source-controller icon indicating copy to clipboard operation
source-controller copied to clipboard

Published 20 hours ago verified publisher icon fluxcd

build(deps): bump the go-deps group across 1 directory with 9 updates

Open dependabot[bot] opened this issue 1 year ago • 0 comments

Bumps the go-deps group with 8 updates in the / directory:

Package From To
github.com/cyphar/filepath-securejoin 0.2.4 0.2.5
github.com/fluxcd/pkg/oci 0.37.1 0.38.1
github.com/minio/minio-go/v7 7.0.70 7.0.73
github.com/notaryproject/notation-core-go 1.0.2 1.0.3
github.com/notaryproject/notation-go 1.1.0 1.1.1
github.com/prometheus/client_golang 1.19.0 1.19.1
github.com/sigstore/sigstore 1.8.3 1.8.6
google.golang.org/api 0.177.0 0.187.0

Updates github.com/cyphar/filepath-securejoin from 0.2.4 to 0.2.5

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.2.5

This release makes some minor improvements to SecureJoin:

  • Some changes were made to how lexical components are handled during resolution. There is no change in behaviour, and both implementations are safe, however the newer implementation is much easier to reason about.

  • The error returned when a symlink loop has been detected will now reference the correct path. #10

Signed-off-by: Aleksa Sarai [email protected]

Commits
  • d861a11 VERSION: release v0.2.5
  • 87bc53a join: fix ELOOP error path
  • e9be397 join: don't allow .. and . in working path during resolution
  • 75cdbea gha: update Go versions
  • b69b737 VERSION: back to development
  • See full diff in compare view

Updates github.com/fluxcd/pkg/oci from 0.37.1 to 0.38.1

Commits
  • c647aea Merge pull request #784 from fluxcd/cache-key-fix
  • 8a3ba60 Cache credentials tokens
  • c8409c0 Merge pull request #785 from fluxcd/dependabot/github_actions/ci-6034f0241a
  • 6be12d4 build(deps): bump github/codeql-action in the ci group
  • e8251e1 Merge pull request #783 from Skarlso/add-option-to-skip-gzip
  • e6984b4 feat: add un-taring plain, unzipped tar files
  • 328e8e9 Merge pull request #776 from fluxcd/cache-authn
  • bb65fa7 Addapting tests
  • b743354 cache authenticator retrieved when login to a provider
  • e79914f Merge pull request #782 from fluxcd/dependabot/github_actions/ci-840fb89e3c
  • Additional commits viewable in compare view

Updates github.com/minio/minio-go/v7 from 7.0.70 to 7.0.73

Release notes

Sourced from github.com/minio/minio-go/v7's releases.

Bugfix Release

What's Changed

New Contributors

Full Changelog: https://github.com/minio/minio-go/compare/v7.0.72...v7.0.73

Bugfix Release

What's Changed

Full Changelog: https://github.com/minio/minio-go/compare/v7.0.71...v7.0.72

Bugfix Release

What's Changed

Full Changelog: https://github.com/minio/minio-go/compare/v7.0.70...v7.0.71

Commits

Updates github.com/notaryproject/notation-core-go from 1.0.2 to 1.0.3

Release notes

Sourced from github.com/notaryproject/notation-core-go's releases.

v1.0.3

Vote PASSED [+4 -0]: #205

What's Changed

Full Changelog: https://github.com/notaryproject/notation-core-go/compare/v1.0.2...v1.0.3

Commits
  • 4211b09 build(deps): bump golang.org/x/crypto from 0.22.0 to 0.23.0 (#204)
  • 6f8b75c build(deps): bump actions/stale from 8 to 9 (#195)
  • ff5e5b8 build(deps): bump apache/skywalking-eyes from a790ab8dd23a7f861c18bd6aaa9b012...
  • f624dfd build(deps): bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#200)
  • 356b30e fix: leaf certificate validation (#202)
  • 9f13c9e fix(ci): update codecov token (#199)
  • 66ff8c2 chore: org maintainers update (#196)
  • 807a338 bump: bump up golang version to v1.21 (#194)
  • 9a2ff9e chore: add GitHub action for stale issues and PRs (#174)
  • 93218d9 build(deps): bump golang.org/x/crypto from 0.18.0 to 0.21.0 (#193)
  • Additional commits viewable in compare view

Updates github.com/notaryproject/notation-go from 1.1.0 to 1.1.1

Release notes

Sourced from github.com/notaryproject/notation-go's releases.

v1.1.1

Vote PASSED [+4 -0]: #412

What's Changed

Full Changelog: https://github.com/notaryproject/notation-go/compare/v1.1.0...v1.1.1

Commits
  • 94a0e13 revert: "feat: add support for signing blob (#379)" (#411)
  • 1a5b3e3 ci: enable ci for release branch (#409)
  • 254dfcd bump: bump up notation-core-go v1.0.3 (#407)
  • b7fde51 fix: error message for dangling reference index (#402)
  • b8508d0 test: improve test coverage to 80% (#405)
  • 5e98995 build(deps): bump golang.org/x/crypto from 0.22.0 to 0.23.0 (#403)
  • 378ee83 build(deps): bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#396)
  • a901939 build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.7 to 3.4.8 (#399)
  • 97a5a86 build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.6 to 3.4.7 (#395)
  • 442ece7 build(deps): bump golang.org/x/mod from 0.16.0 to 0.17.0 (#397)
  • Additional commits viewable in compare view

Updates github.com/prometheus/client_golang from 1.19.0 to 1.19.1

Release notes

Sourced from github.com/prometheus/client_golang's releases.

v1.19.1

What's Changed

  • Security patches for golang.org/x/sys and google.golang.org/protobuf

New Contributors

Full Changelog: https://github.com/prometheus/client_golang/compare/v1.19.0...v1.19.1

Changelog

Sourced from github.com/prometheus/client_golang's changelog.

Unreleased

Commits

Updates github.com/sigstore/sigstore from 1.8.3 to 1.8.6

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.8.6

What's Changed

New Contributors

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.5...v1.8.6

v1.8.5

Major are dependencies updates

What's Changed

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.4...v1.8.5

v1.8.4

What's Changed

New Contributors

... (truncated)

Commits
  • 5d4e11e Bump goodkey, fix breakage (#1761)
  • 63cab17 sync go mod
  • 115c2b2 build(deps): Bump the all group across 1 directory with 6 updates
  • 8503e22 build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
  • 39973a8 build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates
  • 58a8301 build(deps): Bump the all group in /pkg/signature/kms/aws with 4 updates
  • 71ace11 build(deps): Bump github.com/hashicorp/go-retryablehttp
  • b777e4b build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity
  • 5ea648c build(deps): Bump the all group in /pkg/signature/kms/gcp with 2 updates
  • a3666d9 build(deps): Bump the all group in /test/e2e with 2 updates
  • Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.22.0 to 0.24.0

Commits
  • 332fd65 go.mod: update golang.org/x dependencies
  • 0b431c7 x509roots/fallback: update bundle
  • 349231f ssh: implement CryptoPublicKey on sk keys
  • 44c9b0f ssh: allow server auth callbacks to send additional banners
  • 67b1361 sha3: reenable s390x assembly
  • 477a5b4 sha3: make APIs usable with zero allocations
  • 59b5a86 sha3: disable s390x assembly
  • 10f366e sha3: simplify XOR functions
  • 905d78a go.mod: update golang.org/x dependencies
  • ebb717d ssh: validate key type in SSH_MSG_USERAUTH_PK_OK response
  • Additional commits viewable in compare view

Updates google.golang.org/api from 0.177.0 to 0.187.0

Release notes

Sourced from google.golang.org/api's releases.

v0.187.0

0.187.0 (2024-07-01)

Features

Bug Fixes

  • gensupport: Wrap chunk upload err for retries (#2657) (a758bc1)
  • Pass through gRPC api key option to new auth lib (#2664) (e051997)

v0.186.0

0.186.0 (2024-06-25)

Features

v0.185.0

0.185.0 (2024-06-18)

Features

Bug Fixes

  • internal/gensupport: Update shouldRetry for GCS uploads (#2634) (ea513cb)

v0.184.0

0.184.0 (2024-06-12)

... (truncated)

Changelog

Sourced from google.golang.org/api's changelog.

0.187.0 (2024-07-01)

Features

Bug Fixes

  • gensupport: Wrap chunk upload err for retries (#2657) (a758bc1)
  • Pass through gRPC api key option to new auth lib (#2664) (e051997)

0.186.0 (2024-06-25)

Features

0.185.0 (2024-06-18)

Features

Bug Fixes

  • internal/gensupport: Update shouldRetry for GCS uploads (#2634) (ea513cb)

0.184.0 (2024-06-12)

Features

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

dependabot[bot] avatar Jul 03 '24 02:07 dependabot[bot]