Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2 [e9bc35a]
v1.33.0
1.33.0
Features
Receive not accepts Receive(<POINTER>, MATCHER>), allowing you to pick out a specific value on the channel that satisfies the provided matcher and is stored in the provided pointer.
Maintenance
Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745) [9999deb]
Bump github-pages from 229 to 230 in /docs (#735) [cb5ff21]
Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746) [bac6596]
v1.32.0
1.32.0
Maintenance
Migrate github.com/golang/protobuf to google.golang.org/protobuf [436a197]
This release drops the deprecated github.com/golang/protobuf and adopts google.golang.org/protobuf. Care was taken to ensure the release is backwards compatible (thanks @jbduncan !). Please open an issue if you run into one.
Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2 [e9bc35a]
1.33.0
Features
Receive not accepts Receive(<POINTER>, MATCHER>), allowing you to pick out a specific value on the channel that satisfies the provided matcher and is stored in the provided pointer.
Maintenance
Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745) [9999deb]
Bump github-pages from 229 to 230 in /docs (#735) [cb5ff21]
Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746) [bac6596]
1.32.0
Maintenance
Migrate github.com/golang/protobuf to google.golang.org/protobuf [436a197]
This release drops the deprecated github.com/golang/protobuf and adopts google.golang.org/protobuf. Care was taken to ensure the release is backwards compatible (thanks @jbduncan !). Please open an issue if you run into one.
Unfortunately, there are also breaking changes in this release:
The type of Metadata.Tools has changed from *[]Tool to *ToolsChoice, to facilitate the deprecation of Tool in the spec
ToolsChoice holds both legacy *[]Tool, as well as the new *[]Component and *[]Service fields
The Tool type, as well as the ToolsChoice.Tools field are marked as deprecated
During encoding and decoding, it is asserted that only one of both options can be present, in accordance with the "One of" constraint of the spec
When encoding to lower spec versions than v1.5 (using EncodeVersion), Components and Services are automatically converted to legacy Tools
It is strongly recommended to use Components and Services. However, when consuming BOMs, applications should still expect legacy Tools to be present, and handle them accordingly.
Changelog
Fixes
64eb0c84b3d909db47c5154c17d075f68b0c85ae: fix: remove format linters that require extra tooling (@nscuro)
Building and Packaging
696aa66151e800a672c9ec860f30d8716ae6a025: build(deps): bump actions/checkout from 3.5.3 to 4.1.0 (@dependabot[bot])
b50b319d1580d5b624cfc866bc108b589b328157: build(deps): bump actions/checkout from 4.1.0 to 4.1.1 (@dependabot[bot])
5cad1b0a7dad106950790fad960be5f7e62b2110: build(deps): bump actions/setup-go from 4.1.0 to 5.0.0 (@dependabot[bot])
b0910619560e5b0b0fae51dc97c4a343983873fb: build(deps): bump gitpod/workspace-go from d3603c7 to 94ae638 (@dependabot[bot])
9e310b6d641245c89aa01f07a21b50c38f04b087: build(deps): bump gitpod/workspace-go from f37c673 to d3603c7 (@dependabot[bot])
89494fd98291ca8115e02cab78e2e47360352f00: build(deps): bump goreleaser/goreleaser-action from 4.4.0 to 5.0.0 (@dependabot[bot])
Others
61dd91e0bbe730454bef42bc0c1b0a3f97411c02: feat(spec1-5): add support for machine learning (@nscuro)
f831960f0887c1f60681924e4d4382cd4bb52ff0: feat(spec1-5): update valid-vulnerability test snapshots (@nscuro)
ffc9a4eb9204f5a31b7fb1d6cd907e6cc3e93578: ci: enable more linters (@mmorel-35)
Bumps the go-modules group with 26 updates in the / directory:
1.3.2
1.4.0
1.30.0
1.33.1
0.18.0
0.18.5
2.12.0
2.14.0
0.7.2
0.8.0
0.6.1
0.6.2
0.11.4
0.12.3
1.0.6
1.1.0
4.2.1
4.3.0
1.3.7
1.3.8
0.2.4
0.2.5
0.5.0
0.6.0
0.8.0
0.8.2
1.4.3
1.4.4
5.11.0
5.12.0
1.5.3
1.5.4
1.17.4
1.17.8
0.0.0-20230301153543-ba94b245509b
0.1.1
4.1.19
4.1.21
0.4.4
0.4.7
0.2.0
0.4.0
1.3.1
1.4.0
0.5.3
0.5.4
2.15.0
2.16.0
0.3.13
0.3.14
1.2.3
1.2.4
Updates
github.com/BurntSushi/toml
from 1.3.2 to 1.4.0Release notes
Sourced from github.com/BurntSushi/toml's releases.
Commits
1e2c053
Undeprecate PrimitiveDecode and MetaData.PrimitiveDecode()f8f7e48
Update toml-test9a80667
Add -json flag to tomlv3203540
fuzz: move fuzz_targets from oss-fuzz (#406)77ce858
Add Marshal Function (#405)0e879cb
Fix panic when trying to set subkey for a value that's not a tablec299e75
Update toml-test4223137
Fix inline tables with dotted keys inside inline arrays (#400)45e7e49
Update toml-testc320c2d
Fix utf8.RuneError testUpdates
github.com/onsi/gomega
from 1.30.0 to 1.33.1Release notes
Sourced from github.com/onsi/gomega's releases.
... (truncated)
Changelog
Sourced from github.com/onsi/gomega's changelog.
... (truncated)
Commits
8a658bb
v1.33.1e9bc35a
Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.23a66379
fix confusing eventually docsf2e65fc
v1.33.002e8706
docs: Receive(POINTER, MATCHER)ec1f186
feat: receiver matcher accepting (POINTER, MATCHER), includes unit tests9999deb
Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745)cb5ff21
Bump github-pages from 229 to 230 in /docs (#735)bac6596
Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746)4379951
v1.32.0Updates
github.com/paketo-buildpacks/occam
from 0.18.0 to 0.18.5Release notes
Sourced from github.com/paketo-buildpacks/occam's releases.
Commits
f23ed80
use go 1.20 (#288)4e0efea
remove toolchain from go.modea10e39
update fakes059d6bc
Bump github.com/google/go-containerregistry from 0.14.0 to 0.19.11f22679
Bump github.com/docker/docker37cf400
Bump github.com/onsi/gomega from 1.30.0 to 1.32.0122482e
Bump github.com/testcontainers/testcontainers-go from 0.26.0 to 0.30.0 (#285)393f58f
Bump google.golang.org/protobuf from 1.31.0 to 1.33.0f37d228
Bump github.com/opencontainers/runc from 1.1.5 to 1.1.121d68391
tests: adding tests for NewContainerFromInspectOutput functionUpdates
github.com/paketo-buildpacks/packit/v2
from 2.12.0 to 2.14.0Release notes
Sourced from github.com/paketo-buildpacks/packit/v2's releases.
Commits
13393ec
Support reading service bindings from VCAP_SERVICES env var (#566)35d8f76
Bump github.com/onsi/gomega from 1.33.0 to 1.33.1ce376b7
Fixes mirror bug when originalHost is excluded (#569)4c9f338
Allows users to set a dependency mirror (#563)4e9c21d
Bump github.com/onsi/gomega from 1.32.0 to 1.33.0dd77ec5
Bump github.com/ulikunitz/xz from 0.5.11 to 0.5.1295b8056
Bump github.com/onsi/gomega from 1.31.1 to 1.32.0777a503
Bump github.com/stretchr/testify from 1.8.4 to 1.9.0c1b785b
Bump github.com/google/uuid from 1.5.0 to 1.6.0b31dc83
Bump github.com/onsi/gomega from 1.31.0 to 1.31.1Updates
github.com/CycloneDX/cyclonedx-go
from 0.7.2 to 0.8.0Release notes
Sourced from github.com/CycloneDX/cyclonedx-go's releases.
Commits
b9654ae
Merge pull request #90 from CycloneDX/spec-v1.564eb0c8
fix: remove format linters that require extra toolingc7a84ac
feat(spec1-5): handle deprecation of toolsf856daa
feat(spec1-5): add support for formulation2fbde0e
feat(spec1-5): add support for identity, occurrences, and callstack evidence61dd91e
feat(spec1-5): add support for machine learningf831960
feat(spec1-5): updatevalid-vulnerability
test snapshotsfe3a904
feat(spec1-5): add support for ssvc scoring method7d2713f
feat(spec1-5): add support for vulnerability proof of concept2ae5445
feat(spec1-5): add support for additional compositions and composition identityUpdates
github.com/Microsoft/go-winio
from 0.6.1 to 0.6.2Release notes
Sourced from github.com/Microsoft/go-winio's releases.
Commits
3c9576c
Update go1.21 and CI (#315)008bc6e
fileinfo: internally fix FileBasicInfo memory alignment (#312)bc421d9
Bug: Close hvsock handle on listen error; fix tests (#310)553a715
Merge pull request #302 from dblohm7/implevel21963303
pipe.go: add DialPipeAccessImpLevele6aebd6
fix: already typo (#303)eb5b095
sd.go: fix calculation of security descriptor length in SddlToSecurityDescrip...87c84cf
[lint] Remove deprecated tar.TypeRegA (#300)9f0d5dc
Switch from sycall to windows (#295)fec52bd
[lint] Fix errors from #276 (#296)Updates
github.com/Microsoft/hcsshim
from 0.11.4 to 0.12.3Release notes
Sourced from github.com/Microsoft/hcsshim's releases.
... (truncated)
Commits
c950974
Update go-winio to v0.6.2 & fix lint errorsad1ccf5
fix: move permissions to the correct job (#2080) (#2081)6588c1c
Updating permissions and github release action versions (#2078) (#2079)202f90a
Add spans and drop large size high volume trace logsfe8c673
updatenewBinaryCmd
URL path handling (#2041)85086d7
Upgrade to go1.21 + fix lint errors8039310
[deps] Omni-bus dependency update (#2039)7458e58
Update Cmd IO handling (#1937)5f9910a
Fix CodeQL pipeline failure (#2032)c56a09c
Merge pull request #1998 from yyatmsft/removeInternalTests2Updates
github.com/andybalholm/brotli
from 1.0.6 to 1.1.0Commits
17e5901
Make my matchfinder work more accessible.cf812c0
matchfinder: add M01b6cf36
matchfinder: remove MultiHash265f3af
matchfinder: penalize score for overlapping matchesa8d524a
matchfinder: replace Score function with DistanceBitCost578645e
matchfinder: add MultiHash24b2bfa
matchfinder.M4: add Score function4a024e3
matchfinder.M4: add match chain3a1c5cd
Fix typo in comment.0d2aef3
matchfinder.M4: factor out extendMatch2Updates
github.com/cenkalti/backoff/v4
from 4.2.1 to 4.3.0Commits
720b789
remove travis badge from readmea83af7f
feat(backoff): Add functional options for ExponentialBackOff Closes #136Updates
github.com/cloudflare/circl
from 1.3.7 to 1.3.8Release notes
Sourced from github.com/cloudflare/circl's releases.
Commits
4bb5601
Serializing ciphertext with 32-bit prefixes.a4252c7
Test functions working with ciphertext.64431bb
Testing long plaintext.fe2b663
Using SHAKE128 as a fixed prgn for golden files.2c600ff
Align to thepurego
build tag, removingnoasm
build taga4b7601
Ensure pairing functions don't overwrite the input.b4f1578
Test that shows pairing functions overwrite its input.bba8f1a
Bumps golangci-lint action (#485)dc430ec
Explicitly installs Go with version before CodeQL analysis.fd7a97f
Rename test file extension.Updates
github.com/containerd/containerd
from 1.7.10 to 1.7.12Release notes
Sourced from github.com/containerd/containerd's releases.
... (truncated)
Commits
71909c1
Merge pull request #9632 from dmcgowan/prepare-v1.7.12775d544
Prepare release notes for v1.7.124ebe8e2
Merge pull request #9624 from thaJeztah/1.7_update_golang_1.20.13a5dc5b8
update to go1.20.13, test go1.21.650e7359
Merge pull request #9548 from Dzejrou/1.7_fix_ignoring_umask5a675f2
Merge pull request #9602 from thaJeztah/1.7_backport_no_execabsccca466
Merge pull request #9605 from thaJeztah/1.7_backport_switch_moby_user9251072
remove github.com/opencontainers/runc dependency4e67213
vendor: github.com/cncf-tags/container-device-interface v0.6.1e0ee0be
go.mod: github.com/opencontainers/runtime-spec v1.1.0Looks like these dependencies are updatable in another way, so this is no longer needed.