Bump the go-modules group across 1 directory with 39 updates

[dependabot[bot]]

Bumps the go-modules group with 20 updates in the / directory:

Package	From	To
github.com/onsi/gomega	1.33.1	1.35.1
github.com/paketo-buildpacks/occam	0.18.7	0.18.8
dario.cat/mergo	1.0.0	1.0.1
github.com/DataDog/zstd	1.5.5	1.5.6
github.com/Masterminds/semver/v3	3.2.1	3.3.0
github.com/Masterminds/sprig/v3	3.2.3	3.3.0
github.com/Microsoft/hcsshim	0.12.4	0.12.9
github.com/andybalholm/brotli	1.1.0	1.1.1
github.com/bmatcuk/doublestar/v4	4.6.1	4.7.1
github.com/cloudflare/circl	1.3.9	1.5.0
github.com/cpuguy83/dockercfg	0.3.1	0.3.2
github.com/cyphar/filepath-securejoin	0.2.5	0.3.4
github.com/go-git/go-billy/v5	5.5.0	5.6.0
github.com/klauspost/compress	1.17.9	1.17.11
github.com/mattn/go-runewidth	0.0.15	0.0.16
github.com/moby/sys/sequential	0.5.0	0.6.0
github.com/skeema/knownhosts	1.2.2	1.3.0
github.com/sylabs/sif/v2	2.17.0	2.19.2
github.com/tklauser/numcpus	0.8.0	0.9.0
github.com/vbatts/tar-split	0.11.5	0.11.6

Updates github.com/onsi/gomega from 1.33.1 to 1.35.1

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.35.1

1.35.1

Fixes

• Export EnforceDefaultTimeoutsWhenUsingContexts and DisableDefaultTimeoutsWhenUsingContext [ca36da1]

v1.35.0

1.35.0

Features

• You can now call EnforceDefaultTimeoutsWhenUsingContexts() to have Eventually honor the default timeout when passed a context. (prior to this you had to expclility add a timeout) [e4c4265]
• You can call StopTrying(message).Successfully() to abort a Consistently early without failure [eeca931]

Fixes

• Stop memoizing the result of HaveField to avoid unexpected errors when used with async assertions. [3bdbc4e]

Maintenance

• Bump all dependencies [a05a416]

v1.34.2

1.34.2

Require Go 1.22+

Maintenance

• bump ginkgo as well [c59c6dc]
• bump to go 1.22 - remove x/exp dependency [8158b99]

v1.34.1

1.34.1

Maintenance

• Use slices from exp/slices to keep golang 1.20 compat [5e71dcd]

v1.34.0

1.34.0

Features

• Add RoundTripper method to ghttp.Server [c549e0d]

Fixes

• fix incorrect handling of nil slices in HaveExactElements (fixes #771) [878940c]
• issue_765 - fixed bug in Hopcroft-Karp algorithm [ebadb67]

Maintenance

• bump ginkgo [8af2ece]
• Fix typo in docs [123a071]

... (truncated)

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.35.1

Fixes

• Export EnforceDefaultTimeoutsWhenUsingContexts and DisableDefaultTimeoutsWhenUsingContext [ca36da1]

1.35.0

Features

• You can now call EnforceDefaultTimeoutsWhenUsingContexts() to have Eventually honor the default timeout when passed a context. (prior to this you had to expclility add a timeout) [e4c4265]
• You can call StopTrying(message).Successfully() to abort a Consistently early without failure [eeca931]

Fixes

• Stop memoizing the result of HaveField to avoid unexpected errors when used with async assertions. [3bdbc4e]

Maintenance

• Bump all dependencies [a05a416]

1.34.2

Require Go 1.22+

Maintenance

• bump ginkgo as well [c59c6dc]
• bump to go 1.22 - remove x/exp dependency [8158b99]

1.34.1

Maintenance

• Use slices from exp/slices to keep golang 1.20 compat [5e71dcd]

1.34.0

Features

• Add RoundTripper method to ghttp.Server [c549e0d]

Fixes

• fix incorrect handling of nil slices in HaveExactElements (fixes #771) [878940c]
• issue_765 - fixed bug in Hopcroft-Karp algorithm [ebadb67]

Maintenance

• bump ginkgo [8af2ece]
• Fix typo in docs [123a071]
• Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.17.3 (#756) [0e69083]
• Bump google.golang.org/protobuf from 1.33.0 to 1.34.1 (#755) [2675796]
• Bump golang.org/x/net from 0.24.0 to 0.25.0 (#754) [4160c0f]
• Bump github-pages from 230 to 231 in /docs (#748) [892c303]

Commits

• 9f5a208 v1.35.1
• ca36da1 Export EnforceDefaultTimeoutsWhenUsingContexts and DisableDefaultTimeoutsWhen...
• d6331f9 v1.35.0
• 5deaf23 fix tests, but like actually this time
• eeca931 Add Successfully() to StopTrying() to signal that Consistently can end early ...
• 3bdbc4e stop memoizing result of HaveField
• e35358d sheepishly fix broken test. thanks CI
• 1b717d7 grrr. go mod tidy
• a05a416 bump all dependencies
• e4c4265 Add EnforceDefaultTimeoutsWhenUsingContexts()
• Additional commits viewable in compare view

Updates github.com/paketo-buildpacks/occam from 0.18.7 to 0.18.8

Release notes

Sourced from github.com/paketo-buildpacks/occam's releases.

v0.18.8

What's Changed

• Bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2 by @​dependabot in paketo-buildpacks/occam#309
• Updates go mod toolchain version to 1.22.5 by @​paketo-bot in paketo-buildpacks/occam#313
• Bump github.com/google/go-containerregistry from 0.19.2 to 0.20.0 by @​dependabot in paketo-buildpacks/occam#315
• Updates github-config by @​paketo-bot in paketo-buildpacks/occam#316
• Bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1 by @​dependabot in paketo-buildpacks/occam#317
• Updates go mod version to 1.22.5 by @​paketo-bot in paketo-buildpacks/occam#318
• Bump github.com/onsi/gomega from 1.33.1 to 1.34.0 by @​dependabot in paketo-buildpacks/occam#321
• Bump github.com/onsi/gomega from 1.34.0 to 1.34.1 by @​dependabot in paketo-buildpacks/occam#322
• Bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2 by @​dependabot in paketo-buildpacks/occam#323
• Bump github.com/paketo-buildpacks/packit/v2 from 2.14.0 to 2.14.1 by @​dependabot in paketo-buildpacks/occam#324
• Bump github.com/paketo-buildpacks/packit/v2 from 2.14.1 to 2.14.2 by @​dependabot in paketo-buildpacks/occam#326
• Updates go mod version to 1.22.6 by @​paketo-bot in paketo-buildpacks/occam#325
• Updates go mod version to 1.23.0 by @​paketo-bot in paketo-buildpacks/occam#328
• Bump docker to version 26.1.5 to fix CVE-2024-41110 by @​jericop in paketo-buildpacks/occam#331

New Contributors

• @​jericop made their first contribution in paketo-buildpacks/occam#331

Full Changelog: https://github.com/paketo-buildpacks/occam/compare/v0.18.7...v0.18.8

Commits

• 1193f3c Bump docker to version 26.1.5 to fix CVE-2024-41110
• 5cd4ede Updates go mod version to 1.23.0
• 2e5b930 Updates go mod version to 1.22.6
• 815b014 Bump github.com/paketo-buildpacks/packit/v2 from 2.14.1 to 2.14.2
• 74a79fb Bump github.com/paketo-buildpacks/packit/v2 from 2.14.0 to 2.14.1
• 90134a5 Bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2
• 653a6fb Bump github.com/onsi/gomega from 1.34.0 to 1.34.1
• ed0e429 Bump github.com/onsi/gomega from 1.33.1 to 1.34.0
• f467245 Updates go mod version to 1.22.5
• c97acf2 Bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1
• Additional commits viewable in compare view

Updates github.com/paketo-buildpacks/packit/v2 from 2.14.0 to 2.14.2

Release notes

Sourced from github.com/paketo-buildpacks/packit/v2's releases.

v2.14.2

What's Changed

• Bump github.com/BurntSushi/toml from 1.3.2 to 1.4.0 by @​dependabot in paketo-buildpacks/packit#573
• Bump github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.4 by @​dependabot in paketo-buildpacks/packit#574
• Updates github-config by @​paketo-bot in paketo-buildpacks/packit#576
• Fix override of existing values in prepend & append by @​nicolasbender in paketo-buildpacks/packit#581
• Updates github-config by @​paketo-bot in paketo-buildpacks/packit#585
• Bump github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5 by @​dependabot in paketo-buildpacks/packit#588
• Bump github.com/onsi/gomega from 1.33.1 to 1.34.1 by @​dependabot in paketo-buildpacks/packit#589

New Contributors

• @​nicolasbender made their first contribution in paketo-buildpacks/packit#581

Full Changelog: https://github.com/paketo-buildpacks/packit/compare/v2.14.0...v2.14.2

v2.14.1

⚠️ This release contains unwanted changes due to release automation issues. Please use https://github.com/paketo-buildpacks/packit/releases/tag/v2.14.2 instead!

What's Changed

• Bump github.com/BurntSushi/toml from 1.3.2 to 1.4.0 by @​dependabot in paketo-buildpacks/packit#573
• Bump github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.4 by @​dependabot in paketo-buildpacks/packit#574
• Updates github-config by @​paketo-bot in paketo-buildpacks/packit#576
• Fix override of existing values in prepend & append by @​nicolasbender in paketo-buildpacks/packit#581
• Updates github-config by @​paketo-bot in paketo-buildpacks/packit#585
• Bump github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5 by @​dependabot in paketo-buildpacks/packit#588
• Bump github.com/onsi/gomega from 1.33.1 to 1.34.1 by @​dependabot in paketo-buildpacks/packit#589

New Contributors

• @​nicolasbender made their first contribution in paketo-buildpacks/packit#581

Full Changelog: https://github.com/paketo-buildpacks/packit/compare/v2.14.0...v2.14.1

Commits

• 3bc586e do not run draft release workflow on branches named v2-<something>
• d558b87 Bump github.com/onsi/gomega from 1.33.1 to 1.34.1
• 9f2a7b3 Bump github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5
• b117031 Updating github-config
• b6530bc Include error handling
• 7222905 Fix override of existing values in prepend & append
• e366827 Updating github-config
• a8ac405 Bump github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.4
• 4ff7347 Bump github.com/BurntSushi/toml from 1.3.2 to 1.4.0
• See full diff in compare view

Updates dario.cat/mergo from 1.0.0 to 1.0.1

Release notes

Sourced from dario.cat/mergo's releases.

v1.0.1

What's Changed

• fixes issue #187 by @​vsemichev in darccio/mergo#253
• fix: WithoutDereference should respect non-nil struct pointers by @​joshkaplinsky in darccio/mergo#251

New Contributors

• @​vsemichev made their first contribution in darccio/mergo#253
• @​joshkaplinsky made their first contribution in darccio/mergo#251

Full Changelog: https://github.com/darccio/mergo/compare/v1.0.0...v1.0.1

Commits

• 59ea6a9 Merge pull request #251 from joshkaplinsky/joshkaplinsky/without-dereference-...
• 96f24af Merge pull request #253 from vsemichev/master
• 2f1a615 fixes issue #187. adds test to verify the fix.
• 4da170b fixes issue #187. attempt #3
• a13a117 fixes issue #187. attempt #2
• 6b830ff fixes issue #187
• f33862a WithoutDereference should respect structs
• cde9f0e Merge pull request #246 from darccio/darccio/v1-frozen
• f1e2fe5 chore: frozen v1
• 7f7b4af Update FUNDING.yml
• Additional commits viewable in compare view

Updates github.com/DataDog/zstd from 1.5.5 to 1.5.6

Release notes

Sourced from github.com/DataDog/zstd's releases.

zstd 1.5.6

What's Changed

• Fix readme typo by @​colinlyguo in DataDog/zstd#136
• Update upperBound ratio when guessing the required decompression buffer size by @​sfluor in DataDog/zstd#141
• Update vendored zstd to 1.5.6 by @​Viq111 in DataDog/zstd#143

Full Changelog: https://github.com/DataDog/zstd/compare/v1.5.5+patch1...v1.5.6

Commits

• b52f603 Merge pull request #143 from DataDog/viq111/1.5.6
• cf4778e Update Readme for 1.5.6
• ed87d43 Update vendored zstd to 1.5.6
• dd7b332 Merge pull request #136 from colinlyguo/fix-readme
• beb4dfd Merge pull request #141 from DataDog/sfluor-patch-1
• e75a26a Update upperBound ratio when guessing the required decompression buffer size
• c9a5141 fix readme
• 869dae0 Merge pull request #132 from DataDog/viq111/bulk-fix-highlycompressed-payloads
• bf7b920 [bulk] Add extra empty payload decompression test
• 9c0d33f [bulk] Fix naming
• Additional commits viewable in compare view

Updates github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.0

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.3.0

What's Changed

• Fix: bad package in README by @​sdelicata in Masterminds/semver#226
• Updating the GitHub Actions and versions of Go used by @​mattfarina in Masterminds/semver#229
• Fix spelling in README by @​robinschneider in Masterminds/semver#222
• Adding go build cache to fuzz output by @​mattfarina in Masterminds/semver#232
• Add caching to fuzz testing by @​mattfarina in Masterminds/semver#234
• updating github actions by @​mattfarina in Masterminds/semver#235
• feat: nil version equality by @​KnutZuidema in Masterminds/semver#213
• add >= and <= by @​grosser in Masterminds/semver#238
• doc: hyphen range constraint without whitespace by @​johnnychen94 in Masterminds/semver#216
• Removing reference to vert by @​mattfarina in Masterminds/semver#245
• simplify StrictNewVersion by @​grosser in Masterminds/semver#241
• Updating the testing version of Go used by @​mattfarina in Masterminds/semver#246
• bumping min version in go.mod based on what's tested by @​mattfarina in Masterminds/semver#248
• Updating changelog for 3.3.0 by @​mattfarina in Masterminds/semver#249

New Contributors

• @​sdelicata made their first contribution in Masterminds/semver#226
• @​robinschneider made their first contribution in Masterminds/semver#222
• @​KnutZuidema made their first contribution in Masterminds/semver#213
• @​grosser made their first contribution in Masterminds/semver#238
• @​johnnychen94 made their first contribution in Masterminds/semver#216

Full Changelog: https://github.com/Masterminds/semver/compare/v3.2.1...v3.3.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

3.3.0 (2024-08-27)

Added

• #238: Add LessThanEqual and GreaterThanEqual functions (thanks @​grosser)
• #213: nil version equality checking (thanks @​KnutZuidema)

Changed

• #241: Simplify StrictNewVersion parsing (thanks @​grosser)
• Testing support up through Go 1.23
• Minimum version set to 1.21 as this is what's tested now
• Fuzz testing now supports caching

Commits

• e6e3d4d Merge pull request #249 from mattfarina/update-changelog-3.3.0
• e80c4ea Updating changelog for 3.3.0
• 80427ad Merge pull request #248 from mattfarina/bump-min-version
• b610837 bumping min version in go.mod based on what's tested
• a4cccd8 Merge pull request #246 from mattfarina/bump-go-1.23
• 7c178cf Updating the testing version of Go used
• 29f94c1 Merge pull request #241 from grosser/grosser/validate
• 2cf1b16 Merge pull request #245 from mattfarina/remove-vert
• b55476a Removing reference to vert
• d07450b simplify StrictNewVersion
• Additional commits viewable in compare view

Updates github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0

Release notes

Sourced from github.com/Masterminds/sprig/v3's releases.

v3.3.0

What's Changed

• Updating the Go versions used in testing by @​mattfarina in Masterminds/sprig#405
• Change intial to initial. by @​chrishalbert in Masterminds/sprig#391
• Updating dependencies by @​mattfarina in Masterminds/sprig#404
• correct value by @​jheyduk in Masterminds/sprig#376
• Updating location of mergo by @​mattfarina in Masterminds/sprig#406
• feature: added sha512sum function by @​itzik-elayev in Masterminds/sprig#400
• docs: Add missing link to url functions by @​carlpett in Masterminds/sprig#375
• Update doc.go by @​chey in Masterminds/sprig#369
• Update mathf.md by @​zzhu41 in Masterminds/sprig#290
• Removing duplicate documentation by @​mattfarina in Masterminds/sprig#407
• Updating the changelog for the 3.3.0 release by @​mattfarina in Masterminds/sprig#408

New Contributors

• @​chrishalbert made their first contribution in Masterminds/sprig#391
• @​jheyduk made their first contribution in Masterminds/sprig#376
• @​itzik-elayev made their first contribution in Masterminds/sprig#400
• @​carlpett made their first contribution in Masterminds/sprig#375
• @​chey made their first contribution in Masterminds/sprig#369
• @​zzhu41 made their first contribution in Masterminds/sprig#290

Full Changelog: https://github.com/Masterminds/sprig/compare/v3.2.3...v3.3.0

Changelog

Sourced from github.com/Masterminds/sprig/v3's changelog.

Release 3.3.0 (2024-08-29)

Added

• #400: added sha512sum function (thanks @​itzik-elayev)

Changed

• #407: Removed duplicate documentation (functions were documentated in 2 places)
• #290: Corrected copy/paster oops in math documentation (thanks @​zzhu41)
• #369: Corrected template reference in docs (thanks @​chey)
• #375: Added link to URL documenation (thanks @​carlpett)
• #406: Updated the mergo dependency which had a breaking change (which was accounted for)
• #376: Fixed documentation error (thanks @​jheyduk)
• #404: Updated dependency tree
• #391: Fixed misspelling (thanks @​chrishalbert)
• #405: Updated Go versions used in testing

Commits

• e708470 Merge pull request #408 from mattfarina/update-changelog-3.3
• 8fc4354 Updating the changelog for the 3.3.0 release
• cb81a32 Merge pull request #407 from mattfarina/remove-dup-math-functions
• 2637693 Removing duplicate documentation
• 06b9a87 Merge pull request #290 from zzhu41/patch-1
• e663ec6 Merge pull request #369 from chey/patch-1
• bb2f73f Merge pull request #375 from carlpett/patch-1
• f07659e Merge pull request #400 from itzik-elayev/master
• 98b35c1 Add closing bracket
• 7a88928 Merge pull request #406 from mattfarina/update-mergo
• Additional commits viewable in compare view

Updates github.com/Microsoft/hcsshim from 0.12.4 to 0.12.9

Release notes

Sourced from github.com/Microsoft/hcsshim's releases.

v0.12.9

What's Changed

• [release/0.12] Update go to 1.22 + switch to using containerd/errdefs/pkg/errgrpc for grpc translation by @​kiashok in microsoft/hcsshim#2301

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.8...v0.12.9

v0.12.8

What's Changed

• Fixing typo by @​ritikaguptams in microsoft/hcsshim#2289
• [release/0.12] Update containerd to v1.7.23 by @​dmcgowan in microsoft/hcsshim#2295

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.7...v0.12.8

v0.12.7

What's Changed

• [release/0.12] Update pkg versions in go.mod by @​kiashok in microsoft/hcsshim#2275
• [release/0.12] Update runc version to 1.1.14 by @​kiashok in microsoft/hcsshim#2271

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.6...v0.12.7

v0.12.6

What's Changed

• [release/0.12] Backport commits from hcsshim/main to update module versions by @​kiashok in microsoft/hcsshim#2237

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.5...v0.12.6

v0.12.5

What's Changed

• [release/0.12] Adding state attribute to the HNSEndpoint struct to support hyperv co… by @​ritikaguptams in microsoft/hcsshim#2183
• [release/0.12] vendor: github.com/containerd/containerd v17.18 by @​thaJeztah in microsoft/hcsshim#2186
• [release/0.12] Backport networking commits for L1VH feature by @​princepereira in microsoft/hcsshim#2205

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.4...v0.12.5

Commits

• 7392335 Switch to using containerd/errdefs/pkg/errgrpc for grpc translation
• 79d3f32 Update go to 1.22
• 05636b9 Update JOB_OBJECT_ALL_ACCESS and OpenJobObject (#2095)
• 1550628 mobve SILOOBJECT_BASIC_INFORMATION to winapi
• bf52d58 fix SILOOBJECT_BASIC_INFORMATION alignment
• 8d48d87 Update containerd to v1.7.23 (#2295)
• 4ad298f Fixing typo (#2289)
• 86b5333 Bump golangci/golangci-lint-action from 4 to 6
• 5ae96f3 Update runc to v1.1.14
• 8f3fccd Update pkg versions
• Additional commits viewable in compare view

Updates github.com/andybalholm/brotli from 1.1.0 to 1.1.1

Commits

• 57434b5 Encoder: check for empty block
• 97e8583 matchfinder.M4: some refinements to scoring
• See full diff in compare view

Updates github.com/bmatcuk/doublestar/v4 from 4.6.1 to 4.7.1

Release notes

Sourced from github.com/bmatcuk/doublestar/v4's releases.

Fixed FilepathGlob("")

To be consistent with filepath.Glob, FilepathGlob("") returns nil.

Added MatchUnvalidated, PathMatchUnvalidated

These functions provide a small performance improvement in cases where you don't care about whether or not the pattern is valid (maybe because you already ran ValidatePattern).

Commits

• 1e20c6d fixes #95 FilepathGlob("") should return nil
• da152ef add docs for MatchUnvalidated, PathMatchUnvalidated
• 2832f67 closes #92 adds MatchUnvalidated
• 424062b added sponsor: MASV
• See full diff in compare view

Updates github.com/cloudflare/circl from 1.3.9 to 1.5.0

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.5.0

New: ML-DSA, Module-Lattice-based Digital Signature Algorithm.

What's Changed

• kem: add X25519MLKEM768 TLS hybrid KEM by @​bwesterb in cloudflare/circl#510
• Create semgrep.yml by @​hrushikeshdeshpande in cloudflare/circl#514
• repo: Some fixes reported by CodeQL by @​armfazh in cloudflare/circl#515
• Add ML-DSA (FIPS204) by @​bwesterb in cloudflare/circl#480
• sign/mldsa: Add test for ML-DSA signature verification. by @​armfazh in cloudflare/circl#517
• Release v1.5.0 by @​armfazh in cloudflare/circl#518

New Contributors

• @​hrushikeshdeshpande made their first contribution in cloudflare/circl#514

Full Changelog: https://github.com/cloudflare/circl/compare/v1.4.0...v1.5.0

CIRCL v1.4.0

Changes

New: ML-KEM compatible with FIPS-203.

Commit History

• eddilithium3: fix typos by @​bwesterb in cloudflare/circl#503
• Add ML-KEM (FIPS 203). by @​bwesterb in cloudflare/circl#470
• Add ML-KEM decapsulation key check. by @​bwesterb in cloudflare/circl#507
• Preparing for release v1.4.0 by @​armfazh in cloudflare/circl#508

Full Changelog: https://github.com/cloudflare/circl/compare/v1.3.9...v1.4.0

Commits

• 1310edf Release v1.5.0
• 0246d59 Add test for ML-DSA signature verification.
• e2bbd01 Add ML-DSA (FIPS204) (#480)
• 2ba992f Reverting arm64 jobs since qemu can't run go1.23 binaries yet.
• ab15f82 Updates golangci-lint to v1.61.0 and fixes code.
• 064a9ba Bump to go1.22 inner files and ci jobs.
• 7040592 Adding semgrepignore to also analyse test files.
• 51a9a33 Update semgrep.yml
• cfbc696 Create semgrep.yml
• 2d6cd98 kem: add X25519MLKEM768 TLS hybrid KEM
• Additional commits viewable in compare view

Updates github.com/cpuguy83/dockercfg from 0.3.1 to 0.3.2

Release notes

Sourced from github.com/cpuguy83/dockercfg's releases.

v0.3.2

What's Changed

• chore: improve errors by @​stevenh in cpuguy83/dockercfg#3

New Contributors

• @​stevenh made their first contribution in cpuguy83/dockercfg#3

Full Changelog: https://github.com/cpuguy83/dockercfg/compare/v0.3.1...v0.3.2

Commits

• a07c3d1 Merge pull request #3 from stevenh/chore/improve-errors
• 91bd66a chore: improve errors
• See full diff in compare view

Updates github.com/cyphar/filepath-securejoin from 0.2.5 to 0.3.4

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.3.4

This release primarily includes a fix that blocked using filepath-securejoin in Kubernetes.

• Previously, some testing mocks we had resulted in us doing import "testing" in non-_test.go code, which made some downstreams like Kubernetes unhappy. This has been fixed. (#32)

Thanks to all of the contributors who made this release possible:

• Aleksa Sarai cyphar@cyphar.com
• Stephen Kitt skitt@redhat.com

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

v0.3.3

This release primarily includes fixes for spurious errors we hit when checking that directories created by MkdirAll "look right". Upon further consideration, these checks were fundamentally buggy and didn't offer any practical protection anyway.

• The mode and owner verification logic in MkdirAll has been removed. This was originally intended to protect against some theoretical attacks but upon further consideration these protections don't actually buy us anything and they were causing spurious errors with more complicated filesystem setups.
• The "is the created directory empty" logic in MkdirAll has also been removed. This was not causing us issues yet, but some pseudofilesystems (such as cgroup) create non-empty directories and so this logic would've been wrong for such cases.

Thanks to all of the contributors who made this release possible:

• Aleksa Sarai cyphar@cyphar.com
• Kir Kolyshkin kolyshkin@gmail.com

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

v0.3.2

This release includes a few fixes for MkdirAll when dealing with S_ISUID and S_ISGID, to solve a regression runc hit when switching to MkdirAll.

• Passing the S_ISUID or S_ISGID modes to MkdirAllInRoot will now return an explicit error saying that those bits are ignored by mkdirat(2). In the past a different error was returned, but since the silent ignoring behaviour is codified in the man pages a more explicit error seems apt. While silently ignoring these bits would be the most compatible option, it could lead to users thinking their code sets these bits when it doesn't. Programs that need to deal with compatibility can mask the bits themselves. (#23, #25)

... (truncated)

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.3.4] - 2024-10-09

Fixed

• Previously, some testing mocks we had resulted in us doing import "testing" in non-_test.go code, which made some downstreams like Kubernetes unhappy. This has been fixed. (#32)

[0.3.3] - 2024-09-30

Fixed

• The mode and owner verification logic in MkdirAll has been removed. This was originally intended to protect against some theoretical attacks but upon further consideration these protections don't actually buy us anything and they were causing spurious errors with more complicated filesystem setups.
• The "is the created directory empty" logic in MkdirAll has also been removed. This was not causing us issues yet, but some pseudofilesystems (such as cgroup) create non-empty directories and so this logic would've been wrong for such cases.

[0.3.2] - 2024-09-13

Changed

• Passing the S_ISUID or S_ISGID modes to MkdirAllInRoot will now return an explicit error saying that those bits are ignored by mkdirat(2). In the past a different error was returned, but since the silent ignoring behaviour is codified in the man pages a more explicit error seems apt. While silently ignoring these bits would be the most compatible option, it could lead to users thinking their code sets these bits when it doesn't. Programs that need to deal with compatibility can mask the bits themselves. (#23, #25)

Fixed

• If a directory has S_ISGID set, then all child directories will have S_ISGID set when created and a different gid will be used for any inode created under the directory. Previously, the "expected owner and mode" validation in securejoin.MkdirAll did not correctly handle this. We now correctly handle this case. (#24, #25)

[0.3.1] - 2024-07-23

Changed

• By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll to do the necessary "partial lookups", Open(at)InRoot now does less work for both implementations (resulting in a many-fold decrease in the number of operations for openat2, and a modest improvement for non-openat2) and is far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT) behaviour.
• We now use readlinkat(fd, "") where possible. For Open(at)InRoot this effectively just means that we no longer risk getting spurious errors during rename races. However, for our hardened procfs handler, this in theory should prevent mount attacks from tricking us when doing magic-link readlinks (even

... (t... _Description has been truncated_

[dependabot[bot]]

Looks like these dependencies are updatable in another way, so this is no longer needed.