search

robherley / snips.sh

✂️ passwordless, anonymous SSH-powered pastebin with a human-friendly TUI and web UI
https://snips.sh
MIT License
1.05k stars 45 forks source link

Bump the gomod group across 1 directory with 5 updates #196

Closed dependabot[bot] closed 3 months ago

dependabot[bot] commented 3 months ago

Bumps the gomod group with 4 updates in the / directory: ariga.io/atlas, github.com/charmbracelet/lipgloss, github.com/microcosm-cc/bluemonday and github.com/tdewolff/minify/v2.

Updates ariga.io/atlas from 0.24.0 to 0.25.0

Release notes

Sourced from ariga.io/atlas's releases.

v0.25.0

We are excited to announce the release of Atlas v0.25 🎊

Thanks for joining us today for our v0.25 release announcement! In this version we are introducing a new feature that has been requested by many of you: support for Row-level Security Policies in PostgreSQL.

What are Row-level Security Policies?

Row-level security (RLS) in PostgreSQL allows tables to have policies that restrict which rows can be accessed or modified based on the user's role, enhancing the SQL-standard privilege system available through GRANT.

When enabled, all normal access to the table must comply with these policies, defaulting to a deny-all approach if no policies are set, ensuring that no rows are visible or modifiable. Policies can be specific to commands, roles, or both, providing fine-grained control over data access and modification.

policy "employee_policy" {
  on    = table.employees
  for   = SELECT
  to    = [PUBLIC]
  using = "(current_user = employee_role)"
}

Read the full announcement and in our blogpost: https://atlasgo.io/blog/2024/07/09/v025-row-level-security

Quick installation

macOS + Linux:

curl -sSf https://atlasgo.sh | sh

Homebrew:

brew install ariga/tap/atlas

Docker:

docker pull arigaio/atlas

Windows

Download

Legal

The default binaries in this release are distributed released under Atlas EULA, and the community binaries are released under the Apache 2.0 license.

Full Changelog: https://github.com/ariga/atlas/compare/v0.24.0...v0.25.0

Commits


Updates github.com/charmbracelet/lipgloss from 0.11.0 to 0.12.1

Release notes

Sourced from github.com/charmbracelet/lipgloss's releases.

v0.12.1

This release fixes a regression with regard to border calculations introduced in Lip Gloss v0.11.1.

Thoughts? Questions? We love hearing from you. Feel free to reach out on Twitter, The Fediverse, or on Discord.

v0.12.0

Lists, Check ✓

This release adds a new sub-package for rendering trees and lists.

import "github.com/charmbracelet/lipgloss/list"

Define a new list.

l := list.New("A", "B", "C")

Print the list.

fmt.Println(l)

// • A

// • B

// • C

Lists have the ability to nest.

l := list.New(
  "A", list.New("Artichoke"),
  "B", list.New("Baking Flour", "Bananas", "Barley", "Bean Sprouts"),
  "C", list.New("Cashew Apple", "Cashews", "Coconut Milk", "Curry Paste", "Currywurst"),
  "D", list.New("Dill", "Dragonfruit", "Dried Shrimp"),
  "E", list.New("Eggs"),
  "F", list.New("Fish Cake", "Furikake"),
  "J", list.New("Jicama"),
  "K", list.New("Kohlrabi"),
  "L", list.New("Leeks", "Lentils", "Licorice Root"),
)

... (truncated)

Commits


Updates github.com/microcosm-cc/bluemonday from 1.0.26 to 1.0.27

Commits
  • 10b8ac6 Remove SPDX header from LICENSE to enable GitHub auto-detection
  • 30fb5d7 Don't duplicate attrs if multiple global policies allow them
  • e244202 Update CONTRIBUTING.md (fixup of 109c9cf)
  • 206ce8a Update the security policy
  • 109c9cf Clean up developer instructions to a vanilla Go project
  • e602a4a Fix RequireCrossOriginAnonymous when crossorigin attr is allowed
  • 37251d9 Consistently raise minimum Go version and update CI
  • 135e7bb all: upgrade dependencies
  • 5703ea6 Merge pull request #207 from silverwind/4hex
  • af654ef Merge pull request #202 from caarlos0/tidy
  • Additional commits viewable in compare view


Updates github.com/tdewolff/minify/v2 from 2.20.34 to 2.20.37

Release notes

Sourced from github.com/tdewolff/minify/v2's releases.

v2.20.37

v2.20.36

v2.20.35

Commits
  • f50b46a cmd: allow forward and backward slashes for Windows platform, fixes #726
  • 767148c JS: variable usage, indexing and dot expressions have side-effects, fixes #725
  • 9fab517 JS: don't remove group around optional chaining expressions when it's the lef...
  • 3354711 JS: fix !"" => true, fixes #723
  • ba78373 Merge pull request #721 from tdewolff/dependabot/github_actions/pypa/cibuildw...
  • d07e07f XML: keep all spaces inside CDATA, fixes #722
  • 03662c3 Add test for #722
  • dd47199 Bump pypa/cibuildwheel from 2.19.1 to 2.19.2
  • fffa3db Merge pull request #718 from tdewolff/dependabot/github_actions/softprops/act...
  • 2669b34 Merge pull request #716 from tdewolff/dependabot/github_actions/docker/build-...
  • Additional commits viewable in compare view


Updates golang.org/x/crypto from 0.21.0 to 0.24.0

Commits
  • 332fd65 go.mod: update golang.org/x dependencies
  • 0b431c7 x509roots/fallback: update bundle
  • 349231f ssh: implement CryptoPublicKey on sk keys
  • 44c9b0f ssh: allow server auth callbacks to send additional banners
  • 67b1361 sha3: reenable s390x assembly
  • 477a5b4 sha3: make APIs usable with zero allocations
  • 59b5a86 sha3: disable s390x assembly
  • 10f366e sha3: simplify XOR functions
  • 905d78a go.mod: update golang.org/x dependencies
  • ebb717d ssh: validate key type in SSH_MSG_USERAUTH_PK_OK response
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions