search

tektoncd / chains

Supply Chain Security in Tekton Pipelines
Apache License 2.0
240 stars 125 forks source link

Bump the all group across 1 directory with 20 updates #1152

Open dependabot[bot] opened 4 days ago

dependabot[bot] commented 4 days ago

Bumps the all group with 12 updates in the / directory:

Package From To
cloud.google.com/go/compute/metadata 0.3.0 0.4.0
cloud.google.com/go/storage 1.40.0 1.43.0
github.com/golangci/golangci-lint 1.57.2 1.59.1
github.com/google/go-containerregistry 0.19.1 0.19.2
github.com/in-toto/attestation 1.0.1 1.1.0
github.com/sigstore/sigstore 1.8.3 1.8.6
github.com/sigstore/sigstore/pkg/signature/kms/aws 1.8.3 1.8.6
github.com/sigstore/sigstore/pkg/signature/kms/azure 1.8.3 1.8.6
github.com/sigstore/sigstore/pkg/signature/kms/gcp 1.8.3 1.8.6
github.com/sigstore/sigstore/pkg/signature/kms/hashivault 1.8.3 1.8.6
github.com/spiffe/go-spiffe/v2 2.2.0 2.3.0
github.com/tektoncd/pipeline 0.58.0 0.61.0

Updates cloud.google.com/go/compute/metadata from 0.3.0 to 0.4.0

Release notes

Sourced from cloud.google.com/go/compute/metadata's releases.

grafeas: v0.3.7

0.3.7 (2024-07-01)

Bug Fixes

  • grafeas: Bump google.golang.org/api@v0.187.0 (8fa9e39)

parallelstore: v0.3.2

0.3.2 (2024-07-01)

Bug Fixes

  • parallelstore: Bump google.golang.org/api@v0.187.0 (8fa9e39)

errorreporting: v0.3.1

0.3.1 (2024-07-01)

Bug Fixes

  • errorreporting: Add internaloption.WithDefaultEndpointTemplate (3b41408)
  • errorreporting: Bump x/net to v0.24.0 (ba31ed5)
  • errorreporting: Update protobuf dep to v1.33.0 (30b038d)
Changelog

Sourced from cloud.google.com/go/compute/metadata's changelog.

v0.4.0

  • bigquery: -NewGCSReference is now a function, not a method on Client.
    • Table.LoaderFrom now accepts a ReaderSource, enabling loading data into a table from a file or any io.Reader.

    • Client.Table and Client.OpenTable have been removed. Replace

      client.OpenTable("project", "dataset", "table")

      with

      client.DatasetInProject("project", "dataset").Table("table")

    • Client.CreateTable has been removed. Replace

      client.CreateTable(ctx, "project", "dataset", "table")

      with

      client.DatasetInProject("project", "dataset").Table("table").Create(ctx)

    • Dataset.ListTables have been replaced with Dataset.Tables. Replace

      tables, err := ds.ListTables(ctx)

      with

      it := ds.Tables(ctx)
for {
    table, err := it.Next()
    if err == iterator.Done {
        break
    }
    if err != nil {
        // TODO: Handle error.
    }
    // TODO: use table.
}

    • Client.Read has been replaced with Job.Read, Table.Read and Query.Read. Replace

      it, err := client.Read(ctx, job)

... (truncated)

Commits
  • 8c2dc61 logging: check for exact # of logs in tests
  • 4791784 logadmin: use generated iterators
  • 384ca55 storage: use pointer receiver for ObjectAttrs
  • bd8a5e8 datastore: add new key functions
  • 09d95d9 bigtable/bttest: add emulator support for DeleteCellsInFamily
  • 7ee19e7 bigquery: restore semantics of ForceZeroQuote
  • f7f94a2 bigquery: clean up implementation of LoadSource
  • f9c9ec4 storage: always send destination in compose request
  • 67f57c5 storage: readObject method for tests
  • 28994ff bigtable: Use connection pool by default for data client.
  • Additional commits viewable in compare view


Updates cloud.google.com/go/storage from 1.40.0 to 1.43.0

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage: v1.43.0

1.43.0 (2024-07-03)

Features

  • storage/transfermanager: Add DownloadDirectory (#10430) (0d0e5dd)
  • storage/transfermanager: Automatically shard downloads (#10379) (05816f9)

Bug Fixes

Documentation

  • storage/control: Remove allowlist note from Folders RPCs (d6c543c)
Commits


Updates github.com/golangci/golangci-lint from 1.57.2 to 1.59.1

Release notes

Sourced from github.com/golangci/golangci-lint's releases.

v1.59.1

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! :heart:

For key updates, see the changelog.

Changelog

  • f7387361 build(deps): bump github.com/Antonboom/testifylint from 1.3.0 to 1.3.1 (#4759)
  • 44b3cdd1 build(deps): bump github.com/go-viper/mapstructure/v2 from 2.0.0-alpha.1 to 2.0.0 (#4788)
  • 1a55854a build(deps): bump github.com/golangci/misspell from 0.5.1 to 0.6.0 (#4804)
  • 9a7a1ad4 build(deps): bump github.com/polyfloyd/go-errorlint from 1.5.1 to 1.5.2 (#4785)
  • aaff9184 build(deps): bump github.com/sashamelentyev/usestdlibvars from 1.25.0 to 1.26.0 (#4801)
  • a0d2c830 build(deps): bump github.com/shirou/gopsutil/v3 from 3.24.4 to 3.24.5 (#4782)
  • 2042b1f1 build(deps): bump go-simpler.org/sloglint from 0.7.0 to 0.7.1 (#4784)
  • 327a78a8 build(deps): bump golang.org/x/tools from 0.21.0 to 0.22.0 (#4802)
  • e1a80557 fix: SARIF format require issue column >= 1 (#4775)
  • 88f60c8c fix: gomnd deprecated configuration compatibility (#4768)
  • 81731668 fix: init empty result slice for SARIF printer (#4758)
  • 02740ea1 intrange: add style preset (#4797)
  • 615b873d unparam: bump to HEAD (#4786)

v1.59.0

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! :heart:

For key updates, see the changelog.

Changelog

  • 4f5251d3 Support Sarif output (#4723)
  • 73110df2 build(deps): bump github.com/Antonboom/testifylint from 1.2.0 to 1.3.0 (#4729)
  • 62c83ccd build(deps): bump github.com/BurntSushi/toml from 1.3.2 to 1.4.0 (#4746)
  • 0cb14183 build(deps): bump github.com/go-critic/go-critic from 0.11.3 to 0.11.4 (#4738)
  • e14ae4b7 build(deps): bump github.com/hashicorp/go-version from 1.6.0 to 1.7.0 (#4745)
  • 2059b18a build(deps): bump github.com/securego/gosec/v2 from 2.20.0 to 5f0084eb01a9 (#4748)
  • be1bb6db build(deps): bump go-simpler.org/sloglint from 0.6.0 to 0.7.0 (#4718)
  • 08deff42 feat: add warning about disabled and deprecated linters (level 2) (#4742)
  • b99d5295 feat: allow the analysis of generated files (#4740)
  • 867adaf9 feat: deprecate github-actions format (#4726)
  • 4beae6a9 fix: remove errcheck defaults (#4734)

v1.58.2

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

... (truncated)

Changelog

Sourced from github.com/golangci/golangci-lint's changelog.

v1.59.1

  1. Updated linters
    • go-errorlint: from 1.5.1 to 1.5.2
    • gomnd: deprecated configuration compatibility
    • intrange: add style preset
    • misspell: from 0.5.1 to 0.6.0
    • sloglint: from 0.7.0 to 0.7.1
    • testifylint: from 1.3.0 to 1.3.1
    • unparam: bump to HEAD
    • usestdlibvars: from 1.25.0 to 1.26.0
  2. Fixes
    • SARIF: init empty result slice
    • SARIF: issue column >= 1
  3. Documentation
    • update revive configuration

v1.59.0

  1. Enhancements
    • Add SARIF output format
    • Allow the analysis of generated files (issues.exclude-generated: disable)
  2. Updated linters
    • errcheck: fix deprecation warning
    • go-critic: from 0.11.3 to 0.11.4
    • gosec: from 2.20.0 to 5f0084eb01a9 (fix G601 and G113 performance issues)
    • sloglint: from 0.6.0 to 0.7.0 (new option forbidden-keys)
    • testifylint: from 1.2.0 to 1.3.0 (new checker negative-positive and new option go-require.ignore-http-handlers)
  3. Misc.
    • ️️⚠️ Deprecate github-action output format
    • ️️⚠️ Deprecate issues.exclude-generated-strict option (replaced by issues.exclude-generated: strict)
    • ️️⚠️ Add warning about disabled and deprecated linters (level 2)

v1.58.2

  1. Updated linters
    • canonicalheader: from 1.0.6 to 1.1.1
    • gosec: from 2.19.0 to 2.20.0
    • musttag: from 0.12.1 to 0.12.2
    • nilnil: from 0.1.8 to 0.1.9
  2. Documentation
    • Improve integrations and install pages

v1.58.1

  1. Updated linters
    • tagalign: from 1.3.3 to 1.3.4
    • protogetter: from 0.3.5 to 0.3.6
    • gochecknoinits: fix analyzer name
  2. Fixes

... (truncated)

Commits
  • 1a55854 build(deps): bump github.com/golangci/misspell from 0.5.1 to 0.6.0 (#4804)
  • aaff918 build(deps): bump github.com/sashamelentyev/usestdlibvars from 1.25.0 to 1.26...
  • 327a78a build(deps): bump golang.org/x/tools from 0.21.0 to 0.22.0 (#4802)
  • 02740ea intrange: add style preset (#4797)
  • 4e53f51 docs: update revive configuration (#4790)
  • 839b9d7 chore: improve issue templates
  • a7817a1 chore: improve issue templates
  • d3a0412 dev: improve issue templates
  • 44b3cdd build(deps): bump github.com/go-viper/mapstructure/v2 from 2.0.0-alpha.1 to 2...
  • 615b873 unparam: bump to HEAD (#4786)
  • Additional commits viewable in compare view


Updates github.com/google/go-containerregistry from 0.19.1 to 0.19.2

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.19.2

What's Changed

New Contributors

Full Changelog: https://github.com/google/go-containerregistry/compare/v0.19.1...v0.19.2

Commits


Updates github.com/in-toto/attestation from 1.0.1 to 1.1.0

Release notes

Sourced from github.com/in-toto/attestation's releases.

v1.1.0

The v1.1.0 minor release generalizes the semantics of the DigestSet field type to support any type of immutable identifier. This change is backwards compatible because cryptographic digests are strongly recommended to achieve immutability, so any implementations that only support cryptographic DigestSet still meet the modified semantics. The _type of a Statement is still https://in-toto.io/Statement/v1

More details in the updated DigestSet spec

v1.0.2

This patch release includes a new predicate type, updates to the predicate vetting process, and more thorough DigestSet validation in Go.

Go, Python and Java APIs are not considered stable before v1.1.

What's Changed

New Contributors

Full Changelog: https://github.com/in-toto/attestation/compare/v1.0.1...v1.0.2

Commits
  • 36c1129 Merge pull request #359 from marcelamelara/update-versioning
  • a62b90a Make linter happy
  • 4adf92e Add examples of different tagged release scenarios
  • c1af60d Add tagged release process to spec
  • b382eb5 Update link in README to 1.1 (#357)
  • bbbfea7 Merge pull request #358 from in-toto/actions-regenerate-attestation-libraries
  • 241d47f Regenerate attestation libraries
  • d6e910a Merge pull request #356 from in-toto/dependabot/go_modules/google.golang.org/...
  • a8fc604 Bump google.golang.org/protobuf from 1.34.0 to 1.34.1
  • 06eafe3 Clarify that digests don't have to be cryptographic ones. (#338)
  • Additional commits viewable in compare view


Updates github.com/sigstore/sigstore from 1.8.3 to 1.8.6

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.8.6

What's Changed

New Contributors

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.5...v1.8.6

v1.8.5

Major are dependencies updates

What's Changed

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.4...v1.8.5

v1.8.4

What's Changed

New Contributors

... (truncated)

Commits
  • 5d4e11e Bump goodkey, fix breakage (#1761)
  • 63cab17 sync go mod
  • 115c2b2 build(deps): Bump the all group across 1 directory with 6 updates
  • 8503e22 build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
  • 39973a8 build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates
  • 58a8301 build(deps): Bump the all group in /pkg/signature/kms/aws with 4 updates
  • 71ace11 build(deps): Bump github.com/hashicorp/go-retryablehttp
  • b777e4b build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
  • 5ea648c build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates
  • a3666d9 build(deps): Bump the all group in /test/e2e with 2 updates
  • Additional commits viewable in compare view


Updates github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.3 to 1.8.6

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/aws's releases.

v1.8.6

What's Changed

New Contributors

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.5...v1.8.6

v1.8.5

Major are dependencies updates

What's Changed

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.4...v1.8.5

v1.8.4

What's Changed

New Contributors

... (truncated)

Commits
  • 5d4e11e Bump goodkey, fix breakage (#1761)
  • 63cab17 sync go mod
  • 115c2b2 build(deps): Bump the all group across 1 directory with 6 updates
  • 8503e22 build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
  • 39973a8 build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates
  • 58a8301 build(deps): Bump the all group in /pkg/signature/kms/aws with 4 updates
  • 71ace11 build(deps): Bump github.com/hashicorp/go-retryablehttp
  • b777e4b build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
  • 5ea648c build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates
  • a3666d9 build(deps): Bump the all group in /test/e2e with 2 updates
  • Additional commits viewable in compare view


Updates github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.3 to 1.8.6

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/azure's releases.

v1.8.6

What's Changed

New Contributors

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.5...v1.8.6

v1.8.5

Major are dependencies updates

What's Changed

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.4...v1.8.5

v1.8.4

What's Changed

New Contributors

... (truncated)

Commits
  • 5d4e11e Bump goodkey, fix breakage (#1761)
  • 63cab17 sync go mod
  • 115c2b2 build(deps): Bump the all group across 1 directory with 6 updates
  • 8503e22 build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
  • 39973a8 build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates
  • 58a8301 build(deps): Bump the all group in /pkg/signature/kms/aws with 4 updates
  • 71ace11 build(deps): Bump github.com/hashicorp/go-retryablehttp
  • b777e4b build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
  • 5ea648c build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates
  • a3666d9 build(deps): Bump the all group in /test/e2e with 2 updates
  • Additional commits viewable in compare view


Updates github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.3 to 1.8.6

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/gcp's releases.

v1.8.6

What's Changed

tekton-robot commented 4 days ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: To complete the pull request process, please assign chuangw6 after the PR has been reviewed. You can assign the PR to them by writing /assign @chuangw6 in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/tektoncd/chains/blob/main/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
tekton-robot commented 4 days ago

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.