paketo-buildpacks / poetry-install

Apache License 2.0
1 stars 6 forks source link

Bump the go-modules group across 1 directory with 45 updates #384

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 4 months ago

Bumps the go-modules group with 26 updates in the / directory:

Package From To
github.com/BurntSushi/toml 1.3.2 1.4.0
github.com/onsi/gomega 1.30.0 1.33.1
github.com/paketo-buildpacks/occam 0.18.0 0.18.7
github.com/CycloneDX/cyclonedx-go 0.7.2 0.9.0
github.com/Microsoft/hcsshim 0.11.5 0.12.4
github.com/andybalholm/brotli 1.0.6 1.1.0
github.com/cenkalti/backoff/v4 4.2.1 4.3.0
github.com/cloudflare/circl 1.3.7 1.3.8
github.com/cyphar/filepath-securejoin 0.2.4 0.2.5
github.com/distribution/reference 0.5.0 0.6.0
github.com/docker/cli 26.0.0+incompatible 26.1.4+incompatible
github.com/docker/docker-credential-helpers 0.8.0 0.8.2
github.com/gabriel-vasile/mimetype 1.4.3 1.4.4
github.com/go-git/go-git/v5 5.10.1 5.12.0
github.com/huandu/xstrings 1.4.0 1.5.0
github.com/klauspost/compress 1.17.4 1.17.8
github.com/knqyf263/go-rpmdb 0.0.0-20230301153543-ba94b245509b 0.1.1
github.com/pierrec/lz4/v4 4.1.19 4.1.21
github.com/rivo/uniseg 0.4.4 0.4.7
github.com/sassoftware/go-rpmutils 0.2.0 0.4.0
github.com/shopspring/decimal 1.3.1 1.4.0
github.com/spdx/tools-golang 0.5.3 0.5.4
github.com/sylabs/sif/v2 2.15.0 2.16.0
github.com/tklauser/go-sysconf 0.3.13 0.3.14
github.com/yusufpapurcu/wmi 1.2.3 1.2.4
google.golang.org/protobuf 1.33.0 1.34.1

Updates github.com/BurntSushi/toml from 1.3.2 to 1.4.0

Release notes

Sourced from github.com/BurntSushi/toml's releases.

v1.4.0

This version requires Go 1.18

  • Add toml.Marshal() (#405)

  • Require 2-digit hour (#320)

  • Wrap UnmarshalTOML() and UnmarshalText() return values in ParseError for position information (#398)

  • Fix inline tables with dotted keys inside inline arrays (e.g. k=[{a.b=1}]) (#400)

Commits
  • 1e2c053 Undeprecate PrimitiveDecode and MetaData.PrimitiveDecode()
  • f8f7e48 Update toml-test
  • 9a80667 Add -json flag to tomlv
  • 3203540 fuzz: move fuzz_targets from oss-fuzz (#406)
  • 77ce858 Add Marshal Function (#405)
  • 0e879cb Fix panic when trying to set subkey for a value that's not a table
  • c299e75 Update toml-test
  • 4223137 Fix inline tables with dotted keys inside inline arrays (#400)
  • 45e7e49 Update toml-test
  • c320c2d Fix utf8.RuneError test
  • Additional commits viewable in compare view


Updates github.com/onsi/gomega from 1.30.0 to 1.33.1

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.33.1

1.33.1

Fixes

  • fix confusing eventually docs [3a66379]

Maintenance

  • Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2 [e9bc35a]

v1.33.0

1.33.0

Features

Receive not accepts Receive(<POINTER>, MATCHER>), allowing you to pick out a specific value on the channel that satisfies the provided matcher and is stored in the provided pointer.

Maintenance

  • Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745) [9999deb]
  • Bump github-pages from 229 to 230 in /docs (#735) [cb5ff21]
  • Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746) [bac6596]

v1.32.0

1.32.0

Maintenance

  • Migrate github.com/golang/protobuf to google.golang.org/protobuf [436a197]

    This release drops the deprecated github.com/golang/protobuf and adopts google.golang.org/protobuf. Care was taken to ensure the release is backwards compatible (thanks @​jbduncan !). Please open an issue if you run into one.

  • chore: test with Go 1.22 (#733) [32ef35e]

  • Bump golang.org/x/net from 0.19.0 to 0.20.0 (#717) [a0d0387]

  • Bump github-pages and jekyll-feed in /docs (#732) [b71e477]

  • docs: fix typo and broken anchor link to gstruct [f460154]

  • docs: fix HaveEach matcher signature [a2862e4]

v1.31.1

1.31.1

Fixes

  • Inverted arguments order of FailureMessage of BeComparableToMatcher [e0dd999]
  • Update test in case keeping msg is desired [ad1a367]

Maintenance

  • Show how to import the format sub package [24e958d]
  • tidy up go.sum [26661b8]
  • bump dependencies [bde8f7a]

v1.31.0

1.31.0

... (truncated)

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.33.1

Fixes

  • fix confusing eventually docs [3a66379]

Maintenance

  • Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2 [e9bc35a]

1.33.0

Features

Receive not accepts Receive(<POINTER>, MATCHER>), allowing you to pick out a specific value on the channel that satisfies the provided matcher and is stored in the provided pointer.

Maintenance

  • Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745) [9999deb]
  • Bump github-pages from 229 to 230 in /docs (#735) [cb5ff21]
  • Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746) [bac6596]

1.32.0

Maintenance

  • Migrate github.com/golang/protobuf to google.golang.org/protobuf [436a197]

    This release drops the deprecated github.com/golang/protobuf and adopts google.golang.org/protobuf. Care was taken to ensure the release is backwards compatible (thanks @​jbduncan !). Please open an issue if you run into one.

  • chore: test with Go 1.22 (#733) [32ef35e]

  • Bump golang.org/x/net from 0.19.0 to 0.20.0 (#717) [a0d0387]

  • Bump github-pages and jekyll-feed in /docs (#732) [b71e477]

  • docs: fix typo and broken anchor link to gstruct [f460154]

  • docs: fix HaveEach matcher signature [a2862e4]

1.31.1

Fixes

  • Inverted arguments order of FailureMessage of BeComparableToMatcher [e0dd999]
  • Update test in case keeping msg is desired [ad1a367]

Maintenance

  • Show how to import the format sub package [24e958d]
  • tidy up go.sum [26661b8]
  • bump dependencies [bde8f7a]

1.31.0

Features

  • Async assertions include context cancellation cause if present [121c37f]

Maintenance

  • Bump minimum go version [dee1e3c]

... (truncated)

Commits
  • 8a658bb v1.33.1
  • e9bc35a Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2
  • 3a66379 fix confusing eventually docs
  • f2e65fc v1.33.0
  • 02e8706 docs: Receive(POINTER, MATCHER)
  • ec1f186 feat: receiver matcher accepting (POINTER, MATCHER), includes unit tests
  • 9999deb Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745)
  • cb5ff21 Bump github-pages from 229 to 230 in /docs (#735)
  • bac6596 Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746)
  • 4379951 v1.32.0
  • Additional commits viewable in compare view


Updates github.com/paketo-buildpacks/occam from 0.18.0 to 0.18.7

Release notes

Sourced from github.com/paketo-buildpacks/occam's releases.

v0.18.7

What's Changed

Full Changelog: https://github.com/paketo-buildpacks/occam/compare/v0.18.6...v0.18.7

v0.18.6

What's Changed

Full Changelog: https://github.com/paketo-buildpacks/occam/compare/v0.18.5...v0.18.6

v0.18.5

What's Changed

Full Changelog: https://github.com/paketo-buildpacks/occam/compare/v0.18.4...v0.18.5

v0.18.4

What's Changed

Full Changelog: https://github.com/paketo-buildpacks/occam/compare/v0.18.3...v0.18.4

v0.18.3

What's Changed

... (truncated)

Commits
  • aff3030 Buildpack packaging should always target linux
  • 7b8692d Updates go mod toolchain version to 1.22.4
  • ddf2781 Bump github.com/docker/docker
  • e9fee75 Adds support of buildpackages in buildpack store and updates freezer (#302)
  • dda57be Updating github-config
  • f0b937b Use stable go version everywhere.
  • 354d744 Bump to go 1.21
  • 64bc107 Updating github-config
  • d00fe4b Bump github.com/docker/docker
  • 37502e4 Bump github.com/testcontainers/testcontainers-go from 0.30.0 to 0.31.0
  • Additional commits viewable in compare view


Updates github.com/paketo-buildpacks/packit/v2 from 2.12.0 to 2.14.0

Release notes

Sourced from github.com/paketo-buildpacks/packit/v2's releases.

v2.14.0

What's Changed

New Contributors

Full Changelog: https://github.com/paketo-buildpacks/packit/compare/v2.13.0...v2.14.0

v2.13.0

What's Changed

New Contributors

Full Changelog: https://github.com/paketo-buildpacks/packit/compare/v2.12.0...v2.13.0

Commits
  • 13393ec Support reading service bindings from VCAP_SERVICES env var (#566)
  • 35d8f76 Bump github.com/onsi/gomega from 1.33.0 to 1.33.1
  • ce376b7 Fixes mirror bug when originalHost is excluded (#569)
  • 4c9f338 Allows users to set a dependency mirror (#563)
  • 4e9c21d Bump github.com/onsi/gomega from 1.32.0 to 1.33.0
  • dd77ec5 Bump github.com/ulikunitz/xz from 0.5.11 to 0.5.12
  • 95b8056 Bump github.com/onsi/gomega from 1.31.1 to 1.32.0
  • 777a503 Bump github.com/stretchr/testify from 1.8.4 to 1.9.0
  • c1b785b Bump github.com/google/uuid from 1.5.0 to 1.6.0
  • b31dc83 Bump github.com/onsi/gomega from 1.31.0 to 1.31.1
  • Additional commits viewable in compare view


Updates github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.9.0

Release notes

Sourced from github.com/CycloneDX/cyclonedx-go's releases.

v0.9.0

Changelog

Features

  • 729c284798ebe341ced210b661362f77d68cd655: feat: Add CycloneDX 1.6 fields swhid and omniborId (@​snyk-tim)
  • b5d35959767efce95f50e96bf752c47fbe374496: feat: add manufacturer and authors (@​snyk-tim)
  • c52e698d2fe3fbd60df6ff397f44e7b0ea15a4bc: feat: raise baseline go version to 1.20 (@​nscuro)

Fixes

  • 9166e10fdecaadd8a97ceed9636261d351d90a65: fix: ioutil -> io (@​nscuro)
  • 349fc8cd072e90d81c0328f1d9dab16aa30fcf60: fix: add bom-ref to OrganizationalEntity/Contact (@​snyk-tim)
  • c97da90e259e0051e02e07300c75ad5e37a0311b: fix: handle breaking changes in skywalking-eyes (@​nscuro)

Building and Packaging

  • ec6291e9ce9efbbb5d0010de4d8668fcbd05d148: build(deps): bump actions/checkout from 4.1.1 to 4.1.5 (@​dependabot[bot])
  • 899fe391ca4d756f1d5ba84478d3bc8795003cba: build(deps): bump actions/checkout from 4.1.5 to 4.1.6 (@​dependabot[bot])
  • 8674ed5ecc38b65e03908b5a74308c95039068a9: build(deps): bump actions/setup-go from 5.0.0 to 5.0.1 (@​dependabot[bot])
  • db3a1144a2ce30b85e5985d2755fa3e4a81c5ca8: build(deps): bump apache/skywalking-eyes from 0.4.0 to 0.6.0 (@​dependabot[bot])
  • a3bd05518575f14d917685a02c689f81eedaad5c: build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (@​dependabot[bot])
  • 1179dd9051112c3b44a6cc577964c7d501a7258b: build(deps): bump gitpod/workspace-go from 8b9a0f6 to 8d15123 (@​dependabot[bot])
  • d98494ea11dbb6550705d46d2473aa2a4a18e642: build(deps): bump gitpod/workspace-go from 9118b93 to 8b9a0f6 (@​dependabot[bot])
  • 1e2a3a09e86d720729a3ab7ec55ed3ffa75164a5: build(deps): bump gitpod/workspace-go from 94ae638 to 9118b93 (@​dependabot[bot])
  • d4d6e35fcfb08d14589b4a693aac3f28978b640b: build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (@​dependabot[bot])
  • 521d1ce7b555013f2b78d8c4a21954815863ab44: build(deps): bump golangci/golangci-lint-action from 4.0.0 to 6.0.1 (@​dependabot[bot])
  • f1ebafe5e2d2af3a3d551eb23c583a93b7ebccbf: build(deps): bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 (@​dependabot[bot])

Others

  • 16d2143b3d74b77af8a309b331e1bc46a445f495: Fix(1.6): Added missing omitempty in NistQuantumSecurityLevel (@​Petzys)
  • ffec473428073e1266169e97c1c64de95e89981b: chore: add license header (@​mcombuechen)
  • 1f8fdcc0047611a8baacfcd214c5ba3821fefd51: feat(1.6): add BOM.Declarations (@​mcombuechen)
  • 62b53429289d6cc6884b111256588150e3fed308: feat(1.6): add BOM.Definitions (@​mcombuechen)
  • c33b9cb58eaa14e89740182fbde2a0cc888bc457: feat(1.6): add CBOM types (@​Petzys)
  • 10e10c8bc8fcac6f90c914828786f11e404919b8: feat(1.6): add JSON schema, XML namespace (@​mcombuechen)
  • 2dc599a8ad0f2be20e9bfc55ba75764758e6c7b8: feat(1.6): add License.Acknowledgement (@​mcombuechen)
  • 7a32fde7e9e9e5fb44f8f8aafadd83a21ff82aaf: feat(1.6): add PostalAddress type (@​mcombuechen)
  • b8e4529773c3d12b172729567574ea6201231682: feat(1.6): add SpecVersion for v1.6 (@​mcombuechen)
  • c8778287f29dd21bff18a4f27f71f495de7b4991: feat(1.6): add environmentalConsiderations (@​mcombuechen)
  • e0e9c670e1617adbdd147cff7cc0747769a4e723: feat(1.6): add schema definitions for CycloneDX 1.6 (@​mcombuechen)
  • b1636c2d6bb8aca4161402958a8d894aab7d66b5: feat(1.6): extend EvidenceOccurrence (@​mcombuechen)
  • b4b3b94a60b1665c1d0492744032a9375ef751b1: fix(1.6): convert occurrences of OrganizationalEntity (@​mcombuechen)
  • 9332ca660b772bc538b3c274ceb3d9f81caa0eb8: fix(1.6): fix json, xml labels on BOM.Definitions (@​mcombuechen)

v0.8.0

This release ships with almost complete support for v1.5 of the CycloneDX specification.

The only exception being the extended data flow support, as used in SaaS BOMs.

Unfortunately, there are also breaking changes in this release:

  • The type of Metadata.Tools has changed from *[]Tool to *ToolsChoice, to facilitate the deprecation of Tool in the spec
    • ToolsChoice holds both legacy *[]Tool, as well as the new *[]Component and *[]Service fields
    • The Tool type, as well as the ToolsChoice.Tools field are marked as deprecated
    • During encoding and decoding, it is asserted that only one of both options can be present, in accordance with the "One of" constraint of the spec
    • When encoding to lower spec versions than v1.5 (using EncodeVersion), Components and Services are automatically converted to legacy Tools

... (truncated)

Commits
  • 98a070d Merge pull request #184 from CycloneDX/go-1.20
  • 07eb476 Merge pull request #139 from CycloneDX/dependabot/github_actions/apache/skywa...
  • 9166e10 fix: ioutil -> io
  • c97da90 fix: handle breaking changes in skywalking-eyes
  • c52e698 feat: raise baseline go version to 1.20
  • b1ff85b Merge pull request #181 from CycloneDX/dependabot/docker/gitpod/workspace-go-...
  • 64d6336 Merge pull request #182 from CycloneDX/spec/1.6
  • 199cd18 Merge pull request #183 from snyk/fix/convert-lic-header
  • ffec473 chore: add license header
  • 1179dd9 build(deps): bump gitpod/workspace-go from 8b9a0f6 to 8d15123
  • Additional commits viewable in compare view


Updates github.com/ForestEckhardt/freezer from 0.0.12 to 0.1.0

Release notes

Sourced from github.com/ForestEckhardt/freezer's releases.

v0.1.0

What's Changed

Full Changelog: https://github.com/ForestEckhardt/freezer/compare/v0.0.12...v0.1.0

Commits


Updates github.com/Microsoft/hcsshim from 0.11.5 to 0.12.4

Release notes

Sourced from github.com/Microsoft/hcsshim's releases.

v0.12.4

What's Changed

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.3...v0.12.4

v0.12.3

What's Changed

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.2...v0.12.3

v0.12.2

No release notes provided.

v0.12.1

What's Changed

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.0...v0.12.1

v0.12.0

What's Changed

New Contributors

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.0-rc.3...v0.12.0

v0.12.0-rc.3

What's Changed

... (truncated)

Commits
  • c6a8327 Adding support for loadbalancer policy update in hns. (#2085)
  • 44e4ec0 Changes for checking the global version for modify policy version support. (#...
  • 62f86c0 OutBoundNATPolicy Schema changes (#2106)
  • c950974 Update go-winio to v0.6.2 & fix lint errors
  • ad1ccf5 fix: move permissions to the correct job (#2080) (#2081)
  • 6588c1c Updating permissions and github release action versions (#2078) (#2079)
  • 202f90a Add spans and drop large size high volume trace logs
  • fe8c673 update newBinaryCmd URL path handling (#2041)
  • 85086d7 Upgrade to go1.21 + fix lint errors
  • 8039310 [deps] Omni-bus dependency update (#2039)
  • Additional commits viewable in compare view


Updates github.com/andybalholm/brotli from 1.0.6 to 1.1.0

Commits
  • 17e5901 Make my matchfinder work more accessible.
  • cf812c0 matchfinder: add M0
  • 1b6cf36 matchfinder: remove MultiHash
  • 265f3af matchfinder: penalize score for overlapping matches
  • a8d524a matchfinder: replace Score function with DistanceBitCost
  • 578645e matchfinder: add MultiHash
  • 24b2bfa matchfinder.M4: add Score function
  • 4a024e3 matchfinder.M4: add match chain
  • 3a1c5cd Fix typo in comment.
  • 0d2aef3 matchfinder.M4: factor out extendMatch2
  • Additional commits viewable in compare view


Updates github.com/cenkalti/backoff/v4 from 4.2.1 to 4.3.0

Commits
  • 720b789 remove travis badge from readme
  • a83af7f feat(backoff): Add functional options for ExponentialBackOff Closes #136
  • See full diff in compare view


Updates github.com/cloudflare/circl from 1.3.7 to 1.3.8

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.3.8

New

  • BLS Signatures on top of BLS12-381.
  • Adopt faster squaring in pairings.
  • BlindRSA compliant with RFC9474.
  • (Verifiable) Secret Sharing compatible with the Group interface (elliptic curves).

Notice

What's Changed

New Contributors

Full Changelog: https://github.com/cloudflare/circl/compare/v1.3.7...v1.3.8

Commits
  • 4bb5601 Serializing ciphertext with 32-bit prefixes.
  • a4252c7 Test functions working with ciphertext.
  • 64431bb Testing long plaintext.
  • fe2b663 Using SHAKE128 as a fixed prgn for golden files.
  • 2c600ff Align to the purego build tag, removing noasm build tag
  • a4b7601 Ensure pairing functions don't overwrite the input.
  • b4f1578 Test that shows pairing functions overwrite its input.
  • bba8f1a Bumps golangci-lint action (#485)
  • dc430ec Explicitly installs Go with version before CodeQL analysis.
  • fd7a97f Rename test file extension.
  • Additional commits viewable in compare view


Updates github.com/cyphar/filepath-securejoin from 0.2.4 to 0.2.5

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.2.5

This release makes some minor improvements to SecureJoin:

  • Some changes were made to how lexical components are handled during resolution. There is no change in behaviour, and both implementations are safe, however the newer implementation is much easier to reason about.

  • The error returned when a symlink loop has been detected will now reference the correct path. #10

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

Commits
  • d861a11 VERSION: release v0.2.5
  • 87bc53a join: fix ELOOP error path
  • e9be397 join: don't allow .. and . in working path during resolution
  • 75cdbea gha: update Go versions
  • b69b737 VERSION: back to development
  • See full diff in compare view


Updates github.com/distribution/reference from 0.5.0 to 0.6.0

Release notes

Sourced from github.com/distribution/reference's releases.

v0.6.0

What's Changed

New Contributors

Full Changelog: https://github.com/distribution/reference/compare/v0.5.0...v0.6.0

Commits
  • ff14faf Merge pull request #9 from ozairasim/exclude-domain-from-name-length-validation
  • 2a66312 Merge pull request #10 from xrstf/patch-1
  • 094e717 fix typo in readme
  • aaca75e Exclude domain from name length check
  • 8507c7f Merge pull request #7 from thaJeztah/cleanup_splitDockerDomain
  • 89ee7ec refactor splitDockerDomain to include more documentation
  • a3fb784 Merge pull request #5 from thaJeztah/rm_deprecated
  • 4894124 remove deprecated SplitHostname
  • See full diff in compare view


Updates github.com/docker/cli from 26.0.0+incompatible to 26.1.4+incompatible

Commits
  • 5650f9b Merge pull request #5116 from thaJeztah/26.1_update_engine
  • e8bc27d vendor: github.com/docker/docker de5c9cf0b96e (v26.1.4-dev)
  • 2acb9c2 vendor: github.com/containerd/containerd v1.7.18
  • 230d4d0 vendor: github.com/containerd/containerd v1.7.17
  • 6d47c06 vendor: tags.cncf.io/container-device-interface v0.7.2
  • a6d757c vendor: github.com/Microsoft/hcsshim v0.11.5
  • c463d96 vendor: github.com/opencontainers/image-spec v1.1.0... _Description has been truncated_
dependabot[bot] commented 4 months ago

Looks like these dependencies are updatable in another way, so this is no longer needed.