paketo-buildpacks / poetry

Apache License 2.0
5 stars 6 forks source link

Bump the go-modules group across 1 directory with 42 updates #435

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 4 months ago

Bumps the go-modules group with 27 updates in the / directory:

Package From To
github.com/paketo-buildpacks/occam 0.18.0 0.18.7
github.com/Microsoft/hcsshim 0.11.7 0.12.5
github.com/andybalholm/brotli 1.0.6 1.1.0
github.com/cenkalti/backoff/v4 4.2.1 4.3.0
github.com/cloudflare/circl 1.3.7 1.3.9
github.com/cyphar/filepath-securejoin 0.2.4 0.3.0
github.com/docker/docker-credential-helpers 0.8.0 0.8.2
github.com/gabriel-vasile/mimetype 1.4.3 1.4.4
github.com/go-git/go-git/v5 5.11.0 5.12.0
github.com/go-logr/logr 1.4.1 1.4.2
github.com/huandu/xstrings 1.4.0 1.5.0
github.com/klauspost/compress 1.17.4 1.17.9
github.com/knqyf263/go-rpmdb 0.0.0-20230301153543-ba94b245509b 0.1.1
github.com/moby/sys/sequential 0.5.0 0.6.0
github.com/pierrec/lz4/v4 4.1.19 4.1.21
github.com/rivo/uniseg 0.4.4 0.4.7
github.com/sassoftware/go-rpmutils 0.2.0 0.4.0
github.com/shirou/gopsutil/v3 3.23.12 3.24.5
github.com/shopspring/decimal 1.3.1 1.4.0
github.com/spdx/tools-golang 0.5.3 0.5.5
github.com/sylabs/sif/v2 2.15.0 2.18.0
github.com/tklauser/go-sysconf 0.3.13 0.3.14
github.com/vbatts/go-mtree 0.5.3 0.5.4
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp 0.49.0 0.53.0
golang.org/x/mod 0.17.0 0.19.0
golang.org/x/net 0.25.0 0.27.0
google.golang.org/protobuf 1.33.0 1.34.2

Updates github.com/paketo-buildpacks/occam from 0.18.0 to 0.18.7

Release notes

Sourced from github.com/paketo-buildpacks/occam's releases.

v0.18.7

What's Changed

Full Changelog: https://github.com/paketo-buildpacks/occam/compare/v0.18.6...v0.18.7

v0.18.6

What's Changed

Full Changelog: https://github.com/paketo-buildpacks/occam/compare/v0.18.5...v0.18.6

v0.18.5

What's Changed

Full Changelog: https://github.com/paketo-buildpacks/occam/compare/v0.18.4...v0.18.5

v0.18.4

What's Changed

Full Changelog: https://github.com/paketo-buildpacks/occam/compare/v0.18.3...v0.18.4

v0.18.3

What's Changed

... (truncated)

Commits
  • aff3030 Buildpack packaging should always target linux
  • 7b8692d Updates go mod toolchain version to 1.22.4
  • ddf2781 Bump github.com/docker/docker
  • e9fee75 Adds support of buildpackages in buildpack store and updates freezer (#302)
  • dda57be Updating github-config
  • f0b937b Use stable go version everywhere.
  • 354d744 Bump to go 1.21
  • 64bc107 Updating github-config
  • d00fe4b Bump github.com/docker/docker
  • 37502e4 Bump github.com/testcontainers/testcontainers-go from 0.30.0 to 0.31.0
  • Additional commits viewable in compare view


Updates github.com/ForestEckhardt/freezer from 0.0.12 to 0.1.0

Release notes

Sourced from github.com/ForestEckhardt/freezer's releases.

v0.1.0

What's Changed

Full Changelog: https://github.com/ForestEckhardt/freezer/compare/v0.0.12...v0.1.0

Commits


Updates github.com/Microsoft/hcsshim from 0.11.7 to 0.12.5

Release notes

Sourced from github.com/Microsoft/hcsshim's releases.

v0.12.5

What's Changed

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.4...v0.12.5

v0.12.4

What's Changed

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.3...v0.12.4

v0.12.3

What's Changed

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.2...v0.12.3

v0.12.2

No release notes provided.

v0.12.1

What's Changed

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.0...v0.12.1

v0.12.0

What's Changed

... (truncated)

Commits
  • e970943 Modifying network flag EnableIov.
  • 4f77a09 Hcsshim wrapper over HNS API needed for exclusion of management mac addresses...
  • 3b5bd8a [release/0.12] vendor: github.com/containerd/containerd v17.18
  • 40cdbc8 Adding state attribute to the HNSEndpoint struct to support hyperv containers...
  • c6a8327 Adding support for loadbalancer policy update in hns. (#2085)
  • 44e4ec0 Changes for checking the global version for modify policy version support. (#...
  • 62f86c0 OutBoundNATPolicy Schema changes (#2106)
  • c950974 Update go-winio to v0.6.2 & fix lint errors
  • ad1ccf5 fix: move permissions to the correct job (#2080) (#2081)
  • 6588c1c Updating permissions and github release action versions (#2078) (#2079)
  • Additional commits viewable in compare view


Updates github.com/andybalholm/brotli from 1.0.6 to 1.1.0

Commits
  • 17e5901 Make my matchfinder work more accessible.
  • cf812c0 matchfinder: add M0
  • 1b6cf36 matchfinder: remove MultiHash
  • 265f3af matchfinder: penalize score for overlapping matches
  • a8d524a matchfinder: replace Score function with DistanceBitCost
  • 578645e matchfinder: add MultiHash
  • 24b2bfa matchfinder.M4: add Score function
  • 4a024e3 matchfinder.M4: add match chain
  • 3a1c5cd Fix typo in comment.
  • 0d2aef3 matchfinder.M4: factor out extendMatch2
  • Additional commits viewable in compare view


Updates github.com/cenkalti/backoff/v4 from 4.2.1 to 4.3.0

Commits
  • 720b789 remove travis badge from readme
  • a83af7f feat(backoff): Add functional options for ExponentialBackOff Closes #136
  • See full diff in compare view


Updates github.com/cloudflare/circl from 1.3.7 to 1.3.9

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.3.9

Changes:

  • Fix bug on BLS12381 decoding elements.

Commit History

Full Changelog: https://github.com/cloudflare/circl/compare/v1.3.8...v1.3.9

CIRCL v1.3.8

New

  • BLS Signatures on top of BLS12-381.
  • Adopt faster squaring in pairings.
  • BlindRSA compliant with RFC9474.
  • (Verifiable) Secret Sharing compatible with the Group interface (elliptic curves).

Notice

What's Changed

New Contributors

Full Changelog: https://github.com/cloudflare/circl/compare/v1.3.7...v1.3.8

Commits
  • 75b28ed Preparing CIRCL release v1.3.9
  • 9e7c49b Detects invalid encodings of bls12381 elements.
  • 5f94471 Test for invalid encodings of BLS12381.
  • 456fe41 dilithium: fix typo
  • 4bb5601 Serializing ciphertext with 32-bit prefixes.
  • a4252c7 Test functions working with ciphertext.
  • 64431bb Testing long plaintext.
  • fe2b663 Using SHAKE128 as a fixed prgn for golden files.
  • 2c600ff Align to the purego build tag, removing noasm build tag
  • a4b7601 Ensure pairing functions don't overwrite the input.
  • Additional commits viewable in compare view


Updates github.com/cyphar/filepath-securejoin from 0.2.4 to 0.3.0

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.3.0

This release contains no changes to SecureJoin.

However, it does introduce a new *os.File-based API which is much safer to use for most usecases. These are adapted from libpathrs and are the bare minimum to be able to operate more safely on an untrusted rootfs where an attacker has write access (something that SecureJoin cannot protect against). The new APIs are:

  • OpenInRoot, which resolves a path inside a rootfs and returns an *os.File handle to the path. Note that the file handle returned by OpenInRoot is an O_PATH handle, which cannot be used for reading or writing (as well as some other operations -- see open(2) for more details).

  • Reopen, which takes an O_PATH file handle and safely re-opens it to "upgrade" it to a regular handle.

  • MkdirAll, which is a safe implementation of os.MkdirAll that can be used to create directory trees inside a rootfs.

As these are new APIs, it is possible they may change in the future. However, they should be safe to start migrating to as we have extensive tests ensuring they behave correctly and are safe against various races and other attacks.

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

v0.2.5

This release makes some minor improvements to SecureJoin:

  • Some changes were made to how lexical components are handled during resolution. There is no change in behaviour, and both implementations are safe, however the newer implementation is much easier to reason about.

  • The error returned when a symlink loop has been detected will now reference the correct path. #10

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

Commits
  • b984b9c VERSION: bump to 0.3.0
  • 6ae6d58 merge #15 into cyphar/filepath-securejoin:main
  • 0a923e5 README: update to describe and strongly recommend new APIs
  • ebb9f1f mkdirall: switch away from O_PATH for mkdir loop
  • 975d7b3 open: add OpenInRoot and Reopen tests
  • 1e6990b open: add Open(at)InRoot and Reopen
  • 96f72c6 procfs: make procSelfFdReadlink more generic with generics
  • a91c705 lookup: clean up test helper
  • fbc8097 proc: do not export internal PROC_ constants
  • ce95b91 gha: update actions/checkout to v4
  • Additional commits viewable in compare view


Updates github.com/docker/docker-credential-helpers from 0.8.0 to 0.8.2

Release notes

Sourced from github.com/docker/docker-credential-helpers's releases.

v0.8.2

What's Changed

Full Changelog: https://github.com/docker/docker-credential-helpers/compare/v0.8.1...v0.8.2

v0.8.1

What's Changed

Full Changelog: https://github.com/docker/docker-credential-helpers/compare/v0.8.0...v0.8.1

Commits
  • 6b9df3e Merge pull request #323 from thaJeztah/pass_simplify_get
  • dc10c50 Merge pull request #317 from docker/dependabot/github_actions/softprops/actio...
  • 896eb37 build(deps): bump softprops/action-gh-release to 2.0.5
  • a14669f pass: Get: remove redundant stat
  • 74840b3 Merge pull request #322 from thaJeztah/pass_dry
  • d3ef442 pass: add utilities for encoding/decoding serverURL
  • f64d6b1 Merge pull request #321 from thaJeztah/fix_pass_errors
  • 1bb9aa3 pass: return correct error, and ignore empty stores on list
  • 73b9e5d Merge pull request #320 from thaJeztah/update_gha
  • 0c43fed update to go1.21.10
  • Additional commits viewable in compare view


Updates github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.4

Release notes

Sourced from github.com/gabriel-vasile/mimetype's releases.

v1.4.4

What's Changed

Security fixes:

Update golang.org/x/net to latest. Fixes: CVE-2023-45288

Performance improvements:

Benchmarks:

before:
BenchmarkText/application/x-ndjson-8              663314              2027 ns/op            4306 B/op          6 allocs/op
BenchmarkSliceRand-8                              688160              1690 ns/op             728 B/op         75 allocs/op
BenchmarkSrt-8                                    946042              1089 ns/op            4240 B/op          5 allocs/op
after:
BenchmarkText/application/x-ndjson-8             1930292               678.6 ns/op           160 B/op          4 allocs/op
BenchmarkSliceRand-8                             1232066              1173 ns/op             160 B/op          4 allocs/op
BenchmarkSrt-8                                   3235448               368.8 ns/op            64 B/op          2 allocs/op

New Contributors

Full Changelog: https://github.com/gabriel-vasile/mimetype/compare/v1.4.3...v1.4.4

Commits
  • 43192c8 Bump the github-actions group across 1 directory with 3 updates (#534)
  • 07821d3 Using io.ReadAll instead of ioutil.ReadAll (#525)
  • 9bd6023 github actions & readme: remove codecov badge (#533)
  • ff4d3d0 improve performance for text detection (#532)
  • bc511b8 add defaultLimit and use it when resetting back (#531)
  • 341c422 Improve x-subrip detection performance (#524)
  • 043efb9 fix benchmark files order (#518)
  • fd7639e ftyp: exit asap to prevent mem allocs (#517)
  • 889166d Merge pull request #505 from gabriel-vasile/dependabot/github_actions/github-...
  • e938b0c Merge pull request #502 from gabriel-vasile/dependabot/go_modules/gomod-82d2d...
  • Additional commits viewable in compare view


Updates github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.12.0

What's Changed

New Contributors

Full Changelog: https://github.com/go-git/go-git/compare/v5.11.0...v5.12.0

Commits
  • 302ddde Merge pull request #1060 from go-git/dependabot/go_modules/github.com/gliderl...
  • 6bba34d build: bump github.com/gliderlabs/ssh from 0.3.6 to 0.3.7
  • feaeb36 Merge pull request #937 from matejrisek/feature/rename-short-fields
  • 7959a42 Merge pull request #1052 from go-git/dependabot/go_modules/github.com/skeema/...
  • 4c17ce7 build: bump github.com/skeema/knownhosts from 1.2.1 to 1.2.2
  • 3f77e6f Merge pull request #1048 from pjbgf/fix-reset-validation
  • 6af38e0 Merge pull request #1047 from avoidalone/master
  • e6c3e58 Merge pull request #1044 from pjbgf/ff-merge
  • 04f7b23 *: fix some comments
  • f4f1a87 Merge pull request #971 from nodivbyzero/fix-177-diff-print-file-stats
  • Additional commits viewable in compare view


Updates github.com/go-logr/logr from 1.4.1 to 1.4.2

Release notes

Sourced from github.com/go-logr/logr's releases.

v1.4.2

What's Changed

Dependencies:

dependabot[bot] commented 4 months ago

Looks like these dependencies are updatable in another way, so this is no longer needed.