search

sse-secure-systems / connaisseur

An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
https://sse-secure-systems.github.io/connaisseur/
Apache License 2.0
436 stars 61 forks source link

update: bump the gomod-packages group across 1 directory with 8 updates #1748

Closed dependabot[bot] closed 1 week ago

dependabot[bot] commented 1 week ago

Bumps the gomod-packages group with 8 updates in the / directory:

Package From To
github.com/docker/cli 27.1.2+incompatible 27.2.0+incompatible
github.com/docker/docker 27.1.2+incompatible 27.2.0+incompatible
github.com/prometheus/client_golang 1.20.1 1.20.2
github.com/sigstore/sigstore 1.8.8 1.8.9
github.com/sigstore/sigstore/pkg/signature/kms/aws 1.8.8 1.8.9
github.com/sigstore/sigstore/pkg/signature/kms/azure 1.8.8 1.8.9
github.com/sigstore/sigstore/pkg/signature/kms/gcp 1.8.8 1.8.9
github.com/sigstore/sigstore/pkg/signature/kms/hashivault 1.8.8 1.8.9

Updates github.com/docker/cli from 27.1.2+incompatible to 27.2.0+incompatible

Commits
  • 3ab4256 Merge pull request #5374 from vvoland/vendor-docker
  • 88a49df vendor: github.com/docker/docker 3ab5c7d0036c (v27.2.0-dev)
  • 5d17c29 Merge pull request #5372 from thaJeztah/27.x_backport_fix_linting_issues
  • 64b9e4c cli: rename args that collided with builtins (predeclard)
  • 4b71d0d e2e/global: fix n-constant format string in call (govet)
  • 002cfcd cli/command: fix n-constant format string in call (govet)
  • d8af781 cli/command/system: remove redundant nil-check (gosimple)
  • f042ddb Merge pull request #5371 from vvoland/vendor-docker
  • 8e94ed1 vendor: github.com/docker/docker b27de4ef1634 (v27.2.0-dev)
  • 7a82aee Merge pull request #5368 from dvdksn/27x_5360
  • Additional commits viewable in compare view


Updates github.com/docker/docker from 27.1.2+incompatible to 27.2.0+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v27.2.0

27.2.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

New

  • CLI: Add support for device-code flow login when authenticating to the official registry. docker/cli#5349
  • containerd image store: docker image ls now supports --tree flag that shows a multiplatform-aware image list. This is experimental and may change at any time without any backwards compatibility. docker/cli#5353

API

  • GET /images/json response now includes Manifests field, which contains information about the sub-manifests included in the image index. This includes things like platform-specific manifests and build attestations. The new field will only be populated if the request also sets the manifests query parameter to true.

[!WARNING]

This is experimental and may change at any time without any backward compatibility.

Bug fixes and enhancements

  • CLI: Fix issue with remote contexts over SSH where the CLI would allocate a pseudoterminal when connecting to the remote host, which causes issues in rare situations. docker/cli#5351
  • Fix an issue that prevented network creation with a --ip-range ending on a 64-bit boundary. moby/moby#48326
  • CLI: IPv6 addresses shown by docker ps in port bindings are now bracketed. docker/cli#5365
  • containerd image store: Fix early error exit from docker load in cases where unpacking the image would fail. moby/moby#48376
  • containerd image store: Fix the previous image not being persisted as dangling after docker pull. moby/moby#48380

Packaging updates

v27.2.0-rc.1

27.2.0-rc.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

... (truncated)

Commits
  • 3ab5c7d Merge pull request #48383 from vvoland/48382-27.x
  • 875e8ae vendor: github.com/containerd/containerd v1.7.21
  • 1900e4d Dockerfile: update containerd binary to v1.7.21 (static binaries and CI only)
  • cd7746d Merge pull request #48380 from vvoland/48374-27.x
  • 2a13a38 Merge pull request #48376 from vvoland/48293-27.x
  • 9fd71f5 Merge pull request #48378 from corhere/backport-27.x/dockerd-manpage
  • ecd2b6f c8d/image: Add hostPlatformMatcher
  • d5b0342 man: support bringing your own go-md2man
  • 56c5c23 man: build dockerd man pages using make
  • 77b2eb5 Removed all mentions of "please" from docs and messages
  • Additional commits viewable in compare view


Updates github.com/prometheus/client_golang from 1.20.1 to 1.20.2

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.20.2

  • [BUGFIX] promhttp: Unset Content-Encoding header when data is uncompressed. #1596
Changelog

Sourced from github.com/prometheus/client_golang's changelog.

1.20.2 / 2024-08-23

  • [BUGFIX] promhttp: Unset Content-Encoding header when data is uncompressed. #1596
Commits


Updates github.com/sigstore/sigstore from 1.8.8 to 1.8.9

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.8.9

What's Changed

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.8...v1.8.9

Commits
  • 4c750b7 oauthflow: Add SubjectFromUnverifiedToken (#1826)
  • b27128f build(deps): Bump the all group in /test/e2e with 2 updates (#1824)
  • 65aaa14 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1822)
  • 21ad778 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1823)
  • ebbebbf build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#1821)
  • 615304f build(deps): Bump github.com/jellydator/ttlcache/v3 (#1820)
  • 6fb1d8b build(deps): Bump github.com/jellydator/ttlcache/v3 (#1819)
  • 075e85c build(deps): Bump actions/upload-artifact in the all group (#1825)
  • 0ca1da6 build(deps): Bump the gomod group across 4 directories with 3 updates (#1818)
  • 26aae9d build(deps): Bump cloud.google.com/go/kms in /pkg/signature/kms/gcp (#1817)
  • Additional commits viewable in compare view


Updates github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.8 to 1.8.9

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/aws's releases.

v1.8.9

What's Changed

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.8...v1.8.9

Commits
  • 4c750b7 oauthflow: Add SubjectFromUnverifiedToken (#1826)
  • b27128f build(deps): Bump the all group in /test/e2e with 2 updates (#1824)
  • 65aaa14 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1822)
  • 21ad778 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1823)
  • ebbebbf build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#1821)
  • 615304f build(deps): Bump github.com/jellydator/ttlcache/v3 (#1820)
  • 6fb1d8b build(deps): Bump github.com/jellydator/ttlcache/v3 (#1819)
  • 075e85c build(deps): Bump actions/upload-artifact in the all group (#1825)
  • 0ca1da6 build(deps): Bump the gomod group across 4 directories with 3 updates (#1818)
  • 26aae9d build(deps): Bump cloud.google.com/go/kms in /pkg/signature/kms/gcp (#1817)
  • Additional commits viewable in compare view


Updates github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.8 to 1.8.9

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/azure's releases.

v1.8.9

What's Changed

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.8...v1.8.9

Commits
  • 4c750b7 oauthflow: Add SubjectFromUnverifiedToken (#1826)
  • b27128f build(deps): Bump the all group in /test/e2e with 2 updates (#1824)
  • 65aaa14 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1822)
  • 21ad778 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1823)
  • ebbebbf build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#1821)
  • 615304f build(deps): Bump github.com/jellydator/ttlcache/v3 (#1820)
  • 6fb1d8b build(deps): Bump github.com/jellydator/ttlcache/v3 (#1819)
  • 075e85c build(deps): Bump actions/upload-artifact in the all group (#1825)
  • 0ca1da6 build(deps): Bump the gomod group across 4 directories with 3 updates (#1818)
  • 26aae9d build(deps): Bump cloud.google.com/go/kms in /pkg/signature/kms/gcp (#1817)
  • Additional commits viewable in compare view


Updates github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.8 to 1.8.9

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/gcp's releases.

v1.8.9

What's Changed

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.8...v1.8.9

Commits
  • 4c750b7 oauthflow: Add SubjectFromUnverifiedToken (#1826)
  • b27128f build(deps): Bump the all group in /test/e2e with 2 updates (#1824)
  • 65aaa14 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1822)
  • 21ad778 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1823)
  • ebbebbf build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#1821)
  • 615304f build(deps): Bump github.com/jellydator/ttlcache/v3 (#1820)
  • 6fb1d8b build(deps): Bump github.com/jellydator/ttlcache/v3 (#1819)
  • 075e85c build(deps): Bump actions/upload-artifact in the all group (#1825)
  • 0ca1da6 build(deps): Bump the gomod group across 4 directories with 3 updates (#1818)
  • 26aae9d build(deps): Bump cloud.google.com/go/kms in /pkg/signature/kms/gcp (#1817)
  • Additional commits viewable in compare view


Updates github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.8 to 1.8.9

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/hashivault's releases.

v1.8.9

What's Changed

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.8...v1.8.9

Commits
  • 4c750b7 oauthflow: Add SubjectFromUnverifiedToken (#1826)
  • b27128f build(deps): Bump the all group in /test/e2e with 2 updates (#1824)
  • 65aaa14 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1822)
  • 21ad778 build(deps): Bump github.com/jellydator/ttlcache/v3 (#1823)
  • ebbebbf build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#1821)
  • 615304f build(deps): Bump github.com/jellydator/ttlcache/v3 (#1820)
  • 6fb1d8b build(deps): Bump github.com/jellydator/ttlcache/v3 (#1819)
  • 075e85c build(deps): Bump actions/upload-artifact in the all group (#1825)
  • 0ca1da6 build(deps): Bump the gomod group across 4 directories with 3 updates (#1818)
  • 26aae9d build(deps): Bump cloud.google.com/go/kms in /pkg/signature/kms/gcp (#1817)
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
dependabot[bot] commented 1 week ago

Superseded by #1750.