search

sse-secure-systems / connaisseur

An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
https://sse-secure-systems.github.io/connaisseur/
Apache License 2.0
436 stars 61 forks source link

update: bump the gomod-packages group across 1 directory with 8 updates #1707

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps the gomod-packages group with 7 updates in the / directory:

Package From To
github.com/docker/cli 27.0.3+incompatible 27.1.1+incompatible
github.com/docker/docker 27.0.3+incompatible 27.1.1+incompatible
github.com/google/go-containerregistry 0.20.0 0.20.1
github.com/redis/go-redis/v9 9.5.4 9.6.1
github.com/sigstore/cosign/v2 2.2.4 2.3.0
k8s.io/api 0.30.2 0.30.3
k8s.io/client-go 0.30.2 0.30.3

Updates github.com/docker/cli from 27.0.3+incompatible to 27.1.1+incompatible

Commits
  • 6312585 Merge pull request #5274 from thaJeztah/27.1_backport_compose_oom
  • c599566 Allow for OomScoreAdj
  • fb19def Merge pull request #5271 from thaJeztah/27.1_backport_custom_headers_env_var
  • bccd478 Merge pull request #5270 from thaJeztah/27.1_backport_test_spring_cleaning
  • 8992378 add support for DOCKER_CUSTOM_HEADERS env-var (experimental)
  • f90273c Merge pull request #5269 from thaJeztah/27.1_backport_add_macos_apple_silicon
  • ca9636a test spring-cleaning
  • ad47d2a gha: update to macOS 13, add macOS 14 arm64 (Apple Silicon M1)
  • a2a0fb7 Merge pull request #5263 from thaJeztah/27.1_backport_relax_pr_check
  • 16d6c90 Merge pull request #5265 from thaJeztah/27.1_backport_bump_buildx_compose
  • Additional commits viewable in compare view


Updates github.com/docker/docker from 27.0.3+incompatible to 27.1.1+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v27.1.1

27.1.1

Security

This release contains a fix for CVE-2024-41110 / GHSA-v23v-6jw2-98fq that impacted setups using authorization plugins (AuthZ) for access control. No other changes are included in this release, and this release is otherwise identical for users not using AuthZ plugins.

Packaging updates

Full Changelog: https://github.com/moby/moby/compare/v27.1.0...v27.1.1

v27.1.0

27.1.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

Bug fixes and enhancements

  • rootless: add Requires=dbus.socket to prevent errors when starting the daemon on a cgroup v2 host with systemd moby/moby#48141
  • containerd integration: image tag event is now properly emitted when building images with BuildKit moby/moby#48182
  • CLI: enable shell completion for docker image rm, docker image history, and docker image inspect moby/moby#5261
  • CLI: add and improve shell completions for various flags moby/moby#5261
  • CLI: add OOMScoreAdj to docker service create and docker stack docker/cli#5274
  • CLI: add support for DOCKER_CUSTOM_HEADERS environment variable (experimental) docker/cli#5271
  • CLI: containerd-integration: Fix docker push defaulting the --platform flag to a value of DOCKER_DEFAULT_PLATFORM environment variable on unsupported API versions docker/cli#5248
  • CLI: fix: context cancellation on login prompt docker/cli#5260
  • CLI: fix: wait for the container to exit before closing the stream when sending a termination request to the CLI while attached to a container docker/cli#5250

Deprecated

  • The pkg/rootless/specconv package is deprecated, and will be removed in the next release moby/moby#48185
  • The pkg/containerfs package is deprecated, and will be removed in the next release moby/moby#48185
  • The pkg/directory package is deprecated, and will be removed in the next release moby/moby#48185
  • api/types/system: remove deprecated Info.ExecutionDriver moby/moby#48184

Packaging updates

... (truncated)

Commits
  • cc13f95 Merge commit from fork
  • a21b1a2 Merge pull request #48196 from thaJeztah/27.1_backport_vendor_containerd_1.7.20
  • 1bc907c vendor: github.com/containerd/containerd v1.7.20
  • 4bb4575 Merge pull request #48191 from thaJeztah/27.1_backport_update_containerd_bina...
  • df7f275 Merge pull request #48195 from thaJeztah/27.1_backport_fix_pr_title_check
  • 1c0885d gha: check-pr-branch: fix branch check regression
  • fb3ec9f Merge pull request #48187 from thaJeztah/27.1_backport_bump_buildx_compose
  • ed83a9e update containerd binary to v1.7.20
  • 71b59bf Merge pull request #48178 from thaJeztah/27.1_backport_relax_pr_check
  • f8f926b Merge pull request #48185 from thaJeztah/27.1_backport_internalize_pkg_directory
  • Additional commits viewable in compare view


Updates github.com/google/go-containerregistry from 0.20.0 to 0.20.1

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.1

What's Changed

Full Changelog: https://github.com/google/go-containerregistry/compare/v0.20.0...v0.20.1

Commits


Updates github.com/redis/go-redis/v9 from 9.5.4 to 9.6.1

Release notes

Sourced from github.com/redis/go-redis/v9's releases.

9.6.1

Changes

9.6

This release contains all new features from version 9.6.

🚀 New Features

  • Support Hash-field expiration commands (#2991)
  • Support Hash-field expiration commands in Pipeline & Fix HExpire HExpireWithArgs expiration (#3038)
  • Support NOVALUES parameter for HSCAN (#2925)
  • Added test case for CLIENT KILL with MAXAGE option (#2971)
  • Add support for XREAD last entry (#3005)
  • Reduce the type assertion of CheckConn (#3066)

9.6.1

In addition minor changes were performed to retract version 9.5.3 and 9.5.4 that were released accidentally.

🧰 Maintenance

  • Change CI to 7.4.0-RC2 (#3070)

🎁 Package Distribution

  • Retract versions 9.5.3 and 9.5.4 (#3069)

Contributors

We'd like to thank all the contributors who worked on this release!

@​LINKIWI, @​b1ron, @​gerzse, @​haines, @​immersedin, @​naiqianz, @​ofekshenawa, @​srikar-jilugu, @​tzongw, @​vladvildanov, @​vmihailenco and @​monkey92t

9.6.0

Changes

🚀 New Features

  • Support Hash-field expiration commands (#2991)
  • Support Hash-field expiration commands in Pipeline & Fix HExpire HExpireWithArgs expiration (#3038)
  • Support NOVALUES parameter for HSCAN (#2925)
  • Added test case for CLIENT KILL with MAXAGE option (#2971)
  • Add support for XREAD last entry (#3005)
  • Reduce the type assertion of CheckConn (#3066)

🛠️ Improvements

This release includes support for Redis Community Edition (CE) 7.4.0, ensuring compatibility with the latest features and improvements introduced in Redis CE 7.4.0.

🧰 Maintenance

... (truncated)

Commits


Updates github.com/sigstore/cosign/v2 from 2.2.4 to 2.3.0

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.3.0

Features

  • Add PayloadProvider interface to decouple AttestationToPayloadJSON from oci.Signature interface (#3693)
  • add registry options to cosign save (#3645)
  • Add debug providers command. (#3728)
  • Make config layers in ociremote mountable (#3741)
  • upgrade to go1.22 (#3739)
  • adds tsa cert chain check for env var or tuf targets. (#3600)
  • add --ca-roots and --ca-intermediates flags to 'cosign verify' (#3464)
  • add handling of keyless verification for all verify commands (#3761)

Bug Fixes

  • fix: close attestationFile (#3679)
  • Set bundleVerified to true after Rekor verification (Resolves #3740) (#3745)

Documentation

  • Document ImportKeyPair and LoadPrivateKey functions in pkg/cosign (#3776)

Testing

  • Refactor KMS E2E tests (#3684)
  • Remove sign_blob_test.sh test (#3707)
  • Remove KMS E2E test script (#3702)
  • Refactor insecure registry E2E tests (#3701)

Contributors

  • Billy Lynch
  • bminahan73
  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Cody Soyland
  • Colleen Murphy
  • Dmitry Savintsev
  • guangwu
  • Hayden B
  • Hector Fernandez
  • ian hundere
  • Jason Power
  • Jon Johnson
  • Max Lambrecht
  • Meeki1l

Full Changelog: https://github.com/sigstore/cosign/compare/v2.2.4...v2.3.0

Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.3.0

Features

  • Add PayloadProvider interface to decouple AttestationToPayloadJSON from oci.Signature interface (#3693)
  • add registry options to cosign save (#3645)
  • Add debug providers command. (#3728)
  • Make config layers in ociremote mountable (#3741)
  • upgrade to go1.22 (#3739)
  • adds tsa cert chain check for env var or tuf targets. (#3600)
  • add --ca-roots and --ca-intermediates flags to 'cosign verify' (#3464)
  • add handling of keyless verification for all verify commands (#3761)

Bug Fixes

  • fix: close attestationFile (#3679)
  • Set bundleVerified to true after Rekor verification (Resolves #3740) (#3745)

Documentation

  • Document ImportKeyPair and LoadPrivateKey functions in pkg/cosign (#3776)

Testing

  • Refactor KMS E2E tests (#3684)
  • Remove sign_blob_test.sh test (#3707)
  • Remove KMS E2E test script (#3702)
  • Refactor insecure registry E2E tests (#3701)

Contributors

  • Billy Lynch
  • bminahan73
  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Cody Soyland
  • Colleen Murphy
  • Dmitry Savintsev
  • guangwu
  • Hayden B
  • Hector Fernandez
  • ian hundere
  • Jason Power
  • Jon Johnson
  • Max Lambrecht
  • Meeki1l
Commits
  • deed363 chore(deps): bump github.com/xanzy/go-gitlab from 0.106.0 to 0.107.0 (#3792)
  • c6f89f8 chore(deps): bump github.com/buildkite/agent/v3 from 3.74.1 to 3.75.1 (#3793)
  • aeba473 Add CHANGELOG for v2.3.0 (#3789)
  • 20d4724 chore(deps): bump github.com/google/go-containerregistry (#3790)
  • 4684fd6 chore(deps): bump the gomod group with 5 updates (#3780)
  • 3c6c5c9 chore(deps): bump github.com/sigstore/fulcio from 1.4.5 to 1.5.1 (#3784)
  • 05026ee chore(deps): bump github.com/google/go-containerregistry (#3783)
  • f9270c0 chore(deps): bump google.golang.org/api from 0.187.0 to 0.188.0 (#3782)
  • 4fd699c chore(deps): bump go.step.sm/crypto from 0.48.1 to 0.50.0 (#3781)
  • 13d3a56 chore(deps): bump the actions group across 1 directory with 2 updates (#3785)
  • Additional commits viewable in compare view


Updates k8s.io/api from 0.30.2 to 0.30.3

Commits


Updates k8s.io/apimachinery from 0.30.2 to 0.30.3

Commits


Updates k8s.io/client-go from 0.30.2 to 0.30.3

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions