27d vendor: github.com/docker/docker de5c9cf0b96e (v26.1.4-dev)
• 2acb9c2 vendor: github.com/containerd/containerd v1.7.18
• 230d4d0 vendor: github.com/containerd/containerd v1.7.17
• 6d47c06 vendor: tags.cncf.io/container-device-interface v0.7.2
• a6d757c vendor: github.com/Microsoft/hcsshim v0.11.5
• c463d96 vendor: github.com/opencontainers/image-spec v1.1.0
• a61a0c3 Merge pull request #5118 from thaJeztah/26.1_backport_bump_go1.21.11
• 0576b3d update to go1.21.11
• 60b13f1 Dockerfile: update ALPINE_VERSION to 3.20
• Additional commits viewable in compare view

Updates github.com/docker/docker from 26.1.3+incompatible to 26.1.4+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v26.1.4

26.1.4

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 26.1.4 milestone
• moby/moby, 26.1.4 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Security

This release updates the Go runtime to 1.21.11 which contains security fixes for:

• CVE-2024-24789
• CVE-2024-24790
• A symlink time of check to time of use race condition during directory removal reported by Addison Crump (@​addisoncrump).

Bug fixes and enhancements

• Fixed an issue where promoting a node immediately after another node was demoted could cause the promotion to fail. moby/moby#47870
• Prevent the daemon log from being spammed with superfluous response.WriteHeader call ... messages.. moby/moby#47843
• Don't show empty hints when plugins return an empty hook message. docker/cli#5083
• Added ContextType: "moby" to the context list/inspect output to address a compatibility issue with Visual Studio Container Tools. docker/cli#5095
• Fix a compatibility issue with Visual Studio Container Tools. docker/cli#5095

Packaging updates

• Update containerd (static binaries only) to v1.7.17. moby/moby#47841
• CVE-2024-24789, CVE-2024-24790: Update Go runtime to 1.21.11. moby/moby#47904
• Update Compose to v2.27.1. docker/docker-ce-packages#1022
• Update Buildx to v0.14.1. docker/docker-ce-packages#1021

Commits

• de5c9cf Merge pull request #47912 from thaJeztah/26.1_backport_vendor_containerd_1.7.18
• c62dcf8 Merge pull request #47911 from thaJeztah/26.1_backport_bump_containerd_binary...
• 17315a2 vendor: github.com/containerd/containerd v1.7.18
• cbd9418 update containerd binary to v1.7.18
• fb9f72a Merge pull request #47904 from thaJeztah/26.1_backport_bump_go1.21.11
• 3115daa update to go1.21.11
• 2861734 Merge pull request #47892 from thaJeztah/26.1_backport_api_docs_network_confi...
• 9c95aea Merge pull request #47893 from thaJeztah/26.1_backport_bump_docker_py
• 3e09e19 Merge pull request #47894 from thaJeztah/26.1_backport_vendor_containerd_v1.7.17
• 65b679a Merge pull request #47889 from thaJeztah/26.1_backport_platforms_err_handling
• Additional commits viewable in compare view

Updates golang.org/x/mod from 0.17.0 to 0.18.0

Commits

• c0bdc7b modfile: add API for godebug lines
• 6686f41 module: add COM0 and LPT0 to badWindowsNames
• See full diff in compare view

Updates golang.org/x/net from 0.25.0 to 0.26.0

Commits

• 66e838c go.mod: update golang.org/x dependencies
• 6249541 http2: avoid race in server handler SetReadDeadine/SetWriteDeadline
• 603e3e6 quic: disable X25519Kyber768Draft00 in tests
• 67e8d0c http2: report an error if goroutines outlive serverTester tests
• 5608279 http2: avoid corruption in priority write scheduler
• 0d515a5 http2: factor out frame read/write test functions
• 9f5b79b http2: drop unused retry function
• 03c24c2 http2: use synthetic time in server tests
• 022530c http2: add a more full-featured test net.Conn
• 410d19e http2: avoid racy access to clientStream.requestedGzip
• Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.20.0 to 0.21.0

Commits

• 5fd4241 google: update compute token refresh
• See full diff in compare view

Updates golang.org/x/text from 0.15.0 to 0.16.0

Commits

• 9c2f3a2 cmd/gotext: fix segfault in extract & rewrite commands
• 59e1219 message: optimize lookupAndFormat function for better performance
• a20a3e2 x/text: update x/tools for go/ssa range-over-func fix
• See full diff in compare view

Updates sigs.k8s.io/controller-runtime from 0.18.3 to 0.18.4

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.18.4

What's Changed

• [release-0.18] ✨ controllerutil: configure BlockOwnerDeletion when setting OwnerReference by @​k8s-infra-cherrypick-robot in kubernetes-sigs/controller-runtime#2848

Full Changelog: https://github.com/kubernetes-sigs/controller-runtime/compare/v0.18.3...v0.18.4

Commits

• 12cc8d5 Merge pull request #2848 from k8s-infra-cherrypick-robot/cherry-pick-2847-to-...
• c0c229e controllerutil: allow configuring BlockOwnerDeletion when setting OwnerRefere...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[github-actions[bot]]

Mend Scan Summary: :x:

Repository: open-component-model/ocm

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	3
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	4
HIGH RISK LICENSES	9
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY	0

Detailed Logs: mend-scan-> Generate Report Mend UI

[ocmbot[bot]]

Integration Tests for d1ab90dde941d7e4e5f54c00ac38598cac8e5275 run with result: Success ✅!