Bump the go-modules group across 1 directory with 30 updates

[dependabot[bot]]

Bumps the go-modules group with 12 updates in the / directory:

Package	From	To
github.com/paketo-buildpacks/occam	0.18.7	0.18.8
dario.cat/mergo	1.0.0	1.0.1
github.com/DataDog/zstd	1.5.5	1.5.6
github.com/Masterminds/semver/v3	3.2.1	3.3.0
github.com/Masterminds/sprig/v3	3.2.3	3.3.0
github.com/Microsoft/hcsshim	0.12.4	0.12.6
github.com/cloudflare/circl	1.3.9	1.4.0
github.com/cyphar/filepath-securejoin	0.2.5	0.3.1
github.com/mattn/go-runewidth	0.0.15	0.0.16
github.com/moby/sys/sequential	0.5.0	0.6.0
github.com/skeema/knownhosts	1.2.2	1.3.0
github.com/sylabs/sif/v2	2.17.0	2.19.1

Updates github.com/paketo-buildpacks/occam from 0.18.7 to 0.18.8

Release notes

Sourced from github.com/paketo-buildpacks/occam's releases.

v0.18.8

What's Changed

• Bump github.com/google/go-containerregistry from 0.19.1 to 0.19.2 by @​dependabot in paketo-buildpacks/occam#309
• Updates go mod toolchain version to 1.22.5 by @​paketo-bot in paketo-buildpacks/occam#313
• Bump github.com/google/go-containerregistry from 0.19.2 to 0.20.0 by @​dependabot in paketo-buildpacks/occam#315
• Updates github-config by @​paketo-bot in paketo-buildpacks/occam#316
• Bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1 by @​dependabot in paketo-buildpacks/occam#317
• Updates go mod version to 1.22.5 by @​paketo-bot in paketo-buildpacks/occam#318
• Bump github.com/onsi/gomega from 1.33.1 to 1.34.0 by @​dependabot in paketo-buildpacks/occam#321
• Bump github.com/onsi/gomega from 1.34.0 to 1.34.1 by @​dependabot in paketo-buildpacks/occam#322
• Bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2 by @​dependabot in paketo-buildpacks/occam#323
• Bump github.com/paketo-buildpacks/packit/v2 from 2.14.0 to 2.14.1 by @​dependabot in paketo-buildpacks/occam#324
• Bump github.com/paketo-buildpacks/packit/v2 from 2.14.1 to 2.14.2 by @​dependabot in paketo-buildpacks/occam#326
• Updates go mod version to 1.22.6 by @​paketo-bot in paketo-buildpacks/occam#325
• Updates go mod version to 1.23.0 by @​paketo-bot in paketo-buildpacks/occam#328
• Bump docker to version 26.1.5 to fix CVE-2024-41110 by @​jericop in paketo-buildpacks/occam#331

New Contributors

• @​jericop made their first contribution in paketo-buildpacks/occam#331

Full Changelog: https://github.com/paketo-buildpacks/occam/compare/v0.18.7...v0.18.8

Commits

• 1193f3c Bump docker to version 26.1.5 to fix CVE-2024-41110
• 5cd4ede Updates go mod version to 1.23.0
• 2e5b930 Updates go mod version to 1.22.6
• 815b014 Bump github.com/paketo-buildpacks/packit/v2 from 2.14.1 to 2.14.2
• 74a79fb Bump github.com/paketo-buildpacks/packit/v2 from 2.14.0 to 2.14.1
• 90134a5 Bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2
• 653a6fb Bump github.com/onsi/gomega from 1.34.0 to 1.34.1
• ed0e429 Bump github.com/onsi/gomega from 1.33.1 to 1.34.0
• f467245 Updates go mod version to 1.22.5
• c97acf2 Bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1
• Additional commits viewable in compare view

Updates github.com/paketo-buildpacks/packit/v2 from 2.14.0 to 2.14.2

Release notes

Sourced from github.com/paketo-buildpacks/packit/v2's releases.

v2.14.2

What's Changed

• Bump github.com/BurntSushi/toml from 1.3.2 to 1.4.0 by @​dependabot in paketo-buildpacks/packit#573
• Bump github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.4 by @​dependabot in paketo-buildpacks/packit#574
• Updates github-config by @​paketo-bot in paketo-buildpacks/packit#576
• Fix override of existing values in prepend & append by @​nicolasbender in paketo-buildpacks/packit#581
• Updates github-config by @​paketo-bot in paketo-buildpacks/packit#585
• Bump github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5 by @​dependabot in paketo-buildpacks/packit#588
• Bump github.com/onsi/gomega from 1.33.1 to 1.34.1 by @​dependabot in paketo-buildpacks/packit#589

New Contributors

• @​nicolasbender made their first contribution in paketo-buildpacks/packit#581

Full Changelog: https://github.com/paketo-buildpacks/packit/compare/v2.14.0...v2.14.2

v2.14.1

⚠️ This release contains unwanted changes due to release automation issues. Please use https://github.com/paketo-buildpacks/packit/releases/tag/v2.14.2 instead!

What's Changed

• Bump github.com/BurntSushi/toml from 1.3.2 to 1.4.0 by @​dependabot in paketo-buildpacks/packit#573
• Bump github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.4 by @​dependabot in paketo-buildpacks/packit#574
• Updates github-config by @​paketo-bot in paketo-buildpacks/packit#576
• Fix override of existing values in prepend & append by @​nicolasbender in paketo-buildpacks/packit#581
• Updates github-config by @​paketo-bot in paketo-buildpacks/packit#585
• Bump github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5 by @​dependabot in paketo-buildpacks/packit#588
• Bump github.com/onsi/gomega from 1.33.1 to 1.34.1 by @​dependabot in paketo-buildpacks/packit#589

New Contributors

• @​nicolasbender made their first contribution in paketo-buildpacks/packit#581

Full Changelog: https://github.com/paketo-buildpacks/packit/compare/v2.14.0...v2.14.1

Commits

• 3bc586e do not run draft release workflow on branches named v2-<something>
• d558b87 Bump github.com/onsi/gomega from 1.33.1 to 1.34.1
• 9f2a7b3 Bump github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5
• b117031 Updating github-config
• b6530bc Include error handling
• 7222905 Fix override of existing values in prepend & append
• e366827 Updating github-config
• a8ac405 Bump github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.4
• 4ff7347 Bump github.com/BurntSushi/toml from 1.3.2 to 1.4.0
• See full diff in compare view

Updates dario.cat/mergo from 1.0.0 to 1.0.1

Release notes

Sourced from dario.cat/mergo's releases.

v1.0.1

What's Changed

• fixes issue #187 by @​vsemichev in darccio/mergo#253
• fix: WithoutDereference should respect non-nil struct pointers by @​joshkaplinsky in darccio/mergo#251

New Contributors

• @​vsemichev made their first contribution in darccio/mergo#253
• @​joshkaplinsky made their first contribution in darccio/mergo#251

Full Changelog: https://github.com/darccio/mergo/compare/v1.0.0...v1.0.1

Commits

• 59ea6a9 Merge pull request #251 from joshkaplinsky/joshkaplinsky/without-dereference-...
• 96f24af Merge pull request #253 from vsemichev/master
• 2f1a615 fixes issue #187. adds test to verify the fix.
• 4da170b fixes issue #187. attempt #3
• a13a117 fixes issue #187. attempt #2
• 6b830ff fixes issue #187
• f33862a WithoutDereference should respect structs
• cde9f0e Merge pull request #246 from darccio/darccio/v1-frozen
• f1e2fe5 chore: frozen v1
• 7f7b4af Update FUNDING.yml
• Additional commits viewable in compare view

Updates github.com/DataDog/zstd from 1.5.5 to 1.5.6

Release notes

Sourced from github.com/DataDog/zstd's releases.

zstd 1.5.6

What's Changed

• Fix readme typo by @​colinlyguo in DataDog/zstd#136
• Update upperBound ratio when guessing the required decompression buffer size by @​sfluor in DataDog/zstd#141
• Update vendored zstd to 1.5.6 by @​Viq111 in DataDog/zstd#143

Full Changelog: https://github.com/DataDog/zstd/compare/v1.5.5+patch1...v1.5.6

Commits

• b52f603 Merge pull request #143 from DataDog/viq111/1.5.6
• cf4778e Update Readme for 1.5.6
• ed87d43 Update vendored zstd to 1.5.6
• dd7b332 Merge pull request #136 from colinlyguo/fix-readme
• beb4dfd Merge pull request #141 from DataDog/sfluor-patch-1
• e75a26a Update upperBound ratio when guessing the required decompression buffer size
• c9a5141 fix readme
• 869dae0 Merge pull request #132 from DataDog/viq111/bulk-fix-highlycompressed-payloads
• bf7b920 [bulk] Add extra empty payload decompression test
• 9c0d33f [bulk] Fix naming
• Additional commits viewable in compare view

Updates github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.0

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.3.0

What's Changed

• Fix: bad package in README by @​sdelicata in Masterminds/semver#226
• Updating the GitHub Actions and versions of Go used by @​mattfarina in Masterminds/semver#229
• Fix spelling in README by @​robinschneider in Masterminds/semver#222
• Adding go build cache to fuzz output by @​mattfarina in Masterminds/semver#232
• Add caching to fuzz testing by @​mattfarina in Masterminds/semver#234
• updating github actions by @​mattfarina in Masterminds/semver#235
• feat: nil version equality by @​KnutZuidema in Masterminds/semver#213
• add >= and <= by @​grosser in Masterminds/semver#238
• doc: hyphen range constraint without whitespace by @​johnnychen94 in Masterminds/semver#216
• Removing reference to vert by @​mattfarina in Masterminds/semver#245
• simplify StrictNewVersion by @​grosser in Masterminds/semver#241
• Updating the testing version of Go used by @​mattfarina in Masterminds/semver#246
• bumping min version in go.mod based on what's tested by @​mattfarina in Masterminds/semver#248
• Updating changelog for 3.3.0 by @​mattfarina in Masterminds/semver#249

New Contributors

• @​sdelicata made their first contribution in Masterminds/semver#226
• @​robinschneider made their first contribution in Masterminds/semver#222
• @​KnutZuidema made their first contribution in Masterminds/semver#213
• @​grosser made their first contribution in Masterminds/semver#238
• @​johnnychen94 made their first contribution in Masterminds/semver#216

Full Changelog: https://github.com/Masterminds/semver/compare/v3.2.1...v3.3.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

3.3.0 (2024-08-27)

Added

• #238: Add LessThanEqual and GreaterThanEqual functions (thanks @​grosser)
• #213: nil version equality checking (thanks @​KnutZuidema)

Changed

• #241: Simplify StrictNewVersion parsing (thanks @​grosser)
• Testing support up through Go 1.23
• Minimum version set to 1.21 as this is what's tested now
• Fuzz testing now supports caching

Commits

• e6e3d4d Merge pull request #249 from mattfarina/update-changelog-3.3.0
• e80c4ea Updating changelog for 3.3.0
• 80427ad Merge pull request #248 from mattfarina/bump-min-version
• b610837 bumping min version in go.mod based on what's tested
• a4cccd8 Merge pull request #246 from mattfarina/bump-go-1.23
• 7c178cf Updating the testing version of Go used
• 29f94c1 Merge pull request #241 from grosser/grosser/validate
• 2cf1b16 Merge pull request #245 from mattfarina/remove-vert
• b55476a Removing reference to vert
• d07450b simplify StrictNewVersion
• Additional commits viewable in compare view

Updates github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0

Release notes

Sourced from github.com/Masterminds/sprig/v3's releases.

v3.3.0

What's Changed

• Updating the Go versions used in testing by @​mattfarina in Masterminds/sprig#405
• Change intial to initial. by @​chrishalbert in Masterminds/sprig#391
• Updating dependencies by @​mattfarina in Masterminds/sprig#404
• correct value by @​jheyduk in Masterminds/sprig#376
• Updating location of mergo by @​mattfarina in Masterminds/sprig#406
• feature: added sha512sum function by @​itzik-elayev in Masterminds/sprig#400
• docs: Add missing link to url functions by @​carlpett in Masterminds/sprig#375
• Update doc.go by @​chey in Masterminds/sprig#369
• Update mathf.md by @​zzhu41 in Masterminds/sprig#290
• Removing duplicate documentation by @​mattfarina in Masterminds/sprig#407
• Updating the changelog for the 3.3.0 release by @​mattfarina in Masterminds/sprig#408

New Contributors

• @​chrishalbert made their first contribution in Masterminds/sprig#391
• @​jheyduk made their first contribution in Masterminds/sprig#376
• @​itzik-elayev made their first contribution in Masterminds/sprig#400
• @​carlpett made their first contribution in Masterminds/sprig#375
• @​chey made their first contribution in Masterminds/sprig#369
• @​zzhu41 made their first contribution in Masterminds/sprig#290

Full Changelog: https://github.com/Masterminds/sprig/compare/v3.2.3...v3.3.0

Changelog

Sourced from github.com/Masterminds/sprig/v3's changelog.

Release 3.3.0 (2024-08-29)

Added

• #400: added sha512sum function (thanks @​itzik-elayev)

Changed

• #407: Removed duplicate documentation (functions were documentated in 2 places)
• #290: Corrected copy/paster oops in math documentation (thanks @​zzhu41)
• #369: Corrected template reference in docs (thanks @​chey)
• #375: Added link to URL documenation (thanks @​carlpett)
• #406: Updated the mergo dependency which had a breaking change (which was accounted for)
• #376: Fixed documentation error (thanks @​jheyduk)
• #404: Updated dependency tree
• #391: Fixed misspelling (thanks @​chrishalbert)
• #405: Updated Go versions used in testing

Commits

• e708470 Merge pull request #408 from mattfarina/update-changelog-3.3
• 8fc4354 Updating the changelog for the 3.3.0 release
• cb81a32 Merge pull request #407 from mattfarina/remove-dup-math-functions
• 2637693 Removing duplicate documentation
• 06b9a87 Merge pull request #290 from zzhu41/patch-1
• e663ec6 Merge pull request #369 from chey/patch-1
• bb2f73f Merge pull request #375 from carlpett/patch-1
• f07659e Merge pull request #400 from itzik-elayev/master
• 98b35c1 Add closing bracket
• 7a88928 Merge pull request #406 from mattfarina/update-mergo
• Additional commits viewable in compare view

Updates github.com/Microsoft/hcsshim from 0.12.4 to 0.12.6

Release notes

Sourced from github.com/Microsoft/hcsshim's releases.

v0.12.6

What's Changed

• [release/0.12] Backport commits from hcsshim/main to update module versions by @​kiashok in microsoft/hcsshim#2237

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.5...v0.12.6

v0.12.5

What's Changed

• [release/0.12] Adding state attribute to the HNSEndpoint struct to support hyperv co… by @​ritikaguptams in microsoft/hcsshim#2183
• [release/0.12] vendor: github.com/containerd/containerd v17.18 by @​thaJeztah in microsoft/hcsshim#2186
• [release/0.12] Backport networking commits for L1VH feature by @​princepereira in microsoft/hcsshim#2205

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.4...v0.12.5

Commits

• f922f2a Omnibus dependency updates (#2051)
• 7d25ce2 Update module versions
• 85a5a57 drop usage of deprecated package/methods
• d4b1cc0 Bump opa/containerd to latest versions
• 6a5ebd3 Upgrade deps to resolve CVEs (#2225)
• 4f46058 Omnibus dependency update (#2166)
• e970943 Modifying network flag EnableIov.
• 4f77a09 Hcsshim wrapper over HNS API needed for exclusion of management mac addresses...
• 3b5bd8a [release/0.12] vendor: github.com/containerd/containerd v17.18
• 40cdbc8 Adding state attribute to the HNSEndpoint struct to support hyperv containers...
• See full diff in compare view

Updates github.com/cloudflare/circl from 1.3.9 to 1.4.0

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.4.0

Changes

New: ML-KEM compatible with FIPS-203.

Commit History

• eddilithium3: fix typos by @​bwesterb in cloudflare/circl#503
• Add ML-KEM (FIPS 203). by @​bwesterb in cloudflare/circl#470
• Add ML-KEM decapsulation key check. by @​bwesterb in cloudflare/circl#507
• Preparing for release v1.4.0 by @​armfazh in cloudflare/circl#508

Full Changelog: https://github.com/cloudflare/circl/compare/v1.3.9...v1.4.0

Commits

• c311e46 Preparing for release v1.4.0
• 62385a8 Add ML-KEM decapsulation key check.
• 2b4626d Add ML-KEM (FIPS 203).
• d26845f eddilithium3: fix typos
• See full diff in compare view

Updates github.com/cyphar/filepath-securejoin from 0.2.5 to 0.3.1

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.3.1

• By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll to do the necessary "partial lookups", Open(at)InRoot now does less work for both implementations (resulting in a many-fold decrease in the number of operations for openat2, and a modest improvement for non-openat2) and is far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT) behaviour.

• We now use readlinkat(fd, "") where possible. For Open(at)InRoot this effectively just means that we no longer risk getting spurious errors during rename races. However, for our hardened procfs handler, this in theory should prevent mount attacks from tricking us when doing magic-link readlinks (even when using the unsafe host /proc handle). Unfortunately Reopen is still potentially vulnerable to those kinds of somewhat-esoteric attacks.

  Technically this will only work on post-2.6.39 kernels but it seems incredibly unlikely anyone is using filepath-securejoin on a pre-2011 kernel.

• Several improvements were made to the errors returned by Open(at)InRoot and MkdirAll when dealing with invalid paths under the emulated (ie. non-openat2) implementation. Previously, some paths would return the wrong error (ENOENT when the last component was a non-directory), and other paths would be returned as though they were acceptable (trailing-slash components after a non-directory would be ignored by Open(at)InRoot).

  These changes were done to match openat2's behaviour and purely is a consistency fix (most users are going to be using openat2 anyway).

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

v0.3.0

This release contains no changes to SecureJoin.

However, it does introduce a new *os.File-based API which is much safer to use for most usecases. These are adapted from [libpathrs][1] and are the bare minimum to be able to operate more safely on an untrusted rootfs where an attacker has write access (something that SecureJoin cannot protect against). The new APIs are:

• OpenInRoot, which resolves a path inside a rootfs and returns an *os.File handle to the path. Note that the file handle returned by OpenInRoot is an O_PATH handle, which cannot be used for reading or writing (as well as some other operations -- see open(2) for more details).

• Reopen, which takes an O_PATH file handle and safely re-opens it to "upgrade" it to a regular handle.

... (truncated)

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.3.1] - 2024-07-23

Changed

• By allowing Open(at)InRoot to opt-out of the extra work done by MkdirAll to do the necessary "partial lookups", Open(at)InRoot now does less work for both implementations (resulting in a many-fold decrease in the number of operations for openat2, and a modest improvement for non-openat2) and is far more guaranteed to match the correct openat2(RESOLVE_IN_ROOT) behaviour.

• We now use readlinkat(fd, "") where possible. For Open(at)InRoot this effectively just means that we no longer risk getting spurious errors during rename races. However, for our hardened procfs handler, this in theory should prevent mount attacks from tricking us when doing magic-link readlinks (even when using the unsafe host /proc handle). Unfortunately Reopen is still potentially vulnerable to those kinds of somewhat-esoteric attacks.

  Technically this will only work on post-2.6.39 kernels but it seems incredibly unlikely anyone is using filepath-securejoin on a pre-2011 kernel.

Fixed

• Several improvements were made to the errors returned by Open(at)InRoot and MkdirAll when dealing with invalid paths under the emulated (ie. non-openat2) implementation. Previously, some paths would return the wrong error (ENOENT when the last component was a non-directory), and other paths would be returned as though they were acceptable (trailing-slash components after a non-directory would be ignored by Open(at)InRoot).

  These changes were done to match openat2's behaviour and purely is a consistency fix (most users are going to be using openat2 anyway).

[0.3.0] - 2024-07-11

Added

• A new set of *os.File-based APIs have been added. These are adapted from [libpathrs][] and we strongly suggest using them if possible (as they provide far more protection against attacks than SecureJoin):

  • Open(at)InRoot resolves a path inside a rootfs and returns an *os.File handle to the path. Note that the handle returned is an O_PATH handle, which cannot be used for reading or writing (as well as some other operations -- [see open(2) for more details][open.2])

  • Reopen takes an O_PATH file handle and safely re-opens it to upgrade it to a regular handle. This can also be used with non-O_PATH handles, but O_PATH is the most obvious application.

  • MkdirAll is an implementation of os.MkdirAll that is safe to use to

... (truncated)

Commits

• ce7b28a VERSION: release v0.3.1
• a2c14f8 CHANGELOG: add readlinkat(fd, "") shout-out
• 4ea279f merge #22 into cyphar/filepath-securejoin:main
• 16e1bec CHANGELOG: add initial changelog with current history
• 2404ffb merge #21 into cyphar/filepath-securejoin:main
• f29b7a4 lookup: handle // and trailing slash components correctly
• ecd61ca merge #19 into cyphar/filepath-securejoin:main
• 38b1220 procfs: refactor statx mnt_id logic
• 45c4415 procfs: use readlink(fd, "") for magic-links
• edab538 merge #17 into cyphar/filepath-securejoin:main
• Additional commits viewable in compare view

Updates github.com/docker/cli from 27.0.2+incompatible to 27.1.1+incompatible

Commits

• 6312585 Merge pull request #5274 from thaJeztah/27.1_backport_compose_oom
• c599566 Allow for OomScoreAdj
• fb19def Merge pull request #5271 from thaJeztah/27.1_backport_custom_headers_env_var
• bccd478 Merge pull request #5270 from thaJeztah/27.1_backport_test_spring_cleaning
• 8992378 add support for DOCKER_CUSTOM_HEADERS env-var (experimental)
• f90273c Merge pull request #5269 from thaJeztah/27.1_backport_add_macos_apple_silicon
• ca9636a test spring-cleaning
• ad47d2a gha: update to macOS 13, add macOS 14 arm64 (Apple Silicon M1)
• a2a0fb7 Merge pull request #5263 from thaJeztah/27.1_backport_relax_pr_check
• 16d6c90 Merge pull request #5265 from thaJeztah/27.1_backport_bump_buildx_compose
• Additional commits viewable in compare view

Updates github.com/gabriel-vasile/mimetype from 1.4.4 to 1.4.5

Release notes

Sourced from github.com/gabriel-vasile/mimetype's releases.

v1.4.5

What's Changed

• json: improve performance by using a pool of scanners in gabriel-vasile/mimetype#535
• tar: remove strconv dependency for tar checksum octal numbers in gabriel-vasile/mimetype#536
• zip: use []byte instead of string to prevent allocs in gabriel-vasile/mimetype#537
• remove tarbomb from testdata folder in gabriel-vasile/mimetype#540
• Updating RTF Magic number to match https://www.iana.org/assignments/media-types/application/rtf by @​zdiff in gabriel-vasile/mimetype#544
• alias text/rtf to application/rtf in gabriel-vasile/mimetype#547
• reduce project size by moving mimetype.gif to testdata in gabriel-vasile/mimetype#548
• Bump golang.org/x/net from 0.25.0 to 0.27.0 in the gomod group across 1 directory by @​dependabot in gabriel-vasile/mimetype#552
• remove exe from testdata in gabriel-vasile/mimetype#561

New Contributors

• @​zdiff made their first contribution in gabriel-vasile/mimetype#544

Full Changelog: https://github.com/gabriel-vasile/mimetype/compare/v1.4.4...v1.4.5

Commits

• b36b70f remove exe from testdata (#561)
• e802551 Bump the github-actions group across 1 directory with 3 updates (#560)
• f003e99 Bump golang.org/x/net in the gomod group across 1 directory (#552)
• e0c5c59 reduce project size by moving mimetype.gif to testdata (#548)
• f296c1b alias rtf to application/rtf (#547)
• 8329892 Updating RTF Magic number to match <https://www.iana.org/assignments/media-ty...
• 3267116 remove tarbomb from testdata folder (#540)
• cdceff9 zip: use []byte instead of string to prevent allocs (#537)
• 77e3848 tar: remove strconv dependency for tar checksum octal numbers (#536)
• 09ff708 json: improve performance by using a pool of scanners (#535)
• See full diff in compare view

Updates github.com/google/go-containerregistry from 0.19.2 to 0.20.2

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.2

What's Changed

• deps: bump docker dep by @​imjasonh in google/go-containerregistry#1991

Full Changelog: https://github.com/google/go-containerregistry/compare/v0.20.1...v0.20.2

v0.20.1

What's Changed

• Create remote.Push by @​mattmoor in google/go-containerregistry#1978

Full Changelog: https://github.com/google/go-containerregistry/compare/v0.20.0...v0.20.1

v0.20.0

What's Changed

• Referrer API must return correct Content-Type by @​GregoireW in google/go-containerregistry#1968
• 🚨 POTENTIALLY BREAKING: Restore blind-write to remote.Put by @​jonjohnsonjr in google/go-containerregistry#1970

New Contributors

• @​GregoireW made their first contribution in google/go-containerregistry#1968

Full Changelog: https://github.com/google/go-containerregistry/compare/v0.19.2...v0.20.0

Commits

• c195f15 deps: bump docker dep (#1991)
• c3d1dcc Create remote.Push (#1978)
• d36047a Restore blind-write to remote.Put (#1970)
• 9915a85 Referrer API must return correct Content-Type (#1968)
• See full diff in compare view

Updates github.com/mattn/go-runewidth from 0.0.15 to 0.0.16

Commits

• 6ceadc6 Support Unicode 15.1.0
• See full diff in compare view

Updates github.com/moby/sys/sequential from 0.5.0 to 0.6.0

Release notes

Sourced from github.com/moby/sys/sequential's releases.

signal/v0.6.0

What's Changed

• signal: Handle more signals to make ParseSignal containerd compatible by @​kzys in moby/sys#71
• signal: fix name for SIGBUS on darwin by @​thaJeztah in moby/sys#72
• signal: fix name for SIGBUS on freebsd by @​thaJeztah in moby/sys#73
• signal: sort Windows signals alphabetically by @​thaJeztah in moby/sys#74... _Description has been truncated_

Looks like these dependencies are updatable in another way, so this is no longer needed.