search

tektoncd / chains

Supply Chain Security in Tekton Pipelines
Apache License 2.0
240 stars 125 forks source link

Bump the all group across 1 directory with 19 updates #1147

Closed dependabot[bot] closed 1 week ago

dependabot[bot] commented 1 week ago

Bumps the all group with 11 updates in the / directory:

Package From To
cloud.google.com/go/storage 1.40.0 1.42.0
github.com/golangci/golangci-lint 1.57.2 1.59.1
github.com/google/go-containerregistry 0.19.1 0.19.2
github.com/in-toto/attestation 1.0.1 1.1.0
github.com/sigstore/sigstore 1.8.3 1.8.6
github.com/sigstore/sigstore/pkg/signature/kms/aws 1.8.3 1.8.6
github.com/sigstore/sigstore/pkg/signature/kms/azure 1.8.3 1.8.6
github.com/sigstore/sigstore/pkg/signature/kms/gcp 1.8.3 1.8.6
github.com/sigstore/sigstore/pkg/signature/kms/hashivault 1.8.3 1.8.6
github.com/spiffe/go-spiffe/v2 2.2.0 2.3.0
github.com/tektoncd/pipeline 0.58.0 0.61.0

Updates cloud.google.com/go/storage from 1.40.0 to 1.42.0

Commits
  • 22e90d9 chore(main): release spanner 1.42.0 (#7130)
  • 2552e09 fix(spanner): fallback to check grpc error message if ResourceType is nil for...
  • 6bb95ef feat(spanner): add database roles (#5701)
  • f2b1f1b chore(bigquery/storage/managedwriter): internal refactor (flow controller, id...
  • bcc9fcd test(bigtable): expand integration tests for read stats (#7143)
  • ab332ce fix(internal/gapicgen): disable rest for non-rest APIs (#7157)
  • dc89409 chore(main): release pubsublite 1.6.0 (#7129)
  • 5fa8555 feat(pubsublite): create/update export subscriptions (#6885)
  • 176f533 feat(pubsublite): unload idle partition publishers (#7105)
  • 28f3572 feat(all): enable REGAPIC and REST numeric enums (#6999)
  • Additional commits viewable in compare view


Updates github.com/golangci/golangci-lint from 1.57.2 to 1.59.1

Release notes

Sourced from github.com/golangci/golangci-lint's releases.

v1.59.1

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! :heart:

For key updates, see the changelog.

Changelog

  • f7387361 build(deps): bump github.com/Antonboom/testifylint from 1.3.0 to 1.3.1 (#4759)
  • 44b3cdd1 build(deps): bump github.com/go-viper/mapstructure/v2 from 2.0.0-alpha.1 to 2.0.0 (#4788)
  • 1a55854a build(deps): bump github.com/golangci/misspell from 0.5.1 to 0.6.0 (#4804)
  • 9a7a1ad4 build(deps): bump github.com/polyfloyd/go-errorlint from 1.5.1 to 1.5.2 (#4785)
  • aaff9184 build(deps): bump github.com/sashamelentyev/usestdlibvars from 1.25.0 to 1.26.0 (#4801)
  • a0d2c830 build(deps): bump github.com/shirou/gopsutil/v3 from 3.24.4 to 3.24.5 (#4782)
  • 2042b1f1 build(deps): bump go-simpler.org/sloglint from 0.7.0 to 0.7.1 (#4784)
  • 327a78a8 build(deps): bump golang.org/x/tools from 0.21.0 to 0.22.0 (#4802)
  • e1a80557 fix: SARIF format require issue column >= 1 (#4775)
  • 88f60c8c fix: gomnd deprecated configuration compatibility (#4768)
  • 81731668 fix: init empty result slice for SARIF printer (#4758)
  • 02740ea1 intrange: add style preset (#4797)
  • 615b873d unparam: bump to HEAD (#4786)

v1.59.0

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! :heart:

For key updates, see the changelog.

Changelog

  • 4f5251d3 Support Sarif output (#4723)
  • 73110df2 build(deps): bump github.com/Antonboom/testifylint from 1.2.0 to 1.3.0 (#4729)
  • 62c83ccd build(deps): bump github.com/BurntSushi/toml from 1.3.2 to 1.4.0 (#4746)
  • 0cb14183 build(deps): bump github.com/go-critic/go-critic from 0.11.3 to 0.11.4 (#4738)
  • e14ae4b7 build(deps): bump github.com/hashicorp/go-version from 1.6.0 to 1.7.0 (#4745)
  • 2059b18a build(deps): bump github.com/securego/gosec/v2 from 2.20.0 to 5f0084eb01a9 (#4748)
  • be1bb6db build(deps): bump go-simpler.org/sloglint from 0.6.0 to 0.7.0 (#4718)
  • 08deff42 feat: add warning about disabled and deprecated linters (level 2) (#4742)
  • b99d5295 feat: allow the analysis of generated files (#4740)
  • 867adaf9 feat: deprecate github-actions format (#4726)
  • 4beae6a9 fix: remove errcheck defaults (#4734)

v1.58.2

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

... (truncated)

Changelog

Sourced from github.com/golangci/golangci-lint's changelog.

v1.59.1

  1. Updated linters
    • go-errorlint: from 1.5.1 to 1.5.2
    • gomnd: deprecated configuration compatibility
    • intrange: add style preset
    • misspell: from 0.5.1 to 0.6.0
    • sloglint: from 0.7.0 to 0.7.1
    • testifylint: from 1.3.0 to 1.3.1
    • unparam: bump to HEAD
    • usestdlibvars: from 1.25.0 to 1.26.0
  2. Fixes
    • SARIF: init empty result slice
    • SARIF: issue column >= 1
  3. Documentation
    • update revive configuration

v1.59.0

  1. Enhancements
    • Add SARIF output format
    • Allow the analysis of generated files (issues.exclude-generated: disable)
  2. Updated linters
    • errcheck: fix deprecation warning
    • go-critic: from 0.11.3 to 0.11.4
    • gosec: from 2.20.0 to 5f0084eb01a9 (fix G601 and G113 performance issues)
    • sloglint: from 0.6.0 to 0.7.0 (new option forbidden-keys)
    • testifylint: from 1.2.0 to 1.3.0 (new checker negative-positive and new option go-require.ignore-http-handlers)
  3. Misc.
    • ️️⚠️ Deprecate github-action output format
    • ️️⚠️ Deprecate issues.exclude-generated-strict option (replaced by issues.exclude-generated: strict)
    • ️️⚠️ Add warning about disabled and deprecated linters (level 2)

v1.58.2

  1. Updated linters
    • canonicalheader: from 1.0.6 to 1.1.1
    • gosec: from 2.19.0 to 2.20.0
    • musttag: from 0.12.1 to 0.12.2
    • nilnil: from 0.1.8 to 0.1.9
  2. Documentation
    • Improve integrations and install pages

v1.58.1

  1. Updated linters
    • tagalign: from 1.3.3 to 1.3.4
    • protogetter: from 0.3.5 to 0.3.6
    • gochecknoinits: fix analyzer name
  2. Fixes

... (truncated)

Commits
  • 1a55854 build(deps): bump github.com/golangci/misspell from 0.5.1 to 0.6.0 (#4804)
  • aaff918 build(deps): bump github.com/sashamelentyev/usestdlibvars from 1.25.0 to 1.26...
  • 327a78a build(deps): bump golang.org/x/tools from 0.21.0 to 0.22.0 (#4802)
  • 02740ea intrange: add style preset (#4797)
  • 4e53f51 docs: update revive configuration (#4790)
  • 839b9d7 chore: improve issue templates
  • a7817a1 chore: improve issue templates
  • d3a0412 dev: improve issue templates
  • 44b3cdd build(deps): bump github.com/go-viper/mapstructure/v2 from 2.0.0-alpha.1 to 2...
  • 615b873 unparam: bump to HEAD (#4786)
  • Additional commits viewable in compare view


Updates github.com/google/go-containerregistry from 0.19.1 to 0.19.2

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.19.2

What's Changed

New Contributors

Full Changelog: https://github.com/google/go-containerregistry/compare/v0.19.1...v0.19.2

Commits


Updates github.com/in-toto/attestation from 1.0.1 to 1.1.0

Release notes

Sourced from github.com/in-toto/attestation's releases.

v1.1.0

The v1.1.0 minor release generalizes the semantics of the DigestSet field type to support any type of immutable identifier. This change is backwards compatible because cryptographic digests are strongly recommended to achieve immutability, so any implementations that only support cryptographic DigestSet still meet the modified semantics. The _type of a Statement is still https://in-toto.io/Statement/v1

More details in the updated DigestSet spec

v1.0.2

This patch release includes a new predicate type, updates to the predicate vetting process, and more thorough DigestSet validation in Go.

Go, Python and Java APIs are not considered stable before v1.1.

What's Changed

New Contributors

Full Changelog: https://github.com/in-toto/attestation/compare/v1.0.1...v1.0.2

Commits
  • 36c1129 Merge pull request #359 from marcelamelara/update-versioning
  • a62b90a Make linter happy
  • 4adf92e Add examples of different tagged release scenarios
  • c1af60d Add tagged release process to spec
  • b382eb5 Update link in README to 1.1 (#357)
  • bbbfea7 Merge pull request #358 from in-toto/actions-regenerate-attestation-libraries
  • 241d47f Regenerate attestation libraries
  • d6e910a Merge pull request #356 from in-toto/dependabot/go_modules/google.golang.org/...
  • a8fc604 Bump google.golang.org/protobuf from 1.34.0 to 1.34.1
  • 06eafe3 Clarify that digests don't have to be cryptographic ones. (#338)
  • Additional commits viewable in compare view


Updates github.com/sigstore/sigstore from 1.8.3 to 1.8.6

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.8.6

What's Changed

New Contributors

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.5...v1.8.6

v1.8.5

Major are dependencies updates

What's Changed

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.4...v1.8.5

v1.8.4

What's Changed

New Contributors

... (truncated)

Commits
  • 5d4e11e Bump goodkey, fix breakage (#1761)
  • 63cab17 sync go mod
  • 115c2b2 build(deps): Bump the all group across 1 directory with 6 updates
  • 8503e22 build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
  • 39973a8 build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates
  • 58a8301 build(deps): Bump the all group in /pkg/signature/kms/aws with 4 updates
  • 71ace11 build(deps): Bump github.com/hashicorp/go-retryablehttp
  • b777e4b build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
  • 5ea648c build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates
  • a3666d9 build(deps): Bump the all group in /test/e2e with 2 updates
  • Additional commits viewable in compare view


Updates github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.3 to 1.8.6

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/aws's releases.

v1.8.6

What's Changed

New Contributors

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.5...v1.8.6

v1.8.5

Major are dependencies updates

What's Changed

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.4...v1.8.5

v1.8.4

What's Changed

New Contributors

... (truncated)

Commits
  • 5d4e11e Bump goodkey, fix breakage (#1761)
  • 63cab17 sync go mod
  • 115c2b2 build(deps): Bump the all group across 1 directory with 6 updates
  • 8503e22 build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
  • 39973a8 build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates
  • 58a8301 build(deps): Bump the all group in /pkg/signature/kms/aws with 4 updates
  • 71ace11 build(deps): Bump github.com/hashicorp/go-retryablehttp
  • b777e4b build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
  • 5ea648c build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates
  • a3666d9 build(deps): Bump the all group in /test/e2e with 2 updates
  • Additional commits viewable in compare view


Updates github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.3 to 1.8.6

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/azure's releases.

v1.8.6

What's Changed

New Contributors

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.5...v1.8.6

v1.8.5

Major are dependencies updates

What's Changed

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.4...v1.8.5

v1.8.4

What's Changed

New Contributors

... (truncated)

Commits
  • 5d4e11e Bump goodkey, fix breakage (#1761)
  • 63cab17 sync go mod
  • 115c2b2 build(deps): Bump the all group across 1 directory with 6 updates
  • 8503e22 build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
  • 39973a8 build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates
  • 58a8301 build(deps): Bump the all group in /pkg/signature/kms/aws with 4 updates
  • 71ace11 build(deps): Bump github.com/hashicorp/go-retryablehttp
  • b777e4b build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
  • 5ea648c build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates
  • a3666d9 build(deps): Bump the all group in /test/e2e with 2 updates
  • Additional commits viewable in compare view


Updates github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.3 to 1.8.6

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/gcp's releases.

v1.8.6

What's Changed

New Contributors

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.5...v1.8.6

v1.8.5

Major are dependencies updates

What's Changed

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.4...v1.8.5

v1.8.4

What's Changed

New Contributors

... (truncated)

Commits
  • 5d4e11e Bump goodkey, fix breakage (#1761)
  • 63cab17 sync go mod
  • 115c2b2 build(deps): Bump the all group across 1 directory with 6 updates
tekton-robot commented 1 week ago

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
tekton-robot commented 1 week ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: To complete the pull request process, please assign chitrangpatel after the PR has been reviewed. You can assign the PR to them by writing /assign @chitrangpatel in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/tektoncd/chains/blob/main/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
tekton-robot commented 1 week ago

@dependabot[bot]: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-tekton-chains-build-tests 58df7a16f8a649c533b4899589f09b68d0d96bbe link true /test pull-tekton-chains-build-tests

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
tekton-robot commented 1 week ago

@dependabot: PR needs rebase.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
wlynch commented 1 week ago

@dependabot rebase

dependabot[bot] commented 1 week ago

Looks like these dependencies are updatable in another way, so this is no longer needed.