paketo-buildpacks / npm-install

A Cloud Native Buildpack for npm
Apache License 2.0
10 stars 17 forks source link

Bump the go-modules group across 1 directory with 24 updates #776

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps the go-modules group with 18 updates in the / directory:

Package From To
github.com/onsi/gomega 1.34.1 1.34.2
github.com/paketo-buildpacks/occam 0.18.7 0.18.8
github.com/paketo-buildpacks/packit/v2 2.14.2 2.15.0
dario.cat/mergo 1.0.0 1.0.1
github.com/Masterminds/semver/v3 3.2.1 3.3.0
github.com/Masterminds/sprig/v3 3.2.3 3.3.0
github.com/Microsoft/hcsshim 0.12.5 0.12.7
github.com/cloudflare/circl 1.3.9 1.4.0
github.com/containerd/errdefs 0.1.0 0.2.0
github.com/cpuguy83/dockercfg 0.3.1 0.3.2
github.com/cyphar/filepath-securejoin 0.3.1 0.3.2
github.com/docker/cli 27.1.1+incompatible 27.3.1+incompatible
github.com/klauspost/compress 1.17.9 1.17.10
github.com/sylabs/sif/v2 2.18.0 2.19.1
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp 0.53.0 0.55.0
golang.org/x/crypto 0.26.0 0.27.0
golang.org/x/mod 0.20.0 0.21.0
golang.org/x/net 0.28.0 0.29.0

Updates github.com/onsi/gomega from 1.34.1 to 1.34.2

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.34.2

1.34.2

Require Go 1.22+

Maintenance

  • bump ginkgo as well [c59c6dc]
  • bump to go 1.22 - remove x/exp dependency [8158b99]
Changelog

Sourced from github.com/onsi/gomega's changelog.

1.34.2

Require Go 1.22+

Maintenance

  • bump ginkgo as well [c59c6dc]
  • bump to go 1.22 - remove x/exp dependency [8158b99]
Commits


Updates github.com/paketo-buildpacks/occam from 0.18.7 to 0.18.8

Release notes

Sourced from github.com/paketo-buildpacks/occam's releases.

v0.18.8

What's Changed

New Contributors

Full Changelog: https://github.com/paketo-buildpacks/occam/compare/v0.18.7...v0.18.8

Commits
  • 1193f3c Bump docker to version 26.1.5 to fix CVE-2024-41110
  • 5cd4ede Updates go mod version to 1.23.0
  • 2e5b930 Updates go mod version to 1.22.6
  • 815b014 Bump github.com/paketo-buildpacks/packit/v2 from 2.14.1 to 2.14.2
  • 74a79fb Bump github.com/paketo-buildpacks/packit/v2 from 2.14.0 to 2.14.1
  • 90134a5 Bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2
  • 653a6fb Bump github.com/onsi/gomega from 1.34.0 to 1.34.1
  • ed0e429 Bump github.com/onsi/gomega from 1.33.1 to 1.34.0
  • f467245 Updates go mod version to 1.22.5
  • c97acf2 Bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1
  • Additional commits viewable in compare view


Updates github.com/paketo-buildpacks/packit/v2 from 2.14.2 to 2.15.0

Release notes

Sourced from github.com/paketo-buildpacks/packit/v2's releases.

v2.15.0

What's Changed

Full Changelog: https://github.com/paketo-buildpacks/packit/compare/v2.14.2...v2.15.0

Commits


Updates dario.cat/mergo from 1.0.0 to 1.0.1

Release notes

Sourced from dario.cat/mergo's releases.

v1.0.1

What's Changed

New Contributors

Full Changelog: https://github.com/darccio/mergo/compare/v1.0.0...v1.0.1

Commits


Updates github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.0

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.3.0

What's Changed

New Contributors

Full Changelog: https://github.com/Masterminds/semver/compare/v3.2.1...v3.3.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

3.3.0 (2024-08-27)

Added

Changed

  • #241: Simplify StrictNewVersion parsing (thanks @​grosser)
  • Testing support up through Go 1.23
  • Minimum version set to 1.21 as this is what's tested now
  • Fuzz testing now supports caching
Commits
  • e6e3d4d Merge pull request #249 from mattfarina/update-changelog-3.3.0
  • e80c4ea Updating changelog for 3.3.0
  • 80427ad Merge pull request #248 from mattfarina/bump-min-version
  • b610837 bumping min version in go.mod based on what's tested
  • a4cccd8 Merge pull request #246 from mattfarina/bump-go-1.23
  • 7c178cf Updating the testing version of Go used
  • 29f94c1 Merge pull request #241 from grosser/grosser/validate
  • 2cf1b16 Merge pull request #245 from mattfarina/remove-vert
  • b55476a Removing reference to vert
  • d07450b simplify StrictNewVersion
  • Additional commits viewable in compare view


Updates github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0

Release notes

Sourced from github.com/Masterminds/sprig/v3's releases.

v3.3.0

What's Changed

New Contributors

Full Changelog: https://github.com/Masterminds/sprig/compare/v3.2.3...v3.3.0

Changelog

Sourced from github.com/Masterminds/sprig/v3's changelog.

Release 3.3.0 (2024-08-29)

Added

Changed

  • #407: Removed duplicate documentation (functions were documentated in 2 places)
  • #290: Corrected copy/paster oops in math documentation (thanks @​zzhu41)
  • #369: Corrected template reference in docs (thanks @​chey)
  • #375: Added link to URL documenation (thanks @​carlpett)
  • #406: Updated the mergo dependency which had a breaking change (which was accounted for)
  • #376: Fixed documentation error (thanks @​jheyduk)
  • #404: Updated dependency tree
  • #391: Fixed misspelling (thanks @​chrishalbert)
  • #405: Updated Go versions used in testing
Commits
  • e708470 Merge pull request #408 from mattfarina/update-changelog-3.3
  • 8fc4354 Updating the changelog for the 3.3.0 release
  • cb81a32 Merge pull request #407 from mattfarina/remove-dup-math-functions
  • 2637693 Removing duplicate documentation
  • 06b9a87 Merge pull request #290 from zzhu41/patch-1
  • e663ec6 Merge pull request #369 from chey/patch-1
  • bb2f73f Merge pull request #375 from carlpett/patch-1
  • f07659e Merge pull request #400 from itzik-elayev/master
  • 98b35c1 Add closing bracket
  • 7a88928 Merge pull request #406 from mattfarina/update-mergo
  • Additional commits viewable in compare view


Updates github.com/Microsoft/hcsshim from 0.12.5 to 0.12.7

Release notes

Sourced from github.com/Microsoft/hcsshim's releases.

v0.12.7

What's Changed

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.6...v0.12.7

v0.12.6

What's Changed

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.5...v0.12.6

Commits


Updates github.com/cloudflare/circl from 1.3.9 to 1.4.0

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.4.0

Changes

New: ML-KEM compatible with FIPS-203.

Commit History

Full Changelog: https://github.com/cloudflare/circl/compare/v1.3.9...v1.4.0

Commits


Updates github.com/containerd/errdefs from 0.1.0 to 0.2.0

Release notes

Sourced from github.com/containerd/errdefs's releases.

v0.2.0

What's Changed

New Contributors

Full Changelog: https://github.com/containerd/errdefs/compare/v0.1.0...v0.2.0

Commits
  • 02b65bc Merge pull request #18 from dmcgowan/add-missing-interfaces
  • 41d12e1 Complete interface definitions for errors
  • 70440b8 Merge pull request #7 from dmcgowan/grpc-error-details
  • b9dce4d Add support for grpc error details
  • ffb0349 Update Resolve function to support Is interface
  • 124d0dc Merge pull request #10 from dmcgowan/custom-error-messages
  • dc9b20e Add support for custom error messages
  • 6c7f402 Merge pull request #9 from dmcgowan/resolve-error
  • 9f87502 Add a resolve error function to return first error
  • 6fb6cf0 Merge pull request #8 from dmcgowan/add-stack-support
  • Additional commits viewable in compare view


Updates github.com/cpuguy83/dockercfg from 0.3.1 to 0.3.2

Release notes

Sourced from github.com/cpuguy83/dockercfg's releases.

v0.3.2

What's Changed

New Contributors

Full Changelog: https://github.com/cpuguy83/dockercfg/compare/v0.3.1...v0.3.2

Commits


Updates github.com/cyphar/filepath-securejoin from 0.3.1 to 0.3.2

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.3.2

This release includes a few fixes for MkdirAll when dealing with S_ISUID and S_ISGID, to solve a regression runc hit when switching to MkdirAll.

  • Passing the S_ISUID or S_ISGID modes to MkdirAllInRoot will now return an explicit error saying that those bits are ignored by mkdirat(2). In the past a different error was returned, but since the silent ignoring behaviour is codified in the man pages a more explicit error seems apt. While silently ignoring these bits would be the most compatible option, it could lead to users thinking their code sets these bits when it doesn't. Programs that need to deal with compatibility can mask the bits themselves. (#23, #25)

  • If a directory has S_ISGID set, then all child directories will have S_ISGID set when created and a different gid will be used for any inode created under the directory. Previously, the "expected owner and mode" validation in securejoin.MkdirAll did not correctly handle this. We now correctly handle this case. (#24, #25)

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.3.2] - 2024-09-13

Changed

  • Passing the S_ISUID or S_ISGID modes to MkdirAllInRoot will now return an explicit error saying that those bits are ignored by mkdirat(2). In the past a different error was returned, but since the silent ignoring behaviour is codified in the man pages a more explicit error seems apt. While silently ignoring these bits would be the most compatible option, it could lead to users thinking their code sets these bits when it doesn't. Programs that need to deal with compatibility can mask the bits themselves. (#23, #25)

Fixed

  • If a directory has S_ISGID set, then all child directories will have S_ISGID set when created and a different gid will be used for any inode created under the directory. Previously, the "expected owner and mode" validation in securejoin.MkdirAll did not correctly handle this. We now correctly handle this case. (#24, #25)
Commits
  • e408943 VERSION: release v0.3.2
  • 1c875f5 CHANGELOG: fix headers
  • fdaafcc merge #25 into cyphar/filepath-securejoin:main
  • 1acda83 mkdirall: correctly handle sgid directory parent
  • 8484faf tests: mkdirall: refactor check and mkdirall helpers
  • 350d697 mkdirall: explicitly return an error for suid/sgid bits
  • 43b1026 tests: procfs: skip procfs tests if overmounting is blocked
  • 82e5725 VERSION: back to development
  • See full diff in compare view


Updates github.com/docker/cli from 27.1.1+incompatible to 27.3.1+incompatible

Commits
  • ce12230 Merge pull request #5462 from thaJeztah/27.x_backport_bump_compose
  • 263ba95 Merge pull request #5461 from laurazard/27.x-backport-update-VERSION
  • be9b9f3 Update VERSION file to v27.3.1-dev
  • a4149b0 Dockerfile: update compose to v2.29.7
  • 4aac415 Merge pull request #5458 from thaJeztah/27.x_bump_engine3
  • 8546958 vendor: github.com/docker/docker v27.3.0
  • f052003 Merge pull request #5457 from laurazard/backport-dropped-defer
  • 460f1be telemetry: fix early meterprovider shutdown
  • e85edf8 Merge pull request #5452 from laurazard/27.3.0-match-moby-version
  • ca62759 vendor: github.com/docker/docker v27.3.0-rc2
  • Additional commits viewable in compare view


Updates github.com/klauspost/compress from 1.17.9 to 1.17.10

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.17.10

What's Changed

New Contributors

Full Changelog: https://github.com/klauspost/compress/compare/v1.17.9...v1.17.10

Commits


Updates github.com/moby/sys/user from 0.2.0 to 0.3.0

Release notes

Sourced from github.com/moby/sys/user's releases.

mountinfo v0.3.0

Breaking changes:

  • Some field names of struct Mountinfo are changed to be more in-line with Go naming conventions. Users need to be converted. (#34)

Fixes and improvements:

  • Fixed per-package doc to be shown by go doc (#37)
  • Make GetMountsFromReader Linux-specific. (#39)
  • OpenBSD support added (same code as FreeBSD; not tested). (#32)

Thanks to:

  • Sebastiaan van Stijn
  • Tobias Klauser

mount/v0.3.0

What's Changed

New Contributors

Full Changelog: https://github.com/moby/sys/compare/mount/v0.2.0...mount/v0.3.0

symlink v0.3.0

What's Changed

  • symlink: touch-up documentation
  • update minimum supported go version to go1.17
  • bump golang.org/x/sys to v0.1.0

Full Changelog: https://github.com/moby/sys/compare/symlink/v0.2.0...symlink/v0.3.0

user v0.3.0

What's Changed

  • remove userns package that was added in v0.2.0
  • downgrade minimum go version to v1.17
  • retract v0.2.0

... (truncated)

Commits
  • 5447519 Merge pull request #145 from thaJeztah/separate_userns
  • 370a9ed user: move userns package to separate module, and retract v0.2.0
  • See full diff in compare view


Updates github.com/sylabs/sif/v2 from 2.18.0 to 2.19.1

Release notes

Sourced from github.com/sylabs/sif/v2's releases.

v2.19.1

What's Changed

Full Changelog: https://github.com/sylabs/sif/compare/v2.19.0...v2.19.1

v2.19.0

This release drops support for Go 1.21.

What's Changed

Full Changelog: https://github.com/sylabs/sif/compare/v2.18.0...v2.19.0

Commits
  • 1ed3ce5 Merge pull request #384 from tri-adam/overflow-fix
  • 6f00aba fix: check descriptor capacity during SIF creation
  • c1fcc37 fix: correct the range check for descriptor IDs
  • fd8a090 Merge pull request #383 from tri-adam/golangci-lint-... _Description has been truncated_
dependabot[bot] commented 1 month ago

Looks like these dependencies are updatable in another way, so this is no longer needed.