tejolote icon indicating copy to clipboard operation
tejolote copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

Bump the all group across 1 directory with 8 updates

Open dependabot[bot] opened this issue 6 months ago • 3 comments

Bumps the all group with 6 updates in the / directory:

Package From To
chainguard.dev/apko 0.16.0 0.17.0
github.com/google/go-containerregistry 0.20.1 0.20.2
github.com/sigstore/sigstore 1.8.7 1.8.8
golang.org/x/sync 0.7.0 0.8.0
sigs.k8s.io/release-utils 0.8.3 0.8.4
cloud.google.com/go/pubsub 1.40.0 1.41.0

Updates chainguard.dev/apko from 0.16.0 to 0.17.0

Release notes

Sourced from chainguard.dev/apko's releases.

Release v0.17.0

What's Changed

New Contributors

Full Changelog: https://github.com/chainguard-dev/apko/compare/v0.16.0...v0.17.0

Commits
  • 636d87f begin a new APK client (#1218)
  • 402f0c6 remove the concept of Assertions (#1214)
  • 82d9f55 Implement client-side APK discovery in apko (#1216)
  • 1b878b0 copy annotations to config labels (#1215)
  • 0c8bca7 build(deps): bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.3.0 (#1213)
  • c3cc112 build(deps): bump docker/setup-qemu-action from 3.1.0 to 3.2.0 (#1211)
  • 885a078 build(deps): bump github/codeql-action from 3.25.12 to 3.25.13 (#1212)
  • 8fa6b52 build(deps): bump k8s.io/apimachinery from 0.30.2 to 0.30.3 (#1209)
  • 77c83d2 build(deps): bump github/codeql-action from 3.25.11 to 3.25.12 (#1203)
  • 52518da build(deps): bump step-security/harden-runner from 2.8.1 to 2.9.0 (#1210)
  • Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.20.1 to 0.20.2

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.20.2

What's Changed

Full Changelog: https://github.com/google/go-containerregistry/compare/v0.20.1...v0.20.2

Commits

Updates github.com/sigstore/cosign/v2 from 2.2.4 to 2.3.0

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.3.0

Features

  • Add PayloadProvider interface to decouple AttestationToPayloadJSON from oci.Signature interface (#3693)
  • add registry options to cosign save (#3645)
  • Add debug providers command. (#3728)
  • Make config layers in ociremote mountable (#3741)
  • upgrade to go1.22 (#3739)
  • adds tsa cert chain check for env var or tuf targets. (#3600)
  • add --ca-roots and --ca-intermediates flags to 'cosign verify' (#3464)
  • add handling of keyless verification for all verify commands (#3761)

Bug Fixes

  • fix: close attestationFile (#3679)
  • Set bundleVerified to true after Rekor verification (Resolves #3740) (#3745)

Documentation

  • Document ImportKeyPair and LoadPrivateKey functions in pkg/cosign (#3776)

Testing

  • Refactor KMS E2E tests (#3684)
  • Remove sign_blob_test.sh test (#3707)
  • Remove KMS E2E test script (#3702)
  • Refactor insecure registry E2E tests (#3701)

Contributors

  • Billy Lynch
  • bminahan73
  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Cody Soyland
  • Colleen Murphy
  • Dmitry Savintsev
  • guangwu
  • Hayden B
  • Hector Fernandez
  • ian hundere
  • Jason Power
  • Jon Johnson
  • Max Lambrecht
  • Meeki1l

Full Changelog: https://github.com/sigstore/cosign/compare/v2.2.4...v2.3.0

Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.3.0

Features

  • Add PayloadProvider interface to decouple AttestationToPayloadJSON from oci.Signature interface (#3693)
  • add registry options to cosign save (#3645)
  • Add debug providers command. (#3728)
  • Make config layers in ociremote mountable (#3741)
  • upgrade to go1.22 (#3739)
  • adds tsa cert chain check for env var or tuf targets. (#3600)
  • add --ca-roots and --ca-intermediates flags to 'cosign verify' (#3464)
  • add handling of keyless verification for all verify commands (#3761)

Bug Fixes

  • fix: close attestationFile (#3679)
  • Set bundleVerified to true after Rekor verification (Resolves #3740) (#3745)

Documentation

  • Document ImportKeyPair and LoadPrivateKey functions in pkg/cosign (#3776)

Testing

  • Refactor KMS E2E tests (#3684)
  • Remove sign_blob_test.sh test (#3707)
  • Remove KMS E2E test script (#3702)
  • Refactor insecure registry E2E tests (#3701)

Contributors

  • Billy Lynch
  • bminahan73
  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Cody Soyland
  • Colleen Murphy
  • Dmitry Savintsev
  • guangwu
  • Hayden B
  • Hector Fernandez
  • ian hundere
  • Jason Power
  • Jon Johnson
  • Max Lambrecht
  • Meeki1l
Commits
  • deed363 chore(deps): bump github.com/xanzy/go-gitlab from 0.106.0 to 0.107.0 (#3792)
  • c6f89f8 chore(deps): bump github.com/buildkite/agent/v3 from 3.74.1 to 3.75.1 (#3793)
  • aeba473 Add CHANGELOG for v2.3.0 (#3789)
  • 20d4724 chore(deps): bump github.com/google/go-containerregistry (#3790)
  • 4684fd6 chore(deps): bump the gomod group with 5 updates (#3780)
  • 3c6c5c9 chore(deps): bump github.com/sigstore/fulcio from 1.4.5 to 1.5.1 (#3784)
  • 05026ee chore(deps): bump github.com/google/go-containerregistry (#3783)
  • f9270c0 chore(deps): bump google.golang.org/api from 0.187.0 to 0.188.0 (#3782)
  • 4fd699c chore(deps): bump go.step.sm/crypto from 0.48.1 to 0.50.0 (#3781)
  • 13d3a56 chore(deps): bump the actions group across 1 directory with 2 updates (#3785)
  • Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.8.7 to 1.8.8

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.8.8

What's Changed

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.7...v1.8.8

Commits
  • 7053232 build(deps): Bump golang.org/x/oauth2 from 0.21.0 to 0.22.0 (#1796)
  • dd948da build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#1797)
  • 7cc4a3e build(deps): Bump golang.org/x/oauth2 in /pkg/signature/kms/gcp
  • 9584c8e build(deps): Bump dexidp/dex in /test/e2e in the all group
  • 5b69695 build(deps): Bump github.com/aws/aws-sdk-go
  • 54745c6 build(deps): Bump the all group with 2 updates
  • 0a54fea Support email_verified as a String (#1794)
  • 89b9585 Fixes issue in Device access token request (#1752)
  • 562745e build(deps): Bump localstack/localstack in /test/e2e in the all group
  • 516ef6e build(deps): Bump github.com/aws/aws-sdk-go in /pkg/signature/kms/aws
  • Additional commits viewable in compare view

Updates golang.org/x/sync from 0.7.0 to 0.8.0

Commits

Updates sigs.k8s.io/release-utils from 0.8.3 to 0.8.4

Release notes

Sourced from sigs.k8s.io/release-utils's releases.

v0.8.4

Changes by Kind

Feature

  • K-sigs/release-utils now has an automated release workflow and publishes an SBOM (#110, @​puerco) [SIG Release]
  • Release-utils now has a new throttle package forked from nozzle/throttle (#108, @​puerco) [SIG Release]
  • The http.Agent now has *Group variants of its functions to support parallel fetching o lists of URLs. (#107, @​puerco) [SIG Release]
  • The util package has a new convenience function util.IsDir() to detect if a path is a directory. (#109, @​puerco) [SIG Release]

Other (Cleanup or Flake)

Dependencies

Added

  • github.com/nozzle/throttler: 2ea9822

Changed

Nothing has changed.

Removed

Nothing has changed.

Commits
  • 0790ab4 Merge pull request #110 from puerco/release-workflow
  • 943a605 Merge pull request #111 from puerco/revert-throttle
  • 9545115 Move http package to nozzle/throttler
  • 337176b Revert fork of nozzle/throttler
  • 9670e44 Add SBOM generation to releases
  • 61086f6 Merge pull request #107 from puerco/parallel-http
  • b6576e7 Parallelize tests and do not retry
  • 18dab2e Improve post tests to actually check returns
  • 9c49082 Mark http.GetURLResponse as deprecated
  • 1cd03a3 HTTP Group: Add documentation and example
  • Additional commits viewable in compare view

Updates cloud.google.com/go/pubsub from 1.40.0 to 1.41.0

Release notes

Sourced from cloud.google.com/go/pubsub's releases.

pubsub: v1.41.0

1.41.0 (2024-08-01)

Features

  • pubsub/pstest: Add Message.Topic field and populate on publish (#10510) (01bf051)
  • pubsub: Add max messages batching for Cloud Storage subscriptions (1bb4c84)

Bug Fixes

Commits
  • f371928 chore(main): release pubsub 1.41.0 (#10469)
  • 443e0ee chore: release main (#10595)
  • 928f1a7 fix(bigtable/emulator): Sending empty row in SampleRowKeys response (#10611)
  • 0e5c5c9 refactor(bigtable): Refactoring client side metrics code (#10623)
  • 47941b3 chore(main): release auth 0.7.3 (#10574)
  • 7cea5ed fix(auth): disable automatic universe domain check for MDS (#10620)
  • 2fef238 feat(parallelstore): add file_stripe_level and directory_stripe_level fields ...
  • b90b361 chore(storage/transfermanager): reduce zero array size used for checksums (#1...
  • 6b51942 docs(datacatalog): mark DataplexTransferStatus.MIGRATED as deprecated (#10621)
  • 97fa560 feat(documentai): A new field imageless_mode is added to message `.google.c...
  • Additional commits viewable in compare view

Updates google.golang.org/api from 0.188.0 to 0.189.0

Release notes

Sourced from google.golang.org/api's releases.

v0.189.0

0.189.0 (2024-07-22)

Features

Bug Fixes

  • cba: Update newAuth path to use nil oauth2 client (#2684) (d925dcb)
  • transport/grpc: Retain UserAgent option with new auth stack (#2690) (aa4662f)
Changelog

Sourced from google.golang.org/api's changelog.

0.189.0 (2024-07-22)

Features

Bug Fixes

  • cba: Update newAuth path to use nil oauth2 client (#2684) (d925dcb)
  • transport/grpc: Retain UserAgent option with new auth stack (#2690) (aa4662f)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

dependabot[bot] avatar Aug 07 '24 05:08 dependabot[bot]