paketo-buildpacks / npm-install

A Cloud Native Buildpack for npm
Apache License 2.0
10 stars 17 forks source link

Bump the go-modules group with 35 updates #663

Closed dependabot[bot] closed 7 months ago

dependabot[bot] commented 7 months ago

Bumps the go-modules group with 35 updates:

Package From To
github.com/onsi/gomega 1.31.1 1.32.0
github.com/paketo-buildpacks/occam 0.18.2 0.18.5
github.com/Microsoft/hcsshim 0.11.4 0.12.2
github.com/cenkalti/backoff/v4 4.2.1 4.3.0
github.com/containerd/containerd 1.7.13 1.7.15
github.com/distribution/reference 0.5.0 0.6.0
github.com/docker/docker 25.0.3+incompatible 26.0.1+incompatible
github.com/felixge/httpsnoop 1.0.3 1.0.4
github.com/go-git/go-git/v5 5.11.0 5.12.0
github.com/go-logr/logr 1.3.0 1.4.1
github.com/golang/protobuf 1.5.3 1.5.4
github.com/google/go-containerregistry 0.19.0 0.19.1
github.com/klauspost/compress 1.17.6 1.17.8
github.com/knqyf263/go-rpmdb 0.0.0-20230301153543-ba94b245509b 0.1.0
github.com/opencontainers/image-spec 1.1.0-rc6 1.1.0
github.com/sergi/go-diff 1.3.1 1.3.2-0.20230802210424-5b0b94c5c0d3
github.com/shirou/gopsutil/v3 3.24.1 3.24.3
github.com/shopspring/decimal 1.3.1 1.4.0
github.com/skeema/knownhosts 1.2.1 1.2.2
github.com/sylabs/sif/v2 2.15.1 2.16.0
github.com/testcontainers/testcontainers-go 0.27.0 0.30.0
github.com/ulikunitz/xz 0.5.11 0.5.12
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp 0.45.0 0.49.0
go.opentelemetry.io/otel 1.19.0 1.24.0
go.opentelemetry.io/otel/metric 1.19.0 1.24.0
go.opentelemetry.io/otel/trace 1.19.0 1.24.0
golang.org/x/crypto 0.19.0 0.21.0
golang.org/x/exp 0.0.0-20230510235704-dd950f8aeaea 0.0.0-20231006140011-7918f672742d
golang.org/x/mod 0.15.0 0.16.0
golang.org/x/net 0.21.0 0.22.0
golang.org/x/sync 0.6.0 0.7.0
golang.org/x/sys 0.17.0 0.18.0
golang.org/x/tools 0.17.0 0.20.0
google.golang.org/genproto/googleapis/rpc 0.0.0-20231120223509-83a465c0220f 0.0.0-20240123012728-ef4313101c80
google.golang.org/grpc 1.61.0 1.62.0

Updates github.com/onsi/gomega from 1.31.1 to 1.32.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.32.0

1.32.0

Maintenance

  • Migrate github.com/golang/protobuf to google.golang.org/protobuf [436a197]

    This release drops the deprecated github.com/golang/protobuf and adopts google.golang.org/protobuf. Care was taken to ensure the release is backwards compatible (thanks @​jbduncan !). Please open an issue if you run into one.

  • chore: test with Go 1.22 (#733) [32ef35e]

  • Bump golang.org/x/net from 0.19.0 to 0.20.0 (#717) [a0d0387]

  • Bump github-pages and jekyll-feed in /docs (#732) [b71e477]

  • docs: fix typo and broken anchor link to gstruct [f460154]

  • docs: fix HaveEach matcher signature [a2862e4]

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.32.0

Maintenance

  • Migrate github.com/golang/protobuf to google.golang.org/protobuf [436a197]

    This release drops the deprecated github.com/golang/protobuf and adopts google.golang.org/protobuf. Care was taken to ensure the release is backwards compatible (thanks @​jbduncan !). Please open an issue if you run into one.

  • chore: test with Go 1.22 (#733) [32ef35e]

  • Bump golang.org/x/net from 0.19.0 to 0.20.0 (#717) [a0d0387]

  • Bump github-pages and jekyll-feed in /docs (#732) [b71e477]

  • docs: fix typo and broken anchor link to gstruct [f460154]

  • docs: fix HaveEach matcher signature [a2862e4]

Commits
  • 4379951 v1.32.0
  • a350b95 Maintain source backwards compatibility
  • a6c8875 Fix failing test
  • 436a197 Migrate github.com/golang/protobuf to google.golang.org/protobuf
  • 32ef35e chore: test with Go 1.22 (#733)
  • a0d0387 Bump golang.org/x/net from 0.19.0 to 0.20.0 (#717)
  • b71e477 Bump github-pages and jekyll-feed in /docs (#732)
  • f460154 docs: fix typo and broken anchor link to gstruct
  • a2862e4 docs: fix HaveEach matcher signature
  • See full diff in compare view


Updates github.com/paketo-buildpacks/occam from 0.18.2 to 0.18.5

Release notes

Sourced from github.com/paketo-buildpacks/occam's releases.

v0.18.5

What's Changed

Full Changelog: https://github.com/paketo-buildpacks/occam/compare/v0.18.4...v0.18.5

v0.18.4

What's Changed

Full Changelog: https://github.com/paketo-buildpacks/occam/compare/v0.18.3...v0.18.4

v0.18.3

What's Changed

Full Changelog: https://github.com/paketo-buildpacks/occam/compare/v0.18.2...v0.18.3

Commits
  • f23ed80 use go 1.20 (#288)
  • 4e0efea remove toolchain from go.mod
  • ea10e39 update fakes
  • 059d6bc Bump github.com/google/go-containerregistry from 0.14.0 to 0.19.1
  • 1f22679 Bump github.com/docker/docker
  • 37cf400 Bump github.com/onsi/gomega from 1.30.0 to 1.32.0
  • 122482e Bump github.com/testcontainers/testcontainers-go from 0.26.0 to 0.30.0 (#285)
  • 393f58f Bump google.golang.org/protobuf from 1.31.0 to 1.33.0
  • See full diff in compare view


Updates github.com/Microsoft/hcsshim from 0.11.4 to 0.12.2

Release notes

Sourced from github.com/Microsoft/hcsshim's releases.

v0.12.2

No release notes provided.

v0.12.1

What's Changed

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.0...v0.12.1

v0.12.0

What's Changed

New Contributors

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.0-rc.3...v0.12.0

v0.12.0-rc.3

What's Changed

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.0-rc.2...v0.12.0-rc.3

v0.12.0-rc.2

What's Changed

... (truncated)

Commits


Updates github.com/cenkalti/backoff/v4 from 4.2.1 to 4.3.0

Commits
  • 720b789 remove travis badge from readme
  • a83af7f feat(backoff): Add functional options for ExponentialBackOff Closes #136
  • See full diff in compare view


Updates github.com/containerd/containerd from 1.7.13 to 1.7.15

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.15

Welcome to the v1.7.15 release of containerd!

The fifteenth patch release for containerd 1.7 contains various fixes; one for a regression introduced in v1.7.14 in the way process exits were handled.

Highlights

  • Adds mediatype to OCI index record on export (#9990)

Runtime

  • Fix runc shim to only defer init process exits (#10037)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Derek McGowan
  • Phil Estes
  • Austin Vazquez
  • Laura Brehm
  • Sebastiaan van Stijn
  • Talon

Changes

  • Prepare for v1.7.15 release (#10039)
  • Fix runc shim to only defer init process exits (#10037)
    • 21df46766 runc-shim: only defer init process exits
  • Fix compile from version control system (source) use case (#10012)
    • 2a054213e Fix compile from version control system (source) use case
  • Adds mediatype to OCI index record on export (#9990)
    • 6605c47a4 adds mediatype to oci index record
  • vendor: google.golang.org/protobuf 1.33.0, github.com/golang/protobuf v1.5.4 (#9975)
    • e6d91d843 vendor: github.com/golang/protobuf v1.5.4
    • 2d136c5f5 build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
    • a1a7af7a3 build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0

Dependency Changes

  • github.com/golang/protobuf v1.5.3 -> v1.5.4
  • google.golang.org/protobuf v1.31.0 -> v1.33.0

... (truncated)

Commits
  • 926c958 Merge pull request #10039 from estesp/prep-1.7.15
  • 4d4759b Prep v1.7.15 release
  • 52fc8ab Merge pull request #10037 from laurazard/backport-1.7-exec-fix
  • 21df467 runc-shim: only defer init process exits
  • 0dcf21c Merge pull request #10012 from austinvazquez/release-1.7-fix-offline-compilation
  • 2a05421 Fix compile from version control system (source) use case
  • ec5222f Merge pull request #9990 from daghack/oci-add-mediatype-1.7
  • 6605c47 adds mediatype to oci index record
  • be5ec97 Merge pull request #9975 from thaJeztah/1.7_bump_protobuf
  • e6d91d8 vendor: github.com/golang/protobuf v1.5.4
  • Additional commits viewable in compare view


Updates github.com/distribution/reference from 0.5.0 to 0.6.0

Release notes

Sourced from github.com/distribution/reference's releases.

v0.6.0

What's Changed

New Contributors

Full Changelog: https://github.com/distribution/reference/compare/v0.5.0...v0.6.0

Commits
  • ff14faf Merge pull request #9 from ozairasim/exclude-domain-from-name-length-validation
  • 2a66312 Merge pull request #10 from xrstf/patch-1
  • 094e717 fix typo in readme
  • aaca75e Exclude domain from name length check
  • 8507c7f Merge pull request #7 from thaJeztah/cleanup_splitDockerDomain
  • 89ee7ec refactor splitDockerDomain to include more documentation
  • a3fb784 Merge pull request #5 from thaJeztah/rm_deprecated
  • 4894124 remove deprecated SplitHostname
  • See full diff in compare view


Updates github.com/docker/docker from 25.0.3+incompatible to 26.0.1+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v26.0.1

26.0.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

  • Fix a regression that meant network interface specific --sysctl options prevented container startup. moby/moby#47646
  • Remove erroneous platform from image config OCI descriptor in docker save output. moby/moby#47694
  • containerd image store: OCI archives produced by docker save will now have a non-empty mediaType field in index.json moby/moby#47701
  • Fix a regression that prevented the internal resolver from forwarding requests from IPvlan L3 networks to external resolvers. moby/moby#47705
  • Prevent the use of external resolvers in IPvlan and Macvlan networks created with no parent interface specified. moby/moby#47705

Packaging updates

v26.0.0

26.0.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Security

This release contains a security fix for [CVE-2024-29018], a potential data exfiltration from 'internal' networks via authoritative DNS servers.

New

  • Add Subpath field to the VolumeOptions making it possible to mount a subpath of a volume. moby/moby#45687
  • Add volume-subpath support to the mount flag (--mount type=volume,...,volume-subpath=<subpath>). docker/cli#4331
  • Accept = separators and [ipv6] in compose files for docker stack deploy. docker/cli#4860
  • rootless: Add support for enabling host loopback by setting the DOCKERD_ROOTLESS_ROOTLESSKIT_DISABLE_HOST_LOOPBACK environment variable to false (defaults to true). This lets containers connect to the host by using IP address 10.0.2.2. moby/moby#47352
  • containerd image store: docker image ls no longer creates duplicates entries for multi-platform images. moby/moby#45967
  • containerd image store: Send Prometheus metrics. moby/moby#47555

Bug fixes and enhancements

  • [CVE-2024-29018]: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. moby/moby#47589
  • Ensure that a generated MAC address is not restored when a container is restarted, but a configured MAC address is preserved. moby/moby#47233

... (truncated)

Commits
  • 60b9add Merge pull request #47705 from robmry/backport-26.0/47662_ipvlan_l3_dns
  • 8ad7f86 Run ipvlan tests even if 'modprobe ipvlan' fails
  • dc27552 Stop macvlan with no parent from using ext-dns
  • 7b570f0 Enable DNS proxying for ipvlan-l3
  • 8cdcc4f Move dummy DNS server to integration/internal/network
  • ed752f6 Merge pull request #47701 from vvoland/v26.0-47691
  • 9db1b6f Merge pull request #47702 from vvoland/v26.0-47647
  • 6261281 Merge pull request #47700 from vvoland/v26.0-47673
  • 90355e5 Merge pull request #47696 from vvoland/v26.0-47658
  • 72615b1 github/ci: Check if backport is opened against the expected branch
  • Additional commits viewable in compare view


Updates github.com/felixge/httpsnoop from 1.0.3 to 1.0.4

Release notes

Sourced from github.com/felixge/httpsnoop's releases.

v1.0.4

https://github.com/felixge/httpsnoop/compare/v1.0.3...v1.0.4

Commits


Updates github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.12.0

What's Changed

New Contributors

Full Changelog: https://github.com/go-git/go-git/compare/v5.11.0...v5.12.0

Commits
  • 302ddde Merge pull request #1060 from go-git/dependabot/go_modules/github.com/gliderl...
  • 6bba34d build: bump github.com/gliderlabs/ssh from 0.3.6 to 0.3.7
  • feaeb36 Merge pull request #937 from matejrisek/feature/rename-short-fields
  • 7959a42 Merge pull request #1052 from go-git/dependabot/go_modules/github.com/skeema/...
  • 4c17ce7 build: bump github.com/skeema/knownhosts from 1.2.1 to 1.2.2
  • 3f77e6f Merge pull request #1048 from pjbgf/fix-reset-validation
  • 6af38e0 Merge pull request #1047 from avoidalone/master
  • e6c3e58 Merge pull request #1044 from pjbgf/ff-merge
  • 04f7b23 *: fix some comments
  • f4f1a87 Merge pull request #971 from nodivbyzero/fix-177-diff-print-file-stats
  • Additional commits viewable in compare view


Updates github.com/go-logr/logr from 1.3.0 to 1.4.1

Release notes

Sourced from github.com/go-logr/logr's releases.

v1.4.1

What's Changed

Full Changelog: https://github.com/go-logr/logr/compare/v1.4.0...v1.4.1

v1.4.0

This release dramatically improves interoperability with Go's log/slog package. In particular, logr.NewContext and logr.NewContextWithSlogLogger use the same context key, which allows logr.FromContext and logr.FromContextAsSlogLogger to return logr.Logger or *slog.Logger respectively, including transparently converting each to the other as needed.

Functions logr/slogr.NewLogr and logr/slogr.ToSlogHandler have been superceded by logr.FromSlogHandler and logr.ToSlogHandler respectively, and type logr/slogr.SlogSink has been superceded by logr.SlogSink. All of the old names in logr/slogr remain, for compatibility.

Package logr/funcr now supports logr.SlogSink, meaning that it's output passes all but one of the Slog conformance tests (that exception being that funcr handles the timestamp itself).

Users who have a logr.Logger and need a *slog.Logger can call slog.New(logr.ToSlogHandler(...)) and all output will go through the same stack.

Users who have a *slog.Logger or slog.Handler can call logr.FromSlogHandler(...) and all output will go through the same stack.

What's Changed

New Contributors

Full Changelog: https://github.com/go-logr/logr/compare/v1.3.0...v1.4.0

Commits
  • dcdc3f2 slogr: fix unintended API break in v0.8.0 (#253)
  • 5d88f52 funcr: Add LogInfoLevel Option to skip logging level in the info log (#240)
  • 177005d build(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0
  • e7f489a build(deps): bump github/codeql-action from 2.22.9 to 3.22.11
  • cf56c3b build(deps): bump actions/setup-go from 4 to 5
  • 2ad296e build(deps): bump github/codeql-action from 2.22.8 to 2.22.9
  • d55b4e2 Merge pull request #241 from thockin/master
  • 98ee9d9 Clean up slog testing and restore coverage
  • b228ba8 Break examples to new file
  • 6432877 Add benchmarks for slogSink
  • Additional commits viewable in compare view


Updates github.com/golang/protobuf from 1.5.3 to 1.5.4

Release notes

Sourced from github.com/golang/protobuf's releases.

v1.5.4

Notable changes

  • update descriptor.proto to latest version
Commits


Updates github.com/google/go-containerregistry from 0.19.0 to 0.19.1

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.19.1

What's Changed

Full Changelog: https://github.com/google/go-containerregistry/compare/v0.19.0...v0.19.1

Commits


Updates github.com/klauspost/compress from 1.17.6 to 1.17.8

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.17.8

What's Changed

New Contributors

Full Changelog: https://github.com/klauspost/compress/compare/v1.17.7...v1.17.8

v1.17.7

What's Changed

Full Changelog: https://github.com/klauspost/compress/compare/v1.17.6...v1.17.7

Commits
  • c0ff47e Update README.md
  • 657dc16 chore: remove repetitive words (#946)
  • 3f77d8c build(deps): bump the github-actions group with 1 update (#944)
  • de4073a zstd: Add RLE detection+encoding (#938)
  • 165be36 zstd: Reject blocks where reserved values are not 0 (#885)
  • 4f3f95b ci: Add testing replacement (#935)
  • 3976394 build(deps): bump the github-actions group with 1 update (#934)
  • 4d78e54 Remove sed for internal/fuzz/helpers.go (#933)
  • 46c00ca doc: Remove an excess word in a documentation comment (#932)
  • dependabot[bot] commented 7 months ago

    Looks like these dependencies are updatable in another way, so this is no longer needed.