chore(deps): bump the go group with 12 updates #1248

dependabot · 2025-01-12T08:54:55Z

Bumps the go group with 12 updates:

Package	From	To
github.com/aws/aws-sdk-go-v2	`1.32.7`	`1.32.8`
github.com/aws/aws-sdk-go-v2/config	`1.28.7`	`1.28.10`
github.com/aws/aws-sdk-go-v2/credentials	`1.17.48`	`1.17.51`
github.com/aws/aws-sdk-go-v2/feature/s3/manager	`1.17.45`	`1.17.48`
github.com/aws/aws-sdk-go-v2/service/ecr	`1.38.1`	`1.38.3`
github.com/aws/aws-sdk-go-v2/service/s3	`1.72.0`	`1.72.2`
github.com/containerd/containerd	`1.7.24`	`1.7.25`
github.com/go-git/go-billy/v5	`5.6.1`	`5.6.2`
github.com/mikefarah/yq/v4	`4.44.6`	`4.45.1`
github.com/sigstore/sigstore	`1.8.11`	`1.8.12`
golang.org/x/net	`0.33.0`	`0.34.0`
sigs.k8s.io/controller-runtime	`0.19.3`	`0.19.4`

Updates github.com/aws/aws-sdk-go-v2 from 1.32.7 to 1.32.8

Commits

31c2f3f Release 2025-01-09
ed70e6b Regenerated Clients
5aef5b0 Update partitions file
6e21e3f Update endpoints model
9017824 Update API model
ebb7c02 retry net.ErrClosed by default (#2949)
19d2a28 Release 2025-01-08
e153a59 Regenerated Clients
349cb94 Update endpoints model
740de30 Update API model
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.28.7 to 1.28.10

Commits

7a7d202 Release 2025-01-10
fdaa7e2 Regenerated Clients
52aba54 Update endpoints model
7263a7a Update API model
31c2f3f Release 2025-01-09
ed70e6b Regenerated Clients
5aef5b0 Update partitions file
6e21e3f Update endpoints model
9017824 Update API model
ebb7c02 retry net.ErrClosed by default (#2949)
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/credentials from 1.17.48 to 1.17.51

Commits

7a7d202 Release 2025-01-10
fdaa7e2 Regenerated Clients
52aba54 Update endpoints model
7263a7a Update API model
31c2f3f Release 2025-01-09
ed70e6b Regenerated Clients
5aef5b0 Update partitions file
6e21e3f Update endpoints model
9017824 Update API model
ebb7c02 retry net.ErrClosed by default (#2949)
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.17.45 to 1.17.48

Commits

5a96470 Release 2024-12-19
653aa80 Regenerated Clients
d02b239 Update endpoints model
698d709 Update API model
885de40 Fix improper use of Printf-style functions (#2934)
858298a Release 2024-12-18
f58264a Regenerated Clients
df31082 Update endpoints model
346690e Update API model
4515454 Release 2024-12-17
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/ecr from 1.38.1 to 1.38.3

Commits

65023f3 Release 2023-08-17
0742a92 Regenerated Clients
0e3340f Update endpoints model
4526489 Update API model
18635b8 Add X-Amz-Server-Side-Encryption-Context header to required signed headers al...
4682b6a Achieve DisableMRAP parity in config loaders (#2239)
7ecab86 Release 2023-08-16
1ac4add Regenerated Clients
4f353cd Update API model
53f9e53 remove checks on push because its redundant (#2240)
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/service/s3 from 1.72.0 to 1.72.2

Commits

31c2f3f Release 2025-01-09
ed70e6b Regenerated Clients
5aef5b0 Update partitions file
6e21e3f Update endpoints model
9017824 Update API model
ebb7c02 retry net.ErrClosed by default (#2949)
19d2a28 Release 2025-01-08
e153a59 Regenerated Clients
349cb94 Update endpoints model
740de30 Update API model
Additional commits viewable in compare view

Updates github.com/containerd/containerd from 1.7.24 to 1.7.25

Release notes

Sourced from github.com/containerd/containerd's releases.

containerd 1.7.25

Welcome to the v1.7.25 release of containerd!

The twenty-fifth patch release for containerd 1.7 contains various fixes and updates.

Highlights

Update runc binary to v1.2.4 (#11238)

Fix proto conflicts and update to 1.8 API (#11184)

Container Runtime Interface (CRI)

Fix ip_pref configuration option (#11223)

Runtime

Fix panic due to nil dereference cgroups v2 (#11099)

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

Akihiro Suda

Derek McGowan

Sebastiaan van Stijn

Wei Fu

Maksym Pavlenko

Akhil Mohan

Henry Wang

Jin Dong

Phil Estes

Sam Edwards

Samuel Karp

Brian Goff

David Son

Kohei Tokunaga

Pierre Gimalac

Yang Yang

bo.jiang

Changes

Prepare release notes for v1.7.25 (#11243)

bda53fc60 Prepare release notes for v1.7.25

Update runc binary to v1.2.4 (#11238)

d4a649130 update runc binary to v1.2.4

... (truncated)

Commits

bcc810d Merge pull request #11243 from dmcgowan/prepare-v1.7.25
bda53fc Prepare release notes for v1.7.25
d46d74c Merge pull request #11238 from k8s-infra-cherrypick-robot/cherry-pick-11230-t...
d4a6491 update runc binary to v1.2.4
e76cc83 Merge pull request #11224 from thaJeztah/1.7_backport_debug-log-shim-plugin
1079d92 Merge pull request #11223 from thaJeztah/1.7_backport_fix-ipv6-pref
99c9737 runtime/v2: reduce shim plugin log
0cfc1ed Fix "even if IPv4 comes first" test to have IPv4 first
53d1fd0 Don't use To16() != nil to detect IPv6 addresses
142e855 Merge pull request #11203 from pgimalac/pgimalac/containerd-no-plugin
Additional commits viewable in compare view

Updates github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2

Release notes

Sourced from github.com/go-git/go-billy/v5's releases.

v5.6.2

What's Changed

Enable the iofs adapter to also return other interfaces from io/fs by @JAORMX in go-git/go-billy#102

build: Bump dependencies by @pjbgf in go-git/go-billy#103

New Contributors

@JAORMX made their first contribution in go-git/go-billy#102

Full Changelog: go-git/go-billy@v5.6.1...v5.6.2

Commits

9f8b16d Merge pull request #103 from pjbgf/bump-deps
783f58c build: Bump dependencies
0009381 Merge pull request #102 from JAORMX/iofs-extra-interfaces-v5
21beb15 Enable the iofs adapter to also return other interfaces from io/fs
See full diff in compare view

Updates github.com/mikefarah/yq/v4 from 4.44.6 to 4.45.1

Release notes

Sourced from github.com/mikefarah/yq/v4's releases.

v4.45.1 - Create parent directories when --split-exp is used!

Create parent directories when --split-exp is used, Thanks @rudo-thomas

Bumped dependencies

Changelog

Sourced from github.com/mikefarah/yq/v4's changelog.

4.45.1:

Create parent directories when --split-exp is used, Thanks @rudo-thomas

Bumped dependencies

Commits

8bf425b Bumping version
f755755 Updated release notes
0f390b2 Bumping goccy
31ad7fb Bump github.com/magiconair/properties from 1.8.7 to 1.8.9
566cf82 Bump github.com/goccy/go-json from 0.10.3 to 0.10.4
2c9f833 Bump github.com/elliotchance/orderedmap from 1.7.0 to 1.7.1
c02d44d Bump golang.org/x/net from 0.32.0 to 0.33.0
f73c862 feat: Create parent directories if --split-exp is used.
294a170 Bumping version
See full diff in compare view

Updates github.com/sigstore/sigstore from 1.8.11 to 1.8.12

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.8.12

What's Changed

build(deps): Bump google.golang.org/api from 0.210.0 to 0.212.0 in /pkg/signature/kms/gcp by @dependabot in sigstore/sigstore#1912

build(deps): Bump google.golang.org/protobuf from 1.35.2 to 1.36.0 in /pkg/signature/kms/gcp by @dependabot in sigstore/sigstore#1911

build(deps): Bump actions/setup-go from 5.1.0 to 5.2.0 in the all group by @dependabot in sigstore/sigstore#1909

build(deps): Bump google.golang.org/api from 0.212.0 to 0.214.0 in /pkg/signature/kms/gcp by @dependabot in sigstore/sigstore#1917

build(deps): Bump hashicorp/vault from 1.18.2 to 1.18.3 in /test/e2e in the all group by @dependabot in sigstore/sigstore#1915

build(deps): Bump the gomod group across 2 directories with 5 updates by @dependabot in sigstore/sigstore#1916

build(deps): Bump cloud.google.com/go/kms from 1.20.3 to 1.20.4 in /pkg/signature/kms/gcp in the gomod group across 1 directory by @dependabot in sigstore/sigstore#1920

build(deps): Bump github.com/coreos/go-oidc/v3 from 3.11.0 to 3.12.0 by @dependabot in sigstore/sigstore#1924

build(deps): Bump golang.org/x/oauth2 from 0.24.0 to 0.25.0 by @dependabot in sigstore/sigstore#1921

build(deps): Bump golang.org/x/term from 0.27.0 to 0.28.0 by @dependabot in sigstore/sigstore#1922

build(deps): Bump golang.org/x/crypto from 0.31.0 to 0.32.0 by @dependabot in sigstore/sigstore#1923

build(deps): Bump golang.org/x/crypto from 0.28.0 to 0.31.0 in /test/fuzz by @dependabot in sigstore/sigstore#1908

build(deps): Bump github.com/secure-systems-lab/go-securesystemslib from 0.8.0 to 0.9.0 by @dependabot in sigstore/sigstore#1910

build(deps): Bump the tools group across 1 directory with 2 updates by @dependabot in sigstore/sigstore#1913

cleanup ci by @cpanato in sigstore/sigstore#1927

Full Changelog: sigstore/sigstore@v1.8.11...v1.8.12

Commits

e28cdf3 cleanup ci (#1927)
8041221 build(deps): Bump the tools group across 1 directory with 2 updates (#1913)
57944ce build(deps): Bump github.com/secure-systems-lab/go-securesystemslib from 0.8....
99a57f3 build(deps): Bump golang.org/x/crypto in /test/fuzz (#1908)
125d1dc build(deps): Bump golang.org/x/crypto from 0.31.0 to 0.32.0 (#1923)
73220ab build(deps): Bump golang.org/x/term from 0.27.0 to 0.28.0 (#1922)
cc55882 build(deps): Bump golang.org/x/oauth2 from 0.24.0 to 0.25.0 (#1921)
47e3edd build(deps): Bump github.com/coreos/go-oidc/v3 from 3.11.0 to 3.12.0 (#1924)
7b4f423 build(deps): Bump cloud.google.com/go/kms (#1920)
1f3a09e build(deps): Bump the gomod group across 2 directories with 5 updates (#1916)
Additional commits viewable in compare view

Updates golang.org/x/net from 0.33.0 to 0.34.0

Commits

8da7ed1 go.mod: update golang.org/x dependencies
2124140 all: make function and struct comments match the names
e9d95ba http2: do not surface errors from a conn's idle timer expiring
c2be992 quic: remember which remote connection IDs have been retired
See full diff in compare view

Updates sigs.k8s.io/controller-runtime from 0.19.3 to 0.19.4

Release notes

Sourced from sigs.k8s.io/controller-runtime's releases.

v0.19.4

What's Changed

🌱 Add fsnotify watcher+polling by @sbueringer in kubernetes-sigs/controller-runtime#3052

Full Changelog: kubernetes-sigs/controller-runtime@v0.19.3...v0.19.4

Commits

7436275 Merge pull request #3052 from sbueringer/cert-watcher-plus-0.19
3218a86 adjust tests
3c5359d Add fsnotify watcher+polling
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go group with 12 updates: | Package | From | To | | --- | --- | --- | | [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) | `1.32.7` | `1.32.8` | | [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.28.7` | `1.28.10` | | [github.com/aws/aws-sdk-go-v2/credentials](https://github.com/aws/aws-sdk-go-v2) | `1.17.48` | `1.17.51` | | [github.com/aws/aws-sdk-go-v2/feature/s3/manager](https://github.com/aws/aws-sdk-go-v2) | `1.17.45` | `1.17.48` | | [github.com/aws/aws-sdk-go-v2/service/ecr](https://github.com/aws/aws-sdk-go-v2) | `1.38.1` | `1.38.3` | | [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.72.0` | `1.72.2` | | [github.com/containerd/containerd](https://github.com/containerd/containerd) | `1.7.24` | `1.7.25` | | [github.com/go-git/go-billy/v5](https://github.com/go-git/go-billy) | `5.6.1` | `5.6.2` | | [github.com/mikefarah/yq/v4](https://github.com/mikefarah/yq) | `4.44.6` | `4.45.1` | | [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) | `1.8.11` | `1.8.12` | | [golang.org/x/net](https://github.com/golang/net) | `0.33.0` | `0.34.0` | | [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) | `0.19.3` | `0.19.4` | Updates `github.com/aws/aws-sdk-go-v2` from 1.32.7 to 1.32.8 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](aws/aws-sdk-go-v2@v1.32.7...v1.32.8) Updates `github.com/aws/aws-sdk-go-v2/config` from 1.28.7 to 1.28.10 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](aws/aws-sdk-go-v2@config/v1.28.7...config/v1.28.10) Updates `github.com/aws/aws-sdk-go-v2/credentials` from 1.17.48 to 1.17.51 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](aws/aws-sdk-go-v2@credentials/v1.17.48...credentials/v1.17.51) Updates `github.com/aws/aws-sdk-go-v2/feature/s3/manager` from 1.17.45 to 1.17.48 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](aws/aws-sdk-go-v2@credentials/v1.17.45...credentials/v1.17.48) Updates `github.com/aws/aws-sdk-go-v2/service/ecr` from 1.38.1 to 1.38.3 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.38.1...service/s3/v1.38.3) Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.72.0 to 1.72.2 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](aws/aws-sdk-go-v2@service/s3/v1.72.0...service/s3/v1.72.2) Updates `github.com/containerd/containerd` from 1.7.24 to 1.7.25 - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](containerd/containerd@v1.7.24...v1.7.25) Updates `github.com/go-git/go-billy/v5` from 5.6.1 to 5.6.2 - [Release notes](https://github.com/go-git/go-billy/releases) - [Commits](go-git/go-billy@v5.6.1...v5.6.2) Updates `github.com/mikefarah/yq/v4` from 4.44.6 to 4.45.1 - [Release notes](https://github.com/mikefarah/yq/releases) - [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt) - [Commits](mikefarah/yq@v4.44.6...v4.45.1) Updates `github.com/sigstore/sigstore` from 1.8.11 to 1.8.12 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.8.11...v1.8.12) Updates `golang.org/x/net` from 0.33.0 to 0.34.0 - [Commits](golang/net@v0.33.0...v0.34.0) Updates `sigs.k8s.io/controller-runtime` from 0.19.3 to 0.19.4 - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.19.3...v0.19.4) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/aws/aws-sdk-go-v2/credentials dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/aws/aws-sdk-go-v2/feature/s3/manager dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/aws/aws-sdk-go-v2/service/ecr dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/aws/aws-sdk-go-v2/service/s3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/containerd/containerd dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/go-git/go-billy/v5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/mikefarah/yq/v4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/sigstore/sigstore dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go ... Signed-off-by: dependabot[bot] <[email protected]>

github-actions · 2025-01-12T09:01:37Z

Mend Scan Summary: ❌

Repository: open-component-model/ocm

VIOLATION DESCRIPTION	NUMBER OF VIOLATIONS
HIGH/CRITICAL SECURITY VULNERABILITIES	5
MAJOR UPDATES AVAILABLE	0
LICENSE REQUIRES REVIEW	3
HIGH RISK LICENSES	9
RESTRICTIED LICENSE FOR ON-PREMISE DELIVERY	0

Detailed Logs: mend-scan-> Generate Report
Mend UI

dependabot bot requested a review from a team as a code owner January 12, 2025 08:54

dependabot bot added kind/chore chore, maintenance, etc. kind/dependency dependency update, etc. labels Jan 12, 2025

github-actions bot added the size/m Medium label Jan 12, 2025

hilmarf added this to the 2025-Q1 milestone Jan 13, 2025

hilmarf enabled auto-merge (squash) January 13, 2025 06:59

hilmarf approved these changes Jan 13, 2025

View reviewed changes

hilmarf merged commit cfee9b4 into main Jan 13, 2025
24 checks passed

hilmarf deleted the dependabot/go_modules/go-33b3feda80 branch January 13, 2025 06:59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the go group with 12 updates #1248

chore(deps): bump the go group with 12 updates #1248

dependabot bot commented on behalf of github Jan 12, 2025

github-actions bot commented Jan 12, 2025

chore(deps): bump the go group with 12 updates #1248

chore(deps): bump the go group with 12 updates #1248

Conversation

dependabot bot commented on behalf of github Jan 12, 2025

containerd 1.7.25

Highlights

Container Runtime Interface (CRI)

Runtime

Contributors

Changes

v5.6.2

What's Changed

New Contributors

v4.45.1 - Create parent directories when --split-exp is used!

v1.8.12

What's Changed

v0.19.4

What's Changed

github-actions bot commented Jan 12, 2025

Mend Scan Summary: ❌

Repository: open-component-model/ocm