search

xeol-io / xeol

A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs
https://www.xeol.io/
Apache License 2.0
348 stars 21 forks source link

Bump github.com/adrg/xdg from 0.5.0 to 0.5.3 #427

Closed dependabot[bot] closed 1 week ago

dependabot[bot] commented 2 weeks ago

Bumps github.com/adrg/xdg from 0.5.0 to 0.5.3.

Release notes

Sourced from github.com/adrg/xdg's releases.

v0.5.3

Changelog

  • Updated xdg.SearchRuntimeFile to also look in the operating system's temporary directory for runtime files. This covers unlikely cases in which runtime files cannot be written relative to the base runtime directory either because it does not exist or it is not accessible, so xdg.RuntimeFile suggests the operating system's temporary directory as a suitable fallback location.

Internal

  • Improved package testing.

v0.5.2

Changelog

  • Updated logic of xdg.RuntimeFile: due to the special nature of the runtime directory, the function no longer attempts to create it if it does not exist. If that's the case, the function uses the operating system's temporary directory as a fallback. The function still creates subdirectories relative to the base runtime directory or its fallback.

    Justification: the creation of the runtime directory is not in the scope of this package as it has special requirements defined by the XDG Base Directory Specification. Relevant excerpt:

    The lifetime of the directory MUST be bound to the user being logged in. It MUST be created when the user first logs in and if the user fully logs out the directory MUST be removed. If the user logs in more than once they should get pointed to the same directory, and it is mandatory that the directory continues to exist from their first login to their last logout on the system, and not removed in between. Files in the directory MUST not survive reboot or a full logout/login cycle.

    Also, on Linux, the parent directories of the default user runtime directory are owned by the root user so they cannot be created by a regular user. pam_systemd is usually responsible for creating the runtime directory (/run/user/$UID).

v0.5.1

Changelog

  • Added support for the non-standard XDG_BIN_HOME base directory. See XDG base directories README section for more details.
  • Added more config and data search locations on macOS.
    • Added ~/.config at the end of the list of default locations for XDG_CONFIG_DIRS.
    • Added ~/.local/share at the end of the list of default locations for XDG_DATA_DIRS.
  • Added more application search locations on Windows:
    • %ProgramFiles%
    • %ProgramFiles%\Common Files
    • %LOCALAPPDATA%\Programs
    • %LOCALAPPDATA%\Programs\Common

Internal

  • Updated golang.org/x/sys dependency to the latest version.
  • Improved package testing.
Commits
  • aa865a5 Merge pull request #101 from adrg/update-search-runtime-file
  • 71a81ec Minor xdg.SearchRuntimeFile function documentation update
  • 88111eb Minor example update in README.md and doc.go
  • d9f76be Improve non-existent runtime directory test case
  • 800775a Update xdg.SearchRuntimeFile to also look in temporary directory
  • 2335a68 Merge pull request #99 from adrg/improve-runtime-file
  • 221e506 Minor non-existent runtime directory test case fix on macOS
  • 9bbb602 Minor error format improvement in pathutil.Create and pathutil.Search
  • 987b3ce Minor README.md update
  • 3c39d55 Add non-existent runtime directory test case
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 week ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.