Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the go-patch group across 3 directories with 11 updates #1479

Closed
wants to merge 1 commit into from
Closed

Bump the go-patch group across 3 directories with 11 updates #1479

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 11, 2024
edited
Loading

Bumps the go-patch group with 6 updates in the / directory:

Package From To
github.com/aws/aws-sdk-go-v2/credentials 1.17.17 1.17.44
github.com/cyphar/filepath-securejoin 0.3.1 0.3.4
github.com/elgohr/go-localstack 1.0.20 1.0.113
github.com/jenkins-x/go-scm 1.14.11 1.14.44
github.com/kubescape/go-git-url 0.0.25 0.0.30
github.com/spf13/cobra 1.8.0 1.8.1

Bumps the go-patch group with 1 update in the /api directory: github.com/go-logr/logr.
Bumps the go-patch group with 2 updates in the /tfctl directory: github.com/go-logr/logr and github.com/spf13/cobra.

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.17.17 to 1.17.44

Commits

Updates github.com/aws/smithy-go from 1.20.3 to 1.22.0

Changelog

Sourced from github.com/aws/smithy-go's changelog.

Release (2024-10-03)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.22.0
    • Feature: Add HTTP client metrics.

Release (2024-09-25)

Module Highlights

  • github.com/aws/smithy-go/aws-http-auth: v1.0.0
    • Release: Initial release of module aws-http-auth, which implements generically consumable SigV4 and SigV4a request signing.

Release (2024-09-19)

General Highlights

  • Dependency Update: Updated to the latest SDK module versions

Module Highlights

  • github.com/aws/smithy-go: v1.21.0
    • Feature: Add tracing and metrics APIs, and builtin instrumentation for both, in generated clients.
  • github.com/aws/smithy-go/metrics/smithyotelmetrics: v1.0.0
    • Release: Initial release of smithyotelmetrics module, which is used to adapt an OpenTelemetry SDK meter provider to be used with Smithy clients.
  • github.com/aws/smithy-go/tracing/smithyoteltracing: v1.0.0
    • Release: Initial release of smithyoteltracing module, which is used to adapt an OpenTelemetry SDK tracer provider to be used with Smithy clients.

Release (2024-08-14)

Module Highlights

  • github.com/aws/smithy-go: v1.20.4
    • Dependency Update: Bump minimum Go version to 1.21.

Release (2024-06-27)

Module Highlights

  • github.com/aws/smithy-go: v1.20.3
    • Bug Fix: Fix encoding/cbor test overflow on x86.

Release (2024-03-29)

  • No change notes available for this release.

Release (2024-02-21)

Module Highlights

  • github.com/aws/smithy-go: v1.20.1
    • Bug Fix: Remove runtime dependency on go-cmp.

... (truncated)

Commits

Updates github.com/cyphar/filepath-securejoin from 0.3.1 to 0.3.4

Release notes

Sourced from github.com/cyphar/filepath-securejoin's releases.

v0.3.4

This release primarily includes a fix that blocked using filepath-securejoin in Kubernetes.

  • Previously, some testing mocks we had resulted in us doing import "testing" in non-_test.go code, which made some downstreams like Kubernetes unhappy. This has been fixed. (#32)

Thanks to all of the contributors who made this release possible:

Signed-off-by: Aleksa Sarai [email protected]

v0.3.3

This release primarily includes fixes for spurious errors we hit when checking that directories created by MkdirAll "look right". Upon further consideration, these checks were fundamentally buggy and didn't offer any practical protection anyway.

  • The mode and owner verification logic in MkdirAll has been removed. This was originally intended to protect against some theoretical attacks but upon further consideration these protections don't actually buy us anything and they were causing spurious errors with more complicated filesystem setups.
  • The "is the created directory empty" logic in MkdirAll has also been removed. This was not causing us issues yet, but some pseudofilesystems (such as cgroup) create non-empty directories and so this logic would've been wrong for such cases.

Thanks to all of the contributors who made this release possible:

Signed-off-by: Aleksa Sarai [email protected]

v0.3.2

This release includes a few fixes for MkdirAll when dealing with S_ISUID and S_ISGID, to solve a regression runc hit when switching to MkdirAll.

  • Passing the S_ISUID or S_ISGID modes to MkdirAllInRoot will now return an explicit error saying that those bits are ignored by mkdirat(2). In the past a different error was returned, but since the silent ignoring behaviour is codified in the man pages a more explicit error seems apt. While silently ignoring these bits would be the most compatible option, it could lead to users thinking their code sets these bits when it doesn't. Programs that need to deal with compatibility can mask the bits themselves. (#23, #25)

... (truncated)

Changelog

Sourced from github.com/cyphar/filepath-securejoin's changelog.

[0.3.4] - 2024-10-09

Fixed

  • Previously, some testing mocks we had resulted in us doing import "testing" in non-_test.go code, which made some downstreams like Kubernetes unhappy. This has been fixed. (#32)

[0.3.3] - 2024-09-30

Fixed

  • The mode and owner verification logic in MkdirAll has been removed. This was originally intended to protect against some theoretical attacks but upon further consideration these protections don't actually buy us anything and they were causing spurious errors with more complicated filesystem setups.
  • The "is the created directory empty" logic in MkdirAll has also been removed. This was not causing us issues yet, but some pseudofilesystems (such as cgroup) create non-empty directories and so this logic would've been wrong for such cases.

[0.3.2] - 2024-09-13

Changed

  • Passing the S_ISUID or S_ISGID modes to MkdirAllInRoot will now return an explicit error saying that those bits are ignored by mkdirat(2). In the past a different error was returned, but since the silent ignoring behaviour is codified in the man pages a more explicit error seems apt. While silently ignoring these bits would be the most compatible option, it could lead to users thinking their code sets these bits when it doesn't. Programs that need to deal with compatibility can mask the bits themselves. (#23, #25)

Fixed

  • If a directory has S_ISGID set, then all child directories will have S_ISGID set when created and a different gid will be used for any inode created under the directory. Previously, the "expected owner and mode" validation in securejoin.MkdirAll did not correctly handle this. We now correctly handle this case. (#24, #25)
Commits
  • fd16ade VERSION: release v0.3.4
  • 00e0710 godoc: update package documentation
  • 0cd6be1 README: fix reference to open_tree kernel requirements
  • 205046f README: add pkg.go.dev badge
  • ecb1b8e tests: procfs: clean up mock test hook
  • 3ec6eed CHANGELOG: mention #32 fix
  • 86e6182 merge #32 into cyphar/filepath-securejoin:main
  • 6864912 Isolate the testing import in test code
  • 4348fee openat: remove unused function
  • d0c7d67 merge #31 into cyphar/filepath-securejoin:main
  • Additional commits viewable in compare view

Updates github.com/elgohr/go-localstack from 1.0.20 to 1.0.113

Commits
  • 5966c11 Merge pull request #983 from elgohr/dependabot/go_modules/github.com/maxbruns...
  • 28b89db Bump github.com/maxbrunsfeld/counterfeiter/v6 from 6.9.0 to 6.10.0
  • 6d4967d Merge pull request #982 from elgohr/dependabot/go_modules/docker-c4b95dffb6
  • 9d08f74 Bump the docker group with 2 updates
  • f2338a6 Merge pull request #980 from elgohr/dependabot/go_modules/docker-12c74cbbec
  • 2a3219b Bump the docker group with 2 updates
  • e1faedc Merge pull request #981 from elgohr/dependabot/go_modules/github.com/maxbruns...
  • aa3a744 Bump github.com/maxbrunsfeld/counterfeiter/v6 from 6.8.1 to 6.9.0
  • 2fc3485 Merge pull request #979 from elgohr/dependabot/go_modules/aws-sdk-6b3fa0658d
  • 53cc661 Bump the aws-sdk group with 2 updates
  • Additional commits viewable in compare view

Updates github.com/jenkins-x/go-scm from 1.14.11 to 1.14.44

Release notes

Sourced from github.com/jenkins-x/go-scm's releases.

1.14.44

Changes in version 1.14.44

Bug Fixes

  • make fmt (Mårten Svantesson)
  • linting fixes (Mårten Svantesson)
  • github now requires explicit make_latest=true on create (Mårten Svantesson)

Chores

  • release 1.14.44 (jenkins-x-bot)
  • add variables (jenkins-x-bot)

1.14.43

Changes in version 1.14.43

Chores

  • release 1.14.43 (jenkins-x-bot)
  • add variables (jenkins-x-bot)
  • deps: bump github.com/bluekeyes/go-gitdiff from 0.7.4 to 0.8.0 (dependabot[bot])

1.14.42

Changes in version 1.14.42

Bug Fixes

  • updating gitea demo url (Mårten Svantesson)
  • readable diffs (Mårten Svantesson)
  • pull request should be null for issues (Mårten Svantesson)

Chores

  • release 1.14.42 (jenkins-x-bot)
  • add variables (jenkins-x-bot)

1.14.41

Changes in version 1.14.41

Chores

  • release 1.14.41 (jenkins-x-bot)
  • add variables (jenkins-x-bot)
  • deps: bump github.com/bluekeyes/go-gitdiff from 0.7.3 to 0.7.4 (dependabot[bot])

1.14.40

Changes in version 1.14.40

Chores

... (truncated)

Commits
  • 5d9d1c6 chore: release 1.14.44
  • e61330d chore: add variables
  • af08d2b Merge pull request #462 from jenkins-x/createlatest
  • d95cc43 fix: make fmt
  • 183f19b fix: linting fixes
  • 37f223c fix: github now requires explicit make_latest=true on create
  • 4b6f912 Merge pull request #456 from jenkins-x/dependabot/go_modules/github.com/bluek...
  • 6189096 chore(deps): bump github.com/bluekeyes/go-gitdiff from 0.7.4 to 0.8.0
  • 357a1be Merge pull request #459 from jenkins-x/pullrequestnull
  • 635708f fix: updating gitea demo url
  • Additional commits viewable in compare view

Updates github.com/kubescape/go-git-url from 0.0.25 to 0.0.30

Commits
  • d27eb58 Merge pull request #16 from kubescape/fix-gitlab
  • 1ba58cb use detected host in gitlab api
  • afc1c54 Merge pull request #15 from kubescape/fix-gitlab
  • 29a0174 also support self hosted gitlab in NewGitAPI
  • 1d0b89d Merge pull request #14 from kubescape/fix-gitlab
  • ec5afaf add support for self-hosted gitlab
  • 0a7f7ed Merge pull request #13 from kubescape/fix-gitlab
  • 5dd5ab2 fix gitlab project ID generation
  • 36432da Merge pull request #12 from hectorj2f/fix_git_urls_cve
  • e2ce7a0 replace whilp/git-urls module by chainguard-dev/git-urls
  • See full diff in compare view

Updates github.com/maxbrunsfeld/counterfeiter/v6 from 6.9.0 to 6.10.0

Release notes

Sourced from github.com/maxbrunsfeld/counterfeiter/v6's releases.

v6.10.0

What's Changed

New Contributors

Full Changelog: maxbrunsfeld/counterfeiter@v6.9.0...v6.10.0

Commits
  • 241cc37 add integration test to validate type aliases are treated correctly
  • ac22042 issue #298 - go 1.23 go/types alias change
  • 224623a Merge pull request #300 from maxbrunsfeld/dependabot/go_modules/golang.org/x/...
  • 16e7f66 Bump golang.org/x/tools from 0.25.0 to 0.26.0
  • 92721d4 Merge pull request #299 from maxbrunsfeld/dependabot/go_modules/golang.org/x/...
  • f5b33b8 Bump golang.org/x/text from 0.18.0 to 0.19.0
  • b15b881 Merge pull request #296 from maxbrunsfeld/dependabot/go_modules/github.com/on...
  • 63d30a8 Bump github.com/onsi/gomega from 1.34.1 to 1.34.2
  • See full diff in compare view

Updates github.com/onsi/gomega from 1.34.1 to 1.34.2

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.34.2

1.34.2

Require Go 1.22+

Maintenance

  • bump ginkgo as well [c59c6dc]
  • bump to go 1.22 - remove x/exp dependency [8158b99]
Changelog

Sourced from github.com/onsi/gomega's changelog.

1.34.2

Require Go 1.22+

Maintenance

  • bump ginkgo as well [c59c6dc]
  • bump to go 1.22 - remove x/exp dependency [8158b99]
Commits

Updates github.com/spf13/cobra from 1.8.0 to 1.8.1

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.8.1

✨ Features

🐛 Bug fixes

🔧 Maintenance

🧪 Testing & CI/CD

✏️ Documentation

... (truncated)

Commits

Updates k8s.io/apimachinery from 0.30.1 to 0.30.3

Commits

Updates github.com/go-logr/logr from 1.4.1 to 1.4.2

Release notes

Sourced from github.com/go-logr/logr's releases.

v1.4.2

What's Changed

Dependencies:

Full Changelog: go-logr/logr@v1.4.1...v1.4.2

Commits
  • 1205f42 Merge pull request #295 from go-logr/dependabot/github_actions/actions/checko...
  • ccedcbd Merge pull request #294 from go-logr/dependabot/github_actions/github/codeql-...
  • bead577 build(deps): bump actions/checkout from 4.1.5 to 4.1.6
  • a492d95 build(deps): bump github/codeql-action from 3.25.4 to 3.25.5
  • 19ad07c build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3
  • 1c97a21 build(deps): bump actions/checkout from 4.1.4 to 4.1.5
  • f70c5b5 build(deps): bump github/codeql-action from 3.25.3 to 3.25.4
  • 4ade8d3 build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1
  • 88d98bd Merge pull request #289 from go-logr/dependabot/github_actions/golangci/golan...
  • 432cd86 Merge pull request #288 from go-logr/dependabot/github_actions/actions/setup-...
  • Additional commits viewable in compare view

Updates github.com/go-logr/logr from 1.4.1 to 1.4.2

Release notes

Sourced from github.com/go-logr/logr's releases.

v1.4.2

What's Changed

Dependencies:

Full Changelog: go-logr/logr@v1.4.1...v1.4.2

Commits
  • 1205f42 Merge pull request #295 from go-logr/dependabot/github_actions/actions/checko...
  • ccedcbd Merge pull request #294 from go-logr/dependabot/github_actions/github/codeql-...
  • bead577 build(deps): bump actions/checkout from 4.1.5 to 4.1.6
  • a492d95 build(deps): bump github/codeql-action from 3.25.4 to 3.25.5
  • 19ad07c build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3
  • 1c97a21 build(deps): bump actions/checkout from 4.1.4 to 4.1.5
  • f70c5b5 build(deps): bump github/codeql-action from 3.25.3 to 3.25.4
  • 4ade8d3 build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1
  • 88d98bd Merge pull request #289 from go-logr/dependabot/github_actions/golangci/golan...
  • 432cd86 Merge pull request #288 from go-logr/dependabot/github_actions/actions/setup-...
  • Additional commits viewable in compare view

Updates github.com/spf13/cobra from 1.8.0 to 1.8.1

Release notes

Sourced from github.com/spf13/cobra's releases.

v1.8.1

✨ Features

🐛 Bug fixes

🔧 Maintenance

🧪 Testing & CI/CD

✏️ Documentation

... (truncated)

Commits
  • e94f6d0 Address golangci-lint deprecation warnings, enable some more linters (#2152)
  • 8003b74 Remove fully inactivated linters (#2148)
  • 5c2c1d6 Consistent annotation names (#2140)
  • 5a1acea build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.3 to 2.0.4 (#2127)
  • 0fc86c2 docs: update user guide (#2128)
  • 6b5f577 More linting...

    Description has been truncated

@dependabot
Bump the go-patch group across 3 directories with 11 updates
718f7c6 
Bumps the go-patch group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) | `1.17.17` | `1.17.44` |
| [github.com/cyphar/filepath-securejoin](https://github.com/cyphar/filepath-securejoin) | `0.3.1` | `0.3.4` |
| [github.com/elgohr/go-localstack](https://github.com/elgohr/go-localstack) | `1.0.20` | `1.0.113` |
| [github.com/jenkins-x/go-scm](https://github.com/jenkins-x/go-scm) | `1.14.11` | `1.14.44` |
| [github.com/kubescape/go-git-url](https://github.com/kubescape/go-git-url) | `0.0.25` | `0.0.30` |
| [github.com/spf13/cobra](https://github.com/spf13/cobra) | `1.8.0` | `1.8.1` |

Bumps the go-patch group with 1 update in the /api directory: [github.com/go-logr/logr](https://github.com/go-logr/logr).
Bumps the go-patch group with 2 updates in the /tfctl directory: [github.com/go-logr/logr](https://github.com/go-logr/logr) and [github.com/spf13/cobra](https://github.com/spf13/cobra).


Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.17.17 to 1.17.44
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@credentials/v1.17.17...credentials/v1.17.44)

Updates `github.com/aws/smithy-go` from 1.20.3 to 1.22.0
- [Release notes](https://github.com/aws/smithy-go/releases)
- [Changelog](https://github.com/aws/smithy-go/blob/main/CHANGELOG.md)
- [Commits](aws/smithy-go@v1.20.3...v1.22.0)

Updates `github.com/cyphar/filepath-securejoin` from 0.3.1 to 0.3.4
- [Release notes](https://github.com/cyphar/filepath-securejoin/releases)
- [Changelog](https://github.com/cyphar/filepath-securejoin/blob/main/CHANGELOG.md)
- [Commits](cyphar/filepath-securejoin@v0.3.1...v0.3.4)

Updates `github.com/elgohr/go-localstack` from 1.0.20 to 1.0.113
- [Commits](elgohr/go-localstack@v1.0.20...v1.0.113)

Updates `github.com/jenkins-x/go-scm` from 1.14.11 to 1.14.44
- [Release notes](https://github.com/jenkins-x/go-scm/releases)
- [Changelog](https://github.com/jenkins-x/go-scm/blob/main/CHANGELOG.md)
- [Commits](jenkins-x/go-scm@v1.14.11...v1.14.44)

Updates `github.com/kubescape/go-git-url` from 0.0.25 to 0.0.30
- [Release notes](https://github.com/kubescape/go-git-url/releases)
- [Commits](kubescape/go-git-url@v0.0.25...v0.0.30)

Updates `github.com/maxbrunsfeld/counterfeiter/v6` from 6.9.0 to 6.10.0
- [Release notes](https://github.com/maxbrunsfeld/counterfeiter/releases)
- [Commits](maxbrunsfeld/counterfeiter@v6.9.0...v6.10.0)

Updates `github.com/onsi/gomega` from 1.34.1 to 1.34.2
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.34.1...v1.34.2)

Updates `github.com/spf13/cobra` from 1.8.0 to 1.8.1
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](spf13/cobra@v1.8.0...v1.8.1)

Updates `k8s.io/apimachinery` from 0.30.1 to 0.30.3
- [Commits](kubernetes/apimachinery@v0.30.1...v0.30.3)

Updates `github.com/go-logr/logr` from 1.4.1 to 1.4.2
- [Release notes](https://github.com/go-logr/logr/releases)
- [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md)
- [Commits](go-logr/logr@v1.4.1...v1.4.2)

Updates `github.com/go-logr/logr` from 1.4.1 to 1.4.2
- [Release notes](https://github.com/go-logr/logr/releases)
- [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md)
- [Commits](go-logr/logr@v1.4.1...v1.4.2)

Updates `github.com/spf13/cobra` from 1.8.0 to 1.8.1
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](spf13/cobra@v1.8.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/credentials
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-patch
- dependency-name: github.com/aws/smithy-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-patch
- dependency-name: github.com/cyphar/filepath-securejoin
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-patch
- dependency-name: github.com/elgohr/go-localstack
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-patch
- dependency-name: github.com/jenkins-x/go-scm
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-patch
- dependency-name: github.com/kubescape/go-git-url
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-patch
- dependency-name: github.com/maxbrunsfeld/counterfeiter/v6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: go-patch
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-patch
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-patch
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-patch
- dependency-name: github.com/go-logr/logr
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-patch
- dependency-name: github.com/go-logr/logr
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: go-patch
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added area/ci Continuous Integration pipeline dependencies Dependency management for library and code labels Nov 11, 2024
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 18, 2024

Looks like these dependencies are no longer updatable, so this is no longer needed.

@dependabot dependabot bot closed this Nov 18, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/go-patch-2a1d197a77 branch November 18, 2024 05:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/ci Continuous Integration pipeline dependencies Dependency management for library and code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants