search

open-component-model / ocm

Open Component Model (Software Bill of Delivery Toolset)
https://ocm.software
Apache License 2.0
29 stars 18 forks source link

Bump the go group with 7 updates #825

Closed dependabot[bot] closed 2 weeks ago

dependabot[bot] commented 2 weeks ago

Bumps the go group with 7 updates:

Package From To
github.com/aws/aws-sdk-go-v2 1.27.2 1.30.0
github.com/aws/aws-sdk-go-v2/config 1.27.18 1.27.21
github.com/aws/aws-sdk-go-v2/credentials 1.17.18 1.17.21
github.com/aws/aws-sdk-go-v2/feature/s3/manager 1.16.24 1.17.1
github.com/aws/aws-sdk-go-v2/service/ecr 1.28.5 1.29.1
github.com/aws/aws-sdk-go-v2/service/s3 1.55.1 1.56.1
github.com/containers/image/v5 5.31.0 5.31.1

Updates github.com/aws/aws-sdk-go-v2 from 1.27.2 to 1.30.0

Commits


Updates github.com/aws/aws-sdk-go-v2/config from 1.27.18 to 1.27.21

Commits


Updates github.com/aws/aws-sdk-go-v2/credentials from 1.17.18 to 1.17.21

Commits


Updates github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.16.24 to 1.17.1

Changelog

Sourced from github.com/aws/aws-sdk-go-v2/feature/s3/manager's changelog.

Release (2022-10-24)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/aws-sdk-go-v2/feature/ec2/imds: v1.12.19
    • Bug Fix: Fixes an issue that prevented logging of the API request or responses when the respective log modes were enabled.
  • github.com/aws/aws-sdk-go-v2/service/acmpca: v1.19.0
    • Feature: AWS Private Certificate Authority (AWS Private CA) now offers usage modes which are combination of features to address specific use cases.
  • github.com/aws/aws-sdk-go-v2/service/batch: v1.19.0
    • Feature: This release adds support for AWS Batch on Amazon EKS.
  • github.com/aws/aws-sdk-go-v2/service/datasync: v1.19.0
    • Feature: Added support for self-signed certificates when using object storage locations; added BytesCompressed to the TaskExecution response.
  • github.com/aws/aws-sdk-go-v2/service/sagemaker: v1.50.0
    • Feature: SageMaker Inference Recommender now supports a new API ListInferenceRecommendationJobSteps to return the details of all the benchmark we create for an inference recommendation job.

Release (2022-10-21)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/aws-sdk-go-v2: v1.17.0
    • Feature: Adds aws.IsCredentialsProvider for inspecting CredentialProvider types when needing to determine if the underlying implementation type matches a target type. This resolves an issue where CredentialsCache could mask AnonymousCredentials providers, breaking downstream detection logic.
  • github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider: v1.21.0
    • Feature: This release adds a new "DeletionProtection" field to the UserPool in Cognito. Application admins can configure this value with either ACTIVE or INACTIVE value. Setting this field to ACTIVE will prevent a user pool from accidental deletion.
  • github.com/aws/aws-sdk-go-v2/service/eventbridge: v1.16.16
    • Bug Fix: The SDK client has been updated to utilize the aws.IsCredentialsProvider function for determining if aws.AnonymousCredentials has been configured for the CredentialProvider.
  • github.com/aws/aws-sdk-go-v2/service/s3: v1.29.0
    • Feature: S3 on Outposts launches support for automatic bucket-style alias. You can use the automatic access point alias instead of an access point ARN for any object-level operation in an Outposts bucket.
    • Bug Fix: The SDK client has been updated to utilize the aws.IsCredentialsProvider function for determining if aws.AnonymousCredentials has been configured for the CredentialProvider.
  • github.com/aws/aws-sdk-go-v2/service/sagemaker: v1.49.0
    • Feature: CreateInferenceRecommenderjob API now supports passing endpoint details directly, that will help customers to identify the max invocation and max latency they can achieve for their model and the associated endpoint along with getting recommendations on other instances.
  • github.com/aws/aws-sdk-go-v2/service/sts: v1.17.0
    • Feature: Add presign functionality for sts:AssumeRole operation

Release (2022-10-20)

Module Highlights

  • github.com/aws/aws-sdk-go-v2/service/devopsguru: v1.20.0
    • Feature: This release adds information about the resources DevOps Guru is analyzing.
  • github.com/aws/aws-sdk-go-v2/service/globalaccelerator: v1.15.0
    • Feature: Global Accelerator now supports AddEndpoints and RemoveEndpoints operations for standard endpoint groups.
  • github.com/aws/aws-sdk-go-v2/service/resiliencehub: v1.7.0
    • Feature: In this release, we are introducing support for regional optimization for AWS Resilience Hub applications. It also includes a few documentation updates to improve clarity.
  • github.com/aws/aws-sdk-go-v2/service/rum: v1.7.0
    • Feature: CloudWatch RUM now supports Extended CloudWatch Metrics with Additional Dimensions

Release (2022-10-19)

... (truncated)

Commits


Updates github.com/aws/aws-sdk-go-v2/service/ecr from 1.28.5 to 1.29.1

Commits


Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.55.1 to 1.56.1

Commits


Updates github.com/containers/image/v5 from 5.31.0 to 5.31.1

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.31.1

Fixes an interoperability issue while listing tags from JFrog Artifactory.

Commits
  • 57695f8 [release-5.31] Bump to v5.31.1
  • edcf253 Don't abort listing tags when we encounter a digest
  • 2281641 Merge pull request #2431 from TomSweeneyRedHat/dev/tsweeney/5.31.1-dev
  • 9ac505f [release-5.31] Bump c/image to v5.31.1-dev
  • See full diff in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
github-actions[bot] commented 2 weeks ago

Mend Scan Summary: :x:

Repository: open-component-model/ocm

VIOLATION DESCRIPTION NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES 3
MAJOR UPDATES AVAILABLE 0
LICENSE REQUIRES REVIEW 1
HIGH RISK LICENSES 9
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY 0

Detailed Logs: mend-scan-> Generate Report Mend UI

ocmbot[bot] commented 2 weeks ago

Integration Tests for 08c0c3c1a348f44be74652e9d0d87cb7442f1b92 run with result: Success ✅!