paketo-buildpacks / yarn-install

A Cloud Native Buildpack for Yarn
Apache License 2.0
8 stars 8 forks source link

Bump the go-modules group across 1 directory with 22 updates #793

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 2 months ago

Bumps the go-modules group with 17 updates in the / directory:

Package From To
github.com/onsi/gomega 1.34.1 1.34.2
github.com/paketo-buildpacks/libnodejs 0.2.0 0.3.0
github.com/paketo-buildpacks/occam 0.18.7 0.18.8
github.com/paketo-buildpacks/packit/v2 2.14.2 2.15.0
github.com/Masterminds/semver/v3 3.2.1 3.3.0
github.com/Masterminds/sprig/v3 3.2.3 3.3.0
github.com/Microsoft/hcsshim 0.12.5 0.12.6
github.com/cloudflare/circl 1.3.9 1.4.0
github.com/containerd/errdefs 0.1.0 0.2.0
github.com/cyphar/filepath-securejoin 0.3.1 0.3.2
github.com/docker/cli 27.1.2+incompatible 27.3.1+incompatible
github.com/klauspost/compress 1.17.9 1.17.10
github.com/sylabs/sif/v2 2.18.0 2.19.1
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp 0.53.0 0.55.0
golang.org/x/crypto 0.26.0 0.27.0
golang.org/x/mod 0.20.0 0.21.0
golang.org/x/net 0.28.0 0.29.0

Updates github.com/onsi/gomega from 1.34.1 to 1.34.2

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.34.2

1.34.2

Require Go 1.22+

Maintenance

  • bump ginkgo as well [c59c6dc]
  • bump to go 1.22 - remove x/exp dependency [8158b99]
Changelog

Sourced from github.com/onsi/gomega's changelog.

1.34.2

Require Go 1.22+

Maintenance

  • bump ginkgo as well [c59c6dc]
  • bump to go 1.22 - remove x/exp dependency [8158b99]
Commits


Updates github.com/paketo-buildpacks/libnodejs from 0.2.0 to 0.3.0

Release notes

Sourced from github.com/paketo-buildpacks/libnodejs's releases.

v0.3.0

What's Changed

  • Add support for cjs and mjs files when looking for a Node.js application
  • Marshal dependencies from package.toml

Full Changelog: https://github.com/paketo-buildpacks/libnodejs/compare/v0.2.0...v0.3.0

Commits
  • 1868fa9 feat: add support for cjs files (#34)
  • f099c5f Marshal dependencies from package.toml (#33)
  • 5099ee8 build(deps): bump github.com/paketo-buildpacks/packit/v2
  • daff2f2 feat: add support for mjs files when finding apps (#31)
  • c6e737a build(deps): bump github.com/paketo-buildpacks/packit/v2
  • e1ab573 build(deps): bump github.com/onsi/gomega from 1.33.1 to 1.34.1
  • 349be0c build(deps): bump github.com/paketo-buildpacks/packit/v2
  • 90f967f build(deps): bump github.com/onsi/gomega from 1.33.0 to 1.33.1
  • 2e42024 build(deps): bump github.com/paketo-buildpacks/packit/v2
  • 3352dd5 build(deps): bump github.com/onsi/gomega from 1.32.0 to 1.33.0
  • Additional commits viewable in compare view


Updates github.com/paketo-buildpacks/occam from 0.18.7 to 0.18.8

Release notes

Sourced from github.com/paketo-buildpacks/occam's releases.

v0.18.8

What's Changed

New Contributors

Full Changelog: https://github.com/paketo-buildpacks/occam/compare/v0.18.7...v0.18.8

Commits
  • 1193f3c Bump docker to version 26.1.5 to fix CVE-2024-41110
  • 5cd4ede Updates go mod version to 1.23.0
  • 2e5b930 Updates go mod version to 1.22.6
  • 815b014 Bump github.com/paketo-buildpacks/packit/v2 from 2.14.1 to 2.14.2
  • 74a79fb Bump github.com/paketo-buildpacks/packit/v2 from 2.14.0 to 2.14.1
  • 90134a5 Bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2
  • 653a6fb Bump github.com/onsi/gomega from 1.34.0 to 1.34.1
  • ed0e429 Bump github.com/onsi/gomega from 1.33.1 to 1.34.0
  • f467245 Updates go mod version to 1.22.5
  • c97acf2 Bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1
  • Additional commits viewable in compare view


Updates github.com/paketo-buildpacks/packit/v2 from 2.14.2 to 2.15.0

Release notes

Sourced from github.com/paketo-buildpacks/packit/v2's releases.

v2.15.0

What's Changed

Full Changelog: https://github.com/paketo-buildpacks/packit/compare/v2.14.2...v2.15.0

Commits


Updates github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.0

Release notes

Sourced from github.com/Masterminds/semver/v3's releases.

v3.3.0

What's Changed

New Contributors

Full Changelog: https://github.com/Masterminds/semver/compare/v3.2.1...v3.3.0

Changelog

Sourced from github.com/Masterminds/semver/v3's changelog.

3.3.0 (2024-08-27)

Added

Changed

  • #241: Simplify StrictNewVersion parsing (thanks @​grosser)
  • Testing support up through Go 1.23
  • Minimum version set to 1.21 as this is what's tested now
  • Fuzz testing now supports caching
Commits
  • e6e3d4d Merge pull request #249 from mattfarina/update-changelog-3.3.0
  • e80c4ea Updating changelog for 3.3.0
  • 80427ad Merge pull request #248 from mattfarina/bump-min-version
  • b610837 bumping min version in go.mod based on what's tested
  • a4cccd8 Merge pull request #246 from mattfarina/bump-go-1.23
  • 7c178cf Updating the testing version of Go used
  • 29f94c1 Merge pull request #241 from grosser/grosser/validate
  • 2cf1b16 Merge pull request #245 from mattfarina/remove-vert
  • b55476a Removing reference to vert
  • d07450b simplify StrictNewVersion
  • Additional commits viewable in compare view


Updates github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0

Release notes

Sourced from github.com/Masterminds/sprig/v3's releases.

v3.3.0

What's Changed

New Contributors

Full Changelog: https://github.com/Masterminds/sprig/compare/v3.2.3...v3.3.0

Changelog

Sourced from github.com/Masterminds/sprig/v3's changelog.

Release 3.3.0 (2024-08-29)

Added

Changed

  • #407: Removed duplicate documentation (functions were documentated in 2 places)
  • #290: Corrected copy/paster oops in math documentation (thanks @​zzhu41)
  • #369: Corrected template reference in docs (thanks @​chey)
  • #375: Added link to URL documenation (thanks @​carlpett)
  • #406: Updated the mergo dependency which had a breaking change (which was accounted for)
  • #376: Fixed documentation error (thanks @​jheyduk)
  • #404: Updated dependency tree
  • #391: Fixed misspelling (thanks @​chrishalbert)
  • #405: Updated Go versions used in testing
Commits
  • e708470 Merge pull request #408 from mattfarina/update-changelog-3.3
  • 8fc4354 Updating the changelog for the 3.3.0 release
  • cb81a32 Merge pull request #407 from mattfarina/remove-dup-math-functions
  • 2637693 Removing duplicate documentation
  • 06b9a87 Merge pull request #290 from zzhu41/patch-1
  • e663ec6 Merge pull request #369 from chey/patch-1
  • bb2f73f Merge pull request #375 from carlpett/patch-1
  • f07659e Merge pull request #400 from itzik-elayev/master
  • 98b35c1 Add closing bracket
  • 7a88928 Merge pull request #406 from mattfarina/update-mergo
  • Additional commits viewable in compare view


Updates github.com/Microsoft/hcsshim from 0.12.5 to 0.12.6

Release notes

Sourced from github.com/Microsoft/hcsshim's releases.

v0.12.6

What's Changed

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.5...v0.12.6

Commits


Updates github.com/cloudflare/circl from 1.3.9 to 1.4.0

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.4.0

Changes

New: ML-KEM compatible with FIPS-203.

Commit History

Full Changelog: https://github.com/cloudflare/circl/compare/v1.3.9...v1.4.0

Commits


Updates github.com/containerd/errdefs from 0.1.0 to 0.2.0

Release notes

Sourced from github.com/containerd/errdefs's releases.

v0.2.0

What's Changed

New Contributors

Full Changelog: https://github.com/containerd/errdefs/compare/v0.1.0...v0.2.0

Commits
  • 02b65bc Merge pull request #18 from dmcgowan/add-missing-interfaces
  • 41d12e1 Complete interface definitions for errors
  • 70440b8 Merge pull request #7 from dmcgowan/grpc-error-details
  • b9dce4d Add support for grpc error details
  • ffb0349 Update Resolve function to support Is interface
  • 124d0dc Merge pull request #10 from dmcgowan/custom-error-messages
  • dc9b20e Add support for custom error messages
  • 6c7f402 Merge pull request #9 from dmcgowan/resolve-error
  • 9f87502 Add a resolve error function to return first error
  • 6fb6cf0 Merge pull request #8 from dmcgowan/add-stack-support
  • Additional commits viewable in compare view


Updates github.com/cyphar/filepath-securejoin from 0.3.1 to 0.3.2

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.3.2

This release includes a few fixes for MkdirAll when dealing with S_ISUID and S_ISGID, to solve a regression runc hit when switching to MkdirAll.

  • Passing the S_ISUID or S_ISGID modes to MkdirAllInRoot will now return an explicit error saying that those bits are ignored by mkdirat(2). In the past a different error was returned, but since the silent ignoring behaviour is codified in the man pages a more explicit error seems apt. While silently ignoring these bits would be the most compatible option, it could lead to users thinking their code sets these bits when it doesn't. Programs that need to deal with compatibility can mask the bits themselves. (#23, #25)

  • If a directory has S_ISGID set, then all child directories will have S_ISGID set when created and a different gid will be used for any inode created under the directory. Previously, the "expected owner and mode" validation in securejoin.MkdirAll did not correctly handle this. We now correctly handle this case. (#24, #25)

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.3.2] - 2024-09-13

Changed

  • Passing the S_ISUID or S_ISGID modes to MkdirAllInRoot will now return an explicit error saying that those bits are ignored by mkdirat(2). In the past a different error was returned, but since the silent ignoring behaviour is codified in the man pages a more explicit error seems apt. While silently ignoring these bits would be the most compatible option, it could lead to users thinking their code sets these bits when it doesn't. Programs that need to deal with compatibility can mask the bits themselves. (#23, #25)

Fixed

  • If a directory has S_ISGID set, then all child directories will have S_ISGID set when created and a different gid will be used for any inode created under the directory. Previously, the "expected owner and mode" validation in securejoin.MkdirAll did not correctly handle this. We now correctly handle this case. (#24, #25)
Commits
  • e408943 VERSION: release v0.3.2
  • 1c875f5 CHANGELOG: fix headers
  • fdaafcc merge #25 into cyphar/filepath-securejoin:main
  • 1acda83 mkdirall: correctly handle sgid directory parent
  • 8484faf tests: mkdirall: refactor check and mkdirall helpers
  • 350d697 mkdirall: explicitly return an error for suid/sgid bits
  • 43b1026 tests: procfs: skip procfs tests if overmounting is blocked
  • 82e5725 VERSION: back to development
  • See full diff in compare view


Updates github.com/docker/cli from 27.1.2+incompatible to 27.3.1+incompatible

Commits
  • ce12230 Merge pull request #5462 from thaJeztah/27.x_backport_bump_compose
  • 263ba95 Merge pull request #5461 from laurazard/27.x-backport-update-VERSION
  • be9b9f3 Update VERSION file to v27.3.1-dev
  • a4149b0 Dockerfile: update compose to v2.29.7
  • 4aac415 Merge pull request #5458 from thaJeztah/27.x_bump_engine3
  • 8546958 vendor: github.com/docker/docker v27.3.0
  • f052003 Merge pull request #5457 from laurazard/backport-dropped-defer
  • 460f1be telemetry: fix early meterprovider shutdown
  • e85edf8 Merge pull request #5452 from laurazard/27.3.0-match-moby-version
  • ca62759 vendor: github.com/docker/docker v27.3.0-rc2
  • Additional commits viewable in compare view


Updates github.com/klauspost/compress from 1.17.9 to 1.17.10

Release notes

Sourced from github.com/klauspost/compress's releases.

v1.17.10

What's Changed

New Contributors

Full Changelog: https://github.com/klauspost/compress/compare/v1.17.9...v1.17.10

Commits


Updates github.com/sylabs/sif/v2 from 2.18.0 to 2.19.1

Release notes

Sourced from github.com/sylabs/sif/v2's releases.

v2.19.1

What's Changed

Full Changelog: https://github.com/sylabs/sif/compare/v2.19.0...v2.19.1

v2.19.0

This release drops support for Go 1.21.

What's Changed

Full Changelog: https://github.com/sylabs/sif/compare/v2.18.0...v2.19.0

Commits
  • 1ed3ce5 Merge pull request #384 from tri-adam/overflow-fix
  • 6f00aba fix: check descriptor capacity during SIF creation
  • c1fcc37 fix: correct the range check for descriptor IDs
  • fd8a090 Merge pull request #383 from tri-adam/golangci-lint-v1.60
  • d2a9ddc fix: address lint with golangci-lint v1.60
  • f4453b3 ci: remove deprecated exportloopref linter
  • dd77d01 chore: bump golangci-lint to v1.60
  • 518b3a3 build(deps): bump github.com/sigstore/sigstore from 1.8.4 to 1.8.8 (#381)
  • afa5a4e Merge pull request #382 from tri-adam/go-1.23
  • 9a07943 chore: bump module to Go 1.22
  • Additional commits viewable in compare view


Updates go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.53.0 to 0.55.0

Release notes

Sourced from go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp's releases.

Release v1.30.0/v0.55.0/v0.24.0/v0.10.0/v0.5.0/v0.3.0/v0.2.0

Overview

Added

  • Add NewProducer to go.opentelemetry.io/contrib/instrumentation/runtime, which allows collecting the go.schedule.duration histogram metric from the Go runtime. (#5991)
  • Add gRPC protocol support for OTLP log exporter in go.opentelemetry.io/contrib/exporters/autoexport. (#6083)

Removed

Fixed

  • Superfluous call to WriteHeader when flushing after setting a status code in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp. (#6074)
  • Superfluous call to WriteHeader when writing the response body after setting a status code in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp. (#6055)

What's Changed

dependabot[bot] commented 2 months ago

Looks like these dependencies are updatable in another way, so this is no longer needed.