search

open-component-model / ocm

Open Component Model (Software Bill of Delivery Toolset)
https://ocm.software
Apache License 2.0
32 stars 23 forks source link

Bump the go group across 1 directory with 15 updates #843

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps the go group with 12 updates in the / directory:

Package From To
github.com/aws/aws-sdk-go-v2 1.30.0 1.30.3
github.com/aws/aws-sdk-go-v2/config 1.27.21 1.27.26
github.com/aws/aws-sdk-go-v2/feature/s3/manager 1.17.1 1.17.7
github.com/aws/aws-sdk-go-v2/service/ecr 1.29.1 1.30.3
github.com/containerd/containerd 1.7.18 1.7.19
github.com/docker/cli 27.0.1+incompatible 27.0.3+incompatible
github.com/docker/docker 27.0.1+incompatible 27.0.3+incompatible
github.com/go-test/deep 1.1.0 1.1.1
github.com/mittwald/go-helm-client 0.12.9 0.12.10
github.com/sigstore/sigstore 1.8.4 1.8.7
golang.org/x/mod 0.18.0 0.19.0
helm.sh/helm/v3 3.15.2 3.15.3

Updates github.com/aws/aws-sdk-go-v2 from 1.30.0 to 1.30.3

Commits


Updates github.com/aws/aws-sdk-go-v2/config from 1.27.21 to 1.27.26

Commits


Updates github.com/aws/aws-sdk-go-v2/credentials from 1.17.21 to 1.17.26

Commits


Updates github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.17.1 to 1.17.7

Changelog

Sourced from github.com/aws/aws-sdk-go-v2/feature/s3/manager's changelog.

Release (2023-03-21)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/aws-sdk-go-v2/service/chimesdkmessaging: v1.13.0
    • Feature: Amazon Chime SDK messaging customers can now manage streaming configuration for messaging data for archival and analysis.
  • github.com/aws/aws-sdk-go-v2/service/cleanrooms: v1.1.0
    • Feature: GA Release of AWS Clean Rooms, Added Tagging Functionality
  • github.com/aws/aws-sdk-go-v2/service/ec2: v1.91.0
    • Feature: This release adds support for AWS Network Firewall, AWS PrivateLink, and Gateway Load Balancers to Amazon VPC Reachability Analyzer, and it makes the path destination optional as long as a destination address in the filter at source is provided.
  • github.com/aws/aws-sdk-go-v2/service/internal/s3shared: v1.14.0
    • Feature: port v1 sdk 100-continue http header customization for s3 PutObject/UploadPart request and enable user config
  • github.com/aws/aws-sdk-go-v2/service/iotsitewise: v1.28.0
    • Feature: Provide support for tagging of data streams and enabling tag based authorization for property alias
  • github.com/aws/aws-sdk-go-v2/service/mgn: v1.18.0
    • Feature: This release introduces the Import and export feature and expansion of the post-launch actions
  • github.com/aws/aws-sdk-go-v2/service/s3: v1.31.0
    • Feature: port v1 sdk 100-continue http header customization for s3 PutObject/UploadPart request and enable user config

Release (2023-03-20)

Module Highlights

  • github.com/aws/aws-sdk-go-v2/service/applicationautoscaling: v1.19.0
    • Feature: With this release customers can now tag their Application Auto Scaling registered targets with key-value pairs and manage IAM permissions for all the tagged resources centrally.
  • github.com/aws/aws-sdk-go-v2/service/neptune: v1.20.0
    • Feature: This release makes following few changes. db-cluster-identifier is now a required parameter of create-db-instance. describe-db-cluster will now return PendingModifiedValues and GlobalClusterIdentifier fields in the response.
  • github.com/aws/aws-sdk-go-v2/service/s3outposts: v1.16.0
    • Feature: S3 On Outposts added support for endpoint status, and a failed endpoint reason, if any
  • github.com/aws/aws-sdk-go-v2/service/workdocs: v1.14.0
    • Feature: This release adds a new API, SearchResources, which enable users to search through metadata and content of folders, documents, document versions and comments in a WorkDocs site.

Release (2023-03-17)

Module Highlights

  • github.com/aws/aws-sdk-go-v2/service/billingconductor: v1.6.0
    • Feature: This release adds a new filter to ListAccountAssociations API and a new filter to ListBillingGroups API.
  • github.com/aws/aws-sdk-go-v2/service/configservice: v1.30.0
    • Feature: This release adds resourceType enums for types released from October 2022 through February 2023.
  • github.com/aws/aws-sdk-go-v2/service/databasemigrationservice: v1.25.0
    • Feature: S3 setting to create AWS Glue Data Catalog. Oracle setting to control conversion of timestamp column. Support for Kafka SASL Plain authentication. Setting to map boolean from PostgreSQL to Redshift. SQL Server settings to force lob lookup on inline LOBs and to control access of database logs.

Release (2023-03-16)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/aws-sdk-go-v2/config: v1.18.18

... (truncated)

Commits
  • 390cf19 Release 2023-03-21
  • c37c72a Regenerated Clients
  • d1e5193 Update endpoints model
  • 2506101 Update API model
  • c93b5cc Merge pull request #2051 from aws/add100ContinueCustomization
  • c01aac6 Keep one changelog for PR
  • 3780faa Keep one changelog for PR
  • b94b5b7 Merge remote-tracking branch 'origin/add100ContinueCustomization' into add100...
  • 6174ff2 Change some variable name and use operation shape id to represent operation s...
  • 83491fc add changelog to last commit
  • Additional commits viewable in compare view


Updates github.com/aws/aws-sdk-go-v2/service/ecr from 1.29.1 to 1.30.3

Commits


Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.56.1 to 1.58.2

Commits


Updates github.com/containerd/containerd from 1.7.18 to 1.7.19

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd API 1.7.19

Welcome to the api/v1.7.19 release of containerd!

The first dedicated release for the containerd 1.7 API. This release is separately tagged from the main 1.7.x releases after the v1.7.18 release but follows the versioning.

Highlights

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Akhil Mohan
  • Phil Estes
  • Sebastiaan van Stijn

Changes

  • Prepare release notes for api v1.7.19 (#10386)
  • : api: update github.com/containerd/ttrpc v1.2.5 to align with containerd 1.7 module (#10364)
    • 2a6aa6ddf [release/1.7] api: update github.com/containerd/ttrpc v1.2.5
  • Add API go module (#10189)

Dependency Changes

  • github.com/containerd/ttrpc v1.2.4 -> v1.2.5
  • github.com/golang/protobuf v1.5.4 -> v1.5.3
  • google.golang.org/genproto/googleapis/rpc d307bd883b97 -> b8732ec3820d

Previous release can be found at v1.7.18

containerd 1.7.19

Welcome to the v1.7.19 release of containerd!

The nineteenth patch release for containerd 1.7 contains various updates and splits the main module from the api module in preparation for the same change in containerd 2.0. Splitting the modules will allow 1.7 and 2.x to both exist

... (truncated)

Commits
  • 2bf793e Merge pull request #10391 from dmcgowan/prepare-v1.7.19
  • 74a3d29 Prepare release notes for v1.7.19
  • 043c712 Merge pull request #10406 from samuelkarp/nri-panic-1.7
  • 5a587e8 Merge pull request #10403 from thaJeztah/1.7_backport_hcsshim_version
  • 7f5d3c5 cri: ensure NRI API never has nil CRI
  • aea977f Merge pull request #10397 from thaJeztah/1.7_backport_deprecate_reference_Spl...
  • 6efc5bb update runhcs binary to v0.11.7
  • 945ae09 Windows: Supply windows shim version via file
  • bb84d90 Merge pull request #10396 from yyatmsft/updatehcsshim-release17
  • dba5357 pkg/reference: deprecate SplitObject
  • Additional commits viewable in compare view


Updates github.com/docker/cli from 27.0.1+incompatible to 27.0.3+incompatible

Commits
  • 7d4bcd8 Merge pull request #5206 from thaJeztah/27.0_backport_docker_27.0.2
  • 3134d55 vendor: github.com/docker/docker v27.0.2
  • 912c1dd Merge pull request #5202 from vvoland/vendor-docker
  • c97e809 vendor: github.com/docker/docker v27.0.2-dev (e953d76450b6)
  • 82bd815 Merge pull request #5201 from vvoland/vendor-docker
  • 8945848 vendor: github.com/docker/docker v27.0.2-dev (861fde8cc974)
  • b54897b Merge pull request #5199 from vvoland/v27.0-5191
  • cd56091 gha/e2e: Update latest version to 27.0
  • 9a101a9 Merge pull request #5198 from thaJeztah/27.0_backport_carry_fix_custom_ports
  • 50fae20 cli/config/credentials: ConvertToHostname: handle IP-addresses
  • Additional commits viewable in compare view


Updates github.com/docker/docker from 27.0.1+incompatible to 27.0.3+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v27.0.3

27.0.3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

  • Fix a regression that incorrectly reported a port mapping from a host IPv6 address to an IPv4-only container as an error. moby/moby#48090
  • Fix a regression that caused duplicate subnet allocations when creating networks. moby/moby#48089
  • Fix a regression resulting in "fail to register layer: failed to Lchown" errors when trying to pull an image with rootless enabled on a system that supports native overlay with user-namespaces. moby/moby#48086

v27.0.2

27.0.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

Removed

  • api/types: deprecate ContainerJSONBase.Node field and ContainerNode type. These definitions were used by the standalone ("classic") Swarm API, but never implemented in the Docker Engine itself. moby/moby#48055
Commits
  • 662f78c Merge pull request #48090 from thaJeztah/27.0_backport_48067_fix_specific_ipv...
  • b86d9bd Merge pull request #48086 from thaJeztah/27.0_backport_fix_rootless_pull
  • 0dbc3ac Merge pull request #48087 from thaJeztah/27.0_backport_gofmt
  • 276a648 Fix incorrect validation of port mapping
  • 22aa07b Merge pull request #48089 from robmry/backport-27.0/48069_fix_overlapping_sub...
  • 23b8b02 Fix duplicate subnet allocations
  • bf222d6 fix some gofmt issues reported by goreportcard
  • f8231b5 daemon/graphdriver/overlay2: set TarOptions.InUserNS for native differ
  • b951474 pkg/archive: createTarFile: consistently use the same value for userns
  • c5794e2 pkg/archive: handleTarTypeBlockCharFifo: don't discard EPERM errors
  • Additional commits viewable in compare view


Updates github.com/go-test/deep from 1.1.0 to 1.1.1

Release notes

Sourced from github.com/go-test/deep's releases.

v1.1.1

What's Changed

New Contributors

Full Changelog: https://github.com/go-test/deep/compare/v1.1.0...v1.1.1

Changelog

Sourced from github.com/go-test/deep's changelog.

v1.1.1 released 2024-06-23

  • Added NilPointersAreZero option: causes a nil pointer to be equal to a zero value (PR #61) (@​seveas)
  • Updated test matrix to go1.22, go1.21, and go1.20
Commits
  • 9e863ff Release v1.1.1
  • dc5b2f6 Update SECURITY.md
  • 185886d Restore 100% test coverage (NilPointersAreZero case)
  • 47ae1b8 Merge pull request #61 from seveas/nil-pointers-are-zero
  • 93c35ac Merge branch 'master' into nil-pointers-are-zero
  • 2982c5c Update test matrix to latest 3 Go versions
  • 2b8252e Add an option to consider nil pointers to be equivalent to zero values
  • 95fb3b1 Merge pull request #58 from bartleyg/patch-1
  • 1127c84 fix copy pasta test
  • 7ff4e92 Update changelog for v1.1.0
  • See full diff in compare view


Updates github.com/mittwald/go-helm-client from 0.12.9 to 0.12.10

Release notes

Sourced from github.com/mittwald/go-helm-client's releases.

v0.12.10

What's Changed

Full Changelog: https://github.com/mittwald/go-helm-client/compare/v0.12.9...v0.12.10

Commits
  • e7c4238 Merge pull request #210 from tariq1890/bump-helm-import
  • 1b3237a bump helm.sh/helm/v3 version to v3.15.2
  • 6cb8534 lable releases when installing/upgrading charts (#196)
  • See full diff in compare view


Updates github.com/sigstore/sigstore from 1.8.4 to 1.8.7

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.8.7

Dependencies updates only

What's Changed

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.6...v1.8.7

v1.8.6

What's Changed

New Contributors

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.5...v1.8.6

v1.8.5

Major are dependencies updates

What's Changed

... (truncated)

Commits
  • cb8b4bb sync go mod
  • 2506e5d build(deps): Bump the all group across 1 directory with 4 updates
  • 9a70270 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp
  • f6b4bb5 build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates
  • aebd23d build(deps): Bump actions/upload-artifact in the all group
  • ec4bc1a build(deps): Bump the all group across 1 directory with 2 updates
  • aeb9782 build(deps): Bump golang.org/x/crypto
  • 016e2e3 build(deps): Bump github.com/sigstore/sigstore
  • 8243831 build(deps): Bump hashicorp/vault in /test/e2e in the all group
  • 51d791e build(deps): Bump the all group in /pkg/signature/kms/aws with 4 updates
  • Additional commits viewable in compare view


Updates golang.org/x/mod from 0.18.0 to 0.19.0

Commits
  • d58be1c sumdb/tlog: set the hash of the empty tree according to RFC 6962
  • 232e49f Revert "module: add COM0 and LPT0 to badWindowsNames"
  • See full diff in compare view


Updates golang.org/x/net from 0.26.0 to 0.27.0

Commits
  • e2310ae go.mod: update golang.org/x dependencies
  • 77708f7 quic: skip tests which depend on unimplemented UDP functions on Plan 9
  • 9617c63 http2: avoid Transport hang with Connection: close and AllowHTTP
  • See full diff in compare view


Updates helm.sh/helm/v3 from 3.15.2 to 3.15.3

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.15.3 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.15.3. The common platform binaries are here:

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.15.4 will contain only bug fixes and be released on August 14, 2024.
  • 3.16.0 is the next feature release and will be on September 11, 2024.

Changelog

  • fix(helm): Use burst limit setting for discovery 3bb50bbbdd9c946ba9989fbe4fb4104766302a64 (Evan Foster)
  • fixed dependency_update_test.go f440d3b19ed772502b85ade33f7ee6bf4a35c85c (Suleiman Dibirov)
  • fix(dependencyBuild): prevent race condition in concurrent helm dependency f262d80d30bd7c13f2ffe9719d23035adcbc7ede (Suleiman Dibirov)
  • fix: respect proxy envvars on helm install/upgrade 7413819bb9c481707efa58b111ff0b85829b79f9 (Sidharth Menon)
  • Merge pull request #13085 from alex-kattathra-johnson/issue-12961 eb4cf6051e5b97d48baf5b306ca1aaea1c33c2ae (Joe Julian)
Commits
  • 3bb50bb fix(helm): Use burst limit setting for discovery
  • f440d3b fixed dependency_update_test.go
  • f262d80 fix(dependencyBuild): prevent race condition in concurrent helm dependency
  • 7413819 fix: respect proxy envvars on helm install/upgrade
  • eb4cf60 Merge pull request #13085 from alex-kattathra-johnson/issue-12961
  • See full diff in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
github-actions[bot] commented 1 month ago

Mend Scan Summary: :x:

Repository: open-component-model/ocm

VIOLATION DESCRIPTION NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES 3
MAJOR UPDATES AVAILABLE 0
LICENSE REQUIRES REVIEW 1
HIGH RISK LICENSES 10
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY 0

Detailed Logs: mend-scan-> Generate Report Mend UI

ocmbot[bot] commented 1 month ago

Integration Tests for 58304543654219e16b46ca283b661fed4b5b1ba5 run with result: Success ✅!

dependabot[bot] commented 1 month ago

Looks like these dependencies are updatable in another way, so this is no longer needed.