search

tektoncd / chains

Supply Chain Security in Tekton Pipelines
Apache License 2.0
248 stars 133 forks source link

Bump the all group across 1 directory with 7 updates #1253

Closed dependabot[bot] closed 2 days ago

dependabot[bot] commented 4 days ago

Bumps the all group with 5 updates in the / directory:

Package From To
cloud.google.com/go/storage 1.46.0 1.47.0
github.com/golangci/golangci-lint 1.61.0 1.62.0
github.com/tektoncd/pipeline 0.65.0 0.65.2
google.golang.org/grpc 1.67.1 1.68.0
google.golang.org/protobuf 1.35.1 1.35.2

Updates cloud.google.com/go/storage from 1.46.0 to 1.47.0

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage: v1.47.0

1.47.0 (2024-11-14)

Features

  • storage: Introduce dp detector based on grpc metrics (#11100) (60c2323)

Bug Fixes

Commits
  • 703c26a chore(main): release spanner 1.47.0 (#7960)
  • b726d41 feat(aiplatform): add UpdateExplanationDataset to aiplatform (#8118)
  • fc49c78 feat(spanner): add databoost property for batch transactions (#8152)
  • 005d2df fix(internal/retry): never return nil from GRPCStatus() (#8128)
  • b429aa1 chore(internal/postprocessor): fix profiler & errorreporting shortnames (#8131)
  • 4e80088 chore(deps): update gax-go and google.golang.org/api (#8117)
  • e43ebeb chore(postprocessor): add update steps (#8103)
  • 72d0127 test: skip flaky test (#8129)
  • 20573e2 chore(postprocessor): fix missing format specifier (#8112)
  • 28aa098 chore(postprocessor): update manual entries (#8111)
  • Additional commits viewable in compare view


Updates github.com/golangci/golangci-lint from 1.61.0 to 1.62.0

Release notes

Sourced from github.com/golangci/golangci-lint's releases.

v1.62.0

golangci-lint is a free and open-source project built by volunteers.

If you value it, consider supporting us, the maintainers and linter authors.

We appreciate it! :heart:

For key updates, see the changelog.

Changelog

  • 29c5529e93f641b6e385b525badb165643f84e10 Add filen linter (#5081)
  • baf610d5bff0c4182e1378310b1d0136f7c04f6a Add iface linter (#4871)
  • ab9076301540d3a794c21f7fe4f87166a1d3bcf8 Add recvcheck linter (#5014)
  • 8a9d16e6e84c4217086ff7c005228e831087406b Revert "Add filen linter (#5081)" (#5087)
  • 944e1d844182da7d93ca5ee31b33d8bcb2e15890 build(deps): bump github.com/Abirdcfly/dupword from 0.1.1 to 0.1.3 (#5062)
  • 9f4951f10d47a35888d5ff84b935e4bc0044b1cf build(deps): bump github.com/Antonboom/errname from 0.1.13 to 1.0.0 (#5057)
  • 61f8c0e8923479d61125e19e103e6d59ddba9139 build(deps): bump github.com/Antonboom/nilnil from 0.1.9 to 1.0.0 (#5058)
  • 095e4952be33b395f273482276275c9fb98fbbe1 build(deps): bump github.com/Antonboom/testifylint from 1.4.3 to 1.5.0 (#5054)
  • 07989418461bc2792e558ce1323164dcf7870afe build(deps): bump github.com/alecthomas/go-check-sumtype from 0.1.4 to 0.2.0 (#5038)
  • 90c0509fcbf07f642d250cdf232d4cd5bf4a657a build(deps): bump github.com/alexkohler/nakedret/v2 from 2.0.4 to 2.0.5 (#5076)
  • 188d56c611e1509335c602da844f829fc996d52b build(deps): bump github.com/bkielbasa/cyclop from 1.2.1 to 1.2.3 (#5071)
  • b020f7b6559f9e37a334e3e7d096aa78e452e100 build(deps): bump github.com/breml/bidichk from 0.2.7 to 0.3.1 (#5025)
  • 6c0ee25a61a03c57f65eb05619529181b0990229 build(deps): bump github.com/breml/bidichk from 0.3.1 to 0.3.2 (#5075)
  • e5dab8de7f74e802662e631a53b3172c5c4638c6 build(deps): bump github.com/breml/errchkjson from 0.3.6 to 0.4.0 (#5028)
  • 318d78e2ba891735574e8bb75b67064712381a99 build(deps): bump github.com/ckaznocha/intrange from 0.2.0 to 0.2.1 (#5024)
  • 5034dbcde1a53f239947e2ab266fc0c8dbc35861 build(deps): bump github.com/fatih/color from 1.17.0 to 1.18.0 (#5088)
  • a33f7942e6572107696badd8f77b351213b52e45 build(deps): bump github.com/ghostiam/protogetter from 0.3.6 to 0.3.8 (#5026)
  • b07c319f557d0496d184f58b3de3d76e19733ef2 build(deps): bump github.com/go-critic/go-critic from 0.11.4 to 0.11.5 (#5061)
  • a45560d4398b2c7c915bb3fd118aec4d8cbe36a2 build(deps): bump github.com/go-viper/mapstructure/v2 from 2.1.0 to 2.2.0 (#5034)
  • aa669e22908160f8780ca56e8925368898b5091e build(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.0 to 2.2.1 (#5040)
  • 8a9cdad5a3544e16b77b6f470e57934e1e9af301 build(deps): bump github.com/golangci/go-printf-func-name from 7558a9eaa5af to v0.1.0 (#5079)
  • 9966cab93c8dda6ed8d5274d3ae876411802578c build(deps): bump github.com/kisielk/errcheck from 1.7.0 to 1.8.0 (#5074)
  • 84c203aa8db22b72207bdf90b454a1c2867a8a12 build(deps): bump github.com/lasiar/canonicalheader from 1.1.1 to 1.1.2 (#5119)
  • fb37d4c0e3c9fffe14cffd5a93bb05356a088bb8 build(deps): bump github.com/mgechev/revive from 1.3.9 to 1.4.0 (#5035)
  • 6ba5f63d284699fec7cbb619d20b9b8b7d66b652 build(deps): bump github.com/mgechev/revive from 1.4.0 to 1.5.0 (#5113)
  • ce9bbe39feb9a980fb5c789272f5108ee470a62a build(deps): bump github.com/nunnatsa/ginkgolinter from 0.16.2 to 0.17.0 (#5093)
  • c4b6d3716e75b1a4ab4485d9cd3102125bf88e71 build(deps): bump github.com/nunnatsa/ginkgolinter from 0.17.0 to 0.18.0 (#5114)
  • 225f7a06f26901f66539bf46fb04206cf53fc192 build(deps): bump github.com/securego/gosec/v2 from 2.21.2 to 2.21.3 (#5029)
  • 3a69806aa2728759460a9b4e4d345bab72635c03 build(deps): bump github.com/securego/gosec/v2 from 2.21.3 to 2.21.4 (#5039)
  • c2f71266b2d3a8a8a158819d7d5973345186794b build(deps): bump github.com/sivchari/tenv from 1.10.0 to 1.12.1 (#5090)
  • 7187c89d4091640f7587acf416e82fd87ff96839 build(deps): bump github.com/sonatard/noctx from 0.0.2 to 0.1.0 (#5027)
  • 5451909f23ceea6e619b2e5d087bce203fae377b build(deps): bump github.com/tetafro/godot from 1.4.17 to 1.4.18 (#5002)
  • d68c333bc1148f14836b856e233944908fda2b6e build(deps): bump github.com/timonwong/loggercheck from 0.9.4 to 0.10.1 (#5094)
  • 22b58c9b648f027d699f305c069a2a97ed0c5b06 build(deps): bump go-simpler.org/musttag from 0.12.2 to 0.13.0 (#5121)
  • 46db787df4c1d53e749e727ce7754e810e337555 build(deps): bump go.uber.org/automaxprocs from 1.5.3 to 1.6.0 (#5041)
  • 02a536a4ef330430bba9d01a40aa9ef419652bd1 build(deps): bump golang.org/x/sys from 0.26.0 to 0.27.0 (#5118)
  • b3a1e1c836151d09db3b6519199ab089feb817fe build(deps): bump golang.org/x/tools from 0.24.0 to 0.25.0 (#5001)
  • 10f281c1fd4a679d88b0a01dd6038357b58d0a00 build(deps): bump golang.org/x/tools from 0.25.0 to 0.26.0 (#5056)
  • 0f4f0cb075b93b1c146f399c0cb811edf8364d78 build(deps): bump golang.org/x/tools from 0.26.0 to 0.27.0 (#5120)
  • 31f2714643a1a5f0ad746ff782bacd5d0af94534 build(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 in the all group (#5059)

... (truncated)

Changelog

Sourced from github.com/golangci/golangci-lint's changelog.

v1.62.0

  1. New linters
  2. Updated linters
    • ⚠️ execinquery: deprecation step 2
    • ⚠️ gomnd: deprecation step 2 (replaced by mnd)
    • bidichk: from 0.2.7 to 0.3.2 (important performance improvement)
    • canonicalheader: from 1.1.1 to 1.1.2
    • cyclop: from 1.2.1 to 1.2.3
    • dupword: from 0.1.1 to 0.1.3
    • errcheck: from 1.7.0 to 1.8.0
    • errchkjson: from 0.3.6 to 0.4.0
    • errname: from 0.1.13 to 1.0.0
    • ginkgolinter: from 0.17.0 to 0.18.0 (new option: force-succeed)
    • go-check-sumtype: from 0.1.4 to 0.2.0 (new option: default-signifies-exhaustive)
    • go-critic: from 0.11.4 to 0.11.5
    • go-printf-func-name: from 7558a9eaa5af to v0.1.0
    • godot: from 1.4.17 to 1.4.18
    • gosec: from 2.21.2 to 2.21.4
    • intrange: from 0.2.0 to 0.2.1
    • loggercheck: from 0.9.4 to 0.10.1 (log/slog support)
    • musttag: from 0.12.2 to 0.13.0
    • nakedret: from 2.0.4 to 2.0.5
    • nilnil: from 0.1.9 to 1.0.0 (new option: detect-opposite)
    • noctx: from 0.0.2 to 0.1.0
    • protogetter: from 0.3.6 to 0.3.8
    • revive: from 1.3.9 to 1.5.0 (new rules: filename-format, and file-length-limit)
    • tenv: from 1.10.0 to 1.12.1 (handle dot import)
    • testifylint: from 1.4.3 to 1.5.0 (new checkers: contains, encoded-compare, regexp)
  3. Misc.
    • Type sizing when cross-compiling (32-bit).
    • code-climate: add check_name field
    • Improve Go version detection
    • Fix Go version propagation
  4. Documentation
    • Adds a section about exclude-dirs-use-default
    • Improve 'install from sources' section
    • Improve FAQ about Go versions
    • Improve linter/rule/check docs
    • Improve new linter section
    • Improve forbidigo pattern examples for built-in functions
Commits
  • 22b58c9 build(deps): bump go-simpler.org/musttag from 0.12.2 to 0.13.0 (#5121)
  • 84c203a build(deps): bump github.com/lasiar/canonicalheader from 1.1.1 to 1.1.2 (#5119)
  • 0f4f0cb build(deps): bump golang.org/x/tools from 0.26.0 to 0.27.0 (#5120)
  • 02a536a build(deps): bump golang.org/x/sys from 0.26.0 to 0.27.0 (#5118)
  • b46ad10 docs: improve forbidigo pattern examples for built-in functions (#5116)
  • 8c0c515 fix: Go version propagation (#5109)
  • 874a8ba feat: deprecation step 2 of execinquery and gomnd (#5110)
  • 6ba5f63 build(deps): bump github.com/mgechev/revive from 1.4.0 to 1.5.0 (#5113)
  • c4b6d37 build(deps): bump github.com/nunnatsa/ginkgolinter from 0.17.0 to 0.18.0 (#5114)
  • 7560b4f fix: improve Go detection (#5112)
  • Additional commits viewable in compare view


Updates github.com/tektoncd/pipeline from 0.65.0 to 0.65.2

Release notes

Sourced from github.com/tektoncd/pipeline's releases.

Tekton Pipeline release v0.65.2 "Sokoke Herbie"

-Docs @ v0.65.2 -Examples @ v0.65.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.2/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a153542f1de8a93c4ac314c1ca01c0ed45edf9ffac3faa701ddcd02600c3f452f

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a153542f1de8a93c4ac314c1ca01c0ed45edf9ffac3faa701ddcd02600c3f452f
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.65.2/release.yaml
REKOR_UUID=108e9186e8c5677a153542f1de8a93c4ac314c1ca01c0ed45edf9ffac3faa701ddcd02600c3f452f

Obtains the list of images with sha from the attestation


REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.65.2@sha256:" + .digest.sha256')


Download the release file


curl "$RELEASE_FILE" > release.yaml


For each image in the attestation, match it to the release file


for image in $REKOR_ATTESTATION_IMAGES; do

printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";

done

Changes

Features

... (truncated)

Commits
  • 7b76131 Use io.ReadFull to read the bundle content
  • 9664cb4 Fix StepAction support in Cluster resolver
  • 58910a4 Fix number of completed and failed task in case of ValidationFailed
  • f32544a Remove permanent error and improve skip logic
  • b762df2 Exit reconcilation and markfailed if finally is not present
  • 0f0eab9 Resolve review comments 1
  • c6b45b8 Run finally pipeline even if task is failed at the validation
  • eb1e38a Expose Resolvers Controller performance tuning configurations
  • See full diff in compare view


Updates golang.org/x/crypto from 0.28.0 to 0.29.0

Commits
  • 6018723 go.mod: update golang.org/x dependencies
  • 71ed71b README: don't recommend go get
  • 750a45f sha3: add MarshalBinary, AppendBinary, and UnmarshalBinary
  • 36b1725 sha3: avoid trailing permutation
  • 80ea76e sha3: fix padding for long cSHAKE parameters
  • c17aa50 sha3: avoid buffer copy
  • 7cfb916 ssh: return unexpected msg error when server fails keyboard-interactive auth ...
  • b61b08d chacha20: extend ppc64le support to ppc64
  • 6c21748 internal/poly1305: extend ppc64le support to ppc64
  • See full diff in compare view


Updates golang.org/x/exp from 0.0.0-20240904232852-e7e105dedf7e to 0.0.0-20240909161429-701f63a606c0

Commits


Updates google.golang.org/grpc from 1.67.1 to 1.68.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.68.0

Known Issues

  • The recently added grpc.NewClient function is incompatible with forward proxies, because it resolves the target hostname on the client instead of passing the hostname to the proxy. This bug has been present since the introduction of NewClient. A fix is expected to be a part of grpc-go v1.69. (#7556)

Behavior Changes

  • stats/opentelemetry/csm: Get mesh_id local label from "CSM_MESH_ID" environment variable, rather than parsing from bootstrap file (#7740)
  • orca (experimental): if using an ORCA listener, it must now be registered only on a READY SubConn, and the listener will automatically be stopped when the connection is lost. (#7663)
  • client: ClientConn.Close() now closes transports simultaneously and waits for transports to be closed before returning. (#7666)
  • credentials: TLS credentials created via NewTLS that use tls.Config.GetConfigForClient will now have CipherSuites, supported TLS versions and ALPN configured automatically. These were previously only set for configs not using the GetConfigForClient option. (#7709)

Bug Fixes

  • transport: prevent deadlock in client transport shutdown when writing the GOAWAY frame hangs. (#7662)
  • mem: reuse buffers more accurately by using slice capacity instead of length (#7702)
  • status: Fix regression caused by #6919 in status.Details() causing it to return a wrapped type when getting proto messages generated with protoc-gen-go < v1. (#7724)

Dependencies

  • Bump minimum supported Go version to go1.22.7. (#7624)
Commits
  • acba4d3 Change version to 1.68.0 (#7743)
  • 5363dca credentials: Apply defaults to TLS configs provided through GetConfigForClien...
  • 056dc64 status: Fix status incompatibility introduced by #6919 and move non-regenerat...
  • b79fb61 mem: use slice capacity instead of length, to determine whether to pool buffe...
  • 54841ef stats/opentelemetry/csm: Get mesh_id local label from "CSM_MESH_ID" environme...
  • ad81c20 pickfirstleaf: minor simplification to reconcileSubConnsLocked method (#7731)
  • b850ea5 transport : wait for goroutines to exit before transport closes (#7666)
  • 00b9e14 pickfirst: New pick first policy for dualstack (#7498)
  • 18a4eac testutils: add couple of log statements to the restartable listener type (#7716)
  • fdc2ec2 xdsclient: deflake TestADS_ResourcesAreRequestedAfterStreamRestart (#7720)
  • Additional commits viewable in compare view


Updates google.golang.org/protobuf from 1.35.1 to 1.35.2

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
tekton-robot commented 4 days ago

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
tekton-robot commented 4 days ago

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: To complete the pull request process, please assign lcarva after the PR has been reviewed. You can assign the PR to them by writing /assign @lcarva in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/tektoncd/chains/blob/main/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
PuneetPunamiya commented 3 days ago

LGTM

dependabot[bot] commented 2 days ago

Looks like these dependencies are updatable in another way, so this is no longer needed.