search

tektoncd / chains

Supply Chain Security in Tekton Pipelines
Apache License 2.0
245 stars 126 forks source link

Bump the all group across 1 directory with 21 updates #1159

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps the all group with 12 updates in the / directory:

Package From To
cloud.google.com/go/compute/metadata 0.3.0 0.5.0
cloud.google.com/go/storage 1.40.0 1.43.0
github.com/golangci/golangci-lint 1.57.2 1.59.1
github.com/google/go-containerregistry 0.19.1 0.20.1
github.com/in-toto/attestation 1.0.1 1.1.0
github.com/sigstore/sigstore 1.8.3 1.8.7
github.com/sigstore/sigstore/pkg/signature/kms/aws 1.8.3 1.8.7
github.com/sigstore/sigstore/pkg/signature/kms/azure 1.8.3 1.8.7
github.com/sigstore/sigstore/pkg/signature/kms/gcp 1.8.3 1.8.7
github.com/sigstore/sigstore/pkg/signature/kms/hashivault 1.8.3 1.8.7
github.com/spiffe/go-spiffe/v2 2.2.0 2.3.0
github.com/tektoncd/pipeline 0.58.0 0.61.1

Updates cloud.google.com/go/compute/metadata from 0.3.0 to 0.5.0

Release notes

Sourced from cloud.google.com/go/compute/metadata's releases.

parallelstore: v0.4.0

0.4.0 (2024-07-10)

Features

  • parallelstore: Add iam.googleapis.com/ServiceAccount resource definition (b660d68)
  • parallelstore: Adding Import/Export BYOSA to the import Data request (b660d68)

Bug Fixes

  • parallelstore: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)

grafeas: v0.3.8

0.3.8 (2024-07-10)

Bug Fixes

  • grafeas: Bump google.golang.org/grpc@v1.64.1 (8ecc4e9)
Changelog

Sourced from cloud.google.com/go/compute/metadata's changelog.

v0.5.0

  • bigquery:
    • The SQL types DATE, TIME and DATETIME are now supported. They correspond to the Date, Time and DateTime types in the new cloud.google.com/go/civil package.
    • Support for query parameters.
    • Support deleting a dataset.
    • Values from INTEGER columns will now be returned as int64, not int. This will avoid errors arising from large values on 32-bit systems.
  • datastore:
    • Nested Go structs encoded as Entity values, instead of a flattened list of the embedded struct's fields. This means that you may now have twice-nested slices, eg. 
      type State struct {
  Cities  []struct{
    Populations []int
  }
}
      See the announcement for more details.
    • Contexts no longer hold namespaces; instead you must set a key's namespace explicitly. Also, key functions have been changed and renamed.
    • The WithNamespace function has been removed. To specify a namespace in a Query, use the Query.Namespace method: 
      q := datastore.NewQuery("Kind").Namespace("ns")
    • All the fields of Key are exported. That means you can construct any Key with a struct literal: 
      k := &Key{Kind: "Kind",  ID: 37, Namespace: "ns"}
    • As a result of the above, the Key methods Kind, ID, d.Name, Parent, SetParent and Namespace have been removed.
    • NewIncompleteKey has been removed, replaced by IncompleteKey. Replace 
      NewIncompleteKey(ctx, kind, parent)
      with 
      IncompleteKey(kind, parent)
      and if you do use namespaces, make sure you set the namespace on the returned key.
    • NewKey has been removed, replaced by NameKey and IDKey. Replace 
      NewKey(ctx, kind, name, 0, parent)
NewKey(ctx, kind, "", id, parent)
      with 
      NameKey(kind, name, parent)

... (truncated)

Commits
  • 7959a9f bigquery: support struct field parameters
  • a64eb5d bigquery: support array query parameters
  • 2861f2e bigquery: support scalar query parameters
  • a2e776e civil: civil time types
  • 918f8d5 fields: test that a tagged field takes precedence
  • e86221f bigtable/bttest: RowKeyFilter support in emulator.
  • 648bc87 bigquery: support BYTES data type
  • 7bb67ec bigtable/bttest: TimestampRangeFilter improvements
  • 8b767ae fields: simplify dominantField
  • 8ee8376 fields: add Match optimizations
  • Additional commits viewable in compare view


Updates cloud.google.com/go/storage from 1.40.0 to 1.43.0

Commits


Updates github.com/golangci/golangci-lint from 1.57.2 to 1.59.1

Release notes

Sourced from github.com/golangci/golangci-lint's releases.

v1.59.1

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! :heart:

For key updates, see the changelog.

Changelog

  • f7387361 build(deps): bump github.com/Antonboom/testifylint from 1.3.0 to 1.3.1 (#4759)
  • 44b3cdd1 build(deps): bump github.com/go-viper/mapstructure/v2 from 2.0.0-alpha.1 to 2.0.0 (#4788)
  • 1a55854a build(deps): bump github.com/golangci/misspell from 0.5.1 to 0.6.0 (#4804)
  • 9a7a1ad4 build(deps): bump github.com/polyfloyd/go-errorlint from 1.5.1 to 1.5.2 (#4785)
  • aaff9184 build(deps): bump github.com/sashamelentyev/usestdlibvars from 1.25.0 to 1.26.0 (#4801)
  • a0d2c830 build(deps): bump github.com/shirou/gopsutil/v3 from 3.24.4 to 3.24.5 (#4782)
  • 2042b1f1 build(deps): bump go-simpler.org/sloglint from 0.7.0 to 0.7.1 (#4784)
  • 327a78a8 build(deps): bump golang.org/x/tools from 0.21.0 to 0.22.0 (#4802)
  • e1a80557 fix: SARIF format require issue column >= 1 (#4775)
  • 88f60c8c fix: gomnd deprecated configuration compatibility (#4768)
  • 81731668 fix: init empty result slice for SARIF printer (#4758)
  • 02740ea1 intrange: add style preset (#4797)
  • 615b873d unparam: bump to HEAD (#4786)

v1.59.0

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! :heart:

For key updates, see the changelog.

Changelog

  • 4f5251d3 Support Sarif output (#4723)
  • 73110df2 build(deps): bump github.com/Antonboom/testifylint from 1.2.0 to 1.3.0 (#4729)
  • 62c83ccd build(deps): bump github.com/BurntSushi/toml from 1.3.2 to 1.4.0 (#4746)
  • 0cb14183 build(deps): bump github.com/go-critic/go-critic from 0.11.3 to 0.11.4 (#4738)
  • e14ae4b7 build(deps): bump github.com/hashicorp/go-version from 1.6.0 to 1.7.0 (#4745)
  • 2059b18a build(deps): bump github.com/securego/gosec/v2 from 2.20.0 to 5f0084eb01a9 (#4748)
  • be1bb6db build(deps): bump go-simpler.org/sloglint from 0.6.0 to 0.7.0 (#4718)
  • 08deff42 feat: add warning about disabled and deprecated linters (level 2) (#4742)
  • b99d5295 feat: allow the analysis of generated files (#4740)
  • 867adaf9 feat: deprecate github-actions format (#4726)
  • 4beae6a9 fix: remove errcheck defaults (#4734)

v1.58.2

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

... (truncated)

Changelog

Sourced from github.com/golangci/golangci-lint's changelog.

v1.59.1

  1. Updated linters
    • go-errorlint: from 1.5.1 to 1.5.2
    • gomnd: deprecated configuration compatibility
    • intrange: add style preset
    • misspell: from 0.5.1 to 0.6.0
    • sloglint: from 0.7.0 to 0.7.1
    • testifylint: from 1.3.0 to 1.3.1
    • unparam: bump to HEAD
    • usestdlibvars: from 1.25.0 to 1.26.0
  2. Fixes
    • SARIF: init empty result slice
    • SARIF: issue column >= 1
  3. Documentation
    • update revive configuration

v1.59.0

  1. Enhancements
    • Add SARIF output format
    • Allow the analysis of generated files (issues.exclude-generated: disable)
  2. Updated linters
    • errcheck: fix deprecation warning
    • go-critic: from 0.11.3 to 0.11.4
    • gosec: from 2.20.0 to 5f0084eb01a9 (fix G601 and G113 performance issues)
    • sloglint: from 0.6.0 to 0.7.0 (new option forbidden-keys)
    • testifylint: from 1.2.0 to 1.3.0 (new checker negative-positive and new option go-require.ignore-http-handlers)
  3. Misc.
    • ️️⚠️ Deprecate github-action output format
    • ️️⚠️ Deprecate issues.exclude-generated-strict option (replaced by issues.exclude-generated: strict)
    • ️️⚠️ Add warning about disabled and deprecated linters (level 2)

v1.58.2

  1. Updated linters
    • canonicalheader: from 1.0.6 to 1.1.1
    • gosec: from 2.19.0 to 2.20.0
    • musttag: from 0.12.1 to 0.12.2
    • nilnil: from 0.1.8 to 0.1.9
  2. Documentation
    • Improve integrations and install pages

v1.58.1

  1. Updated linters
    • tagalign: from 1.3.3 to 1.3.4
    • protogetter: from 0.3.5 to 0.3.6
    • gochecknoinits: fix analyzer name
  2. Fixes

... (truncated)

Commits
  • 1a55854 build(deps): bump github.com/golangci/misspell from 0.5.1 to 0.6.0 (#4804)
  • aaff918 build(deps): bump github.com/sashamelentyev/usestdlibvars from 1.25.0 to 1.26...
  • 327a78a build(deps): bump golang.org/x/tools from 0.21.0 to 0.22.0 (#4802)
  • 02740ea intrange: add style preset (#4797)
  • 4e53f51 docs: update revive configuration (#4790)
  • 839b9d7 chore: improve issue templates
  • a7817a1 chore: improve issue templates
  • d3a0412 dev: improve issue templates
  • 44b3cdd build(deps): bump github.com/go-viper/mapstructure/v2 from 2.0.0-alpha.1 to 2...
  • 615b873 unparam: bump to HEAD (#4786)
  • Additional commits viewable in compare view


Updates github.com/google/go-containerregistry from 0.19.1 to 0.20.1

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.1

What's Changed

Full Changelog: https://github.com/google/go-containerregistry/compare/v0.20.0...v0.20.1

v0.20.0

What's Changed

New Contributors

Full Changelog: https://github.com/google/go-containerregistry/compare/v0.19.2...v0.20.0

v0.19.2

What's Changed

New Contributors

Full Changelog: https://github.com/google/go-containerregistry/compare/v0.19.1...v0.19.2

Commits


Updates github.com/in-toto/attestation from 1.0.1 to 1.1.0

Release notes

Sourced from github.com/in-toto/attestation's releases.

v1.1.0

The v1.1.0 minor release generalizes the semantics of the DigestSet field type to support any type of immutable identifier. This change is backwards compatible because cryptographic digests are strongly recommended to achieve immutability, so any implementations that only support cryptographic DigestSet still meet the modified semantics. The _type of a Statement is still https://in-toto.io/Statement/v1

More details in the updated DigestSet spec

v1.0.2

This patch release includes a new predicate type, updates to the predicate vetting process, and more thorough DigestSet validation in Go.

Go, Python and Java APIs are not considered stable before v1.1.

What's Changed

New Contributors

Full Changelog: https://github.com/in-toto/attestation/compare/v1.0.1...v1.0.2

Commits
  • 36c1129 Merge pull request #359 from marcelamelara/update-versioning
  • a62b90a Make linter happy
  • 4adf92e Add examples of different tagged release scenarios
  • c1af60d Add tagged release process to spec
  • b382eb5 Update link in README to 1.1 (#357)
  • bbbfea7 Merge pull request #358 from in-toto/actions-regenerate-attestation-libraries
  • 241d47f Regenerate attestation libraries
  • d6e910a Merge pull request #356 from in-toto/dependabot/go_modules/google.golang.org/...
  • a8fc604 Bump google.golang.org/protobuf from 1.34.0 to 1.34.1
  • 06eafe3 Clarify that digests don't have to be cryptographic ones. (#338)
  • Additional commits viewable in compare view


Updates github.com/sigstore/sigstore from 1.8.3 to 1.8.7

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.8.7

Dependencies updates only

What's Changed

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.6...v1.8.7

v1.8.6

What's Changed

New Contributors

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.5...v1.8.6

v1.8.5

Major are dependencies updates

What's Changed

... (truncated)

Commits
  • cb8b4bb sync go mod
  • 2506e5d build(deps): Bump the all group across 1 directory with 4 updates
  • 9a70270 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp
  • f6b4bb5 build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates
  • aebd23d build(deps): Bump actions/upload-artifact in the all group
  • ec4bc1a build(deps): Bump the all group across 1 directory with 2 updates
  • aeb9782 build(deps): Bump golang.org/x/crypto
  • 016e2e3 build(deps): Bump github.com/sigstore/sigstore
  • 8243831 build(deps): Bump hashicorp/vault in /test/e2e in the all group
  • 51d791e build(deps): Bump the all group in /pkg/signature/kms/aws with 4 updates
  • Additional commits viewable in compare view


Updates github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.3 to 1.8.7

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/aws's releases.

v1.8.7

Dependencies updates only

What's Changed

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.6...v1.8.7

v1.8.6

What's Changed

New Contributors

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.5...v1.8.6

v1.8.5

Major are dependencies updates

What's Changed

... (truncated)

Commits
  • cb8b4bb sync go mod
  • 2506e5d build(deps): Bump the all group across 1 directory with 4 updates
  • 9a70270 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp
  • f6b4bb5 build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates
  • aebd23d build(deps): Bump actions/upload-artifact in the all group
  • ec4bc1a build(deps): Bump the all group across 1 directory with 2 updates
  • aeb9782 build(deps): Bump golang.org/x/crypto
  • 016e2e3 build(deps): Bump github.com/sigstore/sigstore
  • 8243831 build(deps): Bump hashicorp/vault in /test/e2e in the all group
  • 51d791e build(deps): Bump the all group in /pkg/signature/kms/aws with 4 updates
  • Additional commits viewable in compare view


Updates github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.3 to 1.8.7

Release notes

Sourced from github.com/sigstore/sigstore/pkg/signature/kms/azure's releases.

v1.8.7

Dependencies updates only

What's Changed

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.6...v1.8.7

v1.8.6

What's Changed

New Contributors

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.5...v1.8.6

v1.8.5

Major are dependencies updates

What's Changed

... (truncated)

Commits
  • cb8b4bb sync go mod
  • 2506e5d build(deps): Bump the all group across 1 directory with 4 updates
  • 9a70270 build(deps): Bump google.golang.org/grpc in /pkg/signature/kms/gcp
  • f6b4bb5 build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates
  • tekton-robot commented 1 month ago

    [APPROVALNOTIFIER] This PR is NOT APPROVED

    This pull-request has been approved by: To complete the pull request process, please assign priyawadhwa after the PR has been reviewed. You can assign the PR to them by writing /assign @priyawadhwa in a comment when ready.

    The full list of commands accepted by this bot can be found here.

    Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/tektoncd/chains/blob/main/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
tekton-robot commented 1 month ago

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
dependabot[bot] commented 1 month ago

Looks like these dependencies are updatable in another way, so this is no longer needed.