search

replicatedhq / troubleshoot

Preflight Checks and Support Bundles Framework for Kubernetes Applications
https://troubleshoot.sh
Apache License 2.0
543 stars 92 forks source link

chore(deps): bump the security group with 4 updates #1503

Closed dependabot[bot] closed 5 months ago

dependabot[bot] commented 5 months ago

Bumps the security group with 4 updates: github.com/containers/image/v5, github.com/go-sql-driver/mysql, github.com/jackc/pgx/v5 and golang.org/x/exp.

Updates github.com/containers/image/v5 from 5.29.2 to 5.30.0

Release notes

Sourced from github.com/containers/image/v5's releases.

v5.30.0

What's Changed

A fair number of improvements when working with zstd and zstd:chunked-compressed images.

Note that make install now installs policy.json and registries.d/default.yaml.

New Contributors

Full Changelog: https://github.com/containers/image/compare/v5.29.2...v5.30.0

Commits
  • b29bde5 Bump to v5.30.0
  • 3cc0bb4 Merge pull request #2328 from containers/renovate/github.com-containers-stora...
  • 169d6f5 fix(deps): update module github.com/containers/storage to v1.53.0
  • ed96328 Merge pull request #2330 from containers/renovate/golang.org-x-oauth2-0.x
  • d097f7f fix(deps): update module golang.org/x/oauth2 to v0.18.0
  • 5dbfa1c Merge pull request #2329 from containers/renovate/golang.org-x-crypto-0.x
  • 99369af fix(deps): update module golang.org/x/crypto to v0.21.0
  • b457769 Merge pull request #2326 from containers/renovate/go-openapi
  • 23e4c1d fix(deps): update go-openapi packages
  • faa4f4f Merge pull request #2325 from containers/renovate/github.com-stretchr-testify...
  • Additional commits viewable in compare view


Updates github.com/go-sql-driver/mysql from 1.7.1 to 1.8.0

Release notes

Sourced from github.com/go-sql-driver/mysql's releases.

v1.8.0

What's Changed

Major changes

  • Use SET NAMES charset COLLATE collation. by @​methane in go-sql-driver/mysql#1437

    • Older go-mysql-driver used collation_id in the handshake packet. But it caused collation mismatch in some situation.
    • If you don't specify charset nor collation, go-mysql-driver sends SET NAMES utf8mb4 for new connection. This uses server's default collation for utf8mb4.
    • If you specify charset, go-mysql-driver sends SET NAMES <charset>. This uses the server's default collation for <charset>.
    • If you specify collation and/or charset, go-mysql-driver sends SET NAMES charset COLLATE collation.

  • PathEscape dbname in DSN. by @​methane in go-sql-driver/mysql#1432

    • This is backward incompatible in rare case. Check your DSN.

  • Drop Go 1.13-17 support by @​methane in go-sql-driver/mysql#1420

    • Use Go 1.18+

  • Parse numbers on text protocol too by @​methane in go-sql-driver/mysql#1452

    • When text protocol is used, go-mysql-driver passed bare []byte to database/sql for avoid unnecessary allocation and conversion.
    • If user specified *any to Scan(), database/sql passed the []byte into the target variabe.
    • This confused users because most user doesn't know when text/binary protocol used.
    • go-mysql-driver 1.8 converts integer/float values into int64/double even in text protocol. This doesn't increase allocation compared to []byte and conversion cost is negilible.

  • New options start using the Functional Option Pattern to avoid increasing technical debt in the Config object. Future version may introduce Functional Option for existing options, but not for now.

Other changes

... (truncated)

Commits


Updates github.com/jackc/pgx/v5 from 5.5.4 to 5.5.5

Changelog

Sourced from github.com/jackc/pgx/v5's changelog.

5.5.5 (March 9, 2024)

Use spaces instead of parentheses for SQL sanitization.

This still solves the problem of negative numbers creating a line comment, but this avoids breaking edge cases such as set foo to $1 where the substitution is taking place in a location where an arbitrary expression is not allowed.

Commits
  • 78a0a2b Fix spelling in changelog
  • a17f064 Update changelog
  • 49b6aad Use spaces instead of parentheses for SQL sanitization
  • 0cc4c14 Add test to validate CollectRows for empty Rows
  • See full diff in compare view


Updates golang.org/x/exp from 0.0.0-20231006140011-7918f672742d to 0.0.0-20240222234643-814bf88cf225

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions