paketo-buildpacks / bundler

Apache License 2.0
3 stars 5 forks source link

Bump the go-modules group across 1 directory with 3 updates #772

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 3 months ago

Bumps the go-modules group with 3 updates in the / directory: github.com/docker/cli, github.com/sylabs/sif/v2 and google.golang.org/grpc.

Updates github.com/docker/cli from 27.0.2+incompatible to 27.0.3+incompatible

Commits
  • 7d4bcd8 Merge pull request #5206 from thaJeztah/27.0_backport_docker_27.0.2
  • 3134d55 vendor: github.com/docker/docker v27.0.2
  • See full diff in compare view


Updates github.com/sylabs/sif/v2 from 2.17.0 to 2.17.1

Release notes

Sourced from github.com/sylabs/sif/v2's releases.

v2.17.1

What's Changed

Full Changelog: https://github.com/sylabs/sif/compare/v2.17.0...v2.17.1

Commits
  • de30604 Merge pull request #368 from tri-adam/go-1.23-rc
  • 9ea2328 ci: add testing against Go 1.23 RC
  • d242f61 Merge pull request #366 from tri-adam/dsse-refactor
  • fc6a037 refactor: use DSSE wrappers from sigstore
  • See full diff in compare view


Updates google.golang.org/grpc from 1.64.0 to 1.65.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.65.0

Dependencies

  • Change support policy to cover only the latest TWO releases of Go, matching the policy for Go itself. See #7249 for more information. (#7250)
  • Update x/net/http2 to address CVE-2023-45288 (#7282)

Behavior Changes

  • credentials/tls: clients and servers will now reject connections that don't support ALPN when environment variable GRPC_ENFORCE_ALPN_ENABLED is set to "true" (case insensitive). (#7184)
    • NOTE: this behavior will become the default in a future release.
  • metadata: remove String method from MD to make printing more consistent (#7373)

New Features

  • grpc: add WithMaxCallAttempts to configure gRPC's retry behavior per-channel. (#7229)

Bug Fixes

  • ringhash: properly apply endpoint weights instead of ignoring them (#7156)
  • xds: fix a bug that could cause xds-enabled servers to stop accepting new connections after handshaking errors (#7128)
Commits
  • 2da9769 Change version to 1.65.0 (#7306)
  • ede96b7 metadata: remove String method (#7373)
  • 64be203 grpc: Readd pick first name (#7336) (#7341)
  • 25e33a6 examples: Add CSM Observability example (#7302) (#7318)
  • 04a5f46 xds/internal/xdsclient: Emit unknown for CSM Labels if not present in CDS (#7...
  • cff5c3e stats/opentelemetry: Add e2e testing for CSM Observability (#7279) (#7316)
  • 9b970fd dns: fix constant 30s backoff for re-resolution (#7262) (#7311)
  • 6d23620 documentation: on server, use FromIncomingContext for retrieving context and...
  • 7e5898e xds: unify xDS client creation APIs meant for testing (#7268)
  • 5d7bd7a interop/xds: Interop client and server changes for CSM Observability (#7280)
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
dependabot[bot] commented 3 months ago

Looks like these dependencies are updatable in another way, so this is no longer needed.