Bump the go-deps group across 1 directory with 5 updates

[dependabot[bot]]

Bumps the go-deps group with 5 updates in the / directory:

Package	From	To
github.com/ProtonMail/go-crypto	1.2.0	1.3.0
github.com/fluxcd/pkg/apis/meta	1.12.0	1.13.0
github.com/fluxcd/pkg/auth	0.17.0	0.18.0
github.com/fluxcd/pkg/runtime	0.60.0	0.61.0
github.com/google/go-containerregistry	0.20.3	0.20.6

Updates github.com/ProtonMail/go-crypto from 1.2.0 to 1.3.0

Release notes

Sourced from github.com/ProtonMail/go-crypto's releases.

Release v1.3.0

What's Changed

• API v2: Tolerate invalid key signatures if one verifies in ProtonMail/go-crypto#284
• Enforce acceptable hash functions in clearsign in ProtonMail/go-crypto#281
• Allow to set a decompressed message size limit in ProtonMail/go-crypto#285
• API v1: Only allow acceptable hashes when writing signatures in ProtonMail/go-crypto#286

Full Changelog: https://github.com/ProtonMail/go-crypto/compare/v1.2.0...v1.3.0

Release v1.3.0-proton

This release is v1.3.0 with support for the following non-standardized features:

• Presistent symmetric keys experimental + latest draft draft-ietf-openpgp-persistent-symmetric-keys-00
• Automatic forwarding draft-wussler-openpgp-forwarding-00
• Post-quantum algorithms draft-ietf-openpgp-pqc (Updated to draft-ietf-openpgp-pqc-09)

Commits

• 3b22d85 Merge pull request #286 from ProtonMail/feat/v1-api-enforce-signature-hashes
• a9af95c feat(v1): Only allow acceptable hashes when writing signatures
• 3c60603 Merge pull request #285 from ProtonMail/feat/decompression-size-limit
• d664700 feat: Allow to set a decompressed size limit
• e1ea40e Merge pull request #281 from ProtonMail/fix/clearsign-check-hash
• 9cd4c3a feat(clearsign): Write complete legacy hash header
• 244eb1c fix(clearsign): Enforce acceptable hash functions in clearsign
• a994e32 Merge pull request #284 from ProtonMail/feat/less-restrictive-key-signature
• 8fe0e95 feat(v2): Tolerate invalid key signatures if one passes
• See full diff in compare view

Updates github.com/fluxcd/pkg/apis/meta from 1.12.0 to 1.13.0

Commits

• 246bc82 Merge pull request #942 from fluxcd/force-annotation
• 86ef319 Introduce reconcile.fluxcd.io/forceAt annotation
• 9be33b3 Merge pull request #941 from fluxcd/crypto-v0.39.0
• 8957219 Update golang.org/x/crypto to v0.39.0
• 406c48d Merge pull request #940 from fluxcd/release-git-pkgs
• 2298005 Release git/v0.32.0 and git/gogit/v0.34.0
• 47a1b23 Merge pull request #938 from fluxcd/public-ecr
• a0d4442 Fix support for public.ecr.aws
• 53c7b2d Merge pull request #939 from kane8n/update-go-git
• 77f008c update go-git
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/auth from 0.17.0 to 0.18.0

Commits

• 288cd7a Merge pull request #752 from fluxcd/handle-in-cluster-annotation
• 4971c85 Return a DiffTypeExclude when exclusion annotation is set in cluster
• 46467e7 Merge pull request #754 from fluxcd/update-docker
• 43f36aa Update docker dependencies
• e350b5b Merge pull request #750 from fluxcd/update-deps-go-1.22
• 3ad72d9 Update dependencies to Go 1.22 and Kubernetes 1.29.3
• 6ad47ef Merge pull request #751 from fluxcd/disable-bitbucket-server-tests
• 9ba119b Disable bitbucket-server e2e
• e8f9e40 Merge pull request #723 from gdasson/main
• 5c27146 Adding common "reason" constants
• Additional commits viewable in compare view

Updates github.com/fluxcd/pkg/runtime from 0.60.0 to 0.61.0

Commits

• e5de5fa Merge pull request #951 from cappyzawa/remove-runtime-tls-package
• aab4541 runtime/tls: remove deprecated package
• 5d70542 Merge pull request #950 from cappyzawa/add-runtime-secrets-package
• deb3fae fixup! fixup! runtime/secrets: add package for consolidated secret handling
• 9eb2c69 fixup! fixup! fixup! fixup! runtime/secrets: add package for consolidated sec...
• 94fce87 fixup! fixup! fixup! runtime/secrets: add package for consolidated secret han...
• 27e72a9 fixup! fixup! runtime/secrets: add package for consolidated secret handling
• 939a696 fixup! fixup! runtime/secrets: add package for consolidated secret handling
• 86bf9bb fixup! runtime/secrets: add package for consolidated secret handling
• 2abb738 fixup! runtime/secrets: add package for consolidated secret handling
• Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.20.3 to 0.20.6

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.6

What's Changed

• Ensure that tag name is not empty if name contains colon by @​SaschaSchwarze0 in google/go-containerregistry#2094
• Bump some deps by @​jonjohnsonjr in google/go-containerregistry#2110

New Contributors

• @​SaschaSchwarze0 made their first contribution in google/go-containerregistry#2094

Full Changelog: https://github.com/google/go-containerregistry/compare/v0.20.4...v0.20.6

v0.20.5

What's Changed

• build(deps): bump docker/docker to v28.0.0+incompatible by @​luhring in google/go-containerregistry#2071
• Migrate linter to v2 by @​Subserial in google/go-containerregistry#2096
• bump go version + bump deps by @​Subserial in google/go-containerregistry#2093
• implement TextMarshaler/JSONMarshaler more consistently by @​imjasonh in google/go-containerregistry#2097
• Update CodeQL permissions by @​Subserial in google/go-containerregistry#2103
• Update goreleaser permissions by @​Subserial in google/go-containerregistry#2104
• Update provenance action in release by @​Subserial in google/go-containerregistry#2105
• Update validator action by @​Subserial in google/go-containerregistry#2106

New Contributors

• @​luhring made their first contribution in google/go-containerregistry#2071
• @​Subserial made their first contribution in google/go-containerregistry#2096

Full Changelog: https://github.com/google/go-containerregistry/compare/v0.20.3...v0.20.5

v0.20.4 - Not usable as a go module

🚨 This release was published to the Go module proxy and then re-tagged with a different commit. This means it's not usable as a Go module (google/go-containerregistry#2107) -- please us v0.20.5 instead.

What's Changed

• build(deps): bump docker/docker to v28.0.0+incompatible by @​luhring in google/go-containerregistry#2071
• Migrate linter to v2 by @​Subserial in google/go-containerregistry#2096
• bump go version + bump deps by @​Subserial in google/go-containerregistry#2093
• implement TextMarshaler/JSONMarshaler more consistently by @​imjasonh in google/go-containerregistry#2097
• Update CodeQL permissions by @​Subserial in google/go-containerregistry#2103
• Update goreleaser permissions by @​Subserial in google/go-containerregistry#2104
• Update provenance action in release by @​Subserial in google/go-containerregistry#2105
• Update validator action by @​Subserial in google/go-containerregistry#2106

New Contributors

• @​luhring made their first contribution in google/go-containerregistry#2071
• @​Subserial made their first contribution in google/go-containerregistry#2096

Full Changelog: https://github.com/google/go-containerregistry/compare/v0.20.3...v0.20.4

Commits

• 59a4b85 Bump some deps (#2110)
• 5b10395 Ensure that tag name is not empty if name contains colon (#2094)
• 4eb8c4d Update validator action (#2106)
• 78d4a6e Update provenance action (#2105)
• 33840ff Update goreleaser permissions (#2104)
• 8d47c37 Update CodeQL permissions (#2103)
• a61de15 implement TextMarshaler/JSONMarshaler more consistently (#2097)
• 1d5b256 bump go version + bump deps (#2093)
• ccaa0d6 Migrate linter to v2 (#2096)
• 098045d build(deps): bump docker/docker to v28.0.0+incompatible (#2071)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions