search

open-component-model / ocm

Open Component Model (Software Bill of Delivery Toolset)
https://ocm.software
Apache License 2.0
32 stars 23 forks source link

Bump the go group across 1 directory with 20 updates #849

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps the go group with 15 updates in the / directory:

Package From To
github.com/aws/aws-sdk-go-v2 1.30.0 1.30.3
github.com/aws/aws-sdk-go-v2/config 1.27.21 1.27.27
github.com/aws/aws-sdk-go-v2/feature/s3/manager 1.17.1 1.17.8
github.com/aws/aws-sdk-go-v2/service/ecr 1.29.1 1.30.3
github.com/containerd/containerd 1.7.18 1.7.20
github.com/docker/cli 27.0.1+incompatible 27.0.3+incompatible
github.com/docker/docker 27.0.1+incompatible 27.0.3+incompatible
github.com/go-test/deep 1.1.0 1.1.1
github.com/mittwald/go-helm-client 0.12.9 0.12.10
github.com/sigstore/sigstore 1.8.4 1.8.7
golang.org/x/mod 0.18.0 0.19.0
helm.sh/helm/v3 3.15.2 3.15.3
k8s.io/api 0.30.2 0.30.3
k8s.io/apiextensions-apiserver 0.30.2 0.30.3
k8s.io/cli-runtime 0.30.2 0.30.3

Updates github.com/aws/aws-sdk-go-v2 from 1.30.0 to 1.30.3

Commits


Updates github.com/aws/aws-sdk-go-v2/config from 1.27.21 to 1.27.27

Commits


Updates github.com/aws/aws-sdk-go-v2/credentials from 1.17.21 to 1.17.27

Commits


Updates github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.17.1 to 1.17.8

Changelog

Sourced from github.com/aws/aws-sdk-go-v2/feature/s3/manager's changelog.

Release (2023-04-07)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/aws-sdk-go-v2/service/dlm: v1.15.0
    • Announcement: This release includes breaking changes for the timestamp trait on the data lifecycle management client.
    • Feature: Updated timestamp format for GetLifecyclePolicy API
    • Bug Fix: Correct timestamp type for data lifecycle manager.
  • github.com/aws/aws-sdk-go-v2/service/docdb: v1.21.0
    • Feature: This release adds a new parameter 'DBClusterParameterGroupName' to 'RestoreDBClusterFromSnapshot' API to associate the name of the DB cluster parameter group while performing restore.
  • github.com/aws/aws-sdk-go-v2/service/fsx: v1.28.8
    • Documentation: Amazon FSx for Lustre now supports creating data repository associations on Persistent_1 and Scratch_2 file systems.
  • github.com/aws/aws-sdk-go-v2/service/lambda: v1.31.0
    • Feature: This release adds a new Lambda InvokeWithResponseStream API to support streaming Lambda function responses. The release also adds a new InvokeMode parameter to Function Url APIs to control whether the response will be streamed or buffered.
  • github.com/aws/aws-sdk-go-v2/service/quicksight: v1.34.0
    • Feature: This release has two changes: adding the OR condition to tag-based RLS rules in CreateDataSet and UpdateDataSet; adding RefreshSchedule and Incremental RefreshProperties operations for users to programmatically configure SPICE dataset ingestions.
  • github.com/aws/aws-sdk-go-v2/service/redshiftdata: v1.19.3
    • Documentation: Update documentation of API descriptions as needed in support of temporary credentials with IAM identity.
  • github.com/aws/aws-sdk-go-v2/service/servicecatalog: v1.18.1
    • Documentation: Updates description for property

Release (2023-04-06)

Module Highlights

  • github.com/aws/aws-sdk-go-v2/service/cloudformation: v1.27.0
    • Feature: Including UPDATE_COMPLETE as a failed status for DeleteStack waiter.
  • github.com/aws/aws-sdk-go-v2/service/greengrassv2: v1.22.0
    • Feature: Add support for SUCCEEDED value in coreDeviceExecutionStatus field. Documentation updates for Greengrass V2.
  • github.com/aws/aws-sdk-go-v2/service/proton: v1.21.0
    • Feature: This release adds support for the AWS Proton service sync feature. Service sync enables managing an AWS Proton service (creating and updating instances) and all of it's corresponding service instances from a Git repository.
  • github.com/aws/aws-sdk-go-v2/service/rds: v1.42.1
    • Documentation: Adds and updates the SDK examples

Release (2023-04-05)

Module Highlights

  • github.com/aws/aws-sdk-go-v2/service/configservice: v1.31.0
    • Feature: This release adds resourceType enums for types released in March 2023.
  • github.com/aws/aws-sdk-go-v2/service/ecs: v1.24.3
    • Documentation: This is a document only updated to add information about Amazon Elastic Inference (EI).
  • github.com/aws/aws-sdk-go-v2/service/identitystore: v1.16.7
    • Documentation: Documentation updates for Identity Store CLI command reference.
  • github.com/aws/aws-sdk-go-v2/service/ivsrealtime: v1.1.0
    • Feature: Fix ParticipantToken ExpirationTime format
  • github.com/aws/aws-sdk-go-v2/service/networkfirewall: v1.26.0
    • Feature: AWS Network Firewall now supports IPv6-only subnets.
  • github.com/aws/aws-sdk-go-v2/service/servicecatalog: v1.18.0
    • Feature: removed incorrect product type value

... (truncated)

Commits


Updates github.com/aws/aws-sdk-go-v2/service/ecr from 1.29.1 to 1.30.3

Commits


Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.56.1 to 1.58.2

Commits


Updates github.com/containerd/containerd from 1.7.18 to 1.7.20

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.20

Welcome to the v1.7.20 release of containerd!

The twentieth patch release for containerd 1.7 contains various fixes and updates.

Highlights

  • Support for dropping inheritable capabilities (#10469)

Container Runtime Interface (CRI)

  • Make PodSandboxStatus friendlier to shim crashes (#10461)
  • Handle empty DNSConfig differently than unspecified (#10462)
  • Fix for [cri] ttrpc: closed during ListPodSandboxStats (#10423)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Akihiro Suda
  • Phil Estes
  • Akhil Mohan
  • Bryant Biggs
  • Danny Canter
  • Davanum Srinivas
  • Mike Brown
  • Samuel Karp
  • Tim Hockin

Changes

  • Prepare release notes for v1.7.20 (#10481)
    • 7f2d4cd97 Prepare release notes for v1.7.20
  • deps: Update otelgrpc (#10413)
  • Make PodSandboxStatus friendlier to shim crashes (#10461)
    • df86bdd5d CRI Sbserver: Make PodSandboxStatus friendlier to shim crashes
  • Handle empty DNSConfig differently than unspecified (#10462)
    • 209ee4f10 CRI: An empty DNSConfig != unspecified
  • Support for dropping inheritable capabilities (#10469)
    • ce65228af Support for dropping inheritable capabilities
  • Fix for [cri] ttrpc: closed during ListPodSandboxStats (#10423)
    • 610498df7 Fix for [cri] ttrpc: closed during ListPodSandboxStats
  • update to go1.21.12 / go1.22.5 (#10426)

... (truncated)

Commits
  • 8fc6bcf Merge pull request #10481 from dmcgowan/prepare-v1.7.20
  • 7f2d4cd Prepare release notes for v1.7.20
  • 7eb0501 Merge pull request #10413 from austinvazquez/cherry-pick-78421616e0a6ba76ac25...
  • 34ea461 Merge pull request #10461dims/automated-cherry-pick-of-#8367
  • 87c908e Merge pull request #10462dims/automated-cherry-pick-of-#9730
  • b06e353 Merge pull request #10469dims/automated-cherry-pick-of-#8356
  • 209ee4f CRI: An empty DNSConfig != unspecified
  • ce65228 Support for dropping inheritable capabilities
  • df86bdd CRI Sbserver: Make PodSandboxStatus friendlier to shim crashes
  • 923bb1f Merge pull request #10423 from dims/cri-ttrpc-closed-during-ListPodSandboxStats
  • Additional commits viewable in compare view


Updates github.com/docker/cli from 27.0.1+incompatible to 27.0.3+incompatible

Commits
  • 7d4bcd8 Merge pull request #5206 from thaJeztah/27.0_backport_docker_27.0.2
  • 3134d55 vendor: github.com/docker/docker v27.0.2
  • 912c1dd Merge pull request #5202 from vvoland/vendor-docker
  • c97e809 vendor: github.com/docker/docker v27.0.2-dev (e953d76450b6)
  • 82bd815 Merge pull request #5201 from vvoland/vendor-docker
  • 8945848 vendor: github.com/docker/docker v27.0.2-dev (861fde8cc974)
  • b54897b Merge pull request #5199 from vvoland/v27.0-5191
  • cd56091 gha/e2e: Update latest version to 27.0
  • 9a101a9 Merge pull request #5198 from thaJeztah/27.0_backport_carry_fix_custom_ports
  • 50fae20 cli/config/credentials: ConvertToHostname: handle IP-addresses
  • Additional commits viewable in compare view


Updates github.com/docker/docker from 27.0.1+incompatible to 27.0.3+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v27.0.3

27.0.3

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

  • Fix a regression that incorrectly reported a port mapping from a host IPv6 address to an IPv4-only container as an error. moby/moby#48090
  • Fix a regression that caused duplicate subnet allocations when creating networks. moby/moby#48089
  • Fix a regression resulting in "fail to register layer: failed to Lchown" errors when trying to pull an image with rootless enabled on a system that supports native overlay with user-namespaces. moby/moby#48086

v27.0.2

27.0.2

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

Removed

  • api/types: deprecate ContainerJSONBase.Node field and ContainerNode type. These definitions were used by the standalone ("classic") Swarm API, but never implemented in the Docker Engine itself. moby/moby#48055
Commits
  • 662f78c Merge pull request #48090 from thaJeztah/27.0_backport_48067_fix_specific_ipv...
  • b86d9bd Merge pull request #48086 from thaJeztah/27.0_backport_fix_rootless_pull
  • 0dbc3ac Merge pull request #48087 from thaJeztah/27.0_backport_gofmt
  • 276a648 Fix incorrect validation of port mapping
  • 22aa07b Merge pull request #48089 from robmry/backport-27.0/48069_fix_overlapping_sub...
  • 23b8b02 Fix duplicate subnet allocations
  • bf222d6 fix some gofmt issues reported by goreportcard
  • f8231b5 daemon/graphdriver/overlay2: set TarOptions.InUserNS for native differ
  • b951474 pkg/archive: createTarFile: consistently use the same value for userns
  • c5794e2 pkg/archive: handleTarTypeBlockCharFifo: don't discard EPERM errors
  • Additional commits viewable in compare view


Updates github.com/go-test/deep from 1.1.0 to 1.1.1

Release notes

Sourced from github.com/go-test/deep's releases.

v1.1.1

What's Changed

New Contributors

Full Changelog: https://github.com/go-test/deep/compare/v1.1.0...v1.1.1

Changelog

Sourced from github.com/go-test/deep's changelog.

v1.1.1 released 2024-06-23

  • Added NilPointersAreZero option: causes a nil pointer to be equal to a zero value (PR #61) (@​seveas)
  • Updated test matrix to go1.22, go1.21, and go1.20
Commits
  • 9e863ff Release v1.1.1
  • dc5b2f6 Update SECURITY.md
  • 185886d Restore 100% test coverage (NilPointersAreZero case)
  • 47ae1b8 Merge pull request #61 from seveas/nil-pointers-are-zero
  • 93c35ac Merge branch 'master' into nil-pointers-are-zero
  • 2982c5c Update test matrix to latest 3 Go versions
  • 2b8252e Add an option to consider nil pointers to be equivalent to zero values
  • 95fb3b1 Merge pull request #58 from bartleyg/patch-1
  • 1127c84 fix copy pasta test
  • 7ff4e92 Update changelog for v1.1.0
  • See full diff in compare view


Updates github.com/mittwald/go-helm-client from 0.12.9 to 0.12.10

Release notes

Sourced from github.com/mittwald/go-helm-client's releases.

v0.12.10

What's Changed

Full Changelog: https://github.com/mittwald/go-helm-client/compare/v0.12.9...v0.12.10

Commits
  • e7c4238 Merge pull request #210 from tariq1890/bump-helm-import
  • 1b3237a bump helm.sh/helm/v3 version to v3.15.2
  • 6cb8534 lable releases when installing/upgrading charts (#196)
  • See full diff in compare view


Updates github.com/sigstore/sigstore from 1.8.4 to 1.8.7

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.8.7

Dependencies updates only

What's Changed

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.6...v1.8.7

v1.8.6

What's Changed

New Contributors

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.5...v1.8.6

v1.8.5

Major are dependencies updates

What's Changed

... (truncated)

Commits
  • cb8b4bb sync go mod
  • 2506e5d build(deps): Bump the all group across 1 directory with 4 updates
  • 9a70270 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp
  • f6b4bb5 build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates
  • aebd23d build(deps): Bump actions/upload-artifact in the all group
  • ec4bc1a build(deps): Bump the all group across 1 directory with 2 updates
  • aeb9782 build(deps): Bump golang.org/x/crypto
  • 016e2e3 build(deps): Bump github.com/sigstore/sigstore
  • 8243831 build(deps): Bump hashicorp/vault in /test/e2e in the all group
  • 51d791e build(deps): Bump the all group in /pkg/signature/kms/aws with 4 updates
  • Additional commits viewable in compare view


Updates golang.org/x/mod from 0.18.0 to 0.19.0

Commits
  • d58be1c sumdb/tlog: set the hash of the empty tree according to RFC 6962
  • 232e49f Revert "module: add COM0 and LPT0 to badWindowsNames"
  • See full diff in compare view


Updates golang.org/x/net from 0.26.0 to 0.27.0

Commits
  • e2310ae go.mod: update golang.org/x dependencies
  • 77708f7 quic: skip tests which depend on unimplemented UDP functions on Plan 9
  • 9617c63 http2: avoid Transport hang with Connection: close and AllowHTTP
  • See full diff in compare view


Updates helm.sh/helm/v3 from 3.15.2 to 3.15.3

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.15.3 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

The community keeps growing, and we'd love to see you there!

  • Join the discussion in Kubernetes Slack:
    • for questions and just to hang out
    • for discussing PRs, code, and bugs
  • Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom
  • Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.15.3. The common platform binaries are here:

This release was signed with 672C 657B E06B 4B30 969C 4A57 4614 49C2 5E36 B98E and can be found at @​mattfarina keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

  • 3.15.4 will contain only bug fixes and be released on August 14, 2024.
  • 3.16.0 is the next feature release and will be on September 11, 2024.

Changelog

  • fix(helm): Use burst limit setting for discovery 3bb50bbbdd9c946ba9989fbe4fb4104766302a64 (Evan Foster)
  • fixed dependency_update_test.go f440d3b19ed772502b85ade33f7ee6bf4a35c85c (Suleiman Dibirov)
  • fix(dependencyBuild): prevent race condition in concurrent helm dependency f262d80d30bd7c13f2ffe9719d23035adcbc7ede (Suleiman Dibirov)
  • fix: respect proxy envvars on helm install/upgrade 7413819bb9c481707efa58b111ff0b85829b79f9 (Sidharth Menon)
  • Merge pull request #13085 from alex-kattathra-johnson/issue-12961 eb4cf6051e5b97d48baf5b306ca1aaea1c33c2ae (Joe Julian)
Commits
  • 3bb50bb fix(helm): Use burst limit setting for discovery
  • f440d3b fixed dependency_update_test.go
  • f262d80 fix(dependencyBuild): prevent race condition in concurrent helm dependency
  • 7413819 fix: respect proxy envvars on helm install/upgrade
  • eb4cf60 Merge pull request #13085 from alex-kattathra-johnson/issue-12961
  • See full diff in compare view


Updates k8s.io/api from 0.30.2 to 0.30.3

Commits


Updates k8s.io/apiextensions-apiserver from 0.30.2 to 0.30.3

Commits


Updates k8s.io/apimachinery from 0.30.2 to 0.30.3

Commits


Updates k8s.io/cli-runtime from 0.30.2 to 0.30.3

Commits


Updates k8s.io/client-go from 0.30.2 to 0.30.3

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
github-actions[bot] commented 1 month ago

Mend Scan Summary: :x:

Repository: open-component-model/ocm

VIOLATION DESCRIPTION NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES 3
MAJOR UPDATES AVAILABLE 0
LICENSE REQUIRES REVIEW 1
HIGH RISK LICENSES 10
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY 0

Detailed Logs: mend-scan-> Generate Report Mend UI

ocmbot[bot] commented 1 month ago

Integration Tests for 7afe8f01b28e82e3fbc78b153a70ce3987298fd7 run with result: Success ✅!

dependabot[bot] commented 1 month ago

Looks like these dependencies are updatable in another way, so this is no longer needed.