Bump the go-modules group across 1 directory with 42 updates

[dependabot[bot]]

Bumps the go-modules group with 25 updates in the / directory:

Package	From	To
github.com/BurntSushi/toml	1.3.2	1.4.0
github.com/onsi/gomega	1.31.1	1.33.1
github.com/paketo-buildpacks/occam	0.18.2	0.18.7
github.com/Microsoft/hcsshim	0.11.7	0.12.5
github.com/cenkalti/backoff/v4	4.2.1	4.3.0
github.com/cloudflare/circl	1.3.7	1.3.9
github.com/cyphar/filepath-securejoin	0.2.4	0.3.0
github.com/docker/docker-credential-helpers	0.8.1	0.8.2
github.com/gabriel-vasile/mimetype	1.4.3	1.4.4
github.com/go-git/go-git/v5	5.11.0	5.12.0
github.com/huandu/xstrings	1.4.0	1.5.0
github.com/klauspost/compress	1.17.6	1.17.9
github.com/knqyf263/go-rpmdb	0.0.0-20230301153543-ba94b245509b	0.1.1
github.com/sassoftware/go-rpmutils	0.3.0	0.4.0
github.com/shirou/gopsutil/v3	3.24.1	3.24.5
github.com/shopspring/decimal	1.3.1	1.4.0
github.com/spdx/tools-golang	0.5.3	0.5.5
github.com/sylabs/sif/v2	2.15.1	2.18.0
github.com/tklauser/go-sysconf	0.3.13	0.3.14
github.com/vbatts/go-mtree	0.5.3	0.5.4
golang.org/x/crypto	0.24.0	0.25.0
golang.org/x/mod	0.18.0	0.19.0
golang.org/x/net	0.26.0	0.27.0
golang.org/x/tools	0.22.0	0.23.0
google.golang.org/protobuf	1.33.0	1.34.2

Updates github.com/BurntSushi/toml from 1.3.2 to 1.4.0

Release notes

Sourced from github.com/BurntSushi/toml's releases.

v1.4.0

This version requires Go 1.18

• Add toml.Marshal() (#405)

• Require 2-digit hour (#320)

• Wrap UnmarshalTOML() and UnmarshalText() return values in ParseError for position information (#398)

• Fix inline tables with dotted keys inside inline arrays (e.g. k=[{a.b=1}]) (#400)

Commits

• 1e2c053 Undeprecate PrimitiveDecode and MetaData.PrimitiveDecode()
• f8f7e48 Update toml-test
• 9a80667 Add -json flag to tomlv
• 3203540 fuzz: move fuzz_targets from oss-fuzz (#406)
• 77ce858 Add Marshal Function (#405)
• 0e879cb Fix panic when trying to set subkey for a value that's not a table
• c299e75 Update toml-test
• 4223137 Fix inline tables with dotted keys inside inline arrays (#400)
• 45e7e49 Update toml-test
• c320c2d Fix utf8.RuneError test
• Additional commits viewable in compare view

Updates github.com/onsi/gomega from 1.31.1 to 1.33.1

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.33.1

1.33.1

Fixes

• fix confusing eventually docs [3a66379]

Maintenance

• Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2 [e9bc35a]

v1.33.0

1.33.0

Features

Receive not accepts Receive(<POINTER>, MATCHER>), allowing you to pick out a specific value on the channel that satisfies the provided matcher and is stored in the provided pointer.

Maintenance

• Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745) [9999deb]
• Bump github-pages from 229 to 230 in /docs (#735) [cb5ff21]
• Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746) [bac6596]

v1.32.0

1.32.0

Maintenance

• Migrate github.com/golang/protobuf to google.golang.org/protobuf [436a197]

  This release drops the deprecated github.com/golang/protobuf and adopts google.golang.org/protobuf. Care was taken to ensure the release is backwards compatible (thanks @​jbduncan !). Please open an issue if you run into one.

• chore: test with Go 1.22 (#733) [32ef35e]

• Bump golang.org/x/net from 0.19.0 to 0.20.0 (#717) [a0d0387]

• Bump github-pages and jekyll-feed in /docs (#732) [b71e477]

• docs: fix typo and broken anchor link to gstruct [f460154]

• docs: fix HaveEach matcher signature [a2862e4]

Changelog

Sourced from github.com/onsi/gomega's changelog.

1.33.1

Fixes

• fix confusing eventually docs [3a66379]

Maintenance

• Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2 [e9bc35a]

1.33.0

Features

Receive not accepts Receive(<POINTER>, MATCHER>), allowing you to pick out a specific value on the channel that satisfies the provided matcher and is stored in the provided pointer.

Maintenance

• Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745) [9999deb]
• Bump github-pages from 229 to 230 in /docs (#735) [cb5ff21]
• Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746) [bac6596]

1.32.0

Maintenance

• Migrate github.com/golang/protobuf to google.golang.org/protobuf [436a197]

  This release drops the deprecated github.com/golang/protobuf and adopts google.golang.org/protobuf. Care was taken to ensure the release is backwards compatible (thanks @​jbduncan !). Please open an issue if you run into one.

• chore: test with Go 1.22 (#733) [32ef35e]

• Bump golang.org/x/net from 0.19.0 to 0.20.0 (#717) [a0d0387]

• Bump github-pages and jekyll-feed in /docs (#732) [b71e477]

• docs: fix typo and broken anchor link to gstruct [f460154]

• docs: fix HaveEach matcher signature [a2862e4]

Commits

• 8a658bb v1.33.1
• e9bc35a Bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2
• 3a66379 fix confusing eventually docs
• f2e65fc v1.33.0
• 02e8706 docs: Receive(POINTER, MATCHER)
• ec1f186 feat: receiver matcher accepting (POINTER, MATCHER), includes unit tests
• 9999deb Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 (#745)
• cb5ff21 Bump github-pages from 229 to 230 in /docs (#735)
• bac6596 Bump golang.org/x/net from 0.20.0 to 0.23.0 (#746)
• 4379951 v1.32.0
• Additional commits viewable in compare view

Updates github.com/paketo-buildpacks/occam from 0.18.2 to 0.18.7

Release notes

Sourced from github.com/paketo-buildpacks/occam's releases.

v0.18.7

What's Changed

• Bump github.com/docker/docker from 26.1.3+incompatible to 26.1.4+incompatible by @​dependabot in paketo-buildpacks/occam#305
• Updates go mod toolchain version to 1.22.4 by @​paketo-bot in paketo-buildpacks/occam#306
• Buildpack packaging should always target linux by @​ForestEckhardt in paketo-buildpacks/occam#307

Full Changelog: https://github.com/paketo-buildpacks/occam/compare/v0.18.6...v0.18.7

v0.18.6

What's Changed

• Bump github.com/docker/docker from 26.0.1+incompatible to 26.0.2+incompatible by @​dependabot in paketo-buildpacks/occam#290
• Bump github.com/onsi/gomega from 1.32.0 to 1.33.0 by @​dependabot in paketo-buildpacks/occam#291
• Bump github.com/paketo-buildpacks/packit/v2 from 2.12.0 to 2.13.0 by @​dependabot in paketo-buildpacks/occam#292
• Bump github.com/docker/docker from 26.0.2+incompatible to 26.1.0+incompatible by @​dependabot in paketo-buildpacks/occam#293
• Bump github.com/onsi/gomega from 1.33.0 to 1.33.1 by @​dependabot in paketo-buildpacks/occam#294
• Bump github.com/docker/docker from 26.1.0+incompatible to 26.1.1+incompatible by @​dependabot in paketo-buildpacks/occam#295
• Bump github.com/paketo-buildpacks/packit/v2 from 2.13.0 to 2.14.0 by @​dependabot in paketo-buildpacks/occam#296
• Bump github.com/docker/docker from 26.1.1+incompatible to 26.1.2+incompatible by @​dependabot in paketo-buildpacks/occam#298
• Bump github.com/testcontainers/testcontainers-go from 0.30.0 to 0.31.0 by @​dependabot in paketo-buildpacks/occam#297
• Bump github.com/docker/docker from 26.1.2+incompatible to 26.1.3+incompatible by @​dependabot in paketo-buildpacks/occam#299
• Updates github-config by @​paketo-bot in paketo-buildpacks/occam#289
• Updates github-config by @​paketo-bot in paketo-buildpacks/occam#303
• Adds support of buildpackages in buildpack store and updates freezer by @​ForestEckhardt in paketo-buildpacks/occam#302

Full Changelog: https://github.com/paketo-buildpacks/occam/compare/v0.18.5...v0.18.6

v0.18.5

What's Changed

• use go 1.20 by @​sophiewigmore in paketo-buildpacks/occam#288

Full Changelog: https://github.com/paketo-buildpacks/occam/compare/v0.18.4...v0.18.5

v0.18.4

What's Changed

• remove toolchain from go.mod by @​sophiewigmore in paketo-buildpacks/occam#287

Full Changelog: https://github.com/paketo-buildpacks/occam/compare/v0.18.3...v0.18.4

v0.18.3

What's Changed

• Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 by @​dependabot in paketo-buildpacks/occam#280
• Bump github.com/testcontainers/testcontainers-go from 0.26.0 to 0.30.0 by @​dependabot in paketo-buildpacks/occam#285
• Bump github.com/onsi/gomega from 1.30.0 to 1.32.0 by @​dependabot in paketo-buildpacks/occam#282
• Bump github.com/docker/docker from 25.0.5+incompatible to 26.0.1+incompatible by @​dependabot in paketo-buildpacks/occam#286
• Bump github.com/google/go-containerregistry from 0.14.0 to 0.19.1 by @​dependabot in paketo-buildpacks/occam#281

... (truncated)

Commits

• aff3030 Buildpack packaging should always target linux
• 7b8692d Updates go mod toolchain version to 1.22.4
• ddf2781 Bump github.com/docker/docker
• e9fee75 Adds support of buildpackages in buildpack store and updates freezer (#302)
• dda57be Updating github-config
• f0b937b Use stable go version everywhere.
• 354d744 Bump to go 1.21
• 64bc107 Updating github-config
• d00fe4b Bump github.com/docker/docker
• 37502e4 Bump github.com/testcontainers/testcontainers-go from 0.30.0 to 0.31.0
• Additional commits viewable in compare view

Updates github.com/paketo-buildpacks/packit/v2 from 2.12.0 to 2.14.0

Release notes

Sourced from github.com/paketo-buildpacks/packit/v2's releases.

v2.14.0

What's Changed

• Fixes mirror bug when originalHost is excluded by @​TisVictress in paketo-buildpacks/packit#569
• Bump github.com/onsi/gomega from 1.33.0 to 1.33.1 by @​dependabot in paketo-buildpacks/packit#571
• Support reading service bindings from VCAP_SERVICES env var by @​pbusko in paketo-buildpacks/packit#566

New Contributors

• @​pbusko made their first contribution in paketo-buildpacks/packit#566 🥳

Full Changelog: https://github.com/paketo-buildpacks/packit/compare/v2.13.0...v2.14.0

v2.13.0

What's Changed

• Bump github.com/onsi/gomega from 1.28.1 to 1.29.0 by @​dependabot in paketo-buildpacks/packit#531
• Bump github.com/google/uuid from 1.3.1 to 1.4.0 by @​dependabot in paketo-buildpacks/packit#533
• Updates github-config by @​paketo-bot in paketo-buildpacks/packit#532
• Bump github.com/onsi/gomega from 1.29.0 to 1.30.0 by @​dependabot in paketo-buildpacks/packit#536
• Updates github-config by @​paketo-bot in paketo-buildpacks/packit#534
• Bump github.com/google/uuid from 1.4.0 to 1.5.0 by @​dependabot in paketo-buildpacks/packit#541
• Bump github.com/onsi/gomega from 1.30.0 to 1.31.0 by @​dependabot in paketo-buildpacks/packit#544
• Bump github.com/onsi/gomega from 1.31.0 to 1.31.1 by @​dependabot in paketo-buildpacks/packit#547
• Bump github.com/google/uuid from 1.5.0 to 1.6.0 by @​dependabot in paketo-buildpacks/packit#548
• Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @​dependabot in paketo-buildpacks/packit#556
• Bump github.com/onsi/gomega from 1.31.1 to 1.32.0 by @​dependabot in paketo-buildpacks/packit#560
• Bump github.com/ulikunitz/xz from 0.5.11 to 0.5.12 by @​dependabot in paketo-buildpacks/packit#562
• Bump github.com/onsi/gomega from 1.32.0 to 1.33.0 by @​dependabot in paketo-buildpacks/packit#568
• Allows users to set a dependency mirror by @​TisVictress in paketo-buildpacks/packit#563

New Contributors

• @​TisVictress made their first contribution in paketo-buildpacks/packit#563

Full Changelog: https://github.com/paketo-buildpacks/packit/compare/v2.12.0...v2.13.0

Commits

• 13393ec Support reading service bindings from VCAP_SERVICES env var (#566)
• 35d8f76 Bump github.com/onsi/gomega from 1.33.0 to 1.33.1
• ce376b7 Fixes mirror bug when originalHost is excluded (#569)
• 4c9f338 Allows users to set a dependency mirror (#563)
• 4e9c21d Bump github.com/onsi/gomega from 1.32.0 to 1.33.0
• dd77ec5 Bump github.com/ulikunitz/xz from 0.5.11 to 0.5.12
• 95b8056 Bump github.com/onsi/gomega from 1.31.1 to 1.32.0
• 777a503 Bump github.com/stretchr/testify from 1.8.4 to 1.9.0
• c1b785b Bump github.com/google/uuid from 1.5.0 to 1.6.0
• b31dc83 Bump github.com/onsi/gomega from 1.31.0 to 1.31.1
• Additional commits viewable in compare view

Updates github.com/ForestEckhardt/freezer from 0.0.12 to 0.1.0

Release notes

Sourced from github.com/ForestEckhardt/freezer's releases.

v0.1.0

What's Changed

• Updates fetchers to create buildpackages by @​ForestEckhardt in ForestEckhardt/freezer#11

Full Changelog: https://github.com/ForestEckhardt/freezer/compare/v0.0.12...v0.1.0

Commits

• a57bf55 Updates fetchers to create buildpackages
• See full diff in compare view

Updates github.com/Microsoft/hcsshim from 0.11.7 to 0.12.5

Release notes

Sourced from github.com/Microsoft/hcsshim's releases.

v0.12.5

What's Changed

• [release/0.12] Adding state attribute to the HNSEndpoint struct to support hyperv co… by @​ritikaguptams in microsoft/hcsshim#2183
• [release/0.12] vendor: github.com/containerd/containerd v17.18 by @​thaJeztah in microsoft/hcsshim#2186
• [release/0.12] Backport networking commits for L1VH feature by @​princepereira in microsoft/hcsshim#2205

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.4...v0.12.5

v0.12.4

What's Changed

• [release/0.12] Backport networking commits by @​kiashok in microsoft/hcsshim#2157

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.3...v0.12.4

v0.12.3

What's Changed

• [release/0.12] Update go-winio to v0.6.2 by @​kiashok in microsoft/hcsshim#2114

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.2...v0.12.3

v0.12.2

No release notes provided.

v0.12.1

What's Changed

• Add spans and drop large size high volume trace logs by @​kiashok in microsoft/hcsshim#2068
• Updating permissions and github release action versions (#2078) by @​hgarvison in microsoft/hcsshim#2079
• fix: move permissions to the correct job (#2080) by @​anmaxvl in microsoft/hcsshim#2081

Full Changelog: https://github.com/microsoft/hcsshim/compare/v0.12.0...v0.12.1

v0.12.0

What's Changed

• adding option of using buffered image reader for faster dmverity hashing by @​SethHollandsworth in microsoft/hcsshim#2013
• Fix process handle leak when launching a job container by @​kevpar in microsoft/hcsshim#2020
• Revert "gcs: Support routing container stdio to sidecar" by @​kevpar in microsoft/hcsshim#2023
• internal/exec: Fix stdio pipe problems by @​kevpar in microsoft/hcsshim#2021
• Allow mounting multiple dev nodes per assigned device by @​katiewasnothere in microsoft/hcsshim#2003
• tests: update docker images by @​anmaxvl in microsoft/hcsshim#2012
• Don't create container scratch per base layer by @​ambarve in microsoft/hcsshim#2002
• Removing internal tests from hcsshim's cri-containerd tests by @​yyatmsft in microsoft/hcsshim#1998
• Fix CodeQL pipeline failure by @​helsaawy in microsoft/hcsshim#2032
• Update Cmd IO handling by @​helsaawy in microsoft/hcsshim#1937
• [deps] Omni-bus dependency update by @​helsaawy in microsoft/hcsshim#2039
• Upgrade to go1.21 by @​kiashok in microsoft/hcsshim#2033

... (truncated)

Commits

• e970943 Modifying network flag EnableIov.
• 4f77a09 Hcsshim wrapper over HNS API needed for exclusion of management mac addresses...
• 3b5bd8a [release/0.12] vendor: github.com/containerd/containerd v17.18
• 40cdbc8 Adding state attribute to the HNSEndpoint struct to support hyperv containers...
• c6a8327 Adding support for loadbalancer policy update in hns. (#2085)
• 44e4ec0 Changes for checking the global version for modify policy version support. (#...
• 62f86c0 OutBoundNATPolicy Schema changes (#2106)
• c950974 Update go-winio to v0.6.2 & fix lint errors
• ad1ccf5 fix: move permissions to the correct job (#2080) (#2081)
• 6588c1c Updating permissions and github release action versions (#2078) (#2079)
• Additional commits viewable in compare view

Updates github.com/cenkalti/backoff/v4 from 4.2.1 to 4.3.0

Commits

• 720b789 remove travis badge from readme
• a83af7f feat(backoff): Add functional options for ExponentialBackOff Closes #136
• See full diff in compare view

Updates github.com/cloudflare/circl from 1.3.7 to 1.3.9

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.3.9

Changes:

• Fix bug on BLS12381 decoding elements.

Commit History

• dilithium: fix typo by @​bwesterb in cloudflare/circl#498
• bls12381: Detects invalid prefix in G1 and G2 serialized elements by @​armfazh in cloudflare/circl#500
• Preparing CIRCL release v1.3.9 by @​armfazh in cloudflare/circl#501

Full Changelog: https://github.com/cloudflare/circl/compare/v1.3.8...v1.3.9

CIRCL v1.3.8

New

• BLS Signatures on top of BLS12-381.
• Adopt faster squaring in pairings.
• BlindRSA compliant with RFC9474.
• (Verifiable) Secret Sharing compatible with the Group interface (elliptic curves).

Notice

• Update on cpabe/tkn20 ciphertexts, read more at https://github.com/cloudflare/circl/wiki/tkn20-Ciphertext-Format-(v1.3.8)

What's Changed

• Implement Granger-Scott faster squaring in the cyclotomic subgroup. by @​armfazh in cloudflare/circl#449
• Updates avo and CIRCL's own dependency. by @​armfazh in cloudflare/circl#474
• Updating documentation for OPRF package. by @​armfazh in cloudflare/circl#475
• group: removes order method from group interface by @​armfazh in cloudflare/circl#356
• zk/dleq: Adding DLEQ proofs for Qn, the subgroup of squares in (Z/nZ)* by @​armfazh in cloudflare/circl#451
• Reduce x/crypto and x/sys versions to match Go 1.21 by @​Lekensteyn in cloudflare/circl#476
• Bump GitHub Actions versions and use Go 1.22 and 1.21 by @​Lekensteyn in cloudflare/circl#477
• Adding rule for constant values by @​armfazh in cloudflare/circl#478
• Add BLS signatures over BLS12-381 by @​armfazh in cloudflare/circl#446
• group: Implements Shamir and Feldman secret sharing. by @​armfazh in cloudflare/circl#348
• blindrsa: add support for all variants of RFC9474 by @​armfazh in cloudflare/circl#479
• Explicitly installs Go with version before CodeQL analysis. by @​armfazh in cloudflare/circl#481
• Bumps golangci-lint action by @​armfazh in cloudflare/circl#485
• ecc/bls12381: Ensures pairing operations don't overwrite their input by @​armfazh in cloudflare/circl#494
• Align to the purego build tag, removing noasm build tag by @​mattyclarkson in cloudflare/circl#492
• cpabe: Serializing ciphertext with 32-bit prefixes. by @​armfazh in cloudflare/circl#490

New Contributors

• @​mattyclarkson made their first contribution in cloudflare/circl#492

Full Changelog: https://github.com/cloudflare/circl/compare/v1.3.7...v1.3.8

Commits

• 75b28ed Preparing CIRCL release v1.3.9
• 9e7c49b Detects invalid encodings of bls12381 elements.
• 5f94471 Test for invalid encodings of BLS12381.
• 456fe41 dilithium: fix typo
• 4bb5601 Serializing ciphertext with 32-bit prefixes.
• a4252c7 Test functions working with ciphertext.
• 64431bb Testing long plaintext.
• fe2b663 Using SHAKE128 as a fixed prgn for golden files.
• 2c600ff Align to the purego build tag, removing noasm build tag
• a4b7601 Ensure pairing functions don't overwrite the input.
• Additional commits viewable in compare view

Updates github.com/cyphar/filepath-securejoin from 0.2.4 to 0.3.0

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.3.0

This release contains no changes to SecureJoin.

However, it does introduce a new *os.File-based API which is much safer to use for most usecases. These are adapted from libpathrs and are the bare minimum to be able to operate more safely on an untrusted rootfs where an attacker has write access (something that SecureJoin cannot protect against). The new APIs are:

• OpenInRoot, which resolves a path inside a rootfs and returns an *os.File handle to the path. Note that the file handle returned by OpenInRoot is an O_PATH handle, which cannot be used for reading or writing (as well as some other operations -- see open(2) for more details).

• Reopen, which takes an O_PATH file handle and safely re-opens it to "upgrade" it to a regular handle.

• MkdirAll, which is a safe implementation of os.MkdirAll that can be used to create directory trees inside a rootfs.

As these are new APIs, it is possible they may change in the future. However, they should be safe to start migrating to as we have extensive tests ensuring they behave correctly and are safe against various races and other attacks.

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

v0.2.5

This release makes some minor improvements to SecureJoin:

• Some changes were made to how lexical components are handled during resolution. There is no change in behaviour, and both implementations are safe, however the newer implementation is much easier to reason about.

• The error returned when a symlink loop has been detected will now reference the correct path. #10

Signed-off-by: Aleksa Sarai cyphar@cyphar.com

Commits

• b984b9c VERSION: bump to 0.3.0
• 6ae6d58 merge #15 into cyphar/filepath-securejoin:main
• 0a923e5 README: update to describe and strongly recommend new APIs
• ebb9f1f mkdirall: switch away from O_PATH for mkdir loop
• 975d7b3 open: add OpenInRoot and Reopen tests
• 1e6990b open: add Open(at)InRoot and Reopen
• 96f72c6 procfs: make procSelfFdReadlink more generic with generics
• a91c705 lookup: clean up test helper
• fbc8097 proc: do not export internal PROC_ constants
• ce95b91 gha: update actions/checkout to v4
• Additional commits viewable in compare view

Updates github.com/docker/docker-credential-helpers from 0.8.1 to 0.8.2

Release notes

Sourced from github.com/docker/docker-credential-helpers's releases.

v0.8.2

What's Changed

• pass: return correct error, and ignore empty stores on list docker/docker-credential-helpers#321
• pass: add utilities for encoding/decoding serverURL docker/docker-credential-helpers#322
• pass: Get: remove redundant stat docker/docker-credential-helpers#323
• Dockerfile: update xx to v1.4.0 docker/docker-credential-helpers#310
• ci: update github actions to latest stable docker/docker-credential-helpers#313
• ci: set codecov token docker/docker-credential-helpers#316
• ci: add pull-request template docker/docker-credential-helpers#318
• ci: update GHA to macOS-13, macOS-14, and update to go1.21.10 docker/docker-credential-helpers#320
• build(deps): bump softprops/action-gh-release from 1 to 2 docker/docker-credential-helpers#317

Full Changelog: https://github.com/docker/docker-credential-helpers/compare/v0.8.1...v0.8.2

Commits

• 6b9df3e Merge pull request #323 from thaJeztah/pass_simplify_get
• dc10c50 Merge pull request #317 from docker/dependabot/github_actions/softprops/actio...
• 896eb37 build(deps): bump softprops/action-gh-release to 2.0.5
• a14669f pass: Get: remove redundant stat
• 74840b3 Merge pull request #322 from thaJeztah/pass_dry
• d3ef442 pass: add utilities for encoding/decoding serverURL
• f64d6b1 Merge pull request #321 from thaJeztah/fix_pass_errors
• 1bb9aa3 pass: return correct error, and ignore empty stores on list
• 73b9e5d Merge pull request #320 from thaJeztah/update_gha
• 0c43fed update to go1.21.10
• Additional commits viewable in compare view

Updates github.com/felixge/httpsnoop from 1.0.3 to 1.0.4

Release notes

Sourced from github.com/felixge/httpsnoop's releases.

v1.0.4

https://github.com/felixge/httpsnoop/compare/v1.0.3...v1.0.4

Commits

• c5817c2 codegen: fix generated header comment (#25)
• 661666c Support (ignore) 1xx status codes. (#24)
• 8b7a371 tests: refactor benchmarks to remove test server overhead (#20)
• dcf093d chore: switch to github actions (#21)
• See full diff in compare view

Updates github.com/gabriel-vasile/mimetype from 1.4.3 to 1.4.4

Release notes

Sourced from github.com/gabriel-vasile/mimetype's releases.

v1.4.4

What's Changed

Security fixes:

Update golang.org/x/net to latest. Fixes: CVE-2023-45288

Performance improvements:

• Change tar detection to use checksum instead of legal ranges of values in gabriel-vasile/mimetype#466
• ftyp: exit asap to prevent mem allocs in gabriel-vasile/mimetype#517
• Improve x-subrip detection performance in gabriel-vasile/mimetype#524
• improve performance for text detection in gabriel-vasile/mimetype#532
• Using io.ReadAll instead of ioutil.ReadAll by @​phihungtf in gabriel-vasile/mimetype#525

Benchmarks:

before:
BenchmarkText/application/x-ndjson-8              663314              2027 ns/op            4306 B/op          6 allocs/op
BenchmarkSliceRand-8                              688160              1690 ns/op             728 B/op         75 allocs/op
BenchmarkSrt-8                                    946042              1089 ns/op            4240 B/op          5 allocs/op
after:
BenchmarkText/application/x-ndjson-8             1930292               678.6 ns/op           160 B/op          4 allocs/op
BenchmarkSliceRand-8                             1232066              1173 ns/op             160 B/op          4 allocs/op
BenchmarkSrt-8                                   3235448               368.8 ns/op            64 B/op          2 allocs/op

New Contributors

• @​phihungtf made their first contribution in gabriel-vasile/mimetype#525

Full Changelog: https://github.com/gabriel-vasile/mimetype/compare/v1.4.3...v1.4.4

Commits

• 43192c8 Bump the github-actions group across 1 directory with 3 updates (#534)
• 07821d3 Using io.ReadAll instead of ioutil.ReadAll (#525)
• 9bd6023 github actions & readme: remove codecov badge (#533)
• ff4d3d0 improve performance for text detection (#532)
• bc511b8 add defaultLimit and use it when resetting back (#531)
• 341c422 Improve x-subrip detection performance (#524)
• 043efb9 fix benchmark files order (#518)
• fd7639e ftyp: exit asap to prevent mem allocs (#517)
• 889166d Merge pull request #505 from gabriel-vasile/dependabot/github_actions/github-...
• e938b0c Merge pull request #502 from gabriel-vasile/dependabot/go_modules/gomod-82d2d...
• Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.12.0

What's Changed

• git: Worktree.AddWithOptions: add skipStatus option when providing a specific path by @​moranCohen26 in go-git/go-git#994
• git: Signer: fix usage of crypto.Signer interface by @​wlynch in go-git/go-git#1029
• git: Remote, fetch, adds the prune option. by @​juliens in go-git/go-git#366
• git: Add crypto.Signer option to CommitOptions. by @​wlynch in go-git/go-git#996
• git: Worktree checkout tag hash id (#959) by @​aymanbagabas in go-git/go-git#966
• git: Worktree, Don't panic on empty or root path when checking if it is valid by @​tim775 in go-git/go-git#1042
• git: Add commit validation for Reset by @​pjbgf in go-git/go-git#1048
• git: worktree_commit, Fix amend commit to apply changes. Fixes #1024 by @​onee-only in go-git/go-git#1045
• git: Implement Merge function with initial FastForwardMerge support by @​pjbgf in go-git/go-git#1044
• plumbing: object, Make first commit visible on logs filtered with filename. Fixes #191 by @​onee-only in go-git/go-git#1036
• plumbing: no panic in printStats function. Fixes #177 by
  dependabot[bot] commented 3 months ago

  Looks like these dependencies are updatable in another way, so this is no longer needed.